search

elastic / elasticsearch

Free and Open Source, Distributed, RESTful Search Engine
https://www.elastic.co/products/elasticsearch
Other
1.47k stars 24.88k forks source link

Nodes sniffing not working with HTTPS #72364

Open broferek opened 3 years ago

broferek commented 3 years ago

Elastic version : 7.2.0

We wanted to migrate our cluster from HTTP to HTTPS with nodes sniffing activated on our client.

The Elastic node is well started with HTTPS and this is the info that _nodes/http returns : 

"http": {
"bound_address": [
"<ip>:9200"
],
"publish_address": "<cname>/<ip>:9200",
}

When we launch our client using nodes sniffer, we have the following error message :

<cname> doesn't make sense! publishedHost should be in boundHosts

We don't understand how it can work as the CNAME part is never present in bound_address field whatever configuration we have attempted in network_host, bind_host ... At the same time, the CNAME part is mandatory to work with an SSL certificate containing only FQDNs.

elasticmachine commented 3 years ago

Pinging @elastic/es-core-features (Team:Core/Features)

jakelandis commented 3 years ago

@broferek - does this blog post help any https://www.elastic.co/blog/elasticsearch-sniffing-best-practices-what-when-why-how , or do you still believe there is a bug here ?

broferek commented 3 years ago

@jakelandis thanks for your reply. I read through the post but unfortunately it didn't give me a clue of what could be done to fix the problem. Therefore I think there is indeed still a bug.