If your question is: Can i install SG into a already running cluster without full restart than the answer is: no
If you have a cluster with SG already running you can normally upgrade with a rolling restart.
> Am 17.10.2017 um 16:54 schrieb mcost...@np6.com:
>
> Hello,
> I need confirmation concerning rolling restarts for SearchGuard with our particular deployment plan. We plan to:
>
> 1) Install and initialize search guard with `searchguard.disabled: true` set.
> 2) Unset that property, do as non-intrusive a restart as possible, and voila!
>
> Questions:
> 1) Is it true that a full cluster restart (not a rolling restart) will be required for step 2?
> 2) Is any restarting needed for step 1, and if so, what kind?
>
> The essence of this post is really "given our plan, what is the most non-intrusive restart we can perform?"
>
> Please and thanks,
> Marco.
>
> --
> You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
Correct me if I'm wrong, but I guess you are trying to ask if you can install Search Guard on a vanilla (non SG) cluster, and avoid a full cluster restart.No, that is not possible: Your cluster initially does not have any TLS enabled. So if you do a rolling restart, and some nodes have TLS enabled (since you set SG enabled to true), and other nodes do not have TLS enabled yet (because SG enabled is still set to false), you end up with a split cluster. The TLS enabled nodes cannot talk to the non-TLS nodes and vice versa.
On Tuesday, October 17, 2017 at 8:23:19 PM UTC+2, Search Guard wrote:
If your question is: Can i install SG into a already running cluster without full restart than the answer is: no
If you have a cluster with SG already running you can normally upgrade with a rolling restart.
> Am 17.10.2017 um 16:54 schrieb mcost...@np6.com:
>
> Hello,
> I need confirmation concerning rolling restarts for SearchGuard with our particular deployment plan. We plan to:
>
> 1) Install and initialize search guard with `searchguard.disabled: true` set.
> 2) Unset that property, do as non-intrusive a restart as possible, and voila!
>
> Questions:
> 1) Is it true that a full cluster restart (not a rolling restart) will be required for step 2?
> 2) Is any restarting needed for step 1, and if so, what kind?
>
> The essence of this post is really "given our plan, what is the most non-intrusive restart we can perform?"
>
> Please and thanks,
> Marco.
>
> --
> You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
Correct me if I'm wrong, but I guess you are trying to ask if you can install Search Guard on a vanilla (non SG) cluster, and avoid a full cluster restart.No, that is not possible: Your cluster initially does not have any TLS enabled. So if you do a rolling restart, and some nodes have TLS enabled (since you set SG enabled to true), and other nodes do not have TLS enabled yet (because SG enabled is still set to false), you end up with a split cluster. The TLS enabled nodes cannot talk to the non-TLS nodes and vice versa.
On Tuesday, October 17, 2017 at 8:23:19 PM UTC+2, Search Guard wrote:
If your question is: Can i install SG into a already running cluster without full restart than the answer is: no
If you have a cluster with SG already running you can normally upgrade with a rolling restart.
> Am 17.10.2017 um 16:54 schrieb mcost...@np6.com:
>
> Hello,
> I need confirmation concerning rolling restarts for SearchGuard with our particular deployment plan. We plan to:
>
> 1) Install and initialize search guard with `searchguard.disabled: true` set.
> 2) Unset that property, do as non-intrusive a restart as possible, and voila!
>
> Questions:
> 1) Is it true that a full cluster restart (not a rolling restart) will be required for step 2?
> 2) Is any restarting needed for step 1, and if so, what kind?
>
> The essence of this post is really "given our plan, what is the most non-intrusive restart we can perform?"
>
> Please and thanks,
> Marco.
>
> --
> You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.