Thursday, February 11, 2016

centos7 - Elastic Search listening only on IPv6 [CentOS]



I've installed Elastic Search 1.7.4 on CentOS 7.2 this way:




wget https://download.elastic.co/elasticsearch/elasticsearch/elasticsearch-1.7.4.noarch.rpm
sudo rpm -ivh elasticsearch-1.7.4.noarch.rpm


The service is started and ES works (verified with curl), however, it only listens to IPv6 with default configuration. netstat -na gives me the following:



tcp6       0      0 :::9200                 :::*                    LISTEN     
tcp6       0      0 :::9300                 :::*                    LISTEN



Using nmap from other servers I see that ports 9200 and 9300 are filtered, firewall is disabled.



Editing /etc/elasticsearch/elasticsearch.yml and setting:



network.bind_host: 0.0.0.0


doesn't change anything. Setting this to the external IPv4 address of the server does add the additional two entries in netstat -na output, but I need ES to be accessible to my local network, so this is useless and netstat still registers this as tcp6.



tcp6       0      0 192.168.0.54:9200       :::*                    LISTEN     

tcp6       0      0 192.168.0.54:9300       :::*                    LISTEN


setting:



network.bind_host: _eth0:ipv4_


Causes ES to bind to the local IPv4 and then it is of course only available from the local server. Omitting the "ipv4" part causes ES to bind to IPv6 address of the NIC.




How do I enable ES to bind to IPv4? I have no alternative, my network is IPv4 only and I have to use this old version of ES because I'm running some applications that require this version.


Answer



From unix exchange.




This is happening because by default, AF_INET6 sockets will actually work for both IPv4 and IPv6. See section 3.7 - Compatibility with IPv4 Nodes of RFC 3493 - Basic Socket Interface Extensions for IPv6




But as you've figured out, firewalld is enabled out of the box.




create this file to your /etc/firewalld/services/elasticsearch.xml





  Elasticsearch
  Elasticsearch is a distributed, open source search and analytics engine, designed for horizontal scalability, reliability, and easy management.




Update permissions



chmod 0400 /etc/firewalld/services/elasticsearch.xml
chown root: /etc/firewalld/services/elasticsearch.xml


Run these commands



firewall-cmd --zone=public --add-service=elasticsearch --permanent

firewall-cmd --reload

-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...