I've installed Elastic Search 1.7.4 on CentOS 7.2 this way:
wget https://download.elastic.co/elasticsearch/elasticsearch/elasticsearch-1.7.4.noarch.rpm
sudo rpm -ivh elasticsearch-1.7.4.noarch.rpm
The service is started and ES works (verified with curl), however, it only listens to IPv6 with default configuration. netstat -na gives me the following:
tcp6 0 0 :::9200 :::* LISTEN
tcp6 0 0 :::9300 :::* LISTEN
Using nmap from other servers I see that ports 9200 and 9300 are filtered, firewall is disabled.
Editing /etc/elasticsearch/elasticsearch.yml and setting:
network.bind_host: 0.0.0.0
doesn't change anything. Setting this to the external IPv4 address of the server does add the additional two entries in netstat -na output, but I need ES to be accessible to my local network, so this is useless and netstat still registers this as tcp6.
tcp6 0 0 192.168.0.54:9200 :::* LISTEN
tcp6 0 0 192.168.0.54:9300 :::* LISTEN
setting:
network.bind_host: _eth0:ipv4_
Causes ES to bind to the local IPv4 and then it is of course only available from the local server. Omitting the "ipv4" part causes ES to bind to IPv6 address of the NIC.
How do I enable ES to bind to IPv4? I have no alternative, my network is IPv4 only and I have to use this old version of ES because I'm running some applications that require this version.
Answer
From unix exchange.
This is happening because by default, AF_INET6 sockets will actually work for both IPv4 and IPv6. See section 3.7 - Compatibility with IPv4 Nodes of RFC 3493 - Basic Socket Interface Extensions for IPv6
But as you've figured out, firewalld is enabled out of the box.
create this file to your /etc/firewalld/services/elasticsearch.xml
Elasticsearch
Elasticsearch is a distributed, open source search and analytics engine, designed for horizontal scalability, reliability, and easy management.
Update permissions
chmod 0400 /etc/firewalld/services/elasticsearch.xml
chown root: /etc/firewalld/services/elasticsearch.xml
Run these commands
firewall-cmd --zone=public --add-service=elasticsearch --permanent
firewall-cmd --reload
No comments:
Post a Comment