Protected node-to-node Elasticsearch lab
This lab setups up a few systems as peer-to-peer nodes, then locks down access to peer-to-peer communication to each other with firewall.
After setup, all systems should be communicating with each other fine. Verify via the following (either by local IP or domain name):
curl '10.17.0.5:9200/_cat/nodes'
NOTE: This lab doesn't add username/password security. This is a bit out of character for me (since I like my labs to be production ready), but you can easily merge these concepts with those in the elasticsearch-secure lab.
After setup, you can run /root/setup_data_generation.sh to setup data generation. Further instructions will be printed from there. You'll be told when to run python /srv/hamlet/content/hamlet.py.
While that's running, from a web browser, you can view the following on each server (e.g. -alpha, -beta, -gamma) to view the shards and replicas as they spread around:
http://NAME_HERE-alpha.centralus.cloudapp.azure.com:9200/_plugin/head/
Communicating outside of Azure
If you want to add an Azure Elasticsearch server to an existing non-Azure cluster (or an Azure cluster in a separate network), or add add an external server to an Azure Elasticsearch cluster, you need to take into account the fact that ES is bound to your internal Azure IP address (10.17.0.4). External servers won't have a clue what to do with this. Nothing will work. You'll lose your mind.
The fix is simple:
transport.publish_host: MY_PUBLIC_AZURE_IP_HERE
Get your public static IP address and throw it in there.
This is already stubbed out in the ES config.
Deploy to Azure