What do you think about the following ES with RoR cluster topology.
The ES-5 cluster is running on 5 machines and there are 4 nodes (2 master and 2 data) on each of them.
The RoR is installed and enabled on master nodes on 4 machines as follows.
1st and 2nd machines RoR configuration files are identical and allow access to ES for all users/indices from servers abc with IP 188.8.131.52 and cde with IP 184.108.40.206 by setting this with the following control rules in readonlyrest.yml
- name: Accept all requests from servers
hosts: [220.127.116.11, 18.104.22.168]
3rd and 4th machines RoR configuration files on master nodes are identical and allow access to ES using group-based access control (certain users and certain indixes read or/and write).
5th machine’s two master nodes have no RoRs installed at all.
All master nodes (with and without RoRs) might receive incoming http requests.
So, here is the mix of RoRs configuration on different machines within one cluster.
Is this topology might be desirable and usable ?
Would it be possible if incoming http requests on master nodes on 5th machine (without RoRs) might be forbidden based on access control rules setup on RoRs on 1st/2nd and 3rd/4th machines (because of the zen discovery) ?
Or ALL RoR instances within the same multi-node cluster must have the same identical configurations on ALL master nodes which are exposed for external communication and might receive the incoming http requests ?