Elasticsearch version (bin/elasticsearch --version):
Version: 8.2.2, Build: default/docker/9876968ef3c745186b94fdabd4483e01499224ef/2022-05-25T15:47:06.259735307Z, JVM: 18.0.1.1

elasticsearch-py version (elasticsearch.__versionstr__):
8.2.3

Sniffing callback uses Transport instance directly to perform /_nodes/_all/http requests.

However, both Authorization and opaque-id headers are NOT passed to Transport class during initialization.

Instead they are saved to Elasticsearch client instance after Transport is already created

and used for API requests only.

As the result sniffing fails with Exception elastic_transport.SniffingError: No viable nodes were discovered on the initial sniff attempt while the real problem is

{ "error":{ "root_cause":[ { "type":"security_exception", "reason":"missing authentication credentials for REST request [/_nodes/_all/http]", "header":{ "WWW-Authenticate":[ "Basic realm=\"security\" charset=\"UTF-8\"", "ApiKey" ] } } ], "type":"security_exception", "reason":"missing authentication credentials for REST request [/_nodes/_all/http]", "header":{ "WWW-Authenticate":[ "Basic realm=\"security\" charset=\"UTF-8\"", "ApiKey" ] } }, "status":401 }

The problem is the same for both Sync and Async clients.

The fix might be to build opaque-id and authorization headers before transport intialization to and pass them to client_node_configs method (headers argument). However, I am not sure if it will work "as intended" with .options() feature and internal _transport constructor argument of Elasticsearch and AsyncElasticsearch classes.