72 lines
2.4 KiB
Plaintext
72 lines
2.4 KiB
Plaintext
[role="exclude"]
|
|
==== Start {es} with security enabled
|
|
|
|
When installing {es}, security features are enabled and configured by default.
|
|
When you start {es} for the first time, the following security configuration
|
|
occurs automatically:
|
|
|
|
* Authentication and authorization are enabled, and a password is generated for
|
|
the `elastic` built-in superuser.
|
|
* Certificates and keys for TLS are generated for the transport and HTTP layer,
|
|
and TLS is enabled and configured with these keys and certificates.
|
|
|
|
The password and certificate and keys are output to your terminal. For example:
|
|
|
|
[source,sh]
|
|
----
|
|
-------Security autoconfiguration information-------
|
|
|
|
Authentication and authorization are enabled.
|
|
TLS for the transport and HTTP layers is enabled and configured.
|
|
|
|
The generated password for the elastic built-in superuser is : <password>
|
|
|
|
If this node should join an existing cluster, you can reconfigure this with
|
|
'/usr/share/elasticsearch/bin/elasticsearch-reconfigure-node --enrollment-token <token-here>'
|
|
after creating an enrollment token on your existing cluster.
|
|
|
|
You can complete the following actions at any time:
|
|
|
|
Reset the password of the elastic built-in superuser with
|
|
'/usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic'.
|
|
|
|
Generate an enrollment token for Kibana instances with
|
|
'/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s kibana'.
|
|
|
|
Generate an enrollment token for Elasticsearch nodes with
|
|
'/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s node'.
|
|
----
|
|
|
|
===== Reconfigure a node to join an existing cluster
|
|
|
|
When you start {es} for the first time, the installation process configures a
|
|
single-node cluster by default. If you want a node to join an existing cluster
|
|
instead, generate an enrollment token on an existing node _before_ you start
|
|
the new node for the first time.
|
|
|
|
. On any node in your existing cluster, generate a node enrollment token:
|
|
+
|
|
[source, sh]
|
|
----
|
|
bin/elasticsearch-create-enrollment-token -s node
|
|
----
|
|
|
|
. Copy the enrollment token, which is output to your terminal.
|
|
|
|
. On your new {es} node, pass the enrollment token as a parameter to the
|
|
`elasticsearch-reconfigure-node` tool:
|
|
+
|
|
[source, sh]
|
|
----
|
|
bin/elasticsearch-reconfigure-node --enrollment-token <enrollment-token>
|
|
----
|
|
+
|
|
{es} is now configured to join the existing cluster.
|
|
|
|
. Start your new node.
|
|
+
|
|
[source, sh]
|
|
----
|
|
bin/elasticsearch
|
|
----
|