mirror of
https://github.com/elastic/elasticsearch.git
synced 2025-04-24 15:17:30 -04:00
255c9a7f95
**Problem:** For historical reasons, source files for the Elasticsearch Guide's security, watcher, and Logstash API docs are housed in the `x-pack/docs` directory. This can confuse new contributors who expect Elasticsearch Guide docs to be located in `docs/reference`. **Solution:** - Move the security, watcher, and Logstash API doc source files to the `docs/reference` directory - Update doc snippet tests to use security Rel: https://github.com/elastic/platform-docs-team/issues/208
56 lines
2.2 KiB
Text
56 lines
2.2 KiB
Text
[role="exclude"]
|
|
|
|
When {es} starts for the first time, the security auto-configuration process
|
|
binds the HTTP layer to `0.0.0.0`, but only binds the transport layer to
|
|
localhost. This intended behavior ensures that you can start
|
|
a single-node cluster with security enabled by default without any additional
|
|
configuration.
|
|
|
|
Before enrolling a new node, additional actions such as binding to an address
|
|
other than `localhost` or satisfying bootstrap checks are typically necessary
|
|
in production clusters. During that time, an auto-generated enrollment token
|
|
could expire, which is why enrollment tokens aren't generated automatically.
|
|
|
|
Additionally, only nodes on the same host can join the cluster without
|
|
additional configuration. If you want nodes from another host to join your
|
|
cluster, you need to set `transport.host` to a
|
|
{ref}/modules-network.html#network-interface-values[supported value]
|
|
(such as uncommenting the suggested value of `0.0.0.0`), or an IP address
|
|
that's bound to an interface where other hosts can reach it. Refer to
|
|
{ref}/modules-network.html#transport-settings[transport settings] for more
|
|
information.
|
|
|
|
To enroll new nodes in your cluster, create an enrollment token with the
|
|
`elasticsearch-create-enrollment-token` tool on any existing node in your
|
|
cluster. You can then start a new node with the `--enrollment-token` parameter
|
|
so that it joins an existing cluster.
|
|
|
|
. In a separate terminal from where {es} is running, navigate to the directory
|
|
where you installed {es} and run the
|
|
<<create-enrollment-token,`elasticsearch-create-enrollment-token`>> tool
|
|
to generate an enrollment token for your new nodes.
|
|
+
|
|
["source","sh",subs="attributes"]
|
|
----
|
|
bin{slash}elasticsearch-create-enrollment-token -s node
|
|
----
|
|
+
|
|
Copy the enrollment token, which you'll use to enroll new nodes with
|
|
your {es} cluster.
|
|
|
|
. From the installation directory of your new node, start {es} and pass the
|
|
enrollment token with the `--enrollment-token` parameter.
|
|
+
|
|
["source","sh",subs="attributes"]
|
|
----
|
|
bin{slash}elasticsearch --enrollment-token <enrollment-token>
|
|
----
|
|
+
|
|
{es} automatically generates certificates and keys in the following directory:
|
|
+
|
|
["source","sh",subs="attributes"]
|
|
----
|
|
config{slash}certs
|
|
----
|
|
|
|
. Repeat the previous step for any new nodes that you want to enroll.
|