github-mirrors/elasticsearch
1
0
Fork 0
mirror of https://github.com/elastic/elasticsearch.git synced 2025-06-28 17:34:17 -04:00
Code Issues Projects Releases Packages Wiki Activity
elasticsearch/docs/java-rest/high-level/cluster/enroll_node.asciidoc
Ioannis Kakavas b826703e21
Enroll node API (#72129) 
Enroll node API can be used by new nodes in order to join an
existing cluster that has security features enabled. The response
of a call to this API contains all the necessary information that
the new node requires in order to configure itself and bootstrap
trust with the existing cluster.
2021-05-12 08:45:02 +03:00

64 lines
2.6 KiB
Text
Raw Blame History

--
:api: node-enrollment
:request: NodeEnrollmentRequest
:response: NodeEnrollmentResponse
--
[id="{upid}-{api}"]
=== Enroll Node API
Allows a new node to join an existing cluster with security features enabled.
The purpose of the enroll node API is to allow a new node to join an existing cluster
where security is enabled. The enroll node API response contains all the necessary information
for the joining node to bootstrap discovery and security related settings so that it
can successfully join the cluster.
NOTE: The response contains key and certificate material that allows the
caller to generate valid signed certificates for the HTTP layer of all nodes in the cluster.
include::../execution.asciidoc[]
[id="{upid}-{api}-response"]
==== Enroll Node Response
The returned +{response}+ allows to retrieve information about the
executed operation as follows:
["source","java",subs="attributes,callouts,macros"]
--------------------------------------------------
include-tagged::{doc-tests-file}[{api}-response]
--------------------------------------------------
<1> The CA private key that can be used by the new node in order to sign its certificate
for the HTTP layer, as a Base64 encoded string of the ASN.1 DER encoding of the key.
<2> The CA certificate that can be used by the new node in order to sign its certificate
for the HTTP layer, as a Base64 encoded string of the ASN.1 DER encoding of the certificate.
<3> The private key that the node can use for TLS for its transport layer, as a Base64
encoded string of the ASN.1 DER encoding of the key.
<4> The certificate that the node can use for TLS for its transport layer, as a Base64
encoded string of the ASN.1 DER encoding of the certificate.
<5> The name of the cluster the new node is joining
<6> A list of transport addresses in the form of `host:port` for the nodes that are already
members of the cluster.
[id="{upid}-{api}-execute-async"]
==== Asynchronous Execution
This request can be executed asynchronously using the `security().enrollNodeAsync()`
method:
["source","java",subs="attributes,callouts,macros"]
--------------------------------------------------
include-tagged::{doc-tests-file}[{api}-execute-async]
--------------------------------------------------
A typical listener for a `NodeEnrollmentResponse` looks like:
["source","java",subs="attributes,callouts,macros"]
--------------------------------------------------
include-tagged::{doc-tests-file}[{api}-execute-listener]
--------------------------------------------------
<1> Called when the execution is successfully completed. The response is
provided as an argument
<2> Called in case of failure. The raised exception is provided as an argument
Reference in a new issue View git blame Copy permalink