mirror of
https://github.com/elastic/elasticsearch.git
synced 2025-06-30 10:23:41 -04:00
49 lines
1.7 KiB
Text
49 lines
1.7 KiB
Text
[role="exclude"]
|
|
==== Start {es} with security enabled
|
|
|
|
When installing {es}, security features are enabled and configured by default.
|
|
When you install {es}, the following security configuration
|
|
occurs automatically:
|
|
|
|
* Authentication and authorization are enabled, and a password is generated for
|
|
the `elastic` built-in superuser.
|
|
* Certificates and keys for TLS are generated for the transport and HTTP layer,
|
|
and TLS is enabled and configured with these keys and certificates.
|
|
|
|
The password and certificate and keys are output to your terminal.
|
|
You can reset the password for the `elastic` user with the <<reset-password,`elasticsearch-reset-password`>> command.
|
|
|
|
We recommend storing the `elastic` password as an environment variable in your shell. For example:
|
|
|
|
[source,sh]
|
|
----
|
|
export ELASTIC_PASSWORD="your_password"
|
|
----
|
|
|
|
===== Reconfigure a node to join an existing cluster
|
|
|
|
When you install {es}, the installation process configures a
|
|
single-node cluster by default. If you want a node to join an existing cluster
|
|
instead, generate an enrollment token on an existing node _before_ you start
|
|
the new node for the first time.
|
|
|
|
. On any node in your existing cluster, generate a node enrollment token:
|
|
+
|
|
[source, sh]
|
|
----
|
|
/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s node
|
|
----
|
|
|
|
. Copy the enrollment token, which is output to your terminal.
|
|
|
|
. On your new {es} node, pass the enrollment token as a parameter to the
|
|
`elasticsearch-reconfigure-node` tool:
|
|
+
|
|
[source, sh]
|
|
----
|
|
/usr/share/elasticsearch/bin/elasticsearch-reconfigure-node --enrollment-token <enrollment-token>
|
|
----
|
|
+
|
|
{es} is now configured to join the existing cluster.
|
|
|
|
. <<{distro}-running-systemd, Start your new node using `systemd`>>.
|