github-mirrors/elasticsearch
1
0
Fork 0
mirror of https://github.com/elastic/elasticsearch.git synced 2025-04-25 07:37:19 -04:00
Code Issues Projects Releases Packages Wiki Activity
elasticsearch/docs/reference/commands/create-enrollment-token.asciidoc
Ioannis Kakavas 6e530c0383
Adjust auto-configuration related docs (#84080) 
* Add a note that the http_ca.crt certificate that is generated and
stored in config/certs can be used to configure any client to trust
the certificate that elasticsearch uses for TLS on the HTTP layer
* Add a note that the elasticsearch-create-enrollment-token CLI
tool can only be used with auto-configured TLS settings.
2022-02-20 10:58:46 +02:00

77 lines
2.8 KiB
Text
Raw Blame History

[roles="xpack"]
[[create-enrollment-token]]
== elasticsearch-create-enrollment-token
The `elasticsearch-create-enrollment-token` command creates enrollment tokens for
{es} nodes and {kib} instances.
[discrete]
=== Synopsis
[source,shell]
----
bin/elasticsearch-create-enrollment-token
[-f, --force] [-h, --help] [-E <KeyValuePair>] [-s, --scope] [--url]
----
[discrete]
=== Description
NOTE: `elasticsearch-create-enrollment-token` can only be used with {es} clusters
that have been <<configuring-stack-security,auto-configured for security>>.
Use this command to create enrollment tokens, which you can use to enroll new
{es} nodes to an existing cluster or configure {kib} instances to communicate
with an existing {es} cluster that has security features enabled.
The command generates (and subsequently removes) a temporary user in the
<<file-realm,file realm>> to run the request that creates enrollment tokens.
IMPORTANT: You cannot use this tool if the file realm is disabled in your
`elasticsearch.yml` file.
This command uses an HTTP connection to connect to the cluster and run the user
management requests. The command automatically attempts to establish the connection
over HTTPS by using the `xpack.security.http.ssl` settings in
the `elasticsearch.yml` file. If you do not use the default configuration directory,
ensure that the `ES_PATH_CONF` environment variable returns the
correct path before you run the `elasticsearch-create-enrollment-token` command. You can
override settings in your `elasticsearch.yml` file by using the `-E` command
option. For more information about debugging connection failures, see
<<trb-security-setup>>.
[discrete]
[[create-enrollment-token-parameters]]
=== Parameters
`-E <KeyValuePair>`:: Configures a standard {es} or {xpack} setting.
`-f, --force`:: Forces the command to run against an unhealthy cluster.
`-h, --help`:: Returns all of the command parameters.
`-s, --scope`:: Specifies the scope of the generated token. Supported values are `node` and `kibana`.
`--url`:: Specifies the base URL (hostname and port of the local node) that the tool uses to submit API
requests to {es}. The default value is determined from the settings in your
`elasticsearch.yml` file. If `xpack.security.http.ssl.enabled` is set to `true`,
you must specify an HTTPS URL.
[discrete]
=== Examples
The following command creates an enrollment token for enrolling an {es} node into a cluster:
[source,shell]
----
bin/elasticsearch-create-enrollment-token -s node
----
The following command creates an enrollment token for enrolling a {kib} instance into a cluster.
The specified URL indicates where the elasticsearch-create-enrollment-token tool attempts to reach the
local {es} node:
[source,shell]
----
bin/elasticsearch-create-enrollment-token -s kibana --url "https://172.0.0.3:9200"
----
Reference in a new issue View git blame Copy permalink