github-mirrors/elasticsearch
1
0
Fork 0
mirror of https://github.com/elastic/elasticsearch.git synced 2025-06-28 17:34:17 -04:00
Code Issues Projects Releases Packages Wiki Activity
elasticsearch/docs/java-rest/high-level/security/enroll_node.asciidoc
Ioannis Kakavas a59684835d
Enroll Kibana API uses Service Accounts (#76370) 
This commit changes the Enroll Kibana API to create and return
a token for this service account, instead of setting and returning the
password of the kibana_system built-in user. Both the token name and
value are returned in the response of the API.
2021-08-17 14:41:35 +03:00

63 lines
2.7 KiB
Text
Raw Blame History

--
:api: node-enrollment
:request: NodeEnrollmentRequest
:response: NodeEnrollmentResponse
--
[id="{upid}-{api}"]
=== Enroll Node API
Allows a new node to join an existing cluster with security features enabled.
The purpose of the enroll node API is to allow a new node to join an existing cluster
where security is enabled. The enroll node API response contains all the necessary information
for the joining node to bootstrap discovery and security related settings so that it
can successfully join the cluster.
NOTE: The response contains key and certificate material that allows the
caller to generate valid signed certificates for the HTTP layer of all nodes in the cluster.
include::../execution.asciidoc[]
[id="{upid}-{api}-response"]
==== Enroll Node Response
The returned +{response}+ allows to retrieve information about the
executed operation as follows:
["source","java",subs="attributes,callouts,macros"]
--------------------------------------------------
include-tagged::{doc-tests}/EnrollmentDocumentationIT.java[{api}-response]
--------------------------------------------------
<1> The CA private key that can be used by the new node in order to sign its certificate
for the HTTP layer, as a Base64 encoded string of the ASN.1 DER encoding of the key.
<2> The CA certificate that can be used by the new node in order to sign its certificate
for the HTTP layer, as a Base64 encoded string of the ASN.1 DER encoding of the certificate.
<3> The private key that the node can use for TLS for its transport layer, as a Base64
encoded string of the ASN.1 DER encoding of the key.
<4> The certificate that the node can use for TLS for its transport layer, as a Base64
encoded string of the ASN.1 DER encoding of the certificate.
<5> A list of transport addresses in the form of `host:port` for the nodes that are already
members of the cluster.
[id="{upid}-{api}-execute-async"]
==== Asynchronous Execution
This request can be executed asynchronously using the `security().enrollNodeAsync()`
method:
["source","java",subs="attributes,callouts,macros"]
--------------------------------------------------
include-tagged::{doc-tests}/EnrollmentDocumentationIT.java[{api}-execute-async]
--------------------------------------------------
A typical listener for a `NodeEnrollmentResponse` looks like:
["source","java",subs="attributes,callouts,macros"]
--------------------------------------------------
include-tagged::{doc-tests}/EnrollmentDocumentationIT.java[{api}-execute-listener]
--------------------------------------------------
<1> Called when the execution is successfully completed. The response is
provided as an argument
<2> Called in case of failure. The raised exception is provided as an argument
Reference in a new issue View git blame Copy permalink