github-mirrors/elasticsearch
1
0
Fork 0
mirror of https://github.com/elastic/elasticsearch.git synced 2025-06-28 17:34:17 -04:00
Code Issues Projects Releases Packages Wiki Activity
elasticsearch/docs/reference/setup/install/package-security.asciidoc
James Rodewig 31408bddc1
[DOCS] Add $ELASTIC_PASSWORD env var to install docs (#98898) 
- Removes duplicated security autoconfiguration output from the docs. This is difficult to keep updated and makes the docs longer.
- Encourages the user to store the `elastic` password as an environment variable. Users don't need to rely on curl's password prompts.
- Removes unused `api-call-widget` files. These aren't published anywhere in the docs currently.
2023-08-28 08:25:13 -04:00

48 lines
1.6 KiB
Text
Raw Blame History

[role="exclude"]
==== Start {es} with security enabled
When installing {es}, security features are enabled and configured by default.
When you install {es}, the following security configuration
occurs automatically:
* Authentication and authorization are enabled, and a password is generated for
the `elastic` built-in superuser.
* Certificates and keys for TLS are generated for the transport and HTTP layer,
and TLS is enabled and configured with these keys and certificates.
The password and certificate and keys are output to your terminal.
We recommend storing the `elastic` password as an environment variable in your shell. Example:
[source,sh]
----
export ELASTIC_PASSWORD="your_password"
----
===== Reconfigure a node to join an existing cluster
When you install {es}, the installation process configures a
single-node cluster by default. If you want a node to join an existing cluster
instead, generate an enrollment token on an existing node _before_ you start
the new node for the first time.
. On any node in your existing cluster, generate a node enrollment token:
+
[source, sh]
----
/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s node
----
. Copy the enrollment token, which is output to your terminal.
. On your new {es} node, pass the enrollment token as a parameter to the
`elasticsearch-reconfigure-node` tool:
+
[source, sh]
----
/usr/share/elasticsearch/bin/elasticsearch-reconfigure-node --enrollment-token <enrollment-token>
----
+
{es} is now configured to join the existing cluster.
. <<{distro}-running-systemd, Start your new node using `systemd`>>.
Reference in a new issue View git blame Copy permalink