Home Explore Help
Sign In
lqb
/
elasticsearch
mirror of https://gitee.com/mirrors/elasticsearch.git
1
0
Fork 0
Files Issues 0 Wiki
Tree: 6b98d77d57
Branches Tags
elasticsearch
/
docs
/
reference
/
security
/
enroll-nodes.asciidoc

enroll-nodes.asciidoc 2.2 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556 
  1. [role="exclude"]
    2. 

  2. 

  3. When {es} starts for the first time, the security auto-configuration process
    4. 

  4. binds the HTTP layer to `0.0.0.0`, but only binds the transport layer to
    5. 

  5. localhost. This intended behavior ensures that you can start
    6. 

  6. a single-node cluster with security enabled by default without any additional
    7. 

  7. configuration.
    8. 

  8. 

  9. Before enrolling a new node, additional actions such as binding to an address
    10. 

  10. other than `localhost` or satisfying bootstrap checks are typically necessary
    11. 

  11. in production clusters. During that time, an auto-generated enrollment token
    12. 

  12. could expire, which is why enrollment tokens aren't generated automatically.
    13. 

  13. 

  14. Additionally, only nodes on the same host can join the cluster without
    15. 

  15. additional configuration. If you want nodes from another host to join your
    16. 

  16. cluster, you need to set `transport.host` to a
    17. 

  17. {ref}/modules-network.html#network-interface-values[supported value]
    18. 

  18. (such as uncommenting the suggested value of `0.0.0.0`), or an IP address
    19. 

  19. that's bound to an interface where other hosts can reach it. Refer to
    20. 

  20. {ref}/modules-network.html#transport-settings[transport settings] for more
    21. 

  21. information.
    22. 

  22. 

  23. To enroll new nodes in your cluster, create an enrollment token with the
    24. 

  24. `elasticsearch-create-enrollment-token` tool on any existing node in your
    25. 

  25. cluster. You can then start a new node with the `--enrollment-token` parameter
    26. 

  26. so that it joins an existing cluster.
    27. 

  27. 

  28. . In a separate terminal from where {es} is running, navigate to the directory
    29. 

  29. where you installed {es} and run the
    30. 

  30. <<create-enrollment-token,`elasticsearch-create-enrollment-token`>> tool
    31. 

  31. to generate an enrollment token for your new nodes.
    32. 

  32. +
    33. 

  33. ["source","sh",subs="attributes"]
    34. 

  34. ----
    35. 

  35. bin{slash}elasticsearch-create-enrollment-token -s node
    36. 

  36. ----
    37. 

  37. +
    38. 

  38. Copy the enrollment token, which you'll use to enroll new nodes with
    39. 

  39. your {es} cluster.
    40. 

  40. 

  41. . From the installation directory of your new node, start {es} and pass the
    42. 

  42. enrollment token with the `--enrollment-token` parameter.
    43. 

  43. +
    44. 

  44. ["source","sh",subs="attributes"]
    45. 

  45. ----
    46. 

  46. bin{slash}elasticsearch --enrollment-token <enrollment-token>
    47. 

  47. ----
    48. 

  48. +
    49. 

  49. {es} automatically generates certificates and keys in the following directory:
    50. 

  50. +
    51. 

  51. ["source","sh",subs="attributes"]
    52. 

  52. ----
    53. 

  53. config{slash}certs
    54. 

  54. ----
    55. 

  55. 

  56. . Repeat the previous step for any new nodes that you want to enroll.
    57.