Home Explore Help
Sign In
lqb
/
elasticsearch
mirror of https://gitee.com/mirrors/elasticsearch.git
1
0
Fork 0
Files Issues 0 Wiki
Tree: a72a26696c
Branches Tags
elasticsearch
/
docs
/
reference
/
setup
/
install
/
package-security.asciidoc

package-security.asciidoc 2.4 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071 
  1. [role="exclude"]
    2. 

  2. ==== Start {es} with security enabled
    3. 

  3. 

  4. When installing {es}, security features are enabled and configured by default.
    5. 

  5. When you start {es} for the first time, the following security configuration
    6. 

  6. occurs automatically: 
    7. 

  7. 

  8. * Authentication and authorization are enabled, and a password is generated for
    9. 

  9. the `elastic` built-in superuser.
    10. 

  10. * Certificates and keys for TLS are generated for the transport and HTTP layer,
    11. 

  11. and TLS is enabled and configured with these keys and certificates.
    12. 

  12. 

  13. The password and certificate and keys are output to your terminal. For example:
    14. 

  14. 

  15. [source,sh]
    16. 

  16. ----
    17. 

  17.             -------Security autoconfiguration information-------
    18. 

  18. 

  19. Authentication and authorization are enabled.
    20. 

  20. TLS for the transport and HTTP layers is enabled and configured.
    21. 

  21. 

  22. The generated password for the elastic built-in superuser is : <password>
    23. 

  23. 

  24. If this node should join an existing cluster, you can reconfigure this with
    25. 

  25. '/usr/share/elasticsearch/bin/elasticsearch-reconfigure-node --enrollment-token <token-here>'
    26. 

  26. after creating an enrollment token on your existing cluster.
    27. 

  27. 

  28. You can complete the following actions at any time:
    29. 

  29. 

  30. Reset the password of the elastic built-in superuser with
    31. 

  31. '/usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic'.
    32. 

  32. 

  33. Generate an enrollment token for Kibana instances with
    34. 

  34.  '/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s kibana'.
    35. 

  35. 

  36. Generate an enrollment token for Elasticsearch nodes with
    37. 

  37. '/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s node'.
    38. 

  38. ----
    39. 

  39. 

  40. ===== Reconfigure a node to join an existing cluster
    41. 

  41. 

  42. When you start {es} for the first time, the installation process configures a
    43. 

  43. single-node cluster by default. If you want a node to join an existing cluster
    44. 

  44. instead, generate an enrollment token on an existing node _before_ you start
    45. 

  45. the new node for the first time.
    46. 

  46. 

  47. . On any node in your existing cluster, generate a node enrollment token:
    48. 

  48. +
    49. 

  49. [source, sh]
    50. 

  50. ----
    51. 

  51. bin/elasticsearch-create-enrollment-token -s node
    52. 

  52. ----
    53. 

  53. 

  54. . Copy the enrollment token, which is output to your terminal.
    55. 

  55. 

  56. . On your new {es} node, pass the enrollment token as a parameter to the 
    57. 

  57. `elasticsearch-reconfigure-node` tool:
    58. 

  58. +
    59. 

  59. [source, sh]
    60. 

  60. ----
    61. 

  61. bin/elasticsearch-reconfigure-node --enrollment-token <enrollment-token>
    62. 

  62. ----
    63. 

  63. +
    64. 

  64. {es} is now configured to join the existing cluster.
    65. 

  65. 

  66. . Start your new node.
    67. 

  67. +
    68. 

  68. [source, sh]
    69. 

  69. ----
    70. 

  70. bin/elasticsearch
    71. 

  71. ----
    72.