elasticsearch-create-enrollment-tokenedit
The elasticsearch-create-enrollment-token
command creates enrollment tokens for
Elasticsearch nodes and Kibana instances.
Synopsisedit
bin/elasticsearch-create-enrollment-token [-f, --force] [-h, --help] [-E <KeyValuePair>] [-s, --scope] [--url]
Descriptionedit
elasticsearch-create-enrollment-token
can only be used with Elasticsearch clusters
that have been auto-configured for security.
Use this command to create enrollment tokens, which you can use to enroll new Elasticsearch nodes to an existing cluster or configure Kibana instances to communicate with an existing Elasticsearch cluster that has security features enabled. The command generates (and subsequently removes) a temporary user in the file realm to run the request that creates enrollment tokens.
You cannot use this tool if the file realm is disabled in your
elasticsearch.yml
file.
This command uses an HTTP connection to connect to the cluster and run the user
management requests. The command automatically attempts to establish the connection
over HTTPS by using the xpack.security.http.ssl
settings in
the elasticsearch.yml
file. If you do not use the default configuration directory,
ensure that the ES_PATH_CONF
environment variable returns the
correct path before you run the elasticsearch-create-enrollment-token
command. You can
override settings in your elasticsearch.yml
file by using the -E
command
option. For more information about debugging connection failures, see
Setup-passwords command fails due to connection failure.
Parametersedit
-
-E <KeyValuePair>
- Configures a standard Elasticsearch or X-Pack setting.
-
-f, --force
- Forces the command to run against an unhealthy cluster.
-
-h, --help
- Returns all of the command parameters.
-
-s, --scope
-
Specifies the scope of the generated token. Supported values are
node
andkibana
. -
--url
-
Specifies the base URL (hostname and port of the local node) that the tool uses to submit API
requests to Elasticsearch. The default value is determined from the settings in your
elasticsearch.yml
file. Ifxpack.security.http.ssl.enabled
is set totrue
, you must specify an HTTPS URL.
Examplesedit
The following command creates an enrollment token for enrolling an Elasticsearch node into a cluster:
bin/elasticsearch-create-enrollment-token -s node
The following command creates an enrollment token for enrolling a Kibana instance into a cluster. The specified URL indicates where the elasticsearch-create-enrollment-token tool attempts to reach the local Elasticsearch node:
bin/elasticsearch-create-enrollment-token -s kibana --url "https://172.0.0.3:9200"