elasticsearch-create-enrollment-tokenedit

The elasticsearch-create-enrollment-token command creates enrollment tokens for Elasticsearch nodes and Kibana instances.

Synopsisedit

bin/elasticsearch-create-enrollment-token
[-f, --force] [-h, --help] [-E <KeyValuePair>] [-s, --scope] [--url]

Descriptionedit

elasticsearch-create-enrollment-token can only be used with Elasticsearch clusters that have been auto-configured for security.

Use this command to create enrollment tokens, which you can use to enroll new Elasticsearch nodes to an existing cluster or configure Kibana instances to communicate with an existing Elasticsearch cluster that has security features enabled. The command generates (and subsequently removes) a temporary user in the file realm to run the request that creates enrollment tokens.

You cannot use this tool if the file realm is disabled in your elasticsearch.yml file.

This command uses an HTTP connection to connect to the cluster and run the user management requests. The command automatically attempts to establish the connection over HTTPS by using the xpack.security.http.ssl settings in the elasticsearch.yml file. If you do not use the default configuration directory, ensure that the ES_PATH_CONF environment variable returns the correct path before you run the elasticsearch-create-enrollment-token command. You can override settings in your elasticsearch.yml file by using the -E command option. For more information about debugging connection failures, see Setup-passwords command fails due to connection failure.

Parametersedit

-E <KeyValuePair>
Configures a standard Elasticsearch or X-Pack setting.
-f, --force
Forces the command to run against an unhealthy cluster.
-h, --help
Returns all of the command parameters.
-s, --scope
Specifies the scope of the generated token. Supported values are node and kibana.
--url
Specifies the base URL (hostname and port of the local node) that the tool uses to submit API requests to Elasticsearch. The default value is determined from the settings in your elasticsearch.yml file. If xpack.security.http.ssl.enabled is set to true, you must specify an HTTPS URL.

Examplesedit

The following command creates an enrollment token for enrolling an Elasticsearch node into a cluster:

bin/elasticsearch-create-enrollment-token -s node

The following command creates an enrollment token for enrolling a Kibana instance into a cluster. The specified URL indicates where the elasticsearch-create-enrollment-token tool attempts to reach the local Elasticsearch node:

bin/elasticsearch-create-enrollment-token -s kibana --url "https://172.0.0.3:9200"