Elastic Search

Elasticsearch Enroll Kibana

2 years ago
by John Otieno
By default, when you start an Elasticsearch instance for the first time, it creates a user with the username elastic and generates a password. It also generates an enrollment token to authenticate and connect Kibana to the stack.

To allow Kibana to communicate with a secured Elasticsearch cluster, Elasticsearch will use the generated token to authenticate and allow Kibana service accounts to access the stack.

However, in some cases, the security token may not fail to generate automatically. An example where automatic security configuration fails is if this is not the first time the node is starting, or the security has already been configured.

You can learn more about that in the following resource:

https://www.elastic.co/guide/en/elasticsearch/reference/current/configuring-stack-security.html#stack-skip-auto-configuration

If the security is not configured automatically, you must manually perform the configuration to allow Kibana and other nodes to connect to the cluster.

That’s what this tutorial will focus on. You will learn various methods and techniques for enrolling Kibana in an Elasticsearch cluster.

Let’s dive in.

Method 1 – Elasticsearch-Create-Enrollment-Token Command

In the recent Elasticsearch version, you will find the elasticsearch-create-enrollment-token command, which allows you to generate an enrollment token for Kibana and Elasticsearch nodes.

The command syntax is shown below:

bin/elasticsearch-create-enrollment-token

[-f, --force] [-h, --help] [-E <KeyValuePair>] [-s, --scope] [--url]

This command is located in the bin directory of the Elasticsearch installation directory.

Before running this command to enroll Kibana, ensure the Elasticsearch cluster is up and running. The command uses an HTTP connection to the cluster to perform the required user management operations.

To create an enrollment token for adding Kibana to an Elasticsearch cluster, we can use the command as shown below:

bin/elasticsearch-create-enrollment-<strong>token</strong> -s kibana --url "https://172.0.0.7:9200"

The -f parameter tells the command to limit the token’s scope to Kibana. For example, if you enroll a new node in the cluster, set the scope to the node.

Finally, the –url parameter points the command to the address of the Elasticsearch node in which you wish to enroll Kibana. By default, we use the default Elasticsearch address.

NOTE: The previous command requires the xpack.security.enrollment.enabled set to true in the Elasticsearch configuration file.

Method 2 – Using Elasticsearch Enroll Kibana API

The enroll Kibana API allows a Kibana instance to configure itself and facilitate communication with an Elasticsearch cluster.

The request syntax is shown below:

GET /_security/enroll/kibana

An example is provided below:

curl -X GET -u elastic:elasticpassword "localhost:9200/_security/enroll/kibana?pretty"

The request uses the Elastic user and password to generate a token for Kibana.

Conclusion

In this post, we discussed how to use the Elasticsearch Enroll Kibana API to allow the Kibana node to communicate with Elasticsearch. This is a very useful API when Kibana fails to connect automatically to the Elasticsearch node.

About the author

John Otieno

My name is John and am a fellow geek like you. I am passionate about all things computers from Hardware, Operating systems to Programming. My dream is to share my knowledge with the world and help out fellow geeks. Follow my content by subscribing to LinuxHint mailing list

View all posts