The documentation is largely not working for me as far as I can see:
run the elasticsearch-reset-password tool.
OK I can get a password, but what do I do then?
bin/elasticsearch-create-enrollment-token -s kibana --url "https://127.0.0.1:9200"
ERROR: [xpack.security.enrollment.enabled] must be set to `true` to create an enrollment token
Do I enter this in elasticsearch.yml
bin/elasticsearch-create-enrollment-token -s kibana --url "https://127.0.0.1:9200"
ERROR: Failed to determine the health of the cluster.
Do I try the other thing suggested on
bin/elasticsearch-create-enrollment-token -s node
Unable to create enrollment token for scope [node]
ERROR: Unable to create an enrollment token. Elasticsearch node HTTP layer SSL configuration is not configured with a keystore
bin/elasticsearch-create-enrollment-token -s kibana
Unable to create enrollment token for scope [kibana]
then it claims somewhere I have a cert directory in /etc/elasticsearch
I don't have that directory.
Do I generate ca or http
and put it in /etc/elasticsearch/certs
nothing changes
besides that to get a working system now I have to set
xpack.security.enabled: false
xpack.security.enrollment.enabled: false
xpack.security.http.ssl.enabled: false
to get back to where I started.
I am on Ubuntu 20.04 LTS and I think I installed this via apt.
As I newbie, you give me some choices, I don't understand the difference.
Do you have some form of tldr like certbot?
These days there are 100s of programs, security updates, mails, tweets etc etc.
The whole attraction of a ready made system is to save time. Otherwise one can program it one self.
Most videos etc is for < 8.2 and one spends already a considerable amount of time chasing the changes. Security that is complicated to install is by default insecure.
I also checked out this thread