Failed to determine the health of the cluster when creating enrollment token

sudo  /usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s node

ERROR: Failed to determine the health of the cluster. , with exit code 69

Only configuration change so far is the setup of ReadOnlyRest.

bellow is the result of requesting health manually

{
  "cluster_name" : "elasticsearch",
  "status" : "yellow",
  "timed_out" : false,
  "number_of_nodes" : 1,
  "number_of_data_nodes" : 1,
  "active_primary_shards" : 32,
  "active_shards" : 32,
  "relocating_shards" : 0,
  "initializing_shards" : 0,
  "unassigned_shards" : 2,
  "delayed_unassigned_shards" : 0,
  "number_of_pending_tasks" : 0,
  "number_of_in_flight_fetch" : 0,
  "task_max_waiting_in_queue_millis" : 0,
  "active_shards_percent_as_number" : 94.11764705882352
}

I'd be very surprised if enrollment works with ReadOnlyRest - we certainly don't test or support it.
The enrollment token functionality is only designed to work with Elasticsearch security.

Is there a particular reason you're using ROR instead of the builtin security features of Elasticsearch?

Ror shouldn't impact cluster functionality.

I would prefer not to comment on organization decisions

Upon Clean install

user@host:~$ sudo  /usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s node
13:25:13.425 [main] ERROR org.elasticsearch.xpack.security.enrollment.ExternalEnrollmentTokenGenerator - Error 400when calling GET http://x.x.x.x:9200/_security/api_key. ResponseBody: {error=no handler found for uri [/_security/api_key] and method [POST]}
Unable to create enrollment token for scope [node]

ERROR: Unexpected response code [400] from calling POST http://x.x.x.x:9200/_security/api_key, with exit code 73

Read Only Rest is a third party plugin that replaces core functionality from Elasticsearch. If you choose to use Read Only Rest instead of Elasticsearch's built in security features then you lose the ability to use those builtin features, which includes automated enrollment.

I don't think you have any chance of making this work.

That looks like an install where security has been disabled, if so, then that is not a clean install.