Automate Elasticsearch-reset-password in bash script

I am running the latest elasticsearch version via a script, and I am trying to automate the reset password process via this method recommended @TimV back in 2018, but it seems to no longer work with the latest version: How to set passwords for built-in users in batch mode? .

This is what the script looks like: I am trying to change the password to elk-demo. I want to disable any form of user interaction and completely automate the whole process:

cd /usr/share/elasticsearch/bin
 printf "elk-demo" | elasticsearch-keystore add -x
sudo curl -uelastic -XPUT -H 'Content-Type: application/json' 'http://localhost:9200/_xpack/security/user/kibana/_password' -d '{ "password":new-kibana-password" }'

Can you elaborate a little more on what's happening, the output from your script, including the response from Elasticsearch would be ideal.

I am automating the installation and configuration of elasticsearch and kibana. Following the post from 2018 - How to set passwords for built-in users in batch mode? - I should be able to automate elasticsearch-reset-password by running the following commands:

cd /usr/share/elasticsearch/bin
 printf "elk-demo" | elasticsearch-keystore add -x
sudo curl -uelastic -XPUT -H 'Content-Type: application/json' 'http://localhost:9200/_xpack/security/user/kibana/_password' -d '{ "password":new-kibana-password" }'

but when I did this, I got the message:
elasticsearch-keystore: command not found

I also tried:
sudo printf "elk-demo" | bin/elasticsearch-reset-password -i -b
but I got the error:

Enter password for [elastic]: Re-enter password for [elastic]: 
ERROR: unable to read from standard input; is standard input open and a tty attached?

What i am trying to achieve is reset the password through a script without any user interaction or request to type in password or re-enter password. There are no helpful elasticsearch logs. Just long list of warnings saying:

received plaintext http traffic on an https channel, closing connection Netty4HttpChannel{localAddress=

I don't how this command could ever work. It should be something like

printf "elk-demo" | elasticsearch-keystore add "bootstrap.password" -x

For this error message elasticsearch-keystore: command not found. You might want to try:

cd /usr/share/elasticsearch
printf "elk-demo" | ./bin/elasticsearch-keystore add "bootstrap.password" -x

This worked, thanks. But when i test that my elasticsearch is running, I get authentication error.

sudo curl --cacert /etc/elasticsearch/certs/http_ca.crt -u elastic https://localhost:9200
When I am asked to Enter host password for user 'elastic': I enter the elk-demo password, but I get the below error message:

{"error":{"root_cause":[{"type":"security_exception","reason":"unable to authenticate user [elastic] for REST request [/]","header":{"WWW-Authenticate":["Basic realm=\"security\" charset=\"UTF-8\"","Bearer realm=\"security\"","ApiKey"]}}],"type":"security_exception","reason":"unable to authenticate user [elastic] for REST request [/]","header":{"WWW-Authenticate":["Basic realm=\"security\" charset=\"UTF-8\"","Bearer realm=\"security\"","ApiKey"]}},"status":401}root@ip-10-0-15-147:/usr/share/elasticsearch# 

Perhaps, I am missing something?

It likely means that you have already reset the password via API, which takes precedence over the bootstrap.password.

In that case you can use elasticsearch-reset-password with something like

cd /usr/share/elasticsearch
printf "elk-demo\nelk-demo" | ./bin/elasticsearch-reset-password -b -i -u elastic
2 Likes

Thanks! This worked.

@Yang_Wang is there a way to run
printf "elk-demo\nelk-demo" | ./bin/elasticsearch-reset-password -b -i -u elastic without having to run sudo -i first?

I tried sudo printf "elk-demo\nelk-demo" | ./bin/elasticsearch-reset-password -b -i -u elastic but I got:

./bin/elasticsearch-env: line 86: cd: /etc/elasticsearch: Permission denied

ERROR: File realm configuration file [/usr/share/elasticsearch/users] is missing , File realm configuration file [/usr/share/elasticsearch/users_roles] is missing

It only works when I run sudo -i first.

You should not need sudo to run these command. The relevant files and directories should be accessible (readable or writable or both depending on the files) by the elasticsearch user. You should fix the permissions instead of tryint to rely on sudo.

How can I fix the permissions? My logstash and kibana are failing to start and I can't view the logs because permission is denied.

**logstash.service: Failed to execute /usr/share/logstash/bin/logstash: Permission denied**

q systemd[20199]: **logstash.service: Failed at step EXEC spawning /usr/share/logstash/bin/logstash: Permission denied**

****kibana.service: Changing to the requested working directory failed: Permission denied****

**systemd[19671]: **kibana.service: Failed at step CHDIR spawning /usr/share/kibana/bin/kibana: Permission denied****

One way to fix file permissions is to use chown command:

sudo chown elasticsearch: YOUR_FILE

or

sudo chown -R elasticsearch: YOUR_DIRECTORY

Please note these issues are out scope of Elastic stack. You might also want to consult with your local Linux experts.

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.