I am running the latest elasticsearch version via a script, and I am trying to automate the reset password process via this method recommended @TimV back in 2018, but it seems to no longer work with the latest version: How to set passwords for built-in users in batch mode? .
This is what the script looks like: I am trying to change the password to elk-demo. I want to disable any form of user interaction and completely automate the whole process:
I am automating the installation and configuration of elasticsearch and kibana. Following the post from 2018 - How to set passwords for built-in users in batch mode? - I should be able to automate elasticsearch-reset-password by running the following commands:
but when I did this, I got the message: elasticsearch-keystore: command not found
I also tried: sudo printf "elk-demo" | bin/elasticsearch-reset-password -i -b
but I got the error:
Enter password for [elastic]: Re-enter password for [elastic]:
ERROR: unable to read from standard input; is standard input open and a tty attached?
What i am trying to achieve is reset the password through a script without any user interaction or request to type in password or re-enter password. There are no helpful elasticsearch logs. Just long list of warnings saying:
received plaintext http traffic on an https channel, closing connection Netty4HttpChannel{localAddress=
This worked, thanks. But when i test that my elasticsearch is running, I get authentication error.
sudo curl --cacert /etc/elasticsearch/certs/http_ca.crt -u elastic https://localhost:9200
When I am asked to Enter host password for user 'elastic': I enter the elk-demo password, but I get the below error message:
{"error":{"root_cause":[{"type":"security_exception","reason":"unable to authenticate user [elastic] for REST request [/]","header":{"WWW-Authenticate":["Basic realm=\"security\" charset=\"UTF-8\"","Bearer realm=\"security\"","ApiKey"]}}],"type":"security_exception","reason":"unable to authenticate user [elastic] for REST request [/]","header":{"WWW-Authenticate":["Basic realm=\"security\" charset=\"UTF-8\"","Bearer realm=\"security\"","ApiKey"]}},"status":401}root@ip-10-0-15-147:/usr/share/elasticsearch#
@Yang_Wang is there a way to run printf "elk-demo\nelk-demo" | ./bin/elasticsearch-reset-password -b -i -u elastic without having to run sudo -i first?
I tried sudo printf "elk-demo\nelk-demo" | ./bin/elasticsearch-reset-password -b -i -u elastic but I got:
./bin/elasticsearch-env: line 86: cd: /etc/elasticsearch: Permission denied
ERROR: File realm configuration file [/usr/share/elasticsearch/users] is missing , File realm configuration file [/usr/share/elasticsearch/users_roles] is missing
You should not need sudo to run these command. The relevant files and directories should be accessible (readable or writable or both depending on the files) by the elasticsearch user. You should fix the permissions instead of tryint to rely on sudo.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.