but am still rejected, the reason being "unable to authenticate user [es_admin] for REST request [/]", even though I know the password I enter is correct.
For reference, I have Elasticsearch 2.3.3 installed in my /opt/ folder. I have seen some threads where people's problems have been solved by moving ES_HOME/config/shield to /etc/elasticsearch/, but this has not helped me. My users and users_roles files in said shield folder seem to indicate that there is a user named es_admin with admin permissions, so I don't see what is going on here. Any help is appreciated.
I did not modify it; the shield folder exists but whenever I add a user with the command described above, it does not update the users or users_roles file with any new information.
Okay, this kind of working now for some reason. Not exactly sure what happened or changed... I just recopied /etc/elasticsearch/shield into my config folder (/opt/elasticsearch-2.3.3/config/), and then got some error about not being able to access config files. Then in elasticsearch.yml, I explicitly set path.conf: /etc/elasticsearch/.
Now, the users defined in both /opt/elasticsearch-2.3.3/config/shield/users and /etc/elasticsearch/shield/users are able to be authenticated by shield. However, if I try to add a new user using the "useradd" command, only /etc/elasticsearch/shield/users updates, and this new user isn't recognized.
Now I deleted the config folder entirely from /opt/elasticsearch-2.3.3/config/shield/users, and everything works fine! I am able to add new users and access the protected Elasticsearch URL. I guess changing the path.conf in elasticsearch.yml is what did the trick?
What RPM did you install? The official one does not install in /opt. By default for a RPM install, Shield will expect the config directory to be /etc/elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.