Bootstrap.password not working

MorgenComm · July 31, 2020, 4:58pm

Hi,

I'm trying to setup a new cluster with the official Ansible playbook, which I have done in previous versions 7.7 okay. However I'm trying to create another test cluster on 7.8.1 with security enabled, and the basic licence and hitting a bit of a roadblock.

The bootstrap.password is getting set correctly in the keystore with the correct password and when I manually list the contents of the keystore I can see bootstrap.password, and keystore.seed. When I try to access the elastic user via the HTTP API via the /_cluster/health endpoint I get a 401 response. The only logs are:
Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]

I can however use the elasticsearch-setup-passwords utility to set the passwords manually, but I'd like the initial setup to be automated using the bootstrap.password.

Here is my elasticsearch.yml

    cluster.initial_master_nodes:
    - test-01
    - test-02
    cluster.name: logging-test
    discovery.seed_hosts:
    - test-01
    - test-02
    http.port: 9200
    logger._root: debug
    network.host: test-02
    node.data: true
    node.ingest: true
    node.master: true
    node.name: test-02
    transport.port: 9300
    xpack.monitoring.collection.enabled: true
    xpack.security.authc.realms:
      native:
    native1:
      order: 0
    xpack.security.http.ssl.certificate: /etc/elasticsearch/certs/test-02.crt
    xpack.security.http.ssl.certificate_authorities: /etc/elasticsearch/certs/elasticCA.crt
    xpack.security.http.ssl.enabled: false
    xpack.security.http.ssl.key: /etc/elasticsearch/certs/test-02.key
    xpack.security.http.ssl.key_passphrase: removed
    xpack.security.transport.ssl.certificate: /etc/elasticsearch/certs/test-02.crt
    xpack.security.transport.ssl.certificate_authorities: /etc/elasticsearch/certs/elasticCA.crt
    xpack.security.transport.ssl.enabled: true
    xpack.security.transport.ssl.key: /etc/elasticsearch/certs/test-02.key
    xpack.security.transport.ssl.key_passphrase: removed
    xpack.security.transport.ssl.verification_mode: none




    #################################### Paths ####################################

    # Path to directory containing configuration (this file and logging.yml):

    path.data: /var/lib/elasticsearch

    path.logs: /var/log/elasticsearch


    action.auto_create_index: true

    xpack.security.enabled: true

MorgenComm · July 31, 2020, 7:39pm

I managed to fix this by removing the xpack.security.authc.realms setting as I don't need it for my basic instance. I'm not really sure why this works, however I tried adding the file realm to no effect. I tried adding a "reserved" realm but then Elastic wouldn't start so I'm not sure what the correct fix is here if it was required.

system · August 28, 2020, 7:39pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Elastic xpack security Elasticsearch	3	8556	December 24, 2017
After X-pack Installation : Failed to authenticate user [elastic] Elasticsearch elastic-stack-security	7	12388	April 17, 2020
In which conditions does bootstrap.password actually work? Elasticsearch	1	588	January 7, 2022
ERROR: Failed to determine the health of the cluster when initial password setting Elasticsearch	6	614	November 20, 2022
Elastic bootstrap password not picked up by second cluster member Elasticsearch elastic-stack-security	1	339	September 23, 2020

Bootstrap.password not working

Related topics