Hi,
I am starting a fresh installation of elasticsearch on RPM using the instruction here. I got to step 6, and it doesn't seem to work:
[root@es-hscore1 elasticsearch]# curl --cacert /etc/elasticsearch/certs/http_ca.crt -u elastic:$$ELASTIC_PASSWORD https://localhost:9200
{"error":{"root_cause":[{"type":"security_exception","reason":"unable to authenticate user [elastic] for REST request [/]","header":{"WWW-Authenticate":["Bearer realm="security"","ApiKey","Basic realm="security", charset="UTF-8""]}}],"type":"security_exception","reason":"unable to authenticate user [elastic] for REST request [/]","header":{"WWW-Authenticate":["Bearer realm="security"","ApiKey","Basic realm="security", charset="UTF-8""]}},"status":401}
and I am not sure how to find my elastic user password, since this was installed via systemctl.
- The node is up per systemctl reference:
[root@es-hscore1 bin]# systemctl status elasticsearch
● elasticsearch.service - Elasticsearch
Loaded: loaded (/usr/lib/systemd/system/elasticsearch.service; disabled; p>
Active: active (running) since Mon 2025-05-05 14:58:37 EDT; 7min ago
Docs: https://www.elastic.co
Main PID: 42170 (java)
Tasks: 81 (limit: 23145)
Memory: 2.2G
CPU: 1min 28.783s
CGroup: /system.slice/elasticsearch.service
├─42170 /usr/share/elasticsearch/jdk/bin/java -Xms4m -Xmx64m -XX:+>
├─42232 /usr/share/elasticsearch/jdk/bin/java -Des.networkaddress.>
└─42252 /usr/share/elasticsearch/modules/x-pack-ml/platform/linux->
May 05 14:57:46 es-hscore1 systemd[1]: Starting Elasticsearch...
May 05 14:58:37 es-hscore1 systemd[1]: Started Elasticsearch.
elasticsearch.yml settings:
cluster.name: prod-elk-cluster
#
# ------------------------------------ Node ------------------------------------
#
# Use a descriptive name for the node:
#
node.name: es-hscore1
#
# Add custom attributes to the node:
#
node.attr.rack: r2
node.roles: [ master, data_hot ]
#
# ----------------------------------- Paths ------------------------------------
#
# Path to directory where to store the data (separate multiple locations by comma):
#
path.data: /var/lib/elasticsearch
#
# Path to log files:
#
path.logs: /var/log/elasticsearch
network.host: 0.0.0.0
#
# By default Elasticsearch listens for HTTP traffic on the first free port it
# finds starting at 9200. Set a specific HTTP port here:
#
http.port: 9200
xpack.security.enabled: true
xpack.security.enrollment.enabled: true
# Enable encryption for HTTP API client connections, such as Kibana, Logstash, and Agents
xpack.security.http.ssl:
enabled: true
keystore.path: certs/http.p12
# Enable encryption and mutual authentication between cluster nodes
xpack.security.transport.ssl:
enabled: true
verification_mode: certificate
keystore.path: certs/transport.p12
truststore.path: certs/transport.p12
# Create a new cluster with the current node only
# Additional nodes can still join the cluster later
cluster.initial_master_nodes: ["es-hscore1"]
# Allow HTTP API connections from anywhere
# Connections are encrypted and require user authentication
http.host: 0.0.0.0
# Allow other nodes to join the cluster from anywhere
# Connections are encrypted and mutually authenticated
transport.host: 0.0.0.0
Did I do something wrong with my installation process? Is there somewhere I missed that the elastic user's password should be?
Version info:
Version: 8.18.0, Build: rpm/04e979aa50b657bebd4a0937389308de82c2bdad/2025-04-10T10:09:16.444104780Z, JVM: 24