Elasticsearch 7.17 suddenly prevents login

eastdrive · July 12, 2023, 4:13pm

I installed elasticsearch 7.17.11 from the artifacts.elastic.co repo with security, on a fresh Ubuntu 20.04.6 node a couple of days ago, for a Magento 2.4.5-p3 store. It worked fine, certainly allowed me to connect remotely with elastic/password.

Now, all of a sudden, elastic is not letting me connect:

{
  "error" : {
    "root_cause" : [
      {
        "type" : "security_exception",
        "reason" : "unable to authenticate user [elastic] for REST request [/_cat/health?v&pretty]",
        "header" : {
          "WWW-Authenticate" : "Basic realm=\"security\" charset=\"UTF-8\""
        }
      }
    ],
    "type" : "security_exception",
    "reason" : "unable to authenticate user [elastic] for REST request [/_cat/health?v&pretty]",
    "header" : {
      "WWW-Authenticate" : "Basic realm=\"security\" charset=\"UTF-8\""
    }
  },
  "status" : 401
}

Does anyone know why this would suddenly happen?

dadoonet · July 12, 2023, 4:32pm

Welcome!

It looks like the login/password are not matching or are not passed to the API call?

eastdrive · July 12, 2023, 5:11pm

Thank you very much for your response.

They're the same credentials that worked yesterday.

I'm trying from the command line on another machine, exactly as yesterday:

curl -XGET 'elastic-server-ip:9200/_cat/health?v&pretty' --user "elastic:the-same-password-as-yesterday"

If I log into the search server, it is reporting that the node is still up:

$ systemctl status elasticsearch.service
● elasticsearch.service - Elasticsearch
     Loaded: loaded (/lib/systemd/system/elasticsearch.service; enabled; vendor preset: enabled)
     Active: active (running) since Wed 2023-07-12 16:53:12 BST; 1h 15min ago
       Docs: https://www.elastic.co
   Main PID: 1533 (java)
      Tasks: 51 (limit: 19660)
     Memory: 2.2G
     CGroup: /system.slice/elasticsearch.service
             ├─1533 /usr/share/elasticsearch/jdk/bin/java -Xshare:auto -Des.networkaddress.cache.ttl=60 -Des.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=>
             └─1683 /usr/share/elasticsearch/modules/x-pack-ml/platform/linux-x86_64/bin/controller

Jul 12 16:52:22 dedivps-124849.dedicloud.co.uk systemd[1]: Starting Elasticsearch...
Jul 12 16:53:12 dedivps-124849.dedicloud.co.uk systemd[1]: Started Elasticsearch.

Could this be something as simple as an out-of-memory issue?

dadoonet · July 12, 2023, 5:27pm

Could you please share the Elasticsearch logs?

eastdrive · July 12, 2023, 6:35pm

Hi there.

I decided to bite the bullet, reinstall and run elasticsearch-setup-passwords auto again, and now I can connect.

Thanks again for your help, @dadoonet

system · August 9, 2023, 6:36pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.