ElasticSearch crashed from a user query and the main superuser elastic is now not able to authenticate

A query was ran from another tool that caused the whole ElasticSearch version 7.1 to lose authentication with the main user elastic. How can the elastic user be reset for the main elastic user? I already tried the password setup again but it's not able to rotate since it's been changed once. The setup underneath is xpack security.

/opt/elasticsearch/bin/elasticsearch-setup-passwords interactive -u

Failed to authenticate user 'elastic' against http://myhostnames:9200/_security/_authenticate?pretty
Possible causes include:
 * The password for the 'elastic' user has already been changed on this cluster
 * Your elasticsearch node is running against a different keystore
   This tool used the keystore at /opt/elasticsearch/config/elasticsearch.keystore

ElasticSearch version 7.1 is EOL and no longer supported. Please upgrade ASAP.

(This is an automated response from your friendly Elastic bot. Please report this post if you have any suggestions or concerns :elasticheart: )

That seems pretty odd.

The first thing you should do is upgrade, 7.1 is very very old.

Whatever the trigger was, it has probably caused some or all of your indices to be unavailable in the cluster. That could mean a node is offline, or a disk was filled, or something else.

Really the first think to do is to look at your Elasticsearch logs.

1 Like