ElasticSearch crashed from a user query and the main superuser elastic is now not able to authenticate

jcheeks5281 · July 22, 2022, 9:54pm

A query was ran from another tool that caused the whole ElasticSearch version 7.1 to lose authentication with the main user elastic. How can the elastic user be reset for the main elastic user? I already tried the password setup again but it's not able to rotate since it's been changed once. The setup underneath is xpack security.

/opt/elasticsearch/bin/elasticsearch-setup-passwords interactive -u

Failed to authenticate user 'elastic' against http://myhostnames:9200/_security/_authenticate?pretty
Possible causes include:
 * The password for the 'elastic' user has already been changed on this cluster
 * Your elasticsearch node is running against a different keystore
   This tool used the keystore at /opt/elasticsearch/config/elasticsearch.keystore

system · July 22, 2022, 9:54pm

ElasticSearch version 7.1 is EOL and no longer supported. Please upgrade ASAP.

(This is an automated response from your friendly Elastic bot. Please report this post if you have any suggestions or concerns )

warkolm · July 24, 2022, 10:30pm

That seems pretty odd.

The first thing you should do is upgrade, 7.1 is very very old.

TimV · July 25, 2022, 7:01am

Whatever the trigger was, it has probably caused some or all of your indices to be unavailable in the cluster. That could mean a node is offline, or a disk was filled, or something else.

Really the first think to do is to look at your Elasticsearch logs.

system · August 22, 2022, 7:02am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.