I am setting up Elasticsearch version 7.17.11 on Ubuntu 20.04. It will be a single instance of Elasticsearch but I will have separate instances for Kibana and Logstash. I am trying to recreate our setup in another cloud project without using a cluster for Elasticsearch and those settings are the only differences from a working build as far as I am aware.
This is the error when I run the bin/elasticsearch-setup-passwords tool:
Failed to authenticate user 'elastic' against https://localhost:9200/_security/_authenticate?pretty
Possible causes include:
* The password for the 'elastic' user has already been changed on this cluster
* Your elasticsearch node is running against a different keystore
This tool used the keystore at /etc/elasticsearch/elasticsearch.keystore
ERROR: Failed to verify bootstrap password
The keystore does appear to be at /etc/elasticsearch/elasticsearch.keystore. The password cannot have been already changed because I create a new instance with Terraform every time and run an Ansible playbook against it.
Any help is appreciated: I have read all of the related Elastic documentation I am aware of that relates and I am stuck and cannot find anything online.
Curious Do you have a keystore somewhere in /usr/share/elasticsearch
Opster_support
(Elasticsearch community support @ Opster)
3
Not entirely sure but the error message you're seeing suggests that the 'elastic' user cannot authenticate against the Elasticsearch instance. This could be due to a few reasons, but let's start with the most common ones:
The password for the 'elastic' user has already been changed: You mentioned that you create a new instance every time, so this is unlikely to be the issue. However, it's worth double-checking to make sure that no scripts or processes are changing the password before you run the elasticsearch-setup-passwords tool.
The Elasticsearch node is running against a different keystore: This could be the issue if your Elasticsearch instance is not using the keystore at /etc/elasticsearch/elasticsearch.keystore. You can verify this by checking the elasticsearch.yml configuration file and making sure that the xpack.security.http.ssl.key and xpack.security.http.ssl.certificate paths are correct.
Incorrect SSL configuration: Your elasticsearch.yml file shows that you have SSL enabled for both the transport and HTTP layers. If the SSL certificates or keys are incorrect or not properly configured, this could prevent the 'elastic' user from authenticating. You can verify the SSL configuration by checking the certificate paths in the elasticsearch.yml file and making sure that the certificates and keys are correctly generated and placed in the specified paths.
Network or firewall issues: If your Elasticsearch instance is not accessible at localhost:9200 due to network or firewall issues, this could also prevent the 'elastic' user from authenticating. You can test this by trying to access Elasticsearch at localhost:9200 from the machine where you're running the elasticsearch-setup-passwords tool.
If none of the above suggestions resolve the issue, you might want to consider enabling debug logging for the security module to get more detailed information about the authentication failure. You can do this by adding the following line to your log4j2.properties file:
After making this change, restart Elasticsearch and try running the elasticsearch-setup-passwords tool again. The debug logs should provide more information about why the 'elastic' user cannot authenticate.
disclaimer I also used opsgpt.io to write part of this answer
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.