Elasticsearch-setup-passwords fails with JsonParseException

xcitan · June 25, 2019, 2:18pm

Hi,

i would like to enable security in my cluster with elasticsearch 7.1.1.
If i execute "elasticsearch-setup-passwords auto" for generating passwords for the built-in users i get the following error:

/usr/share/elasticsearch/bin# ./elasticsearch-setup-passwords auto
Exception in thread "main" ElasticsearchParseException[Failed to parse content to map]; nested: JsonParseException[Unexpected character ('<' (code 60)): expected a valid value (number, String, array, object, 'true', 'false' or 'null')
 at [Source: java.io.StringReader@241e8ea6; line: 1, column: 2]];
        at org.elasticsearch.common.xcontent.XContentHelper.convertToMap(XContentHelper.java:131)
        at org.elasticsearch.xpack.security.authc.esnative.tool.HttpResponse$HttpResponseBuilder.withResponseBody(HttpResponse.java:55)
        at org.elasticsearch.xpack.security.authc.esnative.tool.SetupPasswordTool$SetupCommand.responseBuilder(SetupPasswordTool.java:538)
        at org.elasticsearch.xpack.security.authc.esnative.tool.SetupPasswordTool$SetupCommand.lambda$checkElasticKeystorePasswordValid$1(SetupPasswordTool.java:300)
        at org.elasticsearch.xpack.security.authc.esnative.tool.CommandLineHttpClient.execute(CommandLineHttpClient.java:126)
        at org.elasticsearch.xpack.security.authc.esnative.tool.SetupPasswordTool$SetupCommand.checkElasticKeystorePasswordValid(SetupPasswordTool.java:299)
        at org.elasticsearch.xpack.security.authc.esnative.tool.SetupPasswordTool$AutoSetup.execute(SetupPasswordTool.java:129)
        at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86)
        at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124)
        at org.elasticsearch.cli.MultiCommand.execute(MultiCommand.java:77)
        at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124)
        at org.elasticsearch.cli.Command.main(Command.java:90)
        at org.elasticsearch.xpack.security.authc.esnative.tool.SetupPasswordTool.main(SetupPasswordTool.java:107)
Caused by: com.fasterxml.jackson.core.JsonParseException: Unexpected character ('<' (code 60)): expected a valid value (number, String, array, object, 'true', 'false' or 'null')
 at [Source: java.io.StringReader@241e8ea6; line: 1, column: 2]
        at com.fasterxml.jackson.core.JsonParser._constructError(JsonParser.java:1702)
        at com.fasterxml.jackson.core.base.ParserMinimalBase._reportError(ParserMinimalBase.java:558)
        at com.fasterxml.jackson.core.base.ParserMinimalBase._reportUnexpectedChar(ParserMinimalBase.java:456)
        at com.fasterxml.jackson.core.json.ReaderBasedJsonParser._handleOddValue(ReaderBasedJsonParser.java:1906)
        at com.fasterxml.jackson.core.json.ReaderBasedJsonParser.nextToken(ReaderBasedJsonParser.java:749)
        at org.elasticsearch.common.xcontent.json.JsonXContentParser.nextToken(JsonXContentParser.java:52)
        at org.elasticsearch.common.xcontent.support.AbstractXContentParser.readMap(AbstractXContentParser.java:336)
        at org.elasticsearch.common.xcontent.support.AbstractXContentParser.readMap(AbstractXContentParser.java:309)
        at org.elasticsearch.common.xcontent.support.AbstractXContentParser.map(AbstractXContentParser.java:264)
        at org.elasticsearch.common.xcontent.XContentHelper.convertToMap(XContentHelper.java:129)
        ... 12 more

Can someone support here please.

KR
Chris

jpcarey · June 25, 2019, 6:21pm

I'd assume the rest request is not returning JSON, which would be rather odd. Trying hitting the endpoint directly with curl to see what the real response is, I'd assume it is not from elasticsearch.

You can use something like this:

curl -v -X POST "localhost:9200/_security/user/elastic/_password" -H 'Content-Type: application/json' -d'{"password" : "s3cr3t"}'

https://www.elastic.co/guide/en/elasticsearch/reference/7.1/security-api-change-password.html#_examples_80

xcitan · July 1, 2019, 12:59pm

hi,
thanks for your response.
I could change the passwords manually via curl.
But still wondering why the script doesn´t work.

KR
Chris

ikakavas · July 1, 2019, 2:27pm

One usually runs elasticsearch-setup-passwords in order to initially set the password for the internal users (elastic being one of them ) . I'm curious as to how changed the password of the elastic user when there was no user you could use to authenticate as.

Other than that, I think @jpcarey was spot on in his assumption.

Is there any proxy in your environment ?

Keep in mind that elasticsearch-setup-passwords is using the configuration from elasticsearch.yml to determine where to send the requests to set the passwords so incorrect values for http.publish_host or network.publish_host would also affect the tool's ability to set the passwords.

Can you share some more details, like what does your configuration looks like, and how did you change the password via curl ( the exact command ) ?

system · July 29, 2019, 2:28pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.