Elasticsearch-setup-passwords fails with JsonParseException

xcitan · June 25, 2019, 2:18pm

Hi,

i would like to enable security in my cluster with elasticsearch 7.1.1.
If i execute "elasticsearch-setup-passwords auto" for generating passwords for the built-in users i get the following error:

/usr/share/elasticsearch/bin# ./elasticsearch-setup-passwords auto
Exception in thread "main" ElasticsearchParseException[Failed to parse content to map]; nested: JsonParseException[Unexpected character ('<' (code 60)): expected a valid value (number, String, array, object, 'true', 'false' or 'null')
 at [Source: java.io.StringReader@241e8ea6; line: 1, column: 2]];
        at org.elasticsearch.common.xcontent.XContentHelper.convertToMap(XContentHelper.java:131)
        at org.elasticsearch.xpack.security.authc.esnative.tool.HttpResponse$HttpResponseBuilder.withResponseBody(HttpResponse.java:55)
        at org.elasticsearch.xpack.security.authc.esnative.tool.SetupPasswordTool$SetupCommand.responseBuilder(SetupPasswordTool.java:538)
        at org.elasticsearch.xpack.security.authc.esnative.tool.SetupPasswordTool$SetupCommand.lambda$checkElasticKeystorePasswordValid$1(SetupPasswordTool.java:300)
        at org.elasticsearch.xpack.security.authc.esnative.tool.CommandLineHttpClient.execute(CommandLineHttpClient.java:126)
        at org.elasticsearch.xpack.security.authc.esnative.tool.SetupPasswordTool$SetupCommand.checkElasticKeystorePasswordValid(SetupPasswordTool.java:299)
        at org.elasticsearch.xpack.security.authc.esnative.tool.SetupPasswordTool$AutoSetup.execute(SetupPasswordTool.java:129)
        at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86)
        at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124)
        at org.elasticsearch.cli.MultiCommand.execute(MultiCommand.java:77)
        at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124)
        at org.elasticsearch.cli.Command.main(Command.java:90)
        at org.elasticsearch.xpack.security.authc.esnative.tool.SetupPasswordTool.main(SetupPasswordTool.java:107)
Caused by: com.fasterxml.jackson.core.JsonParseException: Unexpected character ('<' (code 60)): expected a valid value (number, String, array, object, 'true', 'false' or 'null')
 at [Source: java.io.StringReader@241e8ea6; line: 1, column: 2]
        at com.fasterxml.jackson.core.JsonParser._constructError(JsonParser.java:1702)
        at com.fasterxml.jackson.core.base.ParserMinimalBase._reportError(ParserMinimalBase.java:558)
        at com.fasterxml.jackson.core.base.ParserMinimalBase._reportUnexpectedChar(ParserMinimalBase.java:456)
        at com.fasterxml.jackson.core.json.ReaderBasedJsonParser._handleOddValue(ReaderBasedJsonParser.java:1906)
        at com.fasterxml.jackson.core.json.ReaderBasedJsonParser.nextToken(ReaderBasedJsonParser.java:749)
        at org.elasticsearch.common.xcontent.json.JsonXContentParser.nextToken(JsonXContentParser.java:52)
        at org.elasticsearch.common.xcontent.support.AbstractXContentParser.readMap(AbstractXContentParser.java:336)
        at org.elasticsearch.common.xcontent.support.AbstractXContentParser.readMap(AbstractXContentParser.java:309)
        at org.elasticsearch.common.xcontent.support.AbstractXContentParser.map(AbstractXContentParser.java:264)
        at org.elasticsearch.common.xcontent.XContentHelper.convertToMap(XContentHelper.java:129)
        ... 12 more

Can someone support here please.

KR
Chris

jpcarey · June 25, 2019, 6:21pm

I'd assume the rest request is not returning JSON, which would be rather odd. Trying hitting the endpoint directly with curl to see what the real response is, I'd assume it is not from elasticsearch.

You can use something like this:

curl -v -X POST "localhost:9200/_security/user/elastic/_password" -H 'Content-Type: application/json' -d'{"password" : "s3cr3t"}'

https://www.elastic.co/guide/en/elasticsearch/reference/7.1/security-api-change-password.html#_examples_80

xcitan · July 1, 2019, 12:59pm

hi,
thanks for your response.
I could change the passwords manually via curl.
But still wondering why the script doesn´t work.

KR
Chris

ikakavas · July 1, 2019, 2:27pm

One usually runs elasticsearch-setup-passwords in order to initially set the password for the internal users (elastic being one of them ) . I'm curious as to how changed the password of the elastic user when there was no user you could use to authenticate as.

Other than that, I think @jpcarey was spot on in his assumption.

Is there any proxy in your environment ?

Keep in mind that elasticsearch-setup-passwords is using the configuration from elasticsearch.yml to determine where to send the requests to set the passwords so incorrect values for http.publish_host or network.publish_host would also affect the tool's ability to set the passwords.

Can you share some more details, like what does your configuration looks like, and how did you change the password via curl ( the exact command ) ?

system · July 29, 2019, 2:28pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to set passwords for built-in users in batch mode? Elasticsearch	12	14577	April 9, 2018
ElasticSearch.Net Bulk - JsonParseException[Unexpected character (',' (code 44)): Elasticsearch	5	13492	July 5, 2017
Elasticsearch password set error in both auto and interactive Elasticsearch elastic-stack-security	3	906	February 14, 2022
Setup-Passwords script fails when ssl.keystore.password is not set Elasticsearch	4	3897	March 7, 2018
Error when try to configure password with keystore using elasticsearch 7 Elasticsearch elastic-stack-alerting	2	536	September 30, 2019

Elasticsearch-setup-passwords fails with JsonParseException

Related topics