Elasticsearch-setup-passwords interactive batch


I'm using elasticsearch 7.3.1 and I am automating my deployment of elasticsearch with ansible. This involves managing users and their passwords (elastic, kibana etc.)
I'm using file realm and nothing else (no native realm nothing else) since it fits my needs and it's easy with ansible to manage files on all nodes. Everything is ok with
bin/elasticsearch-users useradd user -p password -r role
bin/elasticsearch-users passwd user -p password
but it's not working for elastic user :frowning: so I turn to setup-passwords but I'm having issues with "elasticsearch-setup-passwords": The script allows an auto or interactive and -b, --batch If enabled, run the change password process without prompting the user..

 [root@tsmlmfetruesl01 elasticsearch]# bin/elasticsearch-setup-passwords interactive -b
 Enter password for [elastic]: ^C
 [root@tsmlmfetruesl01 elasticsearch]# printf "elastic" | bin/elasticsearch-setup-passwords interactive -b
 Exception in thread "main" java.lang.IllegalStateException: unable to read from standard input; is standard input open and a tty attached?
    at org.elasticsearch.cli.Terminal$SystemTerminal.readText(Terminal.java:173)
  1. How exactly should this batch mode be used if I only want to change/reset the elastic password ?

  2. What is the purpose of having standard elastic setting or X-Pack in setup-password script -E <KeyValuePair> Configure a setting?

  3. If I manually change the elastic password with
    elasticsearch-setup-password auto
    I can no longer change the elastic password like this:
    How to set passwords for built-in users in batch mode?

    [root@tsmlmfetruesl01 elasticsearch]# systemctl stop elasticsearch.service
    [root@tsmlmfetruesl01 elasticsearch]# bin/elasticsearch-keystore add bootstrap.password
    Setting bootstrap.password already exists. Overwrite? [y/N]y
    Enter value for bootstrap.password:
    [root@tsmlmfetruesl01 elasticsearch]# systemctl start elasticsearch.service

Wait for elasticsearch instance on that node to be up and If I do a curl with the new password from keystore it does not work. But the curl works with the old password.
So if for some reason someone changes the elastic password I am unable to reset it.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.