Elasticsearch, which path for elasticsearch.keystore is used?

I'm trying to understand why I get 401 after initializing a new instance (goal to have multiple instances on one machine).

Steps taken:

  • created a elasticsearch.keystore
  • add the bootstrap.password successfully, with cat ~/.elk.secret | /opt/elasticsearch/bin/elasticsearch-keystore add -x 'bootstrap.password'
  • Since I've multiple instances running, I move it in the new conf directory

but now I get 401:

 curl -X GET 'https://elastic:myFancyPass@myServer:9200/_cluster/health?pretty' -k
{
  "error" : {
    "root_cause" : [
      {
        "type" : "security_exception",
        "reason" : "unable to authenticate user [elastic] for REST request [/_cluster/health?pretty]",
        "header" : {
          "WWW-Authenticate" : [
            "Bearer realm=\"security\"",
            "ApiKey",
            "Basic realm=\"security\" charset=\"UTF-8\""
          ]
        }
      }
    ],
    "type" : "security_exception",
    "reason" : "unable to authenticate user [elastic] for REST request [/_cluster/health?pretty]",
    "header" : {
      "WWW-Authenticate" : [
        "Bearer realm=\"security\"",
        "ApiKey",
        "Basic realm=\"security\" charset=\"UTF-8\""
      ]
    }
  },
  "status" : 401
}

My understanding is that this error can be caused by two things:

  • wrong password (which I doubt it's my case)
  • wrong elasticsearch.file

How do I find which elasticsearch.keystore it is loading?

Running rootLogger.level = debug didn't help. I feel it would be great getting a confirmation such as /opt/elasticsearch/instance2/conf/elasticsearch.keystore

How are you installing elasticsearch ? The keystore is picked up from $ES_PATH_CONF which defaults to $ES_HOME/config

When you start up your node, you'll see a line similar to

[2020-10-21T22:21:59,947][INFO ][o.e.n.Node               ] [cecilia] JVM arguments

which contains an -Des.path.conf= that should point to the dir where your keystore is read from.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.