Elasticsearch

Elastic Stack Elasticsearch
1

HI I I want to run the container of elasticsearch :
i use this command
docker run --name es01 --net elastic -p 9200:9200 -it docker.elastic.co/elasticsearch/elasticsearch:8.2.3
and this :
docker cp es01:/usr/share/elasticsearch/config/certs/http_ca.crt .
but when i try this command i have an error :
curl --cacert http_ca.crt -u elastic https://localhost:9200
the error :
Invoke-WebRequest : Parameter cannot be processed because the parameter name 'u' is ambiguous. Possible matches include: -UseBasicParsing -Uri -UseDefaultCredentials
-UserAgent.
At line:1 char:27

  • curl --cacert http_ca.crt -u elastic https://localhost:9200
    • CategoryInfo : InvalidArgument: (:slight_smile: [Invoke-WebRequest], ParameterBindingException
    • FullyQualifiedErrorId : AmbiguousParameter,Microsoft.PowerShell.Commands.InvokeWebRequestCommand
2

Where are trying this command?

Can you provide more context about this? Are you on Windows? This looks like an error from PowerShell.

If I'm not wrong this is not really curl, it is an alias in PowerShell to Invoke-WebRequest, so your curl command will not work as expected for a Linux system.

Your error does not seem to be related to Elasticsearch, try to open https://localhost:9200 on a web browser to test the connection.

3

yes I am in windows 11
I use this command to verify that I can connect to my Elasticsearch cluster
when I go to my browser with this url https://localhost:9200
that what I have :
This page isn’t working

localhost didn’t send any data.

ERR_EMPTY_RESPONSE

4

I use powershell

5

when i use the command prompt :
curl --cacert http_ca.crt -u elastic https://localhost:9200
Enter host password for user 'elastic':
curl: (60) schannel: CertGetCertificateChain trust error CERT_TRUST_REVOCATION_STATUS_UNKNOWN
More details here: curl - SSL CA Certificates

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

6

In the --cacert option you need to pass the CA used to create the certificate, not the certificate.

You can try using -k to ignore validation.

So, this would mean that your Elasticsearch is not running or it is not using https, you need to check the logs in the container and share your elasticsearch.yml.

7

that what I have when i try -k
curl -k --cacert http_ca.crt -u elastic https://localhost:9200
Enter host password for user 'elastic':
{"error":{"root_cause":[{"type":"security_exception","reason":"unable to authenticate user [elastic] for REST request [/]","header":{"WWW-Authenticate":["Basic realm="security" charset="UTF-8"","Bearer realm="security"","ApiKey"]}}],"type":"security_exception","reason":"unable to authenticate user [elastic] for REST request [/]","header":{"WWW-Authenticate":["Basic realm="security" charset="UTF-8"","Bearer realm="security"","ApiKey"]}},"status":401}

8

the elasticsearch.yml

cluster.name: "docker-cluster"
network.host: 0.0.0.0

#----------------------- BEGIN SECURITY AUTO CONFIGURATION -----------------------

The following settings, TLS certificates, and keys have been automatically

generated to configure Elasticsearch security features on 10-04-2023 12:03:09

--------------------------------------------------------------------------------

Enable security features

xpack.security.enabled: true

xpack.security.enrollment.enabled: true

Enable encryption for HTTP API client connections, such as Kibana, Logstash, and Agents

xpack.security.http.ssl:
enabled: true
keystore.path: certs/http.p12

Enable encryption and mutual authentication between cluster nodes

xpack.security.transport.ssl:
enabled: true
verification_mode: certificate
keystore.path: certs/transport.p12
truststore.path: certs/transport.p12

Create a new cluster with the current node only

Additional nodes can still join the cluster later

cluster.initial_master_nodes: ["3af68865a2b2"]

#----------------------- END SECURITY AUTO CONFIGURATION -------------------------

9

You got an error 401, it is an authentication error, check the username or password, one of them is wrong.

10

i copie the password that i have when i run elasticsearch

11

i still have the some problem : C:\Windows\System32>curl -k --cacert http_ca.crt -u elastic https://localhost:9200
Enter host password for user 'elastic':
{"error":{"root_cause":[{"type":"security_exception","reason":"unable to authenticate user [elastic] for REST request [/]","header":{"WWW-Authenticate":["Basic realm="security" charset="UTF-8"","Bearer realm="security"","ApiKey"]}}],"type":"security_exception","reason":"unable to authenticate user [elastic] for REST request [/]","header":{"WWW-Authenticate":["Basic realm="security" charset="UTF-8"","Bearer realm="security"","ApiKey"]}},"status":401}

12

The error is still the same, an authentication error, the user or password is wrong.

The password is probably wrong, you can reset it following these instructions, you basically will need to run the following command from inside the elasticsearch container:

/usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic
13

yes i do that but i have the some error
docker exec -it es01 /usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic
WARNING: Owner of file [/usr/share/elasticsearch/config/users] used to be [root], but now is [elasticsearch]
WARNING: Owner of file [/usr/share/elasticsearch/config/users_roles] used to be [root], but now is [elasticsearch]
This tool will reset the password of the [elastic] user to an autogenerated value.
The password will be printed in the console.
Please confirm that you would like to continue [y/N]y

Password for the [elastic] user successfully reset.
New value: gQSM18jqz*0jgmyMajKF

C:\Windows\System32>curl --cacert http_ca.crt -u elastic https://localhost:9200
Enter host password for user 'elastic':
curl: (60) schannel: CertGetCertificateChain trust error CERT_TRUST_REVOCATION_STATUS_UNKNOWN
More details here: curl - SSL CA Certificates

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

14

This was explained before, you need to use the -k parameter.

15

yes i add -k but nothing to change
curl -k --cacert http_ca.crt -u elastic https://localhost:9200
Enter host password for user 'elastic':
{"error":{"root_cause":[{"type":"security_exception","reason":"unable to authenticate user [elastic] for REST request [/]","header":{"WWW-Authenticate":["Basic realm="security" charset="UTF-8"","Bearer realm="security"","ApiKey"]}}],"type":"security_exception","reason":"unable to authenticate user [elastic] for REST request [/]","header":{"WWW-Authenticate":["Basic realm="security" charset="UTF-8"","Bearer realm="security"","ApiKey"]}},"status":401}

16

It is still the same authentication error, I'm not sure how I could help further, you need to check if the password is really correct.

17

I am sure that i copie the correct password

18

The server is still not accepting it, so it is not the right password.

Try to reset it again but explicitly set a simple password using the parameter -i as described in the documentation.

19

i do that but i have problem

docker exec -it es01 /usr/share/elasticsearch/bin/elasticsearch-reset-password --username user -i
This tool will reset the password of the [user] user.
You will be prompted to enter the password.
Please confirm that you would like to continue [y/N]y

Enter password for [user]:
passwords must be at least [6] characters long
Try again.
Enter password for [user]:
Re-enter password for [user]:

ERROR: Failed to reset password for the [user] user

20

Your command is wrong, you need to reset the password for the elastic user, not the user user.

You need to run this:

docker exec -it es01 /usr/share/elasticsearch/bin/elasticsearch-reset-password --username elastic -i