ERROR: Failed to determine the health of the cluster when initial password setting

I tried to set up initial password with following command and got this error message

$ ./elasticsearch-reset-password -u elasticsearch

ERROR: Failed to determine the health of the cluster.

Here is my elasticsearch.yml file

======================== Elasticsearch Configuration =========================
#
# NOTE: Elasticsearch comes with reasonable defaults for most settings.
#       Before you set out to tweak and tune the configuration, make sure you
#       understand what are you trying to accomplish and the consequences.
#
# The primary way of configuring a node is via this file. This template lists
# the most important settings you may want to configure for a production cluster.#
# Please consult the documentation for further information on configuration options:
# https://www.elastic.co/guide/en/elasticsearch/reference/index.html#
# ---------------------------------- Cluster -----------------------------------
#
# Use a descriptive name for your cluster:#
#cluster.name: aaaaaaa
#
# ------------------------------------ Node ------------------------------------
#
# Use a descriptive name for the node:
##node.name: ${HOSTNAME}
#
# Add custom attributes to the node:
#
#node.attr.rack: r1
#
# ----------------------------------- Paths ------------------------------------
#
# Path to directory where to store the data (separate multiple locations by comma):
#
path.data: /var/lib/elasticsearch
# Path to log files:
path.logs: /var/log/elasticsearch
#
# ----------------------------------- Memory -----------------------------------
# 
# Lock the memory on startup:
#
bootstrap.memory_lock: true
#
# Make sure that the heap size is set to about half the memory available
# on the system and that the owner of the process is allowed to use this
# limit.
#
# Elasticsearch performs poorly when the system is swapping the memory.
#
# ---------------------------------- Network -----------------------------------
#
# By default Elasticsearch is only accessible on localhost. Set a different
# address here to expose this node on the network:
#
#network.bind_host: 0.0.0.0
#network.publish_host: ${HOSTNAME}
network.host: ["0.0.0.0"]
#
# By default Elasticsearch listens for HTTP traffic on the first free port it
# finds starting at 9200. Set a specific HTTP port here:
#
#http.port: 9200
#
# For more information, consult the network module documentation.
#
# --------------------------------- Discovery ----------------------------------
#
# Pass an initial list of hosts to perform discovery when this node is started:
# Pass an initial list of hosts to perform discovery when this node is started:
# The default list of hosts is ["127.0.0.1", "[::1]"]
#
#discovery.seed_hosts:  - ${HOSTNAME}
discovery.type: single-node
#
# Bootstrap the cluster using an initial set of master-eligible nodes:
#
#cluster.initial_master_nodes:  - ${HOSTNAME}
#
# For more information, consult the discovery and cluster formation module documentation.
#
# --------------------------------- Readiness ----------------------------------
#
# Enable an unauthenticated TCP readiness endpoint on localhost
#
#readiness.port: 9399
#
# ---------------------------------- Various -----------------------------------
#
# Allow wildcard deletion of indices:
#
#action.destructive_requires_name: false

#----------------------- BEGIN SECURITY AUTO CONFIGURATION -----------------------
#
# The following settings, TLS certificates, and keys have been automatically
# generated to configure Elasticsearch security features on 22-10-2022 08:48:06
#
# --------------------------------------------------------------------------------

# Enable security features
xpack.security.enabled: true

xpack.security.enrollment.enabled: true

# Enable encryption for HTTP API client connections, such as Kibana, Logstash, and Agents
xpack.security.http.ssl:
  enabled: true
  keystore.path: certs/http.p12

# Enable encryption and mutual authentication between cluster nodes
xpack.security.transport.ssl:
  enabled: true
  verification_mode: certificate
  keystore.path: certs/transport.p12
  truststore.path: certs/transport.p12
# Create a new cluster with the current node only
# Additional nodes can still join the cluster later
# cluster.initial_master_nodes: ["aaaaaaaaa"]

# Allow HTTP API connections from anywhere
# Connections are encrypted and require user authentication
http.host: 0.0.0.0

# Allow other nodes to join the cluster from anywhere
# Connections are encrypted and mutually authenticated
#transport.host: 0.0.0.0

#----------------------- END SECURITY AUTO CONFIGURATION -------------------------

Hi @tmdgk490255 Welcome to the community

Is elasticsearch running? It needs to be.

No I tried to run ES with following command but it turns out I have to set up elasticsearch password first

sudo systemctl start elasticsearch

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

    #1) Respect the privacy of others.
    #2) Think before you type.
    #3) With great power comes great responsibility.

[sudo] password for elasticsearch:

then I tried to set up elasticsearch password and I got the error so I uploaded this post

and also I tried this command without 'sudo' and got the error too

systemctl start elasticsearch
Failed to start elasticsearch.service: The name org.freedesktop.PolicyKit1 was not provided by any .service files
See system logs and 'systemctl status elasticsearch.service' for details.

So when you run sudo it's asking for your password not elasticsearch password.

1 Like

oh that was stupid.. thanks for answering

plus actually I was trying to install bootstrap node on ec2 instance which is same case on the post

I tried to set bootstrap.password with this command

printf "mypassword" | sudo /usr/share/elasticsearch/bin/elasticsearch-keystore add "bootstrap.password" -x

and got this error message

ERROR: will not overwrite keystore at [/etc/elasticsearch/elasticsearch.keystore], because this incurs changing the file owner 

How can I set my bootstrap.password? otherwise is it set by ./elasticsearch-reset-password -u elasticsearch command on bootstrap ec2 instance, not by sudo /usr/share/elasticsearch/bin/elasticsearch-keystore add "bootstrap.password" -x?

Apologies I am not sure what you mean.

You don't set or need to know the bootstrap password.

If you just follow the normal installation instructions you will be fine.

When you install Elasticsearch, if the elastic user does not already have a password, it uses a default bootstrap password. The bootstrap password is a transient password that enables you to run the tools that set all the built-in user passwords.

By default, the bootstrap password is derived from a randomized keystore.seed setting, which is added to the keystore during installation. You do not need to know or change this bootstrap password. If you have defined a bootstrap.password setting in the keystore, however, that value is used instead. For more information about interacting with the keystore, see Secure settings.

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.