How to find out if password of elastic user is already set or not

MartinG · November 10, 2020, 8:49am

Hi there,

I am building up Elasticsearch clusters automatically with Ansible and have a problem with the initial setting of the "elastic" user password.

As described in the documentation a initial and transient bootstrap password is used to set the password of built-in user "elastic":

When you install Elasticsearch, if the elastic user does not already have a password, it uses a default bootstrap password. The bootstrap password is a transient password that enables you to run the tools that set all the built-in user passwords.

I execute the following steps to set the password:

printf "secret"|/usr/share/elasticsearch/bin/elasticsearch-keystore add -x "bootstrap.password"

Restart of the Elasticsearch node to make the bootstrap password active.

curl -k -u elastic:secret -XPUT https://localhost:9200/_security/user/elastic/_password -d '{ "password":"elastic" }' -H 'Content-Type: application/json'

My problem is, that this procedure should run only on one node to prevent errors, when one node tries to set the password while another node set it already.

It would help if I could check if the password is already set or not.

Can someone help?

Best regards,

Martin

ikakavas · November 20, 2020, 7:08am

Hi Martin,

There is no specific tooling we provide that solves your actual problem, I'm afraid. I think the best way to determine that is that since you know the bootstrap.password value, attempt to curl to https://localhost:9200/ with -uelastic:secret. If you get a 200 it means that the elastic password is not yet set by any other node, if you get a 401 it means that the elastic password is already set.

HTH

system · December 18, 2020, 7:08am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.