how I may submit bootstrapping password to _xpack/security/user/.../_password API
Step 0: Think of a password to use. I'll use "top-secret"
Step 1: Shutdown at least 1 node of your cluster.
Step 2: Add a "bootstrap.password" to the keystore on that node:
bin/elasticsearch-keystore add "bootstrap.password"
Enter value for bootstrap.password: top-secret
Step 3: Start that elasticsearch node.
Step 4: Call
curl -uelastic -XPUT -H 'Content-Type: application/json' 'http://localhost:9200/_xpack/security/user/kibana/_password' -d '{ "password":new-kibana-password" }'
Enter host password for user 'elastic': top-secret
Step 5: Repeat (4) for logstash_system
Step 6: Repeat (4) for elastic (to set a permanent password rather than just a "bootstrap.password" that's tied to a specific node)