How to set passwords for built-in users in batch mode?

I'd like to use "setup-passwords interactive" for settings passwords in my setup script.
This command works nice in manual mode, but for some reason fails with

Exception in thread "main" java.lang.NullPointerException
	at org.elasticsearch.cli.Terminal$SystemTerminal.readSecret(Terminal.java:174)
	at org.elasticsearch.xpack.security.authc.esnative.tool.SetupPasswordTool$InteractiveSetup.promptForPassword(SetupPasswordTool.java:191)
	at org.elasticsearch.xpack.security.authc.esnative.tool.SetupPasswordTool$InteractiveSetup.lambda$execute$0(SetupPasswordTool.java:184)
	at org.elasticsearch.xpack.security.authc.esnative.tool.SetupPasswordTool$SetupCommand.changePasswords(SetupPasswordTool.java:380)
	at org.elasticsearch.xpack.security.authc.esnative.tool.SetupPasswordTool$InteractiveSetup.execute(SetupPasswordTool.java:184)
	at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86)
	at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124)
	at org.elasticsearch.cli.MultiCommand.execute(MultiCommand.java:75)
	at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124)
	at org.elasticsearch.cli.Command.main(Command.java:90)
	at org.elasticsearch.xpack.security.authc.esnative.tool.SetupPasswordTool.main(SetupPasswordTool.java:105)

exception when I submitting my answers automatically, inside script. I tried "here document" and other standart ways - the same issue.

Any ideas how to set up passwords via script?

TIA,
Vitaly

The setup-passwords tool isn't designed to be scriptable.
All it is doing it scripting some API call calls to set passwords.
The intent is that you would call the _xpack/security/user/.../_password API directly if you want to automate it.

1 Like

Thank you!
Unfortunately, even after reading https://www.elastic.co/guide/en/x-pack/6.2/setting-up-authentication.html#bootstrap-elastic-passwords and other docs, I still couldn't understand how I may submit bootstrapping password to _xpack/security/user/.../_password API.

Hi I am John,
I was installed xpack in elastic search ....
How to check xpack installed for not ?
How open elastic search in local Host in Windows machine?
How to set default password elastic search?
How to change password in elastic search?

@John_saida, Please start a separate thread for your questions.

@Vitaly_il

how I may submit bootstrapping password to _xpack/security/user/.../_password API

Step 0: Think of a password to use. I'll use "top-secret"

Step 1: Shutdown at least 1 node of your cluster.

Step 2: Add a "bootstrap.password" to the keystore on that node:

bin/elasticsearch-keystore add "bootstrap.password"
Enter value for bootstrap.password: top-secret

Step 3: Start that elasticsearch node.

Step 4: Call

curl -uelastic -XPUT -H 'Content-Type: application/json' 'http://localhost:9200/_xpack/security/user/kibana/_password' -d '{ "password":new-kibana-password" }'
Enter host password for user 'elastic': top-secret

Step 5: Repeat (4) for logstash_system

Step 6: Repeat (4) for elastic (to set a permanent password rather than just a "bootstrap.password" that's tied to a specific node)

7 Likes

Tim,
Many thanks, it works!

That is really usefull

is it possible to make it completely scriptable? I mean no password request to type in stdin?

printf "top-secret" | elasticsearch-keystore add -x
3 Likes

OK, and for the step 4?

curl -uelastic:"top-secret" -XPUT -H 'Content-Type: application/json' 'http://localhost:9200/_xpack/security/user/kibana/_password' -d '{ "password”:”changeme” }'

1 Like

perfect, this closes the loop

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.