Hi there.
I'm trying to use T-Pot with "xpack.security.enabled: true".
I want to set up passwords for Elasticsearch's built-in users (elastic, kibana_system, and so on) as following conditions.
- Use as few interactive or prompting procedures as possible.
- Environment variables are not available. (See this article)
I applied "File-based user authentication" and got the following.
# cd /data/elk
# cat ./users <<<created beforehand with the elasticsearch-users command.
tpotsuper:$2a$10$ByOIIGbAPP4oc2Zi4WYu2e6ZLironun6le8yZ5JFwtnjieb4VqLze
# cat ./users_roles
superuser:tpotsuper
# cat /opt/tpot/etc/tpot.yml <<<created beforehand
(snip)
elasticsearch:
(snip)
volumes:
- /data:/data
- /data/elk/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml
- /data/elk/users:/usr/share/elasticsearch/config/users
- /data/elk/users_roles:/usr/share/elasticsearch/config/users_roles
# systemctl stop tpot
# systemctl start tpot
# curl -u tpotsuper:tpotsuper -X POST "localhost:64298/_security/user/elastic/_password" -H 'Content-Type: application/json' -d '{"password": "elastic_password"}'
# curl -u elastic:elastic_password http://localhost:64298/
{
"name" : "tpotcluster-node-01",
"cluster_name" : "tpotcluster",
"cluster_uuid" : "CUF8YNVTThm8QqKvWeeXGg",
"version" : {
"number" : "7.15.1",
"build_flavor" : "default",
"build_type" : "tar",
"build_hash" : "83c34f456ae29d60e94d886e455e6a3409bba9ed",
"build_date" : "2021-10-07T21:56:19.031608185Z",
"build_snapshot" : false,
"lucene_version" : "8.9.0",
"minimum_wire_compatibility_version" : "6.8.0",
"minimum_index_compatibility_version" : "6.0.0-beta1"
},
"tagline" : "You Know, for Search"
}
# systemctl stop tpot
# rm /data/elk/users
# rm /data/elk/users_roles
# touch /data/elk/users <<<replace with empty file
# touch /data/elk/users_roles
# systemctl start tpot
Is there a simpler way?
Thanks.