Manually configure security, divergence in the documentation


I'm creating a new cluster using 8.4 and configuring the security features manually.

I've created the certificates for the transport and http protocol and everything works as expected, the cluster starts up and the nodes communicate with each other without any issue.

The next part would be to reset the password for the built-in users.

From the documentation, to do that you just need to run the following command in any node.

./bin/elasticsearch-reset-password auto

But running this command produces the following output:

[root@redacted ~]# /usr/share/elasticsearch/bin/elasticsearch-reset-password auto
Resets the password of users in the native realm and built-in users.

Option (* = required)  Description                                          
---------------------  -----------                                          
-E <KeyValuePair>      Configure a setting                                  
-a, --auto                                                                  
-b, --batch                                                                 
-f, --force            Use this option to force execution of the command    
                         against a cluster that is currently unhealthy.     
-h, --help             Show help                                            
-i, --interactive                                                           
-s, --silent           Show minimal output                                  
* -u, --username       The username of the user whose password will be reset
--url                  the URL where the elasticsearch node listens for     
-v, --verbose          Show verbose output                                  
ERROR: Missing required option(s) [u/username]

The error message says that the parameter -u, for the username you want to reset the password, must be provided, but this is not mentioned in the documentation.

Running using the parameter --auto provides the same error.

If I pass the username, then it works as expected and I'm able to reset the password for the built-in users needed, elastic e kibana_system.

Shouldn't this be mentioned in the documentation? Running elasticsearch-reset-password auto does not work as the documentation says it should work.

1 Like

This is the doc bug. The command utility in this page is meant to be elasticsearch-setup-passwords instead of elasticsearch-reset-password.

The elasticsearch-reset-password CLI is new in 8.x and in fact more flexibile. So you can totally use it instead but it requires the -u parameter as you have already discovered. I raised a PR to fix the doc. Thanks!

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.