Setting up passwords with elasticsearch-setup-passwords interactive

Im having an issue with enabling security on my cluster when Im trying to add the passwords to the bulit in users:

I have 6 nodes

deves01 dev-elastic7 atl-deves01
node.master: true true /data_store
path.logs: /var/log/elasticsearch
http.port: 9500

discovery.seed_hosts: ["atl-deves01", "atl-deves02", "atl-deves03", "atl-devls01", "atl-devls02", "met-deves01", "met-deves02", "met-deves03", "met-devls01", "met-devls02"]

cluster.initial_master_nodes: ["atl-deves01:9500", "met-deves02:9500"]

discovery.zen.minimum_master_nodes: 3
discovery.zen.fd.ping_timeout: 30s
discovery.zen.fd.ping_interval: 3s
discovery.zen.fd.ping_retries: 5 true true

When I type in this command I get this:

Failed to determine the health of the cluster running at
Unexpected response code [503] from calling GET
Cause: master_not_discovered_exception

It is recommended that you resolve the issues with your cluster before running elasticsearch-setup-password s.
It is very likely that the password changes will fail when run against an unhealthy cluster.

Do you want to continue with the password setup process [y/N]n

Hi @Archie_Crawford ! Your cluster has not formed successfully and you can't / shouldn't attempt to setup the password of the built-in users until that happens. see Bootstrapping a cluster | Elasticsearch Reference [master] | Elastic

You probably need to change cluster.initial_master_nodes and remove the http port from it. This setting should contain the node name and the port number is not part of the name.

Also, do not set true without specifiying what key and certificate should be used for TLS. See this section in our docs Encrypting communications in Elasticsearch | Elasticsearch Reference [master] | Elastic.

When your cluster is healthy , you will be able to run elasticsearch-setup-passwords in one of your 6 nodes and set the password of the built-in users.

Hope this helps!

When I take out true then it fails for other reasons :

[1]: Transport SSL must be enabled if security is enabled on a [basic] license. Please set [] to [true] or disable security by setting [] to [false]

I tired to see if I could add the master nodes in this way and got this error:

bin/elasticsearch -Ecluster.initial_master_nodes=atl-deves01,met-deves02
Exception in thread "main" java.lang.RuntimeException: starting java failed with [1]
# There is insufficient memory for the Java Runtime Environment to continue.
# Native memory allocation (mmap) failed to map 12884901888 bytes for committing reserved memory.
# An error report file with more information is saved as:
# /var/log/elasticsearch/hs_err_pid178846.log
OpenJDK 64-Bit Server VM warning: INFO: os::commit_memory(0x00000004c0000000, 12884901888, 0) failed; error='Not enough space' (errno=12)

Yes, in order to make use of security, then you need to also enable transport SSL.
However, @ikakavas's point is that you can't simply set enabled: true
Configuring SSL requires additional steps that are explained in the documentation that he linked to.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.