Should the bootstrap.password in Keystore be added on all nodes?

Stupid question but It is not clear from the documentation of Elasticsearch 6.

Should bootstrap.password be added to the Keystore on only one of the nodes, only the master nodes or all of the nodes (or maybe the nodes from which I will authenticate using the stored password)?

Can you tell me which of those is the right one?

1 Like

Well, it depends on exactly what you're trying to achieve, but you should only need to set it on the nodes against which you wish to authenticate.

Why do you want to set it at all? Our recommendation is to just use the setup-passwords command.

I'm setting up Elasticsearch cluster in automated way using an orchestration tool.

To setup users, roles and passwords In ES version 5 I used a custom post-install script which was doing API calls doing the user/role/pass setup. This script was run after the cluster was setup and running.

Now with ES version 6 I cannot use the changeme password anymore and therefore need to manually set the password for the elastic user in the Keystore. Then I can run a modified version of the post-install script again to setup the users and the roles.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.