I feel totally lost.
Having spent some time understanding that to connect to an Elasticsearch single-node, built with docker-compose, without security, I should use the configuration below, now I find that it doesn't work correctly.
I enter perfectly through curl, without CA certificate, without user and without password.
Of course the installation done with docker-compose.yml works.
That is, I access kibana WITHOUT authorization, user, or enrollment.
docker-compose.yml
elasticsearch:
image: 'docker.elastic.co/elasticsearch/elasticsearch:8.5.0'
container_name: sitelight-es01
environment:
- discovery.type=single-node
# - xpack.license.self_generated.type=basic
- xpack.security.enabled=false
- ES_JAVA_OPTS=-Xms1g -Xmx1g
ulimits:
memlock:
soft: -1
hard: -1
ports:
- '9200:9200'
- '9300:9300'
volumes:
- 'sail-elasticsearch:/usr/share/elasticsearch/data'
networks:
- sail
kibana:
image: 'docker.elastic.co/kibana/kibana:8.5.0'
container_name: sitelight-kibana
depends_on:
- elasticsearch
environment:
ELASTICSEARCH_HOSTS: http://sitelight-es01:9200
ports:
- '5601:5601'
networks:
- sail
And I try it in the shell and it works
curl -XGET "http://localhost:9200/"
{
"name" : "44edbbb60101",
"cluster_name" : "docker-cluster",
"cluster_uuid" : "6seEH0VRR8mX98dIkzSySg",
"version" : {
"number" : "8.5.0",
"build_flavor" : "default",
"build_type" : "docker",
"build_hash" : "c94b4700cda13820dad5aa74fae6db185ca5c304",
"build_date" : "2022-10-24T16:54:16.433628434Z",
"build_snapshot" : false,
"lucene_version" : "9.4.1",
"minimum_wire_compatibility_version" : "7.17.0",
"minimum_index_compatibility_version" : "7.0.0"
},
"tagline" : "You Know, for Search"
}
❯ curl -XPUT "http://localhost:9200/analyzers"
{"acknowledged":true,"shards_acknowledged":true,"index":"analyzers"}%
❯ curl -XGET "http://localhost:9200/_cat/indices"
yellow open analyzers zqWTHOgATtO8_1IRr--Ujg 1 1 0 0 225b 225b
❯ curl -XDELETE "http://localhost:9200/analyzers"
{"acknowledged":true}%
PHP Client
Now I will go to the use of the PHP client
$client = ClientBuilder::create()
->setHosts(['localhost'])
->build();
$params['index'] = 'analyzers';
$response = $client->info();
Throw an error
08:43:14401 Unauthorized: {"message":"Unauthenticated."}
Change password for user elastic not work.
If I can access via CURL without a username and password, I have no other option than it is a client error, but hey, let's waste a little time trying to turn it around.
Thinking,... well we will have to put the user, its password, etc... we will use what I use in production, to change the password. But not.
I can't understand, because if I try to change the elastic user's password, I can't either.
sh-5.0$ cd /usr/share/elasticsearch/
sh-5.0$ ls
LICENSE.txt NOTICE.txt README.asciidoc bin config data jdk lib logs modules plugins
sh-5.0$ ./bin/elasticsearch-reset-password -u elastic
WARNING: Owner of file [/usr/share/elasticsearch/config/users] used to be [root], but now is [elasticsearch]
WARNING: Owner of file [/usr/share/elasticsearch/config/users_roles] used to be [root], but now is [elasticsearch]
This tool will reset the password of the [elastic] user to an autogenerated value.
The password will be printed in the console.
Please confirm that you would like to continue [y/N]y
ERROR: Failed to reset password for the [elastic] user
And now but still. According to the 8.5 documentation Get users API
with
curl -XGET "http://localhost:9200/_security/user"
you should get the list of users and built-in users.
But neither…
curl -XGET "http://localhost:9200/_security/user"
{"error":"Incorrect HTTP method for uri [/_security/user] and method [GET], allowed: [POST]","status":405}%
It is desperation.