I lost the elastic user password since I activated x-pack , I created a new superuser called admin
/bin/x-pack/users list
admin : superuser
now when I access the kibana -> management -> security -> Roles / Users , it shows (logged in as admin)
"You do not have permission to manage roles"
How do I fix this issue ? How do I recover password for elastic user ?
This should have worked fine. I assume you have used
bin/x-pack/users useradd admin -r superuser, correct?
Can you share the output of :
curl -u admin 'http://localhost:9200/_xpack/security/_authenticate?pretty'
and
curl -u admin 'http://localhost:9200 ( so that we can see the version you are running ).
Anything interesting in the elasticsearch logs?
{
"username" : "admin",
"roles" : [
"superuser"
],
"full_name" : null,
"email" : null,
"metadata" : { },
"enabled" : true
}
curl -u admin 'http://localhost:9200'
{
"name" : "SmUKNKO",
"cluster_name" : "testenv",
"cluster_uuid" : "bw7WrLdSROGdtfWbgiauZQ",
"version" : {
"number" : "6.2.2",
"build_hash" : "10b1edd",
"build_date" : "2018-02-16T19:01:30.685723Z",
"build_snapshot" : false,
"lucene_version" : "7.2.1",
"minimum_wire_compatibility_version" : "5.6.0",
"minimum_index_compatibility_version" : "5.0.0"
},
"tagline" : "You Know, for Search"
}
superuser should be allowed to manage roles obviously. Can you please share any part of your elasticsearch logs that might seem relevant ( i.e. logging in via Kibana and accessing the Management tab ).
If nothing interesting is there you can try enabling DEBUG
PUT /_cluster/settings
{"transient":{"logger.org.elasticsearch.xpack.security.authz": "DEBUG"}}
temporarily while performing the action above.
I am not getting any errors in elkcluster_access.log , all lines shows access_granted.
But I am getting these errors in elkcluster.log
[ERROR][o.e.x.s.a.e.ReservedRealm] [SmUKNKO] failed to retrieve password hash for reserved user [elastic]
[INFO ][o.e.x.s.a.AuthenticationService] [SmUKNKO] Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]
[INFO ][o.e.x.w.a.l.ExecutableLoggingAction] [SmUKNKO] Watch [Idle_pct] has exceeded the threshold []
[ERROR][o.e.x.m.c.c.ClusterStatsCollector] [SmUKNKO] collector [cluster_stats] failed to collect data
I believe the error you are seeing in Kibana is incorrect.
From what I can see, Kibana will give that error whenever it fails to retrieve the list of available roles from Elasticsearch. So, although it appears to be a permissions problem, it could actually have some other underlying cause.
I believe your cluster (and/or security index) might be suffering from some health issues.
Can you check these:
curl -uadmin 'http://localhost:9200/_cluster/health?pretty'
curl -uadmin 'http://localhost:9200/.security-6' --head
curl -uadmin 'http://localhost:9200/_cat/shards'
curl -uadmin 'http://localhost:9200/_cluster/health?pretty'
{
"cluster_name" : "elk-cluster",
"status" : "yellow",
"timed_out" : false,
"number_of_nodes" : 1,
"number_of_data_nodes" : 1,
"active_primary_shards" : 1556,
"active_shards" : 1556,
"relocating_shards" : 0,
"initializing_shards" : 0,
"unassigned_shards" : 1541,
"delayed_unassigned_shards" : 0,
"number_of_pending_tasks" : 0,
"number_of_in_flight_fetch" : 0,
"task_max_waiting_in_queue_millis" : 0,
"active_shards_percent_as_number" : 50.24216984178237
}
curl -uadmin 'http://localhost:9200/.security-6' --head
HTTP/1.1 404 Not Found
content-type: application/json; charset=UTF-8
content-length: 367
How do I recover the elastic user password ?
I keep getting the above mentioned error logs on elastic user .
It doesn't look like the Elastic user has a password yet.
Have you tried running setup-passwords?
I tried, I am getting these errors.
x-pack/setup-passwords interactive
Failed to authenticate user 'elastic' against http://localhost:9200/_xpack/security/_authenticate?pretty
Possible causes include:
ERROR: Failed to verify bootstrap password
I also tried to reset elastic user password using this
curl -u my_admin -XPUT 'http://localhost:9200/_xpack/security/user/elastic/_password?pretty' -H 'Content-Type: application/json' -d'
{ "password": "password" }'
{
"error" : {
"root_cause" : [
{
"type" : "index_not_found_exception",
"reason" : "no such index",
"resource.type" : "index_or_alias",
"resource.id" : ".security-6",
"index_uuid" : "na",
"index" : ".security-6"
}
],
"type" : "index_not_found_exception",
"reason" : "no such index",
"resource.type" : "index_or_alias",
"resource.id" : ".security-6",
"index_uuid" : "na",
"index" : ".security-6"
},
"status" : 404
}
I can see an index called .security-v6 but not .security-6.
(sorry about multiple posts, I am not able to edit my previous post )
Did you previously run a beta version of Elasticsearch 6.0 on this cluster?
The security index was called .security-v6 during some of the betas.
Yes , I used 6.1 before upgrading to the latest version.
I was able to fix the issue using index aliases.
curl -XPOST -u my_admin 'localhost:9200/_aliases?pretty' -H 'Content-Type: application/json' -d'
{
"actions" : [
{ "add" : { "index" : ".security-v6", "alias" : ".security-6" } }
]
}
'
after this I was able to reset my elastic user password and everything is working now.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.