Unable to reset the ELK password

stack-security

(Ganesh) #1

HI,
I'm trying to reset my ELK password, but im facing below issue,

Please find my step one by one.

  1. Enabled "xpack.security.enabled: true" on both kibana and Elasticsearch
  2. Using "./setup-passwords auto/interactive" to reset password and getting below error

"Connection failure to: http://10.3.195.14:9200/_xpack/security/user/kibana/_password?pretty failed: Read timed out

ERROR: Failed to set password for user [kibana]"

  1. curl -H 'Content-Type: application/json' -XPUT -u elastic 'localhost:9200/_xpack/security/user/elastic/_password' -d '{ "password" : "elastic" }'
    For this im getting below error
    "{"error":{"root_cause":[{"type":"security_exception","reason":"missing authentication token for REST request [/]","header":{"WWW-Authenticate":"Basic realm=\"security\" charset=\"UTF-8\""}}],"type":"security_exception","reason":"missing authentication token for REST request [/]","header":{"WWW-Authenticate":"Basic realm=\"security\" charset=\"UTF-8\""}},"status":401}"

(Ioannis Kakavas) #2

Hi

I assume you have set network.host: 10.3.185.01 in your elasticsearch.yml judging from your error message

Connection failure to: http://10.3.185.01:9200/_xpack/security/user/kibana/_password?pretty failed: 

10.3.185.01 is not a valid IP address, you'd probably want to change that.


(Ganesh) #3

HI @ikakavas

NOw iP is changed into valid 10.3.195.14 but even though im getting same error


(Tim Vernum) #4

Your curl command shows that you're hitting localhost but you've configured Elasticsearch to run on 10.3.195.14

The most likely explanation is that you aren't restarting your Elasticsearch node after you change the configuration file.


(Ganesh) #5

NO Tim, I'm hitting my IP only kindly find below status

[root@lpdosput020008 config]# curl -XGET "http://10.3.195.14:9200/"
{
  "name" : "lpdosput020008.phx.aexp.com.node",
  "cluster_name" : "docker-cluster",
  "cluster_uuid" : "FDmedKtjSlayzVH0Of72YQ",
  "version" : {
    "number" : "6.2.4",
    "build_hash" : "ccec39f",
    "build_date" : "2018-04-12T20:37:28.497551Z",
    "build_snapshot" : false,
    "lucene_version" : "7.2.1",
    "minimum_wire_compatibility_version" : "5.6.0",
    "minimum_index_compatibility_version" : "5.0.0"
  },
  "tagline" : "You Know, for Search"
}

(Ganesh) #6

when i try its requesting host password and what is the host password. i tried with changeme and getting same error
curl -H 'Content-Type: application/json' -XPUT -u elastic 'http://10.3.195.14:9200/_xpack/security/user/elastic/_password' -d '{ "password" : "elastic" }'
Enter host password for user 'elastic':


(Ioannis Kakavas) #7

You need to run the setup-passwords tool to set the password for the internal users (elastic being one of them ).

This is how this thread started, where you had an error running the setup-passwords tool. Now that you fixed the network.host setting and you restarted Elasticsearch, did you run setup-passwords ? If so what happens ?

Please take the time to describe exactly what the behavior is and always include the error message from Elasticsearch, even if it looks similar or the same.


(Ganesh) #8

Yes i did that way and i'm getting below message

  1. Using "./setup-passwords auto/interactive" to reset password and getting below error

"Connection failure to: http://10.3.195.14:9200/_xpack/security/user/kibana/_password?pretty failed: Read timed out

ERROR: Failed to set password for user [kibana]"


(Ioannis Kakavas) #9

As you have shown above, your correct IP address is 10.3.145.14 and not 10.3.195.14 . Please set the correct value for your IP address in your network.host setting, restart Elasticsearch and try again.


(Ganesh) #10

Sorry its my Typo error and I have given correct IP address on my elasticsearch.yml

10.3.195.14 this is correct IP address. By using of this i'm getting those error


(Ganesh) #11

Actually 10.3.195.14 is correct IP address, its my typo error forgive me on that. Anyone help me on this


(Ioannis Kakavas) #12

Is elasticsearch running when you run setup-passwords ? ( It needs to be ).

Please run

curl -XGET "http://10.3.195.14:9200/"

and

./setup-passwords auto

one after the other, without changing anything in between and share the output.


(Ganesh) #13
[root@lpdosput020008 ~]# curl -XGET "http://10.3.195.14:9200/"
{
  "name" : "lpdosput020008.phx.aexp.com.node",
  "cluster_name" : "docker-cluster",
  "cluster_uuid" : "FDmedKtjSlayzVH0Of72YQ",
  "version" : {
    "number" : "6.2.4",
    "build_hash" : "ccec39f",
    "build_date" : "2018-04-12T20:37:28.497551Z",
    "build_snapshot" : false,
    "lucene_version" : "7.2.1",
    "minimum_wire_compatibility_version" : "5.6.0",
    "minimum_index_compatibility_version" : "5.0.0"
  },
  "tagline" : "You Know, for Search"
}

(Ganesh) #14
[root@lpdosput020008 config]# docker exec -it elasticsearch bash
[elasticsearch@e9f56d662f9d ~]$ cd bin/x-pack/
[elasticsearch@e9f56d662f9d x-pack]$ ./setup-passwords auto
Initiating the setup of passwords for reserved users elastic,kibana,logstash_system.
The passwords will be randomly generated and printed to the console.
Please confirm that you would like to continue [y/N]y



Connection failure to: http://10.3.195.14:9200/_xpack/security/user/kibana/_password?pretty failed: Read timed out

ERROR: Failed to set password for user [kibana].

(Ioannis Kakavas) #15

It would be beneficial to mention up front that you're running Elasticsearch in docker, as we would be able to give more targeted answers :slight_smile:

10.3.195.14 is the IP address of your host and not the IP address for the Docker container. The container knows nothing about the hosts IP address so it doesn't know how to reach 10.3.195.14.

From your host, the curl command works because port 9200 is mapped to the container as part of the docker run command you ran to start the container.

You need to either set network.host to the internal IP of your container ( use docker inspect elasticsearch ), or don't set it at all so elasticsearch binds to localhost (of the container). Either way, you will still be able to access elasticsearch at 10.3.195.14 and your commands from within the container will work


(Ganesh) #16

My mistake i shouldn't mention about docker before, if i didnt set IP address how could i form cluster


(Ioannis Kakavas) #17

Have you read our documentation on running on docker ?


(Ganesh) #18

Currently my ES is running by cluster using docker. In each configuration i have mentioned the hostip instead of docker ip

cluster.name: "docker-cluster"
node.name: lpdosput020008.node
node.master: true
node.data: false
node.ingest: false
node.ml: false
xpack.ml.enabled: true
#network.host: 0.0.0.0
network.bind_host: 0.0.0.0
network.publish_host: 10.3.195.14
path.repo: ["/usr/share/elasticsearch/snapshot"]


discovery.zen.ping.unicast.hosts: ["10.3.195.14","10.3.195.38","10.3.195.41","10.3.195.43","10.3.195.37"]
discovery.zen.minimum_master_nodes: 2
#xpack.license.self_generated.type: trial
xpack.security.enabled: true
#xpack.monitoring.enabled : true
#xpack.security.http.ssl.enabled: true
#xpack.security.http.ssl.key: /usr/share/elasticsearch/config/elasticsearch/elasticsearch.key
#xpack.security.http.ssl.certificate: /usr/share/elasticsearch/config/elasticsearch/elasticsearch.crt
#xpack.security.http.ssl.client_authentication: none
#xpack.security.http.ssl.verification_mode: certificate

(Tim Vernum) #19

From your examples, the problem here is that you were running curl from the host, but setup-passwords from inside the container.
That's not testing the same thing. I assume that curl will fail in a similar way if you run it inside the container.

You need to use the --url option to setup-passwords.
As best I can tell, your elasticsearch.yml has a configuration where you are publishing on an IP that doesn't resolve to the local machine. That is, from inside the container, 10.3.195.14 is not a locally resolved IP, so setup-passwords cannot communicate with the node as you've configured it.

Just pass --url="http://localhost:9200/" to your setup-passwords command.


(Ganesh) #20

Actually I'm running the setup password command inside the container like this,
Redirect x-pack path
./setup-password auto

This is the command I'm running and how can I pass above --url in this