Unable to setup built user password for elastic search 6.2.2

Hi I am running single node elasticsearch and try to run elasticsearch in https.

I was following the url https://www.elastic.co/blog/how-to-setup-tls-for-elasticsearch-kibana-logstash-filebeat-with-offline-install-in-linux for setting up tls setup.
I break this article into two part.

  1. Running Elasticsearch with xpack.
  2. Running Elasticsearch in TLS mode.

I installed elasticsearh 6.2.2 and now it's running. Then i installed x-pack using offline mode. Now when i try running bin/x-pack/setup-passwords auto -u "http://localhost:9200" it's giving error.
Failed to authenticate user 'elastic' against http://127.0.0.1:9200/_xpack/security/_authenticate?pretty
Possible causes include:

  • The password for the 'elastic' user has already been changed on this cluster
  • Your elasticsearch node is running against a different keystore
    This tool used the keystore at /data/nroot/elasticsearch-6.2.2/config/elasticsearch.keystore

As it given, to fix this issue we need to run this command.
bin/elasticsearch-keystore add bootstrap.password

I ran the command and provided the password, Again i ran the same command bin/x-pack/setup-passwords auto -u "http://localhost:9200" . But it still failing. Please correct me what is the mistake i am doing it.

I parked second part since unable to authenticate elasticsearch i will not able to make https call.

Please see the logs which i have after x-pack install.
[2020-02-28T11:22:26,166][INFO ][o.e.n.Node ] [XXLehJ2] started [2020-02-28T11:22:26,421][INFO ][o.e.g.GatewayService ] [XXLehJ2] recovered [1] indices into cluster_state [2020-02-28T11:22:27,080][INFO ][o.e.c.r.a.AllocationService] [XXLehJ2] Cluster health status changed from [RED] to [YELLOW] (reason: [shards started [[admin-audit][3]] ...]). [2020-02-28T11:22:27,158][INFO ][o.e.l.LicenseService ] [XXLehJ2] license [a8bd3e56-511f-4cd6-aabc-196cce7fdc18] mode [trial] - valid [2020-02-28T11:22:33,111][INFO ][o.e.c.m.MetaDataCreateIndexService] [XXLehJ2] [.monitoring-es-6-2020.02.28] creating index, cause [auto(bulk api)], templates [.monitoring-es], shards [1]/[0], mappings [doc] [2020-02-28T11:22:33,309][INFO ][o.e.c.m.MetaDataCreateIndexService] [XXLehJ2] [.watches] creating index, cause [auto(bulk api)], templates [.watches], shards [1]/[0], mappings [doc] [2020-02-28T11:22:33,419][INFO ][o.e.x.w.WatcherService ] [XXLehJ2] paused watch execution, reason [new local watcher shard allocation ids], cancelled [0] queued tasks [2020-02-28T11:22:33,470][INFO ][o.e.c.m.MetaDataMappingService] [XXLehJ2] [.watches/BZFIZC5gT06PdS-rX9jMqg] update_mapping [doc] [2020-02-28T11:22:33,486][INFO ][o.e.c.m.MetaDataMappingService] [XXLehJ2] [.watches/BZFIZC5gT06PdS-rX9jMqg] update_mapping [doc] [2020-02-28T11:23:17,727][INFO ][o.e.x.s.a.AuthenticationService] [XXLehJ2] Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic] [2020-02-28T11:23:33,716][INFO ][o.e.c.m.MetaDataCreateIndexService] [XXLehJ2] [.triggered_watches] creating index, cause [auto(bulk api)], templates [.triggered_watches], shards [1]/[1], mappings [doc] [2020-02-28T11:23:33,767][INFO ][o.e.c.m.MetaDataUpdateSettingsService] [XXLehJ2] updating number_of_replicas to [0] for indices [.triggered_watches] [2020-02-28T11:23:33,780][INFO ][o.e.c.m.MetaDataUpdateSettingsService] [XXLehJ2] [.triggered_watches/1zcmUFosRo-8dxUDZj83dw] auto expanded replicas to [0] [2020-02-28T11:23:33,800][INFO ][o.e.c.m.MetaDataUpdateSettingsService] [XXLehJ2] updating number_of_replicas to [0] for indices [.triggered_watches] [2020-02-28T11:23:33,805][INFO ][o.e.c.m.MetaDataUpdateSettingsService] [XXLehJ2] [.triggered_watches/1zcmUFosRo-8dxUDZj83dw] auto expanded replicas to [0] [2020-02-28T11:23:34,004][INFO ][o.e.c.m.MetaDataCreateIndexService] [XXLehJ2] [.watcher-history-7-2020.02.28] creating index, cause [auto(bulk api)], templates [.watch-history-7], shards [1]/[0], mappings [doc] [2020-02-28T11:23:34,120][INFO ][o.e.c.m.MetaDataCreateIndexService] [XXLehJ2] [.monitoring-alerts-6] creating index, cause [auto(bulk api)], templates [.monitoring-alerts], shards [1]/[0], mappings [doc] [2020-02-28T11:23:34,297][INFO ][o.e.c.m.MetaDataMappingService] [XXLehJ2] [.watcher-history-7-2020.02.28/9fIZG7V4T0qovDTQH1p96g] update_mapping [doc] [2020-02-28T11:23:34,325][INFO ][o.e.c.m.MetaDataMappingService] [XXLehJ2] [.watcher-history-7-2020.02.28/9fIZG7V4T0qovDTQH1p96g] update_mapping [doc] [2020-02-28T11:23:34,462][INFO ][o.e.c.m.MetaDataMappingService] [XXLehJ2] [.watcher-history-7-2020.02.28/9fIZG7V4T0qovDTQH1p96g] update_mapping [doc] [2020-02-28T11:31:42,229][INFO ][o.e.x.s.a.AuthenticationService] [XXLehJ2] Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic] [2020-02-28T11:38:15,868][INFO ][o.e.x.s.a.AuthenticationService] [XXLehJ2] Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic] [2020-02-28T11:39:17,476][INFO ][o.e.x.s.a.AuthenticationService] [XXLehJ2] Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic] [2020-02-28T11:39:23,719][INFO ][o.e.x.s.a.AuthenticationService] [XXLehJ2] Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]
Here is the configuration details.
bootstrap.system_call_filter: false
path.repo: ["/data/nroot/elasticsearch_backup"]

Hi,

This is a very old blog post and a very old elasticsearch version that is EOL. Is there a specific reason why you can't install i.e. the latest available version that has x-pack preinstalled and where security is included in basic license ?

As of now our organization rely on this version, they are not looking for change. Please help us how to fix the issue.

I have taken below steps after posting the question.

  1. install elasticsearch 6.2.2.
  2. installed x-pack 6.2.2
  3. started elastic search
  4. ran command from elastic home directory bin/elasticsearch-setup-passwords interactive.
  5. restarted elasticsearch.
  6. curl -u elastic http://localhost:9200 again getting error.
    Failed to authenticate user 'elastic' against http://127.0.0.1:9200/_xpack/security/_authenticate?pretty
    Possible causes include:
  • The password for the 'elastic' user has already been changed on this cluster
  • Your elasticsearch node is running against a different keystore
    This tool used the keystore at /data/nroot/elasticsearch-6.2.2/config/elasticsearch.keystore

You would need to add more and more exact information.

  • What happened when you did 4, you don't say and you don't share the logs from that time either.
  • Why did you restart elasticsearch in 5 ? Was there an error you were trying to recover from and if so what was it ?
  • There is no way you got this output in 6. Maybe it was from another attempt or command you ran?
  • How do you install elasticsearch ? How do you install xpack ?
  • Do you try to reuse /data/nroot/elasticsearch-6.2.2 from a previous installation?

Please find my answer inline

  • What happened when you did 4, you don't say and you don't share the logs from that time either.
    Failed to authenticate user 'elastic' against http://127.0.0.1:9200/_xpack/security/_authenticate?pretty
    Possible causes include:
    ** * The password for the 'elastic' user has already been changed on this cluster**
    ** * Your elasticsearch node is running against a different keystore**
    ** This tool used the keystore at /data/nroot/elasticsearch-6.2.2/config/elasticsearch.keystore**

ERROR: Failed to verify bootstrap password

  • Why did you restart elasticsearch in 5 ? Was there an error you were trying to recover from and if so what was it ?
    As i forget to mention when in step 4 i got error then, to fix that i ran bin/elasticsearch-keystore add "bootstrap.password" so i need to restart the elasticsearch

  • There is no way you got this output in 6. Maybe it was from another attempt or command you ran?

  • How do you install elasticsearch ? How do you install xpack ?
    i install elasticsearch using tar -ball and x-pack offline using command bin/elasticsearch-plugin install file:///data/tmp/elasticsearch-6.2.2.zip

  • Do you try to reuse /data/nroot/elasticsearch-6.2.2 from a previous installation?
    No i have fresh installation directory. we are not using old directory.

  • List item

I will share the logs along the steps i performed for this.

Elasticsearch log. As mentioned earlier attaching a log file link.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.