WARNING WARNING WARNING
These are not official supported methods.
These steps may cause you to lose data that you care about.
Please read the post above and follow Option 1 instead.
Below are some other options for reseting the password for your elastic
user.
They all involve manual manipulation of your data, and if you do something wrong you may end up in a state that was worse than where you started. The Create a new superuser option listed in the previous post is safe, and is the only officially supported option for reseting the elastic user's password.
Option 2: Delete all data
If you delete all data from your elasticsearch cluster, this will also reset the elastic
password as if you had a completely fresh cluster. The elastic
user will reset to using the bootstrap password.
WARNING: Deleting all data means, all data. You will lose everything. Every index. Every template. Every Kibana visualisation/dashboard. Every user/role. Every ML job. Every watcher alert. Everything goes away. Only do this if you really want to start from scratch.
Steps:
- Shut down every node.
- Go back and re-read the warning above. If you take the next step, then you will lose all your data.
- Delete the
data
directory for every node. The location of this directory depends on how you installed and configured Elasticsearch. - Start every node.
- Your cluster is now empty, and the
elastic
user has been reset to use the bootstrap password.
Option 3: Delete all security data
The data for security is stored in a special index called .security-6
(this name applies to Elasticsearch 6.x. The details may vary between releases).
If you delete this index, then you will reset all of the X-Pack security data, and this will mean that the elastic
user can authenticate using the bootstrap password.
WARNING: Deleting the security index means that you lose all of your security data. Every user, role, role mapping, etc. If you have created your own users roles in X-Pack security, then you probably don't want to follow this option.
WARNING: These steps include temporarily disabling security on your cluster. Don't do this on your production cluster. If you do this, then your cluster will be open and accessible to anyone that has network access to your cluster.
Steps:
- Shutdown every node in your cluster.
- Go back and re-read both of the warnings above. You are about disable all security on your cluster, and remove all your users, roles, passwords, etc. Do you really want to do this?
- On each node, disable all security by setting
in thexpack.security.enabled: false
elasticsearch.yml
configuration file. - Start your nodes.
- Delete the
.security-6
index. You can do this with:
Depending on your configuration, you may need to change the host/port.curl -XDELETE "http://localhost:9200/.security-6"
You only need to do this once regardless of how many nodes are in your cluster. - Stop all your nodes.
- Enable security on your cluster by changing
xpack.security.enabled
totrue
in yourelasticsearch.yml
configuration file on every node. - Start your nodes.
- Your cluster no longer has any security data and the
elastic
user has been reset to use the bootstrap password.
Option 4: Delete the elastic
user from your security data
The password for the elastic
user is stored in a special document (reserved-user-elastic
), in a special index called .security-6
. (These names are applicable for Elasticsearch 6.x. The details may vary between releases).
If you delete this document, then you will reset the elastic user back to its "uninitialised" state, which will means you can authenticate using the bootstrap password.
WARNING: This requires performing manual operations against the security index. We do not support this. If you get this wrong, then you could make life very difficult for yourself. Do not do this on a production cluster. Use at your own risk.
WARNING: These steps include temporarily disabling security on your cluster. Don't do this on your production cluster. If you do this, then your cluster will be open and accessible to anyone that has network access to your cluster.
Steps:
- Shutdown every node in your cluster.
- Go back and re-read both of the warnings above. You are about disable all security on your cluster, and make low level changes to your security data. Do you really want to do this?
- On each node, disable all security by setting
in thexpack.security.enabled: false
elasticsearch.yml
configuration file. - Start your nodes.
- Delete the
reserved-user-elastic
document from the.security-6
index. You can do this with:
Depending on your configuration, you may need to change the host/port.curl -XDELETE "http://localhost:9200/.security-6/doc/reserved-user-elastic"
You only need to do this once regardless of how many nodes are in your cluster. - Stop all your nodes.
- Enable security on your cluster by changing
xpack.security.enabled
totrue
in yourelasticsearch.yml
configuration file on every node. - Start your nodes.
- The
elastic
user has been reset to use the bootstrap password.
WARNING WARNING WARNING
These are not official supported methods.
These steps may cause you to lose data that you care about.
Please read the post above and follow Option 1 instead.