elasticsearch lost the password that has been changed

最新推荐文章于 2024-07-26 14:41:58 发布

liuxl_0205

最新推荐文章于 2024-07-26 14:41:58 发布

阅读量973

点赞数

分类专栏： elasticsearch

elasticsearch 专栏收录该内容

2 篇文章 0 订阅

订阅专栏

It is possible to reset the elastic user password (see below) but from your description, it doesn't sound like this is necessarily what you need.

The elastic user is a superuser. We don't recommend using it for any purpose other than administering the system.

In particular, Kibana should not connect to Elasticsearch using the elastic user - by default it uses the kibana user, so the password you are putting into the kibana.yml file should be the password for the kibana user, not the elastic user.

And there should be no reason to put that password into the elasticsearch.yml file - in fact if you do so, elasticsearch won't start, because elasticsearch.password isn't a valid setting in elasticsearch.yml.

Before you go through the trouble of reseting the elastic password, double check that it really isn't working.

Assuming you have access to curl, run the following:

curl -u elastic 'http://localhost:9200/_xpack/security/_authenticate?pretty'

(You may need to change the URL if you are not on localhost, or you are using a custom port number).

When prompted, enter the password that you think you set for the elastic user. If you get output like this:

{
  "username" : "elastic",
  "roles" : [
    "superuser"
  ],
  "full_name" : null,
  "email" : null,
  "metadata" : {
    "_reserved" : true
  },
  "enabled" : true
}

Then your password is correct, and the problems you are seeing are due to some other configuration problem.

If you get something like this:

{
  "error" : {
    "root_cause" : [
      {
        "type" : "security_exception",
        "reason" : "failed to authenticate user [elastic]",
        "header" : {
          "WWW-Authenticate" : "Basic realm=\"security\" charset=\"UTF-8\""
        }
      }
    ],
    "type" : "security_exception",
    "reason" : "failed to authenticate user [elastic]",
    "header" : {
      "WWW-Authenticate" : "Basic realm=\"security\" charset=\"UTF-8\""
    }
  },
  "status" : 401
}

Then you have the incorrect password and you should try a different password, of if absolutely necessary, reset the password for the user.

Reseting the password for the elastic user

To do this, you need to create an alternate superuser and then authenticate as that user in order to change the password for elastic. This requires a number of steps.

(1) Stop your elasticsearch node
(2) Ensure that the file realm is available on your elasticsearch node. If you are using a default X-Pack configuration for authentication, then the file realm is available and you don't need to do anything. However, if you have explicitly configured the authentication realms 110 in your elasticsearch.ymlfile, then you need to add a file realm 139 to the list of realms.
(3) Use the bin/x-pack/users command to create a new file-based 54 superuser:

 bin/x-pack/users useradd my_admin -p my_password -r superuser

(4) Start your elasticsearch node
(5) Using curl, reset the password 85 for the elastic user:

curl -u my_admin -XPUT 'http://localhost:9200/_xpack/security/user/elastic/_password?pretty' -H 'Content-Type: application/json' -d'
{
  "password" : "new_password"
}
'

(6) Verify the new password

curl -u elastic 'http://localhost:9200/_xpack/security/_authenticate?pretty'

(7) If you wish, stop elasticsearch and then remove the file realm from your elasticsearch.yml and/or remove 41 the my_admin user from the file realm.