Elasticsearch8重置elastic用户密码

Elasticsearch8重置elastic用户密码

elastic可以说是es中预留的一个用户名,在按照官网yum安装方法安装启动后通过下面的方式测试是否正确运行

curl --cacert /etc/elasticsearch/certs/http_ca.crt -u elastic  https://localhost:9200

因为安装完成后自动开启了安全访问,所以必须要加 --cacert参数指定安装自动生成的认证文件,协议必须是https,但是结果返回了:

{"error":{"root_cause":[{"type":"security_exception","reason":"unable to authenticate user [elastic] for REST request [/]","header":{"WWW-Authenticate":["Basic realm="security" charset="UTF-8"","Bearer realm="security"","ApiKey"]}}],"type":"security_exception","reason":"unable to authenticate user [elastic] for REST request [/]","header":{"WWW-Authenticate":["Basic realm="security" charset="UTF-8"","Bearer realm="security"","ApiKey"]}},"status":401}

很纳闷,不知道为啥,既然是无法认证用户elastic,那怀疑是密码错误,接下来就是漫长的修改密码的过程,总结一下,希望有用。

首先在百度了之后,各种curl没有效果,只能官网里找文档,最终得到一个curl

curl --cacert /etc/elasticsearch/certs/http_ca.crt -u elastic -X POST "https://localhost:9200/_security/user/elastic/_password?pretty" -H 'Content-Type: application/json' -d '{ "password" : "elastic"}'

这里注意,要加 --cacert参数,因为我们已经开启了安全验证,所以访问要有该参数,其次POST请求路径试了很多没有效果,最终使用官网的得到了解决。

下面是遇到的一些错误

错误一

使用bin目录下的

./elasticsearch-setup-passwords interactive

命令未能成功,报错信息

[elastic@centos8 bin]$ ./elasticsearch-setup-passwords interactive
warning: ignoring JAVA_HOME=/opt/java/jdk1.8.0_311; using bundled JDK

Failed to authenticate user 'elastic' against https://192.168.214.130:9200/_security/_authenticate?pretty
Possible causes include:
 * The password for the 'elastic' user has already been changed on this cluster
 * Your elasticsearch node is running against a different keystore
   This tool used the keystore at /etc/elasticsearch/elasticsearch.keystore

You can use the `elasticsearch-reset-password` CLI tool to reset the password of the 'elastic' user


ERROR: Failed to verify bootstrap password

最终通过bin目录下的

./elasticsearch-reset-password

命令重置了密码

错误二
[elastic@centos8 bin]$ curl -H "Content-Type:application/json" -XPOST -u test:123456 'https://localhost:9200/_xpack/security/user/elastic/_password' -d '{ "password" : "elastic" }'
curl: (60) SSL certificate problem: self signed certificate in certificate chain
More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

这就是访问路径中没有 --cacert参数导致的

  • 3
    点赞
  • 4
    收藏
    觉得还不错? 一键收藏
  • 1
    评论
评论 1
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值