ps:以下elasticsearche简称es
一、当单节点添加认证后想重置时报以下问题:
#添加认证
./bin/elasticsearch-setup-passwords interactive
#报异常
Failed to authenticate user 'elastic' against http://192.168.86.148:9200/_xpack/security/_authenticate?pretty
Possible causes include:
* The password for the 'elastic' user has already been changed on this cluster
* Your elasticsearch node is running against a different keystore
This tool used the keystore at /data/elasticsearch/config/elasticsearch.keystoreERROR: Failed to verify bootstrap password
二、看到此问题是指:无法验证引导程序密码,直白点就是已经有密码了,咱们需要重新重置一下所有的密码,首先创建一个还原用户:
#创建用户名为:restore_user 的还原用户
./bin/elasticsearch-users useradd restore_user -p 密码 -r superuser
#docker
docker exec -u elasticsearch -it elasticsearch bin/elasticsearch-users useradd restore_user -p 密码-r superuser
三、删除security索引
curl -u restore_user -k -X DELETE "https://ip:9200/.security-*"
返回结果:
{"acknowledged":true}
四、再次执行添加密码
./bin/elasticsearch-setup-passwords interactive
#返回结果:输入y继续给用户添加密码
Initiating the setup of passwords for reserved users elastic,apm_system,kibana,logstash_system,beats_system,remote_monitoring_user.
You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N]
五、不需要重启es,直接使用ip访问浏览器输入最新密码即可。
六、如果想对某个用户进行修改密码操作执行以下步骤:比如用户:elastic
#修改elastic用户密码并设置最新密码
curl -H "Content-Type:application/json" -XPOST -u elastic 'http://172.24.17.210:9200/_xpack/security/user/elastic/_password' -d '{ "password" : "XYx123User" }'
#回车后输入elastic的旧密码即可
附送一个异常:当es集群版本介于6.*之间的,在添加用户密码认证时可能会出现以下问题,大致意思是:6.*版本默认带的license是basic的,不支持security这类商业特性。 可以将license改为trial。elasticsearch.yml文件末尾增加如下代码。或者在kibana的Machine Learning开启 trial,如果直接在elasticsearch.yml中添加配置下列可能不好使。
#修改elasticsearch.yml可能还无法添加认证
xpack.security.enabled: true
xpack.ml.enabled: true
xpack.license.self_generated.type: trial
解决方法: 记得修改ip地址:
curl -H "Content-Type: application/json" -XPOST http://IP:端口/_xpack/license/start_trial?acknowledge=true在执行添加认证权限即可:
./bin/elasticsearch-setup-passwords interactive
扫一扫
2446
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
