If you have any questions about how to set up security for Elasticsearch cluster, please read my previous article“ Elasticsearch: set Elastic account security ”. Security is very important for an elastic search. Otherwise, our cluster is running naked. Before the following exercises, it is recommended to refer to the article“ Elasticsearch: set Elastic account security ”Set up security for your cluster.
If one day we forget our Elasticsearch cluster, how can we find the password of our cluster?
We first found that there is a utility called Elasticsearch users in the Elasticsearch installation directory:
$ pwd /Users/liuxg/elastic3/elasticsearch-7.13.0 $ ls bin/elasticsearch-users bin/elasticsearch-users
We can use this tool to retrieve our user password. Let's first check some usage of this tool:
$ ./bin/elasticsearch-users --help Manages elasticsearch file users Commands -------- useradd - Adds a file user userdel - Deletes a file based user passwd - Changes the password of an existing file based user roles - Edit roles of an existing user list - List existing file based users and their corresponding roles Non-option arguments: command Option Description ------ ----------- -E <KeyValuePair> Configure a setting -h, --help Show help -s, --silent Show minimal output -v, --verbose Show verbose output
From the above, we can see that it can create and delete some users. This makes it easy for us to reset our password.
If we forget the password of super user elastic, what should we do?
We use the following steps:
1) First, let's create another super user newadmin:
bin/elasticsearch-users useradd newadmin -p password -r superuser
Above, we created a super user called newadmin, and its password is called password.
If we use Kibana, we can log in directly with this user:
2) next, we use the super user just created to reset the password for the original elastic user:
curl -s --user newadmin:password -XPUT "http://localhost:9200/_xpack/security/user/elastic/_password?pretty" -H 'Content-Type: application/json' -d'
{
"password" : "password1"
}
'Above, we reset the password of user elastic to password1. We can check whether we can access the cluster through the reset password through the following command:
curl --user elastic:password1 -X GET "http://localhost:9200?pretty"
$ curl --user elastic:password1 -X GET "http://localhost:9200?pretty"
{
"name" : "liuxg",
"cluster_name" : "elasticsearch",
"cluster_uuid" : "-vtUaRdHSnGJb5XdGC32bA",
"version" : {
"number" : "7.13.0",
"build_flavor" : "default",
"build_type" : "tar",
"build_hash" : "5ca8591c6fcdb1260ce95b08a8e023559635c6f3",
"build_date" : "2021-05-19T22:22:26.081971330Z",
"build_snapshot" : false,
"lucene_version" : "8.8.2",
"minimum_wire_compatibility_version" : "6.8.0",
"minimum_index_compatibility_version" : "6.0.0-beta1"
},
"tagline" : "You Know, for Search"
}Of course, we can also use elastic/password1 to log in on the Kibana interface:
