I'm following this post, security session to set up a new password for elastic user. Running ./bin/elasticsearch-setup-passwords interactive gave:
Failed to determine the health of the cluster running at http://es-ip-1:9200
Unexpected response code [503] from calling GET http://es-ip-1:9200/_cluster/health?pretty
Cause: master_not_discovered_exception
Unexpected response code [503] from calling PUT http://es-ip-1:9200/_security/user/apm_system/_password?pretty
Cause: Cluster state has not been recovered yet, cannot write to the [null] index
ERROR: Failed to set password for user [apm_system].
I entered the same password for all these elastic,apm_system,kibana,kibana_system,logstash_system,beats_system,remote_monitoring_user. What wrong did I do here, logging in elastic with new password doesn't work. Thanks.
Update
Config is the same on both nodes, except the network.host which is the private IP address of each node
elasticsearch.yml
network.host: es-ip-1
discovery.zen.ping.unicast.hosts: [es-ip-1, es-ip-2, es-ip-3]
discovery.zen.minimum_master_nodes: 2
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
Figured it out, gotta copy the cert to all the nodes, in this case it's elastic-certificates.p12.
Related
I have 2 elastic clusters (Cluster1 and Cluster2) and I am trying to configure a follower index in Cluster2 from a leader index of Cluster1.
I have followed the next steps:
Add Cluster1 as remote cluster in Cluster2.
Configuration image
Configure the next users:
In Cluster1 user "cross-cluster-user" with the role "remote-replication".
cross-cluster-user configuration image
In Cluster2 user "cross-cluster-user" with the role "remote-replication".
cross-cluster-user configuration image
When I try to create a follower index of "newblogs" index, I have the next error:
Can't create follower index no such index [newblogs]
index_not_found_exception: no such index [newblogs]
Error image
The newblogs index exists in Cluster1:
Get index result
My elasticsearch version is 8.3.3.
Any help will be appreciated.
Best regards.
elasticsearch.yml (Cluster1)
cluster.name: elastic-lab
node.name: ${HOSTNAME}
network.host: _eth1_
cluster.initial_master_nodes: ["node1"]
#----------------------- BEGIN SECURITY AUTO CONFIGURATION -----------------------
#
# The following settings, TLS certificates, and keys have been automatically
# generated to configure Elasticsearch security features on 28-08-2022 15:46:47
#
# --------------------------------------------------------------------------------
# Enable security features
xpack.security.enabled: true
xpack.security.enrollment.enabled: true
# Enable encryption for HTTP API client connections, such as Kibana, Logstash, and Agents
xpack.security.http.ssl:
enabled: true
keystore.path: certs/http.p12
# Enable encryption and mutual authentication between cluster nodes
xpack.security.transport.ssl:
enabled: true
verification_mode: certificate
keystore.path: certs/transport.p12
truststore.path: certs/transport.p12
#----------------------- END SECURITY AUTO CONFIGURATION -------------------------
elasticsearch.yml (Cluster2)
cluster.name: elastic-lab2
node.name: ${HOSTNAME}
network.host: _eth1_
cluster.initial_master_nodes: ["node1"]
#----------------------- BEGIN SECURITY AUTO CONFIGURATION -----------------------
#
# The following settings, TLS certificates, and keys have been automatically
# generated to configure Elasticsearch security features on 28-08-2022 16:07:28
#
# --------------------------------------------------------------------------------
# Enable security features
xpack.security.enabled: true
xpack.security.enrollment.enabled: true
# Enable encryption for HTTP API client connections, such as Kibana, Logstash, and Agents
xpack.security.http.ssl:
enabled: true
keystore.path: certs/http.p12
# Enable encryption and mutual authentication between cluster nodes
xpack.security.transport.ssl:
enabled: true
verification_mode: certificate
keystore.path: certs/transport.p12
truststore.path: certs/transport.p12
#----------------------- END SECURITY AUTO CONFIGURATION -------------------------
It was a very silly problem...I have 2 Clusters (Cluster1 and Cluster2) and each consists in 1 elasticsearch node (hostname: node1) and 1 kibana virtual machine (hostname: node4). "Node1" has different IP addresses in each cluster, but when I configured node1 (of Cluster1) as a seed node, the resolution of the name "node1" was the IP address of the node1 from Cluster2. This was the reason the remote cluster appeared as connected, it was connected to its own node1!
I have configured the seed node by IP (instead of hostname) and it seems to work! I had to change the option "verification_mode" in elasticsearch.yml of all nodes to the value "none" (because I was having SSL issues and this is only a lab).
Note: I didnĀ“t have to configure any user or role for the clusters to connect, even though the documentation says so.
Best regards.
I am trying to enable xpack in elasticsearch and followed the getting started blog post from elasticsearch site.
Things I did:
I ran this command $/usr/share/elasticsearch/elasticsearch-certutil cert -out config/elastic-certificates.p12 -pass "" and entered /etc/elasticsearch/elastic-certificates.p12 when asked for desired output file.
Edited the elasticsearch.yml config file located at /etc/elasticsearch/elasticsearch.yml and entered following lines:
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /etc/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /etc/elastic-certificates.p12
Logs/ Exceptions from /var/log/elasticsearch/elasticsearch.log
2021-06-10T02:58:12,542][ERROR][o.e.b.ElasticsearchUncaughtExceptionHandler] [node-1] uncaught exception in thread [main]
org.elasticsearch.bootstrap.StartupException: ElasticsearchSecurityException[failed to load SSL configuration [xpack.security.transport.ssl]]; nested:
ElasticsearchException[failed to create trust manager]; nested: ElasticsearchException[failed to initialize SSL TrustManager - keystore file [/etc/el
asticsearch/elastic-certificates.p12] does not exist]; nested: AccessDeniedException[/etc/elasticsearch/elastic-certificates.p12];
Caused by: org.elasticsearch.ElasticsearchSecurityException: failed to load SSL configuration [xpack.security.transport.ssl]
Caused by: java.nio.file.AccessDeniedException: /etc/elasticsearch/elastic-certificates.p12
Caused by: java.nio.file.AccessDeniedException: /etc/elasticsearch/elastic-certificates.p12
Caused by: java.nio.file.AccessDeniedException: /etc/elasticsearch/elastic-certificates.p12
The permissions for my .p12 cert file is rw-------
What am i missing here?
I followed the documentation line by line
Your path in elasticsearch.yml is wrong.
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /etc/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /etc/elastic-certificates.p12
If you placed the certificate in /etc/elasticsearch folder, then correct it.
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
Also make sure that owner of the cert is root:elasticsearch
sudo chown root:elasticsearch /etc/elasticsearch/elastic-c*
I got this exact same error because I had some leftover files and yes lines in the elasticsearch.yml file for security that were leftover from a previous run.
To rerun Elasticsearch (this worked for Elasticsearch for Windows 10, version 8.4.1) and eliminate this issue, go to the main Elasticsearch folder where it was installed then:
Delete the data and certs folders.
Delete the elasticsearch.keystore file.
Edit the elasticsearch.yml file by removing the generated lines and just leave the comments (default).
I also delete all the log files under the logs folder to clean things up.
Rerun the startup command for elasticsearch from a command prompt window: .\bin\elasticsearch.bat
I want to reset the ID and password of elasticsearch and kibana.
I tried to reset it, but an error occurred as below.
ubuntu#elk:/usr/share/elasticsearch/bin$ sudo ./elasticsearch-setup-passwords auto
error occured
Connection failure to: http://10.0.10.4:9200/_security/_authenticate?pretty failed: Connection refused
ERROR: Failed to connect to elasticsearch at http://10.0.10.4:9200/_security/_authenticate?pretty. Is the URL correct and elasticsearch running?
my elasticsearch.yml file
xpack.security.enabled: true
network.host: 0.0.0.0
http.port: 9200
discovery.type: single-node
my kibana.yml file
server.port: 5601
server.host: 0.0.0.0
elasticsearch.hosts: ["http://localhost:9200"]
elasticsearch.username: "elastic"
elasticsearch.password: "dlswp12"
#xpack.security.encryptionKey: "something_at_least_32_characters"
#xpack.security.sessionTimeout: 600000
#xpack.monitoring.enabled: false
how to xpack security(id & password) reset in elasticsearch?
What's is the default username and password for Elasticsearch 7.8.0? It's asking this on 9200 port. Tried these (username pass):
elastic [no pass]
elastic elastic
without entering anything
elastic changeme
elastic password
user password
OS: Windows 10 x64, installed ES with MSI installer from its website.
yml file:
bootstrap.memory_lock: false
cluster.name: elasticsearch
http.port: 9200
node.data: true
node.ingest: true
node.master: true
node.max_local_storage_nodes: 1
node.name: LAPTOP-1C4GVFSU
path.data: C:\ProgramData\Elastic\Elasticsearch\data
path.logs: C:\ProgramData\Elastic\Elasticsearch\logs
transport.tcp.port: 9300
xpack.license.self_generated.type: basic
xpack.security.enabled: true
Somehow default username password isn't working. I had to set the password on CMD by
bin/elasticsearch-setup-passwords interactive
bin/elasticsearch-setup-passwords auto
The interactive parameter prompts new password for the users, whereas auto generates them for you.
Username is elastic and Password is password
If you are trying to debug Elasticsearch Source Code, then after running ./gradlew :run, ES starts building and running.
Once the service has started, run this curl command from another window :
curl -u elastic:password localhost:9200
After which add the username and password as mentioned above. To know more about this refer CONTRIBUTING.md
It may also be possible, that you have only added the xpack.security.enabled setting to the ES_PATH_CONF/elasticsearch.yml file.
After which if you try to hit localhost:9200, then it will ask for username and password (as you have enabled security feature). But since you have not set up username and password, so it will throw security_exception (when incorrect username and password are entered).
So, for that, run bin/elasticsearch-setup-passwords interactive, and set the username and password.
Refer to this documentation for Setting built-in user and password
try the following command
bin/elasticsearch-reset-password -u elastic
it generates new password for user "elastic"
Check /etc/nginx/ for nginx.con files and nginx passwd file.
ElasticSearch is using simple Nginx passwd file and basic authentication for default instance.
I just setup my xpack in elasticsearch 7.1.0
as below in elasticsearch.yml:
xpack.security.enabled: true
discovery.type: single-node
in my elasticsearch.yml
Then, i ran
>elasticsearch-setup-passwords interactive
and changed all my built-in user passwords.
this is the change i made in Kibana.yml
xpack.security.enabled: true
elasticsearch.username: "kibana"
elasticsearch.password: "password#123"
When i restarted Kibana,
i ws prompted with a username password page, where i gave
kibana/password#123 that i had set in my yml.
Im getting the below response:
{"statusCode":403,"error":"Forbidden","message":"Forbidden"}
Please help me out.
Resolution:
using "elastic" user account instead of kibana fixed this issue.
Configuring security in Kibana
To use Kibana with X-Pack security:
Update the following settings in the kibana.yml configuration file:
elasticsearch.username: "kibana"
elasticsearch.password: "kibanapassword"
Set the xpack.security.encryptionKey property in the kibana.yml configuration file.
xpack.security.encryptionKey: "something_at_least_32_characters"
Optional: Change the default session duration.
xpack.security.sessionTimeout: 600000
Restart Kibana.
Please follow this link using-kibana-with-security