What's is the default username and password for Elasticsearch 7.8.0? It's asking this on 9200 port. Tried these (username pass):
elastic [no pass]
elastic elastic
without entering anything
elastic changeme
elastic password
user password
OS: Windows 10 x64, installed ES with MSI installer from its website.
yml file:
bootstrap.memory_lock: false
cluster.name: elasticsearch
http.port: 9200
node.data: true
node.ingest: true
node.master: true
node.max_local_storage_nodes: 1
node.name: LAPTOP-1C4GVFSU
path.data: C:\ProgramData\Elastic\Elasticsearch\data
path.logs: C:\ProgramData\Elastic\Elasticsearch\logs
transport.tcp.port: 9300
xpack.license.self_generated.type: basic
xpack.security.enabled: true
Somehow default username password isn't working. I had to set the password on CMD by
bin/elasticsearch-setup-passwords interactive
bin/elasticsearch-setup-passwords auto
The interactive parameter prompts new password for the users, whereas auto generates them for you.
Username is elastic and Password is password
If you are trying to debug Elasticsearch Source Code, then after running ./gradlew :run, ES starts building and running.
Once the service has started, run this curl command from another window :
curl -u elastic:password localhost:9200
After which add the username and password as mentioned above. To know more about this refer CONTRIBUTING.md
It may also be possible, that you have only added the xpack.security.enabled setting to the ES_PATH_CONF/elasticsearch.yml file.
After which if you try to hit localhost:9200, then it will ask for username and password (as you have enabled security feature). But since you have not set up username and password, so it will throw security_exception (when incorrect username and password are entered).
So, for that, run bin/elasticsearch-setup-passwords interactive, and set the username and password.
Refer to this documentation for Setting built-in user and password
try the following command
bin/elasticsearch-reset-password -u elastic
it generates new password for user "elastic"
Check /etc/nginx/ for nginx.con files and nginx passwd file.
ElasticSearch is using simple Nginx passwd file and basic authentication for default instance.
Related
I'm tried to follow this guideline for installing ELK on Centos 8 (on top of one AWS cluster).
After installing elastic and kibana, the kibana startup failed with:
*"message":"License information could not be obtained from Elasticsearch
I googled it, and realized I should use OSS version (latest is 7.10.2)
so make sure to install only OSS version. you can use this guideline
after that, I got new error from kibana.log
-08T07:19:32Z","tags":["error","savedobjects-service"],"pid":62767,"message":"Unable to retrieve version information from Elasticsearch nodes."}
I tried to google it, but no solution worked for me.
my kibana.yaml:
server.port: 5601
server.host: "0.0.0.0"
elasticsearch.hosts: "[my public AWS instance ip:9200]"
my elasticsearch.yaml:
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
network.host: 0.0.0.0
http.port: 9200
discovery.seed_hosts: "[my private AWS instance ip]"
cluster.initial_master_nodes: "[my private AWS instance ip]"
Update:
If I'm changing this line in kibana.yaml file to:
elasticsearch.hosts: "http://localhost:9200"
Then it works. what is the root cause? why it can't access elastic public IP but only local?
Per #leandrojmp comment, the issue was indeed with the public IP in elasticsearch.hosts. Once I replaced it to my private ip, it works
also:
When installing the Elastic Stack, you must use the same version across the entire stack. For example, if you are using Elasticsearch 7.9.3, you install Beats 7.9.3, APM Server 7.9.3, Elasticsearch Hadoop 7.9.3, Kibana 7.9.3, and Logstash 7.9.3.
Using docker, I had to specify the elasticsearch.hosts as an environment variable: -e "ELASTICSEARCH_HOSTS=http://localhost:9200", so:
docker run -p 5601:5601 -e "ELASTICSEARCH_HOSTS=http://localhost:9200" arm64v8/kibana:7.16.3
Set elasticsearch.hosts ipaddress as local system's host ipaddress in kibana.yml file. Also you need to mount local kibana.yml file while running docker container.
docker run -d --name kibana -p 5601:5601 -v /home/users/mySystemUserName/config/kibana.yml:/opt/kibana/config/kibana.yml kibana:7.16.3
Add the below configs in
kibana.yml
server.name: kibana
server.port: 5601
server.host: "0.0.0.0"
elasticsearch.hosts: [ "http://192.168.0.102:9200" ]
I'm following this post, security session to set up a new password for elastic user. Running ./bin/elasticsearch-setup-passwords interactive gave:
Failed to determine the health of the cluster running at http://es-ip-1:9200
Unexpected response code [503] from calling GET http://es-ip-1:9200/_cluster/health?pretty
Cause: master_not_discovered_exception
Unexpected response code [503] from calling PUT http://es-ip-1:9200/_security/user/apm_system/_password?pretty
Cause: Cluster state has not been recovered yet, cannot write to the [null] index
ERROR: Failed to set password for user [apm_system].
I entered the same password for all these elastic,apm_system,kibana,kibana_system,logstash_system,beats_system,remote_monitoring_user. What wrong did I do here, logging in elastic with new password doesn't work. Thanks.
Update
Config is the same on both nodes, except the network.host which is the private IP address of each node
elasticsearch.yml
network.host: es-ip-1
discovery.zen.ping.unicast.hosts: [es-ip-1, es-ip-2, es-ip-3]
discovery.zen.minimum_master_nodes: 2
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
Figured it out, gotta copy the cert to all the nodes, in this case it's elastic-certificates.p12.
I just setup my xpack in elasticsearch 7.1.0
as below in elasticsearch.yml:
xpack.security.enabled: true
discovery.type: single-node
in my elasticsearch.yml
Then, i ran
>elasticsearch-setup-passwords interactive
and changed all my built-in user passwords.
this is the change i made in Kibana.yml
xpack.security.enabled: true
elasticsearch.username: "kibana"
elasticsearch.password: "password#123"
When i restarted Kibana,
i ws prompted with a username password page, where i gave
kibana/password#123 that i had set in my yml.
Im getting the below response:
{"statusCode":403,"error":"Forbidden","message":"Forbidden"}
Please help me out.
Resolution:
using "elastic" user account instead of kibana fixed this issue.
Configuring security in Kibana
To use Kibana with X-Pack security:
Update the following settings in the kibana.yml configuration file:
elasticsearch.username: "kibana"
elasticsearch.password: "kibanapassword"
Set the xpack.security.encryptionKey property in the kibana.yml configuration file.
xpack.security.encryptionKey: "something_at_least_32_characters"
Optional: Change the default session duration.
xpack.security.sessionTimeout: 600000
Restart Kibana.
Please follow this link using-kibana-with-security
remark: I am using win10.
My goal is when windows boot mongodb as a service with authentication start( you can not enter the database without authenticate) but I can not manage to do it on a windows machine ( in linux it worked)
I write here the steps I tried:
dowlnload MongoDB
change conf from default to the following
# mongod.conf
http://docs.mongodb.org/manual/reference/configuration-options/
# Where and how to store data.
storage:
dbPath: C:\MongoDB\Server\4.0\data
journal:
enabled: true
# where to write logging data.
systemLog:
destination: file
logAppend: true
path: C:\MongoDB\Server\4.0\log\mongod.log
# network interfaces
net:
port: 27017
bindIp: 127.0.0.1
security:
authorization: enabled
setParameter:
enableLocalhostAuthBypass: false
create a Admin user in the Admin collection.
db.createUser(
{
user: "....",
pwd: "...",
roles:
[
{ role: "root", db: "admin" }
]
}
)
Made it a service:
sc.exe create MongoDB
binPath=“\”C:\MongoDB\Server\4.0\bin\mongod.exe\”
–service
config=\”C:\MongoDB\Server\4.0\bin\mongod.cfg\”” DisplayName= “MongoDB” start= “auto”
getting feedback Successful.
but when i restart the computer, mongod is not starting and if i dont specify mongod --auth i can still enter without a authentication
How can I run Mongod as service with authentication? what am i doing wrong?
When i am trying to activate the service manually I get the following error
Error photo
The issue with the security tag. I have the same issue when I wanted to start the service in Windows 10. I copy the command from Windows service properties and then run on the command prompt.
The prompt shows me the error:
Unrecognized category : security
I found the solution and it is to write the security tag with options properly.
YAML need some specific input I guess. Here it is the solution.
security:
authorization: enabled
I had the same issue.
In your mongodb.cfg, use 2 spaces (instead of TAB) to indent authorization: enabled
I'm getting the following error while trying to output data to elasticsearch from logstash:
Failed to install template: [401]
{"error":"AuthenticationException[unable to authenticate user
[es_admin] for REST request [/_template/logstash]]","status":401}
{:level=>:error}
I have the configuration like this in logstash:
if [type]=="signup"{
elasticsearch {
protocol => "http"
user =>"*****"
password =>"*******"
document_type => "signup"
host => "localhost"
index => "signups"
}
}
I have tried adding user with following commands:
esusers useradd <username> -p <password> -r logstash
I also tried giving role admin but logstash not working for admin user also.
The localhost:9200 is asking for the password and after entering the password it works but the logstash is giving an error.
I also had similar issue. There is a known issue with elasticsearch if the password has an "#" symbol, this issue can happen. See below link:
https://github.com/logstash-plugins/logstash-output-elasticsearch/issues/232
Also some documentation on elasticsearch has instructions to include "shield" configuration in elasticsearch.yml, but if you have only one shield realm, this is not needed. I dont have shield configuration in elasticsearch.yml
I see that you tried with both logstash and admin user but failed.
To try with an admin privileged user:
Please make sure your /etc/elasticsearch/shield/roles.yml has below content for admin role:
# All cluster rights
# All operations on all indices
admin:
cluster: all
indices:
'*':
privileges: all
Then test something like below:
curl -u es_admin:es_admin_password localhost:9200/_cat/health
To make the logstash role user to work, logstash role need to be tweaked at roles.yml. I configured logstash to use admin privileged user to write to elasticsearch. I hope this would help.