I am not able to create a new user for Elasticsearch using elasticsearch-http-user-auth plugin. I want to create a user per index so that index will be accessible only for that particular user.
Elasticsearch v5.1.2
Elasticsearch-http-user-auth plugin v5.1.2
Added configuration in elasticsearch.yml according to the doc
elasticfence.disabled: false
elasticfence.root.password: rootpassword
Ran below commands to get the user list
curl -u root:rootpassword http://localhost:9200/_httpuserauth?mode=list
[]
For creating a user ran below commands but I got error
curl -u root:rootpassword http://localhost:9200/_httpuserauth?mode=adduser&username=admin&password=somepassword123
[1] 28647
[2] 28648
[vagrant#localhost ~]$ User already exists : null
Please help to solve this issue.
Run below commands
curl -u root:rootpassword "http://localhost:9200/_httpuserauth?mode=adduser&username=admin&password=somepassword123"
instead of
curl -u root:rootpassword http://localhost:9200/_httpuserauth?mode=adduser&username=admin&password=somepassword123
Related
I am running Elasticsearch and kibana, I am not sure of the status of my elasticsearsh cluster (if its red, yellow, or green) but it seems I need to get a token generated by elasticsearch as in the screenshot when I ran bin/elasticsearch-create-enrollment-token --scope kibana from the right directory it errors out ERROR: Failed to determine the health of the cluster..
According Ioannis Kakavas in discuss.elastic, "CLI tools extending BaseRunAsSuperuserCommand should only connect to the local node". When I run in a local node, it works. But when I run in the elasticsearch container in a cluster, it doesn't work. The solution was execute the elastic-search-reset-password and elasticsearch-create-enrollment-token scripts, respectively, like this (inside the elasticsearch container):
/usr/share/elasticsearch/bin/elasticsearch-reset-password -i -u elastic --url https://localhost:9200
/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s kibana --url https://localhost:9200
I encountered the same problem, and I just redid the process - unzipped the ES and kibana zip files again, and ran bin/elasticsearch in the newly created directory. Look for a message that is encapsulated in a formatted box that contains both the password for the elastic user, and the enrollment token for Kibana (the token is only valid for 30 minutes). This message will only appear once, the first time you run elasticsearch.
I proceeded to run bin/kibana for Kibana and configured it in the browser, and everything worked out from there. Hope this helps!
I have the exact issue:
$ sudo /usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic
ERROR: Failed to determine the health of the cluster.
But after I restart the elasticsearch service:
$ sudo systemctl restart elasticsearch.service
then it works:
This tool will reset the password of the [elastic] user to an autogenerated value.
The password will be printed in the console.
Please confirm that you would like to continue [y/N]y
Password for the [elastic] user successfully reset.
New value: xxxxxx
Two possible solutions:
Make sure that you have enough disk space.
Your VPN might be causing the issue.
The enrollment Token will be present in the terminal itself. You just need to scroll up till you find it when you are installing.
The reason for the error - ERROR: Failed to determine the health of the cluster is due to the fact that Elastic has not been installed yet and running that command is like calling a function without defining it.
I have added Ranger Service (Ranger Admin Server, Ranger Usersync, and Ranger KMS) to the existing Ambari 2.3 cluster (4 nodes), running on the Ubuntu 14.04 Servers. All services are on the Master Node. However, it doesn't installed correctly and now it shows 'Install Failed' on the left hand side column of available Services on the Main Ambari page, and I believe this is what puting the Master node down. I can't find any option available to Delete the Service on the Ambari Web UI. I followed this tutorial, but without success. Every time I try to delete whole service with the following command
curl -u admin:admin -X DELETE http://AMBARI_SERVER_HOST:8080/api/v1/clusters/c1/services/SERVICENAME it ends up with an error: "400"... something...
you need to add "X-Requested-By ... "
So my commands according to our system was:
curl -u admin:admin -X "X-Requested-By: ambari" DELETE http://localhost:8080/api/v1/clusters/cluster1/services/ranger
Also I've tried:
curl -u admin:admin -X "X-Requested-By: ambari" DELETE http://localhost:8080/api/v1/clusters/cluster1/services/rangeradmin
And finally:
curl -u admin:admin -X "X-Requested-By: ambari" DELETE http://localhost:8080/api/v1/clusters/cluster1/services/RangerAdmin
My thoughts is that as far as these services were not installed properly, the system can't see them. Or maybe some other issues..
However, I still cannot figure out what the actual command is, and is it possible at all to remove the service?!? I know I can hide this issue, with the 'Turn On Maintanace Mode' as option, and in that case Master Node will run as normal, but I want to completelly get rid of this Service, as I don't need it anymore. Any help appriciated, as I spent half a day trying to remove it, with no success.
sorted. if anyone interesting to delete Ambari services (in my case it was a RANGER) from the command line, run the following:
// get the service
curl -u admin:admin -X GET http://HOST_NAME:8080/api/v1/clusters/CLUSTER_NAME/services/RANGER
// stop the service
curl -u admin:admin -H 'X-Requested-By: ambari' -X PUT -d '{"RequestInfo":{"context":"Stop Service"},"Body":{"ServiceInfo":{"state":"INSTALLED"}}}' http://HOST_NAME:8080/api/v1/clusters/CLUSTER_NAME/services/RANGER
// delete the service
curl -u admin:admin -H 'X-Requested-By: ambari' -X DELETE http://HOST_NAME:8080/api/v1/clusters/CLUSTER_NAME/services/RANGER
P.S. Simply put your hostname instead of HOST_NAME and your cluster name instead CLUSTER_NAME
Hope it helps anyone with the same issues.
I am using winodws 8.1.
I have installed elastic search, now I want to create an index in elastic search
so,which IDE I can use? or how to open to user CURL command like below?
curl -XPUT 'http://localhost:9200/depst/semployee/11' -d '{ "name": "xxxx"}'
how to open window which allow to type above command?
You can use cygwin with the curl extension installed or you can - for example - to manualy querying.
You can also install the plugin head for elasticsearch wich permit you to test your index, more information about head plugin here:
https://github.com/mobz/elasticsearch-head
I am trying out Shield as a security measure for my Kibana and Elasticsearch. Running on Mac OS X 10.9.5
Followed the documentation from Elastic. Managed to install Shield. Since my Elasticsearch is running automatically, I skipped step 2(start elasticsearch).
For step 3, I tried adding an admin. Ran this following command on my terminal. bin/shield/esusers useradd admin -p password -r admin.
Unfortunately I'm getting this error.
Error: Could not find or load main class org.elasticsearch.shield.authc.esusers.tool.ESUsersTool
Below are the additional steps I took.
Double checked that the bin/shield esusers path existed and all.
Manually starting elasticsearch before adding users
Tried a variety of different commands based on the documentation.
bin/shield/esusers useradd admin -r admin and
bin/shield/esusers useradd es_admin -r admin
Ran those commands with sudo
Same error generated. Can't seem to find the problem on google as well. Not really sure what I'm missing here as the documentation seems pretty straightforward.
You must restart the node because new Java classes were added to it (from the Shield plugin) and the JVM behind Elasticsearch needs to reload those classes. It can only do that if you restart it.
Kill the process and start it up again, or use curl -XPOST "http://localhost:9200/_shutdown" to shut the cluster down.
Also, the Shield plugin needs to be installed on all the nodes in the cluster.
I'm trying to setup Shield for Elasticsearch, but had some trouble
When I try to start Elasticsearch like:
/usr/share/elasticsearch/bin/elasticsearch
all work as expected, but when I'm trying to start/restart Elasticsearch like:
/etc/init.d/elasticsearch srart
I've got error described below
[2015-02-17 21:44:09,662][ERROR][shield.audit.logfile ] [Tusk] [rest] [authentication_failed] origin_address=[/192.168.88.17:58291], principal=[es_admin], uri=[/_aliases?pretty=true]
OS: Ubuntu 12.04
Elasticsearch: 1.4.3
Shield: 1.0.1
Elasticsearch and Shield were running with default settings
If your elasticsearch configs are not in /usr/share/elasticsearch but lets say at /etc/elasticsearch
Then just move the usr/share/elasticsearch/config/shield to /etc/elasticseach
Take care that if you start elasticsearch with the user elasticsearch that the new /etc/elasticsearch/shield folder belongs to the user elasticsearch.
If that doesn't make it, then also see this
http://www.elasticsearch.org/guide/en/shield/current/getting-started.html#_configuring_your_environment
Same thing happened with me when i tried to add shield to our elasticsearch cluster to add auth based access to elasticsearch data.
I was on ubuntu 14.04 machine and elasticsearch was installed using a .deb package from elastic-download-link.
Elasticsearch was using a service startup script from
/etc/init.d/elasticsearch
in which the configuration was mentioned as:
# Elasticsearch configuration directory
CONF_DIR=/etc/$NAME
But when i tried to install shield plugin on elasticsearch from this-link
and tried to add user on shield by following es-docs using this command.
sudo bin/shield/esusers useradd es_admin -r admin
shield configuration was being updated in
/usr/share/elasticsearch/config/shield/
but elasticsearch server was expecting configuration files to be in
/etc/elasticsearch/shield/
due to this mismatch in read configuration file for shield and new updated file with newly added users on shield causing this authentication failure.
This can be solved either by moving
/usr/share/elasticsearch/config/shield/
to
/etc/elasticsearch/shield/
or by changing conf file location in
/etc/init.d/elasticsearch
as
# Elasticsearch configuration directory
CONF_DIR=/usr/share/elasticsearch/config/