'What is the default user and password for elasticsearch?
I have installed Elastic with Docker:
docker run -p 9200:9200 \
-p 9300:9300 \
-e "discovery.type=single-node" \
docker.elastic.co/elasticsearch/elasticsearch:5.6.2
But curl localhost:9200
fails with authentication error:
{
"error": {
"root_cause": [
{
"type": "security_exception",
"reason": "missing authentication token for REST request [/]",
"header": {
"WWW-Authenticate": "Basic realm=\"security\" charset=\"UTF-8\""
}
}
],
"type": "security_exception",
"reason": "missing authentication token for REST request [/]",
"header": {
"WWW-Authenticate": "Basic realm=\"security\" charset=\"UTF-8\""
}
},
"status": 401
}
What is the default username/password combo for Elasticsearch?
Solution 1:[1]
user: elastic
password: changeme
So:
$ curl -u elastic:changeme localhost:9200
{
"name" : "5aEHJ-Y",
"cluster_name" : "docker-cluster",
"cluster_uuid" : "3FmaYN7rS56oBTqWOyxmKA",
"version" : {
"number" : "5.6.2",
"build_hash" : "57e20f3",
"build_date" : "2017-09-23T13:16:45.703Z",
"build_snapshot" : false,
"lucene_version" : "6.6.1"
},
"tagline" : "You Know, for Search"
}
Read more about changing the defaults.
Solution 2:[2]
Setting up username and password for Elastic Search: (ES version:7.5.2) (Ubuntu 18.04)
Step 1: First enable xpackmonitoring in elasticsearch.yml file
root@flax:/etc/elasticsearch# vim elasticsearch.yml
Add the following line to the end of file:
xpack.security.enabled: true
File Contents:
# ======================== Elasticsearch Configuration =========================
#
# NOTE: Elasticsearch comes with reasonable defaults for most settings.
# Before you set out to tweak and tune the configuration, make sure you
# understand what are you trying to accomplish and the consequences.
#
# The primary way of configuring a node is via this file. This template lists
# the most important settings you may want to configure for a production cluster.
#
# Please consult the documentation for further information on configuration options:
# https://www.elastic.co/guide/en/elasticsearch/reference/index.html
#
# ---------------------------------- Cluster -----------------------------------
#
# Use a descriptive name for your cluster:
#
#cluster.name: my-application
#
# ------------------------------------ Node ------------------------------------
#
# Use a descriptive name for the node:
#
#node.name: node-1
#
# Add custom attributes to the node:
#
#node.attr.rack: r1
#
# ----------------------------------- Paths ------------------------------------
#
# Path to directory where to store the data (separate multiple locations by comma):
#
path.data: /var/lib/elasticsearch
#
# Path to log files:
#
path.logs: /var/log/elasticsearch
#
# ----------------------------------- Memory -----------------------------------
#
# Lock the memory on startup:
#
#bootstrap.memory_lock: true
#
# Make sure that the heap size is set to about half the memory available
# on the system and that the owner of the process is allowed to use this
# limit.
#
# Elasticsearch performs poorly when the system is swapping the memory.
#
# ---------------------------------- Network -----------------------------------
#
# Set the bind address to a specific IP (IPv4 or IPv6):
#
#network.host: 192.168.0.1
network.host: 127.0.0.1
http.host: 0.0.0.0
#
# Set a custom port for HTTP:
#
http.port: 9200
#
# For more information, consult the network module documentation.
#
# --------------------------------- Discovery ----------------------------------
#
# Pass an initial list of hosts to perform discovery when this node is started:
# The default list of hosts is ["127.0.0.1", "[::1]"]
#
#discovery.seed_hosts: ["host1", "host2"]
#
# Bootstrap the cluster using an initial set of master-eligible nodes:
#
#cluster.initial_master_nodes: ["node-1", "node-2"]
#
# For more information, consult the discovery and cluster formation module documentation.
#
# ---------------------------------- Gateway -----------------------------------
#
# Block initial recovery after a full cluster restart until N nodes are started:
#
#gateway.recover_after_nodes: 3
#
# For more information, consult the gateway module documentation.
#
# ---------------------------------- Various -----------------------------------
#
# Require explicit names when deleting indices:
#
#action.destructive_requires_name: true
xpack.security.enabled: true
Step 2: Go to /usr/share/elasticsearch folder:
root@flax:/usr/share/elasticsearch# systemctl start elasticsearch
root@flax:/usr/share/elasticsearch# ./bin/elasticsearch-setup-passwords interactive
Initiating the setup of passwords for reserved users elastic,apm_system,kibana,logstash_system,beats_system,remote_monitoring_user.
You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N]y
Enter password for [elastic]:
Reenter password for [elastic]:
Enter password for [apm_system]:
Reenter password for [apm_system]:
Enter password for [kibana]:
Reenter password for [kibana]:
Enter password for [logstash_system]:
Reenter password for [logstash_system]:
Enter password for [beats_system]:
Reenter password for [beats_system]:
Passwords do not match.
Try again.
Enter password for [beats_system]:
Reenter password for [beats_system]:
Enter password for [remote_monitoring_user]:
Reenter password for [remote_monitoring_user]:
Changed password for user [apm_system]
Changed password for user [kibana]
Changed password for user [logstash_system]
Changed password for user [beats_system]
Changed password for user [remote_monitoring_user]
Changed password for user [elastic]
root@flax:/usr/share/elasticsearch# systemctl restart elasticsearch
root@flax:/usr/share/elasticsearch# systemctl restart elasticsearch.service
Solution 3:[3]
Please be careful about the version of ElasticSearch. In 7.2 parameter ELASTIC_PASSWORD works.
docker run -p 9200:9200 \
-p 9300:9300 \
-e "discovery.type=single-node" \
-e "ELASTIC_PASSWORD=my_own_password" \
But also this line should be added in elasticsearch.yml:
xpack.security.enabled: true
By default, it is not there.
Solution 4:[4]
If you enabled basic x-pack security using xpack.security.enabled: true
in your elasticsearch version 7.7(at the time of writing this answer), it will not have a default password(changeme
) as it used to be in the old version of x-pack.
As mentioned in the getting started with security official doc
X-Pack security provides a built-in elastic superuser you can use to start setting things up. This elastic user has full access to the cluster, including all indices and data, so the elastic user does not have a password set by default.
So you need to change the password of elastic
, if you want to do it after the installation then follow setting password for built-in users in interactive mode guide
which requires you to run below command from elasticsearch bin folder.
bin/elasticsearch-setup-passwords interactive
Solution 5:[5]
To Set up username and password
ssh to the system, stop elasticsearch and kibana service, then run the following command
sudo nano /etc/elasticsearch/elasticsearch.yml
update this file, enable security by adding the following line
xpack.security.enabled: true
Change the password
Execute the following step to change the password
step 1:
cd /usr/share/elasticsearch/
step 2:
sudo bin/elasticsearch-setup-passwords auto
auto - Uses randomly generated passwords interactive - Uses passwords entered by a user
or
sudo bin/elasticsearch-setup-passwords interactive
you can run the command in an "interactive" mode, which prompts you to enter new passwords for the elastic, kibana_system, logstash_system, beats_system, apm_system, and remote_monitoring_user users:
The above commands can help you to setup a password
Start Elasticsearch
Start the Elasticsearch service by running a systemctl command:
sudo systemctl start elasticsearch.service
It may take some time for the system to start the service. There will be no output if successful.
Enable Elasticsearch to start on boot:
sudo systemctl enable elasticsearch.service
Start and Enable Kibana
Start the Kibana service:
sudo systemctl start kibana
There is no output if the service starts successfully.
Next, configure Kibana to launch at boot:
sudo systemctl enable kibana
Solution 6:[6]
In Elasticsearch version 6.x - you can specify initial password for elastic user using ELASTIC_PASSWORD env variable.
docker run -p 9200:9200 \
-p 9300:9300 \
-e "discovery.type=single-node" \
-e "ELASTIC_PASSWORD=my_own_password" \
docker.elastic.co/elasticsearch/elasticsearch:6.5.4
Source: https://www.elastic.co/guide/en/elasticsearch/reference/6.x/configuring-tls-docker.html
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
Solution | Source |
---|---|
Solution 1 | mikemaccana |
Solution 2 | |
Solution 3 | Ihor |
Solution 4 | |
Solution 5 | Maksud Alam |
Solution 6 | Alexander |