当前位置:   article > 正文

记录一下es重置密码过程

es重置密码

ps:以下elasticsearche简称es

一、当单节点添加认证后想重置时报以下问题:

#添加认证

./bin/elasticsearch-setup-passwords interactive

#报异常

Failed to authenticate user 'elastic' against http://192.168.86.148:9200/_xpack/security/_authenticate?pretty
Possible causes include:
 * The password for the 'elastic' user has already been changed on this cluster
 * Your elasticsearch node is running against a different keystore
   This tool used the keystore at /data/elasticsearch/config/elasticsearch.keystore

ERROR: Failed to verify bootstrap password

 二、看到此问题是指:无法验证引导程序密码,直白点就是已经有密码了,咱们需要重新重置一下所有的密码,首先创建一个还原用户:

#创建用户名为:restore_user 的还原用户

./bin/elasticsearch-users useradd restore_user -p 密码  -r superuser

#docker

docker exec -u elasticsearch -it elasticsearch bin/elasticsearch-users useradd restore_user -p 密码-r superuser

三、删除security索引

curl -u restore_user -k -X DELETE "https://ip:9200/.security-*"

返回结果:

{"acknowledged":true}

四、再次执行添加密码

./bin/elasticsearch-setup-passwords interactive

#返回结果:输入y继续给用户添加密码

Initiating the setup of passwords for reserved users elastic,apm_system,kibana,logstash_system,beats_system,remote_monitoring_user.
You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N]

五、不需要重启es,直接使用ip访问浏览器输入最新密码即可。

 六、如果想对某个用户进行修改密码操作执行以下步骤:比如用户:elastic

#修改elastic用户密码并设置最新密码

curl -H "Content-Type:application/json" -XPOST -u elastic 'http://172.24.17.210:9200/_xpack/security/user/elastic/_password' -d '{ "password" : "XYx123User" }'

#回车后输入elastic的旧密码即可

附送一个异常:当es集群版本介于6.*之间的,在添加用户密码认证时可能会出现以下问题,大致意思是:6.*版本默认带的license是basic的不支持security这类商业特性。 可以将license改为trial。elasticsearch.yml文件末尾增加如下代码。或者在kibana的Machine Learning开启 trial,如果直接在elasticsearch.yml中添加配置下列可能不好使。

#修改elasticsearch.yml可能还无法添加认证

xpack.security.enabled: true

xpack.ml.enabled: true

xpack.license.self_generated.type: trial

解决方法: 记得修改ip地址:

curl -H "Content-Type: application/json" -XPOST http://IP:端口/_xpack/license/start_trial?acknowledge=true

在执行添加认证权限即可:

./bin/elasticsearch-setup-passwords interactive

声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/喵喵爱编程/article/detail/856581
推荐阅读
相关标签
  

闽ICP备14008679号