elkstach_elasticsearch_passwordreset

Overview

It can happen that you forgot all of your passwords, or that you just couldn't copy them from the shell, because shell hated you so much and the screen unexpectedly closed (my case :D ) So in such case, you have to reset the password. You have 2 choices:

  1. Delete all indexes and re-create the passwords
  2. Add new super user and change it yourself.

Let's start with the first one :)

Delete all indexes

This is a good way if you want to start a new. Completely empty database with completely new passwords. That will still require to add new user though. So first stop your elasticsearch:

Stop Elasticsearch and add new user 

[root@dokuwiki ~]# service elasticsearch stop
Stopping elasticsearch:                                    [  OK  ]
/usr/share/elasticsearch/bin/x-pack/users useradd my_admin -p Password -r superuser

This will add user called my_admin with role of superuser. After that, start your elasticsearch and delete all indexes:

Start Elasticsearch and delete all indexes 

[root@dokuwiki ~]# service elasticsearch start
Starting elasticsearch: OpenJDK 64-Bit Server VM warning: If the number of processors is expected to increase from one, then you should configure the number of parallel GC threads appropriately using -XX:ParallelGCThreads=N
                                                           [  OK  ]
                                                           
[root@dokuwiki ~]# curl -u my_admin -XDELETE 'http://10.132.0.4:9200/_all'
Enter host password for user 'my_admin':  <- Enter the password from above :)
{"acknowledged":true}[root@dokuwiki ~]# 
[root@dokuwiki ~]#

Congrats, all your indexes are deleted. Take whatever is in the fridge and run from the office :) Once all this is done, we can just re-create the keys as before:

Recreate keys 

[root@dokuwiki ~]# /usr/share/elasticsearch/bin/x-pack/setup-passwords auto
Initiating the setup of passwords for reserved users elastic,kibana,logstash_system.
The passwords will be randomly generated and printed to the console.
Please confirm that you would like to continue [y/N]y


Changed password for user kibana
PASSWORD kibana = kibana_password

Changed password for user logstash_system
PASSWORD logstash_system = logstash_password

Changed password for user elastic
PASSWORD elastic = elastic_password

[root@dokuwiki ~]#

Change the password

Instead of this, we can simply change the password for the elastic user :) as follows:

Change Password 

[root@dokuwiki ~]# curl -u my_admin -XPUT 'http://10.132.0.4:9200/_xpack/security/user/elastic/_password?pretty' -H 'Content-Type: application/json' -d'{
> "password": "newPassword"
> }
> '
Enter host password for user 'my_admin':
{"acknowledged":true}
  • elkstach_elasticsearch_passwordreset.txt
  • Last modified: 2019/10/18 20:04
  • by 127.0.0.1