stackoom
  简体   繁体   中英

Open Distro for Elasticsearch: reset default admin password

 原文  2020-05-12 10:58:46       elasticsearch/ kubernetes/ elasticsearch-opendistro

Question

I'm new to open distro for elasticsearch and trying to run it on the Kubernetes cluster. After deploying the cluster, I need to change the password for admin user.

I went through this post - default-password-reset

I came to know that, to change the password I need to do the following steps:

  • exec in one of the master nodes
  • generate a hash for the new password using /usr/share/elasticsearch/plugins/opendistro_security/tools/hash.sh script
  • update /usr/share/elasticsearch/plugins/opendistro_security/securityconfig/internal_users.yml with the new hash
  • run /usr/share/elasticsearch/plugins/opendistro_security/tools/securityadmin.sh with parameters

Questions:

  • Is there any way to set those (via env or elasticsearch.yml ) during bootstrapping the cluster?

3 answers

solution1
 1 ACCPTED  2020-06-08 17:02:48

I had to recreate internal_users.yml file with the updated password hashes and mounted the file in /usr/share/elasticsearch/plugins/opendistro_security/securityconfig/internal_users.yml directory for database pods.

So, when the Elasticsearch nodes bootstrapped, it bootstrapped with the updated password for default users ( ie admin ).

I used bcrypt go package to generate password hash.

solution2
 0  2021-05-26 17:23:40

docker exec -ti ELASTIC_MASTER bash

/usr/share/elasticsearch/plugins/opendistro_security/tools/hash.sh

##enter pass

yum install nano

#replace generated hash with new one nano /usr/share/elasticsearch/plugins/opendistro_security/securityconfig/internal_users.yml

#exec this command to take place sh /usr/share/elasticsearch/plugins/opendistro_security/tools/securityadmin.sh -cd /usr/share/elasticsearch/plugins/opendistro_security/securityconfig/ -icl -nhnv -cacert config/root-ca.pem -cert config/admin.pem -key config/admin-key.pem

solution3
 0  2021-05-27 01:06:09

You can also execute below commands to obtain value of username, password from you kubernetes cluster:

kubectl get secret -n wazuh elastic-cred -o go-template='{{.data.username | base64decode}}'
kubectl get secret -n wazuh elastic-cred -o go-template='{{.data.password | base64decode}}'

Note: '-n wazuh' indicates the namespace, use what applies to you

Ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-deploy-elasticsearch.html

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Open distro for elasticsearch Elasticsearch Exception - Open Distro Alert Enable xpack features on Open Distro For Elasticsearch Open Distro alert plugin elasticsearch exception Disable state management history in Elasticsearch with Open Distro Open Distro Elasticsearch - Authenticate to Kibana with JWT Problem with creating roles in open-distro for elasticsearch kibana opendistro can't connect to ElasticSearch open distro container on Docker How to reset password for Shield in Elasticsearch What is the default user and password for elasticsearch?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM