Table of contents
1. Set the Elasticseach password:
2. Set Kibanan’s account and password:
3. Change the password of Elasticsearch:
1. Set the Elasticseach password:
Modify the Elasticsearch configuration file: elasticsearch.yml and add the following configuration
#设置权限
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: trueCMD command line window, enter the bin directory of Elasticsearch, and execute the command to set the user name and password.
elasticsearch-setup-passwords interactivePasswords for six accounts will be set here:elastic,apm_system,kibana,logstash_system,beats_system,remote_monitoring_user.需要根据提示逐一设置密码。
D:\devsofts\elk7.6.2\elasticsearch-7.6.2-windows-x86_64\elasticsearch-7.6.2\bin>elasticsearch-setup-passwords interactive
future versions of Elasticsearch will require Java 11; your Java version from [C:\Program Files\Java\jdk1.8.0_291\jre] does not meet this requirement
Your cluster health is currently RED.
This means that some cluster data is unavailable and your cluster is not fully functional.
It is recommended that you resolve the issues with your cluster before running elasticsearch-setup-passwords.
It is very likely that the password changes will fail when run against an unhealthy cluster.
Do you want to continue with the password setup process [y/N]y
Initiating the setup of passwords for reserved users elastic,apm_system,kibana,logstash_system,beats_system,remote_monitoring_user.
You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N]y
Enter password for [elastic]:
Reenter password for [elastic]:
Enter password for [apm_system]:
Reenter password for [apm_system]:
Enter password for [kibana]:
Reenter password for [kibana]:
Enter password for [logstash_system]:
Reenter password for [logstash_system]:
Enter password for [beats_system]:
Reenter password for [beats_system]:
Enter password for [remote_monitoring_user]:
Reenter password for [remote_monitoring_user]:
Changed password for user [apm_system]
Changed password for user [kibana]
Changed password for user [logstash_system]
Changed password for user [beats_system]
Changed password for user [remote_monitoring_user]
Changed password for user [elastic]如下图所示
Test if there is a password:
Access the default address and port: http://localhost:9200/
Enter account number: elastic, password: 123456. After successful login, as shown below:
Errors you may encounter:
1) Encoding problem of yml file:
D:\devsofts\elk7.6.2\elasticsearch-7.6.2-windows-x86_64\elasticsearch-7.6.2\bin>elasticsearch-setup-passwords interactive
future versions of Elasticsearch will require Java 11; your Java version from [C:\Program Files\Java\jdk1.8.0_291\jre] does not meet this requirement
Exception in thread "main" SettingsException[Failed to load settings from [elasticsearch.yml]]; nested: YAMLException[java.io.CharConversionException: Invalid UTF-8 middle byte 0xe8 (at char #2887, byte #2047)
at [Source: sun.nio.ch.ChannelInputStream@4738a206; line: 1, column: 1]]; nested: YAMLException[java.io.CharConversionException: Invalid UTF-8 middle byte 0xe8 (at char #2887, byte #2047)]; nested: CharConversionException[Invalid UTF-8 middle byte 0xe8 (at char #2887, byte #2047)];
at org.elasticsearch.common.settings.Settings$Builder.loadFromStream(Settings.java:1097)
at org.elasticsearch.common.settings.Settings$Builder.loadFromPath(Settings.java:1070)
at org.elasticsearch.node.InternalSettingsPreparer.prepareEnvironment(InternalSettingsPreparer.java:83)
at org.elasticsearch.cli.EnvironmentAwareCommand.createEnv(EnvironmentAwareCommand.java:100)
at org.elasticsearch.cli.EnvironmentAwareCommand.createEnv(EnvironmentAwareCommand.java:91)
at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86)
at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:125)
at org.elasticsearch.cli.MultiCommand.execute(MultiCommand.java:91)
at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:125)
at org.elasticsearch.cli.Command.main(Command.java:90)
at org.elasticsearch.xpack.security.authc.esnative.tool.SetupPasswordTool.main(SetupPasswordTool.java:107)
Caused by: com.fasterxml.jackson.dataformat.yaml.snakeyaml.error.YAMLException: java.io.CharConversionException: Invalid UTF-8 middle byte 0xe8 (at char #2887, byte #2047)
at [Source: sun.nio.ch.ChannelInputStream@4738a206; line: 1, column: 1]
at com.fasterxml.jackson.dataformat.yaml.snakeyaml.error.YAMLException.from(YAMLException.java:25)
at com.fasterxml.jackson.dataformat.yaml.YAMLParser.nextToken(YAMLParser.java:346)
at org.elasticsearch.common.xcontent.json.JsonXContentParser.nextToken(JsonXContentParser.java:52)
at org.elasticsearch.common.settings.Settings$Builder.loadFromStream(Settings.java:1089)
... 10 more
Caused by: org.yaml.snakeyaml.error.YAMLException: java.io.CharConversionException: Invalid UTF-8 middle byte 0xe8 (at char #2887, byte #2047)
at org.yaml.snakeyaml.reader.StreamReader.update(StreamReader.java:200)
at org.yaml.snakeyaml.reader.StreamReader.peek(StreamReader.java:146)
at org.yaml.snakeyaml.scanner.ScannerImpl.scanToNextToken(ScannerImpl.java:1199)
at org.yaml.snakeyaml.scanner.ScannerImpl.fetchMoreTokens(ScannerImpl.java:289)
at org.yaml.snakeyaml.scanner.ScannerImpl.checkToken(ScannerImpl.java:226)
at org.yaml.snakeyaml.parser.ParserImpl$ParseImplicitDocumentStart.produce(ParserImpl.java:194)
at org.yaml.snakeyaml.parser.ParserImpl.peekEvent(ParserImpl.java:157)
at org.yaml.snakeyaml.parser.ParserImpl.getEvent(ParserImpl.java:167)
at com.fasterxml.jackson.dataformat.yaml.YAMLParser.nextToken(YAMLParser.java:340)
... 12 more
Caused by: java.io.CharConversionException: Invalid UTF-8 middle byte 0xe8 (at char #2887, byte #2047)
at com.fasterxml.jackson.dataformat.yaml.UTF8Reader.reportInvalidOther(UTF8Reader.java:394)
at com.fasterxml.jackson.dataformat.yaml.UTF8Reader.read(UTF8Reader.java:253)
at com.fasterxml.jackson.dataformat.yaml.UTF8Reader.read(UTF8Reader.java:148)
at org.yaml.snakeyaml.reader.StreamReader.update(StreamReader.java:184)
... 20 more
As shown below:
File encoding changed to UTF-8
2) One more configuration item has been added: (to be determined)
If you follow what some blogs write, add three configurations to the elasticsearch.yml file.
xpack.security.enabled: true
xpack.license.self_generated.type: basic
xpack.security.transport.ssl.enabled: trueThe following error will occur:
D:\devsofts\elk7.6.2\elasticsearch-7.6.2-windows-x86_64\elasticsearch-7.6.2\bin>elasticsearch-setup-passwords interactive
future versions of Elasticsearch will require Java 11; your Java version from [C:\Program Files\Java\jdk1.8.0_291\jre] does not meet this requirement
Unexpected response code [500] from calling GET http://127.0.0.1:9200/_security/_authenticate?pretty
It doesn't look like the X-Pack security feature is enabled on this Elasticsearch node.
Please check if you have enabled X-Pack security in your elasticsearch.yml configuration file.
ERROR: X-Pack Security is disabled by configuration.As shown below:
3) Elasticsearch is not started
D:\devsofts\elk7.6.2\elasticsearch-7.6.2-windows-x86_64\elasticsearch-7.6.2\bin>elasticsearch-setup-passwords interactive
future versions of Elasticsearch will require Java 11; your Java version from [C:\Program Files\Java\jdk1.8.0_291\jre] does not meet this requirement
Connection failure to: http://127.0.0.1:9200/_security/_authenticate?pretty failed: Connection refused: connect
ERROR: Failed to connect to elasticsearch at http://127.0.0.1:9200/_security/_authenticate?pretty. Is the URL correct and elasticsearch running?As shown below:
2. Set Kibanan’s account and password:
1) Open kibana.yml in Kibana's conf directory, and modify the username and password configuration of elasticsearch inside. The default is commented out, as shown below:
Modify kibana configuration kibana.yml: (Change to the Elasticsearch account and password set previously, remove the # sign in front)
# If your Elasticsearch is protected with basic authentication, these settings provide
# the username and password that the Kibana server uses to perform maintenance on the Kibana
# index at startup. Your Kibana users still need to authenticate with Elasticsearch, which
# is proxied through the Kibana server.
elasticsearch.username: "elastic"
elasticsearch.password: "123456"As shown below:
2) Test Kibana login, as shown below. Enter the set login username (elastic) and password (123456) to log in successfully.
3. Change the password of Elasticsearch:
Most of the commands for changing passwords online are as follows. This is the curl command under Linux.
curl -H "Content-Type:application/json" -XPOST -u elastic 'http://192.168.140:9200/_xpack/security/user/elastic/_password' -d '{ "password" : "123456" }'In the CMD command line of Windows, to change the password of Elasticsearch, you need to pay attention to some ways of writing the curl command:
In the window, the single quotes in the linux format must be changed to double quotes, and the double quotes in the json format data must be \escaped.
It should be as follows:
curl -H "Content-Type:application/json" -XPOST -u elastic -d "{\"password\" : \"1234567\" }" http://127.0.0.1:9200/_xpack/security/user/elastic/_passwordAs shown in the picture:
4. Additional explanation:
1) Kibana does not have its own account and password. It uses the elasticsearch account and password.
Therefore, it needs to be configured in kibana.yml. If kibaba.yml does not set the correct elasticsearch account password,
When accessing http://localhost:5601/ . It cannot be opened.
Check elasticsearch.log and you will find the error log: Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]
2) Try to change the password of elasticsearch using commands under Windows. There are several failure situations:
In the curl command, mixing single quotes and double quotes for parameters will cause the following error:
D:\devsofts\elk7.6.2\elasticsearch-7.6.2-windows-x86_64\elasticsearch-7.6.2\bin>curl -H "Content-Type:application/json" -XPOST -u elastic -d '{ "password" : "1234567" }' 'http://127.0.0.1:9200/_xpack/security/user/elastic/_password'
Enter host password for user 'elastic':
curl: (6) Could not resolve host: password
curl: (3) URL using bad/illegal format or missing URL
curl: (7) Failed to connect to 0.18.214.135 port 80 after 0 ms: Network unreachable
curl: (3) unmatched close brace/bracket in URL position 1:
}'
In the curl command, the double quotes in the json format data are not escaped.
D:\devsofts\elk7.6.2\elasticsearch-7.6.2-windows-x86_64\elasticsearch-7.6.2\bin>curl -H "Content-Type:application/json" -XPOST -u elastic -d "{"password" : "666666" }" "http://127.0.0.1:9200/_xpack/security/user/elastic/_password"
Enter host password for user 'elastic':
{"error":{"root_cause":[{"type":"json_parse_exception","reason":"Unexpected character ('p' (code 112)): was expecting double-quote to start field name\n at [Source: org.elasticsearch.transport.netty4.ByteBufStreamInput@5f92bad8; line: 1, column: 3]"}],"type":"json_parse_exception","reason":"Unexpected character ('p' (code 112)): was expecting double-quote to start field name\n at [Source: org.elasticsearch.transport.netty4.ByteBufStreamInput@5f92bad8; line: 1, column: 3]"},"status":400}