What is the default user and password for elasticsearch?
DockerAuthenticationElasticsearchCredentialsDocker Problem Overview
I have installed Elastic with Docker:
docker run -p 9200:9200 \
-p 9300:9300 \
-e "discovery.type=single-node" \
docker.elastic.co/elasticsearch/elasticsearch:5.6.2
But curl localhost:9200
fails with authentication error:
{
"error": {
"root_cause": [
{
"type": "security_exception",
"reason": "missing authentication token for REST request [/]",
"header": {
"WWW-Authenticate": "Basic realm=\"security\" charset=\"UTF-8\""
}
}
],
"type": "security_exception",
"reason": "missing authentication token for REST request [/]",
"header": {
"WWW-Authenticate": "Basic realm=\"security\" charset=\"UTF-8\""
}
},
"status": 401
}
What is the default username/password combo for Elasticsearch?
Docker Solutions
Solution 1 - Docker
user: elastic
password: changeme
So:
$ curl -u elastic:changeme localhost:9200
{
"name" : "5aEHJ-Y",
"cluster_name" : "docker-cluster",
"cluster_uuid" : "3FmaYN7rS56oBTqWOyxmKA",
"version" : {
"number" : "5.6.2",
"build_hash" : "57e20f3",
"build_date" : "2017-09-23T13:16:45.703Z",
"build_snapshot" : false,
"lucene_version" : "6.6.1"
},
"tagline" : "You Know, for Search"
}
Read more about changing the defaults.
Solution 2 - Docker
Setting up username and password for Elastic Search: (ES version:7.5.2) (Ubuntu 18.04)
Step 1: First enable xpackmonitoring in elasticsearch.yml file
root@flax:/etc/elasticsearch# vim elasticsearch.yml
Add the following line to the end of file:
xpack.security.enabled: true
File Contents:
# ======================== Elasticsearch Configuration =========================
#
# NOTE: Elasticsearch comes with reasonable defaults for most settings.
# Before you set out to tweak and tune the configuration, make sure you
# understand what are you trying to accomplish and the consequences.
#
# The primary way of configuring a node is via this file. This template lists
# the most important settings you may want to configure for a production cluster.
#
# Please consult the documentation for further information on configuration options:
# https://www.elastic.co/guide/en/elasticsearch/reference/index.html
#
# ---------------------------------- Cluster -----------------------------------
#
# Use a descriptive name for your cluster:
#
#cluster.name: my-application
#
# ------------------------------------ Node ------------------------------------
#
# Use a descriptive name for the node:
#
#node.name: node-1
#
# Add custom attributes to the node:
#
#node.attr.rack: r1
#
# ----------------------------------- Paths ------------------------------------
#
# Path to directory where to store the data (separate multiple locations by comma):
#
path.data: /var/lib/elasticsearch
#
# Path to log files:
#
path.logs: /var/log/elasticsearch
#
# ----------------------------------- Memory -----------------------------------
#
# Lock the memory on startup:
#
#bootstrap.memory_lock: true
#
# Make sure that the heap size is set to about half the memory available
# on the system and that the owner of the process is allowed to use this
# limit.
#
# Elasticsearch performs poorly when the system is swapping the memory.
#
# ---------------------------------- Network -----------------------------------
#
# Set the bind address to a specific IP (IPv4 or IPv6):
#
#network.host: 192.168.0.1
network.host: 127.0.0.1
http.host: 0.0.0.0
#
# Set a custom port for HTTP:
#
http.port: 9200
#
# For more information, consult the network module documentation.
#
# --------------------------------- Discovery ----------------------------------
#
# Pass an initial list of hosts to perform discovery when this node is started:
# The default list of hosts is ["127.0.0.1", "[::1]"]
#
#discovery.seed_hosts: ["host1", "host2"]
#
# Bootstrap the cluster using an initial set of master-eligible nodes:
#
#cluster.initial_master_nodes: ["node-1", "node-2"]
#
# For more information, consult the discovery and cluster formation module documentation.
#
# ---------------------------------- Gateway -----------------------------------
#
# Block initial recovery after a full cluster restart until N nodes are started:
#
#gateway.recover_after_nodes: 3
#
# For more information, consult the gateway module documentation.
#
# ---------------------------------- Various -----------------------------------
#
# Require explicit names when deleting indices:
#
#action.destructive_requires_name: true
xpack.security.enabled: true
Step 2: Go to /usr/share/elasticsearch folder:
root@flax:/usr/share/elasticsearch# systemctl start elasticsearch
root@flax:/usr/share/elasticsearch# ./bin/elasticsearch-setup-passwords interactive
Initiating the setup of passwords for reserved users elastic,apm_system,kibana,logstash_system,beats_system,remote_monitoring_user.
You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N]y
Enter password for [elastic]:
Reenter password for [elastic]:
Enter password for [apm_system]:
Reenter password for [apm_system]:
Enter password for [kibana]:
Reenter password for [kibana]:
Enter password for [logstash_system]:
Reenter password for [logstash_system]:
Enter password for [beats_system]:
Reenter password for [beats_system]:
Passwords do not match.
Try again.
Enter password for [beats_system]:
Reenter password for [beats_system]:
Enter password for [remote_monitoring_user]:
Reenter password for [remote_monitoring_user]:
Changed password for user [apm_system]
Changed password for user [kibana]
Changed password for user [logstash_system]
Changed password for user [beats_system]
Changed password for user [remote_monitoring_user]
Changed password for user [elastic]
root@flax:/usr/share/elasticsearch# systemctl restart elasticsearch
root@flax:/usr/share/elasticsearch# systemctl restart elasticsearch.service
Solution 3 - Docker
Please be careful about the version of ElasticSearch. In 7.2 parameter ELASTIC_PASSWORD works.
docker run -p 9200:9200 \
-p 9300:9300 \
-e "discovery.type=single-node" \
-e "ELASTIC_PASSWORD=my_own_password" \
But also this line should be added in elasticsearch.yml:
xpack.security.enabled: true
By default, it is not there.
Solution 4 - Docker
If you enabled basic x-pack security using xpack.security.enabled: true
in your elasticsearch version 7.7(at the time of writing this answer), it will not have a default password(changeme
) as it used to be in the old version of x-pack.
As mentioned in the getting started with security official doc
> X-Pack security provides a built-in elastic superuser you can use to > start setting things up. This elastic user has full access to the > cluster, including all indices and data, so the elastic user does > not have a password set by default.
So you need to change the password of elastic
, if you want to do it after the installation then follow setting password for built-in users in interactive mode guide
which requires you to run below command from elasticsearch bin folder.
bin/elasticsearch-setup-passwords interactive
Solution 5 - Docker
To Set up username and password
ssh to the system, stop elasticsearch and kibana service, then run the following command
sudo nano /etc/elasticsearch/elasticsearch.yml
update this file, enable security by adding the following line
xpack.security.enabled: true
Change the password
Execute the following step to change the password
step 1:
cd /usr/share/elasticsearch/
step 2:
sudo bin/elasticsearch-setup-passwords auto
> auto - Uses randomly generated passwords interactive - Uses passwords > entered by a user
or
sudo bin/elasticsearch-setup-passwords interactive
> you can run the command in an "interactive" mode, which prompts you to > enter new passwords for the elastic, kibana_system, logstash_system, > beats_system, apm_system, and remote_monitoring_user users: >
The above commands can help you to setup a password
Start Elasticsearch
-
Start the Elasticsearch service by running a systemctl command:
sudo systemctl start elasticsearch.service
It may take some time for the system to start the service. There will be no output if successful.
-
Enable Elasticsearch to start on boot:
sudo systemctl enable elasticsearch.service
Start and Enable Kibana
-
Start the Kibana service:
sudo systemctl start kibana
There is no output if the service starts successfully.
-
Next, configure Kibana to launch at boot:
sudo systemctl enable kibana
Solution 6 - Docker
In Elasticsearch version 6.x - you can specify initial password for elastic user using ELASTIC_PASSWORD env variable.
docker run -p 9200:9200 \
-p 9300:9300 \
-e "discovery.type=single-node" \
-e "ELASTIC_PASSWORD=my_own_password" \
docker.elastic.co/elasticsearch/elasticsearch:6.5.4
Source: https://www.elastic.co/guide/en/elasticsearch/reference/6.x/configuring-tls-docker.html