i would like to enable security in my cluster with elasticsearch 7.1.1.
If i execute "elasticsearch-setup-passwords auto" for generating passwords for the built-in users i get the following error:
/usr/share/elasticsearch/bin# ./elasticsearch-setup-passwords auto
Exception in thread "main" ElasticsearchParseException[Failed to parse content to map]; nested: JsonParseException[Unexpected character ('<' (code 60)): expected a valid value (number, String, array, object, 'true', 'false' or 'null')
at [Source: java.io.StringReader@241e8ea6; line: 1, column: 2]];
at org.elasticsearch.common.xcontent.XContentHelper.convertToMap(XContentHelper.java:131)
at org.elasticsearch.xpack.security.authc.esnative.tool.HttpResponse$HttpResponseBuilder.withResponseBody(HttpResponse.java:55)
at org.elasticsearch.xpack.security.authc.esnative.tool.SetupPasswordTool$SetupCommand.responseBuilder(SetupPasswordTool.java:538)
at org.elasticsearch.xpack.security.authc.esnative.tool.SetupPasswordTool$SetupCommand.lambda$checkElasticKeystorePasswordValid$1(SetupPasswordTool.java:300)
at org.elasticsearch.xpack.security.authc.esnative.tool.CommandLineHttpClient.execute(CommandLineHttpClient.java:126)
at org.elasticsearch.xpack.security.authc.esnative.tool.SetupPasswordTool$SetupCommand.checkElasticKeystorePasswordValid(SetupPasswordTool.java:299)
at org.elasticsearch.xpack.security.authc.esnative.tool.SetupPasswordTool$AutoSetup.execute(SetupPasswordTool.java:129)
at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86)
at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124)
at org.elasticsearch.cli.MultiCommand.execute(MultiCommand.java:77)
at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124)
at org.elasticsearch.cli.Command.main(Command.java:90)
at org.elasticsearch.xpack.security.authc.esnative.tool.SetupPasswordTool.main(SetupPasswordTool.java:107)
Caused by: com.fasterxml.jackson.core.JsonParseException: Unexpected character ('<' (code 60)): expected a valid value (number, String, array, object, 'true', 'false' or 'null')
at [Source: java.io.StringReader@241e8ea6; line: 1, column: 2]
at com.fasterxml.jackson.core.JsonParser._constructError(JsonParser.java:1702)
at com.fasterxml.jackson.core.base.ParserMinimalBase._reportError(ParserMinimalBase.java:558)
at com.fasterxml.jackson.core.base.ParserMinimalBase._reportUnexpectedChar(ParserMinimalBase.java:456)
at com.fasterxml.jackson.core.json.ReaderBasedJsonParser._handleOddValue(ReaderBasedJsonParser.java:1906)
at com.fasterxml.jackson.core.json.ReaderBasedJsonParser.nextToken(ReaderBasedJsonParser.java:749)
at org.elasticsearch.common.xcontent.json.JsonXContentParser.nextToken(JsonXContentParser.java:52)
at org.elasticsearch.common.xcontent.support.AbstractXContentParser.readMap(AbstractXContentParser.java:336)
at org.elasticsearch.common.xcontent.support.AbstractXContentParser.readMap(AbstractXContentParser.java:309)
at org.elasticsearch.common.xcontent.support.AbstractXContentParser.map(AbstractXContentParser.java:264)
at org.elasticsearch.common.xcontent.XContentHelper.convertToMap(XContentHelper.java:129)
... 12 more
Can someone support here please.
Chris
I'd assume the rest request is not returning JSON, which would be rather odd. Trying hitting the endpoint directly with curl to see what the real response is, I'd assume it is not from elasticsearch.
You can use something like this:
curl -v -X POST "localhost:9200/_security/user/elastic/_password" -H 'Content-Type: application/json' -d'{"password" : "s3cr3t"}'
https://www.elastic.co/guide/en/elasticsearch/reference/7.1/security-api-change-password.html#_examples_80
thanks for your response.
I could change the passwords manually via curl.
But still wondering why the script doesn´t work.
Chris
One usually runs elasticsearch-setup-passwords
in order to initially set the password for the internal users (elastic
being one of them ) . I'm curious as to how changed the password of the elastic
user when there was no user you could use to authenticate as.
Other than that, I think @jpcarey was spot on in his assumption.
jpcarey:
Trying hitting the endpoint directly with curl to see what the real response is, I'd assume it is not from elasticsearch.
Is there any proxy in your environment ?
Keep in mind that elasticsearch-setup-passwords
is using the configuration from elasticsearch.yml
to determine where to send the requests to set the passwords so incorrect values for http.publish_host
or network.publish_host
would also affect the tool's ability to set the passwords.
Can you share some more details, like what does your configuration looks like, and how did you change the password via curl ( the exact command ) ?
Elasticsearch is a trademark of Elasticsearch BV, registered in the U.S.
and in other countries
Brand
Code of Conduct
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.