elasticsearch的默认用户名和密码是什么？

Question

我有installed Elastic with Docker:

docker run -p 9200:9200 \
           -p 9300:9300 \
           -e "discovery.type=single-node" \ 
           docker.elastic.co/elasticsearch/elasticsearch:5.6.2

但curl localhost:9200 失败并出现身份验证错误：

{
  "error": {
    "root_cause": [
      {
        "type": "security_exception",
        "reason": "missing authentication token for REST request [/]",
        "header": {
          "WWW-Authenticate": "Basic realm=\"security\" charset=\"UTF-8\""
        }
      }
    ],
    "type": "security_exception",
    "reason": "missing authentication token for REST request [/]",
    "header": {
      "WWW-Authenticate": "Basic realm=\"security\" charset=\"UTF-8\""
    }
  },
  "status": 401
}

Elasticsearch 的默认用户名/密码组合是什么？

Answer 1

Defaults are:

user: elastic
password: changeme

所以：

$ curl -u elastic:changeme localhost:9200
{
  "name" : "5aEHJ-Y",
  "cluster_name" : "docker-cluster",
  "cluster_uuid" : "3FmaYN7rS56oBTqWOyxmKA",
  "version" : {
    "number" : "5.6.2",
    "build_hash" : "57e20f3",
    "build_date" : "2017-09-23T13:16:45.703Z",
    "build_snapshot" : false,
    "lucene_version" : "6.6.1"
  },
  "tagline" : "You Know, for Search"
}

阅读更多关于changing the defaults的信息。

Answer 2

在 Elasticsearch 6.x 版中 - 您可以使用 ELASTIC_PASSWORD 环境变量为 elastic 用户指定初始密码。

docker run -p 9200:9200 \
           -p 9300:9300 \
           -e "discovery.type=single-node" \ 
           -e "ELASTIC_PASSWORD=my_own_password" \
           docker.elastic.co/elasticsearch/elasticsearch:6.5.4

来源：https://www.elastic.co/guide/en/elasticsearch/reference/6.x/configuring-tls-docker.html

Answer 3

请注意 ElasticSearch 的版本。 在 7.2 参数 ELASTIC_PASSWORD 有效。

docker run -p 9200:9200 \
           -p 9300:9300 \
           -e "discovery.type=single-node" \ 
           -e "ELASTIC_PASSWORD=my_own_password" \

但也应该在 elasticsearch.yml 中添加这一行：

xpack.security.enabled: true

默认情况下不存在。

Answer 4

为 Elastic Search 设置用户名和密码：（ES 版本：7.5.2）（Ubuntu 18.04）

第一步：首先在 elasticsearch.yml 文件中启用 xpackmonitoring

root@flax:/etc/elasticsearch# vim elasticsearch.yml

Add the following line to the end of file:
    xpack.security.enabled: true

File Contents:
# ======================== Elasticsearch Configuration =========================
#
# NOTE: Elasticsearch comes with reasonable defaults for most settings.
#       Before you set out to tweak and tune the configuration, make sure you
#       understand what are you trying to accomplish and the consequences.
#
# The primary way of configuring a node is via this file. This template lists
# the most important settings you may want to configure for a production cluster.
#
# Please consult the documentation for further information on configuration options:
# https://www.elastic.co/guide/en/elasticsearch/reference/index.html
#
# ---------------------------------- Cluster -----------------------------------
#
# Use a descriptive name for your cluster:
#
#cluster.name: my-application
#
# ------------------------------------ Node ------------------------------------
#
# Use a descriptive name for the node:
#
#node.name: node-1
#
# Add custom attributes to the node:
#
#node.attr.rack: r1
#
# ----------------------------------- Paths ------------------------------------
#
# Path to directory where to store the data (separate multiple locations by comma):
#
path.data: /var/lib/elasticsearch
#
# Path to log files:
#
path.logs: /var/log/elasticsearch
#
# ----------------------------------- Memory -----------------------------------
#
# Lock the memory on startup:
#
#bootstrap.memory_lock: true
#
# Make sure that the heap size is set to about half the memory available
# on the system and that the owner of the process is allowed to use this
# limit.
#
# Elasticsearch performs poorly when the system is swapping the memory.
#
# ---------------------------------- Network -----------------------------------
#
# Set the bind address to a specific IP (IPv4 or IPv6):
#
#network.host: 192.168.0.1
network.host: 127.0.0.1
http.host: 0.0.0.0
#
# Set a custom port for HTTP:
#
http.port: 9200
#
# For more information, consult the network module documentation.
#
# --------------------------------- Discovery ----------------------------------
#
# Pass an initial list of hosts to perform discovery when this node is started:
# The default list of hosts is ["127.0.0.1", "[::1]"]
#
#discovery.seed_hosts: ["host1", "host2"]
#
# Bootstrap the cluster using an initial set of master-eligible nodes:
#
#cluster.initial_master_nodes: ["node-1", "node-2"]
#
# For more information, consult the discovery and cluster formation module documentation.
#
# ---------------------------------- Gateway -----------------------------------
#
# Block initial recovery after a full cluster restart until N nodes are started:
#
#gateway.recover_after_nodes: 3
#
# For more information, consult the gateway module documentation.
#
# ---------------------------------- Various -----------------------------------
#
# Require explicit names when deleting indices:
#
#action.destructive_requires_name: true
xpack.security.enabled: true

第 2 步： 转到 /usr/share/elasticsearch 文件夹：

root@flax:/usr/share/elasticsearch# systemctl start elasticsearch

root@flax:/usr/share/elasticsearch# ./bin/elasticsearch-setup-passwords interactive

Initiating the setup of passwords for reserved users elastic,apm_system,kibana,logstash_system,beats_system,remote_monitoring_user.
You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N]y


Enter password for [elastic]: 
Reenter password for [elastic]: 
Enter password for [apm_system]: 
Reenter password for [apm_system]: 
Enter password for [kibana]: 
Reenter password for [kibana]: 
Enter password for [logstash_system]: 
Reenter password for [logstash_system]: 
Enter password for [beats_system]: 
Reenter password for [beats_system]: 
Passwords do not match.
Try again.
Enter password for [beats_system]: 
Reenter password for [beats_system]: 
Enter password for [remote_monitoring_user]: 
Reenter password for [remote_monitoring_user]: 
Changed password for user [apm_system]
Changed password for user [kibana]
Changed password for user [logstash_system]
Changed password for user [beats_system]
Changed password for user [remote_monitoring_user]
Changed password for user [elastic]

root@flax:/usr/share/elasticsearch# systemctl restart elasticsearch

root@flax:/usr/share/elasticsearch# systemctl restart elasticsearch.service

Answer 5

如果您在 elasticsearch 7.7 版中使用 xpack.security.enabled: true 启用了基本的 x-pack 安全性（在撰写此答案时），它将没有默认密码（changeme），因为它曾经在旧版本中x-pack 的版本。

如getting started with security official doc中所述

X-Pack 安全提供了一个内置的弹性超级用户，您可以使用 开始设置。此弹性用户对 集群，包括所有索引和数据，所以弹性用户可以 默认没有设置密码。

所以你需要更改elastic的密码，如果你想在安装后更改密码，请关注setting password for built-in users in interactive mode guide

这需要您从 elasticsearch bin 文件夹中运行以下命令。

bin/elasticsearch-setup-passwords interactive

Answer 6

设置用户名和密码

ssh到系统，停止elasticsearch和kibana服务，然后运行以下命令

sudo nano /etc/elasticsearch/elasticsearch.yml

更新此文件，通过添加以下行启用安全性

xpack.security.enabled: true 

更改密码

执行以下步骤更改密码

第 1 步：

 cd /usr/share/elasticsearch/

第 2 步：

sudo bin/elasticsearch-setup-passwords auto

auto - 使用随机生成的密码 interactive - 使用密码 由用户输入

或

sudo bin/elasticsearch-setup-passwords interactive

您可以在“交互”模式下运行命令，它会提示您 为 elastic、kibana_system、logstash_system 输入新密码， beats_system、apm_system 和 remote_monitoring_user 用户：

以上命令可以帮你设置密码

启动 Elasticsearch

1. 通过运行 systemctl 命令启动 Elasticsearch 服务：

   sudo systemctl start elasticsearch.service

系统启动服务可能需要一些时间。成功则无输出。

1. 让 Elasticsearch 在开机时启动：

   sudo systemctl 启用 elasticsearch.service

启动和启用 Kibana

1. 启动 Kibana 服务：

   sudo systemctl start kibana

服务启动成功没有输出。

1. 接下来，将 Kibana 配置为在启动时启动：

   sudo systemctl 启用 kibana