github-mirrors/elasticsearch
1
0
Fork 0
mirror of https://github.com/elastic/elasticsearch.git synced 2025-04-26 08:07:27 -04:00
Code Issues Projects Releases Packages Wiki Activity
elasticsearch/docs/reference/commands/reset-elastic-password.asciidoc
Ioannis Kakavas 13c8ee1015
Reset elastic password cli tool (#74892) 
This change introduces a CLI tool that can be used to create
enrollment tokens. It doesn't require credentials, but simply
write access to the local filesystem of a node. It uses an
auto-generated user in the file-realm with superuser role.

For this purpose, this change also introduces a base class for a
CLI tool that can be used by any CLI tool needs to perform actions
against an ES node as a superuser without requiring credentials
from the user. It is worth noting that this doesn't change our
existing thread model, because already an actor with write access
to the fs of an ES node, can become superuser (again, by
adding a superuser to the file realm, albeit manually).
2021-07-20 13:42:14 +03:00

63 lines
2.3 KiB
Text
Raw Blame History

[roles="xpack"]
[[reset-elastic-password]]
== elasticsearch-reset-elastic-password
The `elasticsearch-reset-elastic-password` command resets the password for the
`elastic` <<built-in-users,built-in superuser>>.
[discrete]
=== Synopsis
[source,shell]
----
bin/elasticsearch-reset-elastic-password
[-a, --auto] [-b, --batch] [-E <KeyValuePair]
[-f, --force] [-h, --help] [-i, --interactive]
----
[discrete]
=== Description
Use this command to reset the password of the `elastic` superuser. By default, a
strong password is generated for you. To explicitly set a password, run the
tool in interactive mode with `-i`. The command generates (and subsequently
removes) a temporary user in the <<file-realm,file realm>> to run the request
that changes the `elastic` user password.
IMPORTANT: You cannot use this tool if the file realm is disabled in your `elasticsearch.yml` file.
This command uses an HTTP connection to connect to the cluster and run the user
management requests. The command automatically attempts to establish the connection
over HTTPS by using the `xpack.security.http.ssl` settings in
the `elasticsearch.yml` file. If you do not use the default config directory
location, ensure that the `ES_PATH_CONF` environment variable returns the
correct path before you run the `elasticsearch-reset-elastic-password` command. You can
override settings in your `elasticsearch.yml` file by using the `-E` command
option. For more information about debugging connection failures, see
<<trb-security-setup>>.
[discrete]
[[reset-elastic-password-parameters]]
=== Parameters
`-a, --auto`:: Resets the password of the `elastic` user to an auto-generated strong password. (Default)
`-b, --batch`:: Runs the reset password process without prompting the user for verification.
`-E <KeyValuePair>`:: Configures a standard {es} or {xpack} setting.
`-f, --force`:: Forces the command to run against an unhealthy cluster.
`-h, --help`:: Returns all of the command parameters.
`-i, --interactive`:: Prompts the user for the password of the `elastic` user. Use this option to explicitly set a password.
[discrete]
=== Examples
The following example resets the password of the `elastic` user to an auto-generated value and
prints the new password in the console.
[source,shell]
----
bin/elasticsearch-reset-elastic-password
----
Reference in a new issue View git blame Copy permalink