77 lines
2.8 KiB
Plaintext
77 lines
2.8 KiB
Plaintext
[role="xpack"]
|
|
[testenv="gold+"]
|
|
[[setup-passwords]]
|
|
== elasticsearch-setup-passwords
|
|
|
|
The `elasticsearch-setup-passwords` command sets the passwords for the
|
|
<<built-in-users,built-in users>>.
|
|
|
|
[discrete]
|
|
=== Synopsis
|
|
|
|
[source,shell]
|
|
--------------------------------------------------
|
|
bin/elasticsearch-setup-passwords auto|interactive
|
|
[-b, --batch] [-h, --help] [-E <KeyValuePair>]
|
|
[-s, --silent] [-u, --url "<URL>"] [-v, --verbose]
|
|
--------------------------------------------------
|
|
|
|
[discrete]
|
|
=== Description
|
|
|
|
This command is intended for use only during the initial configuration of the
|
|
{es} {security-features}. It uses the
|
|
<<bootstrap-elastic-passwords,`elastic` bootstrap password>>
|
|
to run user management API requests. If your {es} keystore is password protected,
|
|
before you can set the passwords for the built-in users, you must enter the keystore password.
|
|
After you set a password for the `elastic`
|
|
user, the bootstrap password is no longer active and you cannot use this command.
|
|
Instead, you can change passwords by using the *Management > Users* UI in {kib}
|
|
or the <<security-api-change-password,Change Password API>>.
|
|
|
|
This command uses an HTTP connection to connect to the cluster and run the user
|
|
management requests. If your cluster uses TLS/SSL on the HTTP layer, the command
|
|
automatically attempts to establish the connection by using the HTTPS protocol.
|
|
It configures the connection by using the `xpack.security.http.ssl` settings in
|
|
the `elasticsearch.yml` file. If you do not use the default config directory
|
|
location, ensure that the *ES_PATH_CONF* environment variable returns the
|
|
correct path before you run the `elasticsearch-setup-passwords` command. You can
|
|
override settings in your `elasticsearch.yml` file by using the `-E` command
|
|
option. For more information about debugging connection failures, see
|
|
<<trb-security-setup>>.
|
|
|
|
[discrete]
|
|
[[setup-passwords-parameters]]
|
|
=== Parameters
|
|
|
|
`auto`:: Outputs randomly-generated passwords to the console.
|
|
|
|
`-b, --batch`:: If enabled, runs the change password process without prompting the
|
|
user.
|
|
|
|
`-E <KeyValuePair>`:: Configures a standard {es} or {xpack} setting.
|
|
|
|
`-h, --help`:: Shows help information.
|
|
|
|
`interactive`:: Prompts you to manually enter passwords.
|
|
|
|
`-s, --silent`:: Shows minimal output.
|
|
|
|
`-u, --url "<URL>"`:: Specifies the URL that the tool uses to submit the user management API
|
|
requests. The default value is determined from the settings in your
|
|
`elasticsearch.yml` file. If `xpack.security.http.ssl.enabled` is set to `true`,
|
|
you must specify an HTTPS URL.
|
|
|
|
`-v, --verbose`:: Shows verbose output.
|
|
|
|
[discrete]
|
|
=== Examples
|
|
|
|
The following example uses the `-u` parameter to tell the tool where to submit
|
|
its user management API requests:
|
|
|
|
[source,shell]
|
|
--------------------------------------------------
|
|
bin/elasticsearch-setup-passwords auto -u "http://localhost:9201"
|
|
--------------------------------------------------
|