OpenSearch/docs/reference/commands/setup-passwords.asciidoc

76 lines
2.8 KiB
Plaintext

[role="xpack"]
[testenv="gold+"]
[[setup-passwords]]
== elasticsearch-setup-passwords
The `elasticsearch-setup-passwords` command sets the passwords for the
<<built-in-users,built-in users>>.
[discrete]
=== Synopsis
[source,shell]
--------------------------------------------------
bin/elasticsearch-setup-passwords auto|interactive
[-b, --batch] [-h, --help] [-E <KeyValuePair>]
[-s, --silent] [-u, --url "<URL>"] [-v, --verbose]
--------------------------------------------------
[discrete]
=== Description
This command is intended for use only during the initial configuration of the
{es} {security-features}. It uses the
<<bootstrap-elastic-passwords,`elastic` bootstrap password>>
to run user management API requests. If your {es} keystore is password protected,
before you can set the passwords for the built-in users, you must enter the keystore password.
After you set a password for the `elastic`
user, the bootstrap password is no longer active and you cannot use this command.
Instead, you can change passwords by using the *Management > Users* UI in {kib}
or the <<security-api-change-password,Change Password API>>.
This command uses an HTTP connection to connect to the cluster and run the user
management requests. If your cluster uses TLS/SSL on the HTTP layer, the command
automatically attempts to establish the connection by using the HTTPS protocol.
It configures the connection by using the `xpack.security.http.ssl` settings in
the `elasticsearch.yml` file. If you do not use the default config directory
location, ensure that the *ES_PATH_CONF* environment variable returns the
correct path before you run the `elasticsearch-setup-passwords` command. You can
override settings in your `elasticsearch.yml` file by using the `-E` command
option. For more information about debugging connection failures, see
<<trb-security-setup>>.
[discrete]
=== Parameters
`auto`:: Outputs randomly-generated passwords to the console.
`-b, --batch`:: If enabled, runs the change password process without prompting the
user.
`-E <KeyValuePair>`:: Configures a standard {es} or {xpack} setting.
`-h, --help`:: Shows help information.
`interactive`:: Prompts you to manually enter passwords.
`-s, --silent`:: Shows minimal output.
`-u, --url "<URL>"`:: Specifies the URL that the tool uses to submit the user management API
requests. The default value is determined from the settings in your
`elasticsearch.yml` file. If `xpack.security.http.ssl.enabled` is set to `true`,
you must specify an HTTPS URL.
`-v, --verbose`:: Shows verbose output.
[discrete]
=== Examples
The following example uses the `-u` parameter to tell the tool where to submit
its user management API requests:
[source,shell]
--------------------------------------------------
bin/elasticsearch-setup-passwords auto -u "http://localhost:9201"
--------------------------------------------------