如果在 Elasticsearch 中误操作删除了所有用户,可以通过以下步骤重新创建用户和密码:
-
在配置文件中开启 x-pack 验证,修改
config(一般是在/usr/share/elasticsearch)目录下面的elasticsearch.yml文件,添加以下内容并重启:xpack.security.enabled: true xpack.license.self_generated.type: basic xpack.security.transport.ssl.enabled: true -
执行设置用户名和密码的命令,需要为4个用户分别设置密码,包括
elastic、kibana、logstash_system和beats_system:bin/elasticsearch-setup-passwords interactive initiating the setup of passwords for reserved users elastic,kibana,logstash_system,beats_system. You will be prompted to enter passwords as the process progresses. Please confirm that you would like to continue (y/N)y Enter password for (elastic): Reenter password for (elastic): Passwords do not match. Try again. Enter password for (elastic): Reenter password for (elastic): Enter password for (kibana): Reenter password for (kibana): Enter password for (logstash_system): Reenter password for (logstash_system): Enter password for (beats_system): Reenter password for (beats_system): Changed password for user (kibana) Changed password for user (logstash_system) Changed password for user (beats_system) Changed password for user (elastic) -
后续需要修改密码,命令如下:
curl -H "Content-Type:application/json" -XPOST -u elastic 'http://127.0.0.1:9200/_xpack/security/user/elastic/_password' -d '{ "password" : "123456" }'
备注:请谨慎删除security索引,这个是系统用户密码保存的索引。