如果在 Elasticsearch 中误操作删除了所有用户,可以通过以下步骤重新创建用户和密码:
-
在配置文件中开启 x-pack 验证,修改
config
(一般是在/usr/share/elasticsearch
)目录下面的elasticsearch.yml
文件,添加以下内容并重启:xpack.security.enabled: true xpack.license.self_generated.type: basic xpack.security.transport.ssl.enabled: true
-
执行设置用户名和密码的命令,需要为4个用户分别设置密码,包括
elastic
、kibana
、logstash_system
和beats_system
:bin/elasticsearch-setup-passwords interactive initiating the setup of passwords for reserved users elastic,kibana,logstash_system,beats_system. You will be prompted to enter passwords as the process progresses. Please confirm that you would like to continue (y/N)y Enter password for (elastic): Reenter password for (elastic): Passwords do not match. Try again. Enter password for (elastic): Reenter password for (elastic): Enter password for (kibana): Reenter password for (kibana): Enter password for (logstash_system): Reenter password for (logstash_system): Enter password for (beats_system): Reenter password for (beats_system): Changed password for user (kibana) Changed password for user (logstash_system) Changed password for user (beats_system) Changed password for user (elastic)
-
后续需要修改密码,命令如下:
curl -H "Content-Type:application/json" -XPOST -u elastic 'http://127.0.0.1:9200/_xpack/security/user/elastic/_password' -d '{ "password" : "123456" }'
备注:请谨慎删除security索引,这个是系统用户密码保存的索引。