Unsupported content This version of the product has reached end of support. The documentation is available for your convenience. However, you must be logged in to access it. You will not be able to leave comments.

Configuring authentication for Elasticsearch


By default, in Elasticsearch version 6.8.0, authentication is enabled. You can disable it if needed. Also, you can change password for the default user, admin.

This topic contains the following sections:

Disabling authentication for Elasticsearch

To disable Elasticsearch authentication, you need to disable it on both the Elasticsearch server and application server.

To disable Elasticsearch authentication on the Elasticsearch server

  1. Navigate to the following directory: <ES_INSTALL_DIR>/elasticsearch/infra-ext/es/DCAIndexService/config.
  2. Open the elasticsearch.yml file with a text editor.
  3. Comment the following lines:

    xpack.security.enabled: true
    xpack.security.transport.ssl.enabled: true
    xpack.security.transport.ssl.verification_mode: certificate
    xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
    xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
  4. Navigate to the /opt/smDownload/truesight-sm directory and run the following commands to stop and start the Elasticsearch services:

    python truesight-sm.py stop --deployment elasticsearch
    python truesight-sm.py start --deployment elasticsearch

To disable Elasticsearch authentication on the application server

  1. On the application server, navigate to the directory, where the input_files.yml file is located.
    Typically, this file is located in the <TSVM_INSTALL_DIR>/application/config directory.
  2. Open the input_files.yml file with a text editor.
  3. Locate the following section:

    es:
    hostname: <hostName>
    username: <username>
    password: <password>
  4. Remove the value of the username or password property.
  5. Navigate to the /opt/smDownload/truesight-sm directory and run the following commands to stop and start the application services:

    python truesight-sm.py stop --deployment application
    python truesight-sm.py start --deployment application

Changing the default password

The default Elasticsearch installation contains a few users, including an admin user with the password elasticadmin. If you want to change the default password, change the password on the Elasticsearch server and in the input_files.yml file on the application server, as described in the following procedures.

To change the default password on the Elasticsearch server

  1. Navigate to the <ES_INSTALL_DIR>/elasticsearch/infra-ext/es/DCAIndexService/bin directory.
  2. Enter the following command to reset the password for the admin user: sh elasticsearch-users passwd adminYou are prompted for the new password.
  3. Enter the new password.
  4. If not done so, download and extract the TSVM<versionNo>-SM-LIN64.zip file to a temporary directory, /opt/smDownload.
  5. Navigate to the /opt/smDownload/truesight-sm directory, and stop and start the Elasticsearch services using the following commands:

    python truesight-sm.py stop --deployment elasticsearch
    python truesight-sm.py start --deployment elasticsearch

To change the default password on the application server

  1. If not done, download and extract the TSVM<versionNo>-SM-LIN64.zip file to a temporary directory, /opt/smDownload.
  2. Encrypt the new password.

    Important

    To get the new password encrypted, contact BMC Customer Support.

  3. Navigate to the directory, where the input_files.yml file is located.
    Typically, this file is located in the <TSVM_INSTALL_DIR>/application/config directory.
  4. Open the input_files.yml file with a text editor.
  5. Locate the following section:

    es:
    hostname: <hostName>
    username: <username>
    password: <password>
  6. Update the password property with the encrypted password that you obtained in step 2.
  7. Navigate to the /opt/smDownload/truesight-sm directory and run the following commands to stop and start the application services:

    python truesight-sm.py stop --deployment application
    python truesight-sm.py start --deployment application

    The bmc-config.json file is updated automatically with the new password.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*