Configuring authentication for Elasticsearch
By default, in Elasticsearch version 6.8.0, authentication is enabled. You can disable it if needed. Also, you can change password for the default user, admin.
This topic contains the following sections:
Disabling authentication for Elasticsearch
To disable Elasticsearch authentication, you need to disable it on both the Elasticsearch server and application server.
To disable Elasticsearch authentication on the Elasticsearch server
- Navigate to the following directory: <ES_INSTALL_DIR>/elasticsearch/infra-ext/es/DCAIndexService/config.
- Open the elasticsearch.yml file with a text editor.
Comment the following lines:
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12Navigate to the /opt/smDownload/truesight-sm directory and run the following commands to stop and start the Elasticsearch services:
python truesight-sm.py stop --deployment elasticsearch
python truesight-sm.py start --deployment elasticsearch
To disable Elasticsearch authentication on the application server
- On the application server, navigate to the directory, where the input_files.yml file is located.
Typically, this file is located in the <TSVM_INSTALL_DIR>/application/config directory. - Open the input_files.yml file with a text editor.
Locate the following section:
es:
hostname: <hostName>
username: <username>
password: <password>- Remove the value of the username or password property.
Navigate to the /opt/smDownload/truesight-sm directory and run the following commands to stop and start the application services:
python truesight-sm.py stop --deployment application
python truesight-sm.py start --deployment application
Changing the default password
The default Elasticsearch installation contains a few users, including an admin user with the password elasticadmin. If you want to change the default password, change the password on the Elasticsearch server and in the input_files.yml file on the application server, as described in the following procedures.
To change the default password on the Elasticsearch server
- Navigate to the <ES_INSTALL_DIR>/elasticsearch/infra-ext/es/DCAIndexService/bin directory.
- Enter the following command to reset the password for the admin user: sh elasticsearch-users passwd adminYou are prompted for the new password.
- Enter the new password.
- If not done so, download and extract the TSVM<versionNo>-SM-LIN64.zip file to a temporary directory, /opt/smDownload.
Navigate to the /opt/smDownload/truesight-sm directory, and stop and start the Elasticsearch services using the following commands:
python truesight-sm.py stop --deployment elasticsearch
python truesight-sm.py start --deployment elasticsearch
To change the default password on the application server
- If not done, download and extract the TSVM<versionNo>-SM-LIN64.zip file to a temporary directory, /opt/smDownload.
Encrypt the new password.
- Navigate to the directory, where the input_files.yml file is located.
Typically, this file is located in the <TSVM_INSTALL_DIR>/application/config directory. - Open the input_files.yml file with a text editor.
Locate the following section:
es:
hostname: <hostName>
username: <username>
password: <password>- Update the password property with the encrypted password that you obtained in step 2.
Navigate to the /opt/smDownload/truesight-sm directory and run the following commands to stop and start the application services:
python truesight-sm.py stop --deployment application
python truesight-sm.py start --deployment applicationThe bmc-config.json file is updated automatically with the new password.