lqb
/
elasticsearch
镜像自地址 https://gitee.com/mirrors/elasticsearch.git


			
				
					
						
						
							12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576
							[[setup-passwords]]
== elasticsearch-setup-passwords

deprecated[8.0, "The `elasticsearch-setup-passwords` tool is deprecated and will be removed in a future release. To manually reset the password for the built-in users (including the `elastic` user), use the <<reset-password,`elasticsearch-reset-password`>> tool, the {es} change password API, or the User Management features in {kib}."]

The `elasticsearch-setup-passwords` command sets the passwords for the
<<built-in-users,built-in users>>.

[discrete]
=== Synopsis

[source,shell]
--------------------------------------------------
bin/elasticsearch-setup-passwords auto|interactive
[-b, --batch] [-h, --help] [-E <KeyValuePair>]
[-s, --silent] [-u, --url "<URL>"] [-v, --verbose]
--------------------------------------------------

[discrete]
=== Description

This command is intended for use only during the initial configuration of the
{es} {security-features}. It uses the
<<bootstrap-elastic-passwords,`elastic` bootstrap password>>
to run user management API requests. If your {es} keystore is password protected,
before you can set the passwords for the built-in users, you must enter the keystore password.
After you set a password for the `elastic`
user, the bootstrap password is no longer active and you cannot use this command.
Instead, you can change passwords by using the *Management > Users* UI in {kib}
or the <<security-api-change-password,Change Password API>>.

This command uses an HTTP connection to connect to the cluster and run the user
management requests. If your cluster uses TLS/SSL on the HTTP layer, the command
automatically attempts to establish the connection by using the HTTPS protocol.
It configures the connection by using the `xpack.security.http.ssl` settings in
the `elasticsearch.yml` file. If you do not use the default config directory
location, ensure that the *ES_PATH_CONF* environment variable returns the
correct path before you run the `elasticsearch-setup-passwords` command. You can
override settings in your `elasticsearch.yml` file by using the `-E` command
option. For more information about debugging connection failures, see
<<trb-security-setup>>.

[discrete]
[[setup-passwords-parameters]]
=== Parameters

`auto`::  Outputs randomly-generated passwords to the console.

`-b, --batch`:: If enabled, runs the change password process without prompting the
user.

`-E <KeyValuePair>`:: Configures a standard {es} or {xpack} setting.

`-h, --help`:: Shows help information.

`interactive`:: Prompts you to manually enter passwords.

`-s, --silent`:: Shows minimal output.

`-u, --url "<URL>"`:: Specifies the URL that the tool uses to submit the user management API
requests. The default value is determined from the settings in your
`elasticsearch.yml` file. If `xpack.security.http.ssl.enabled`  is set to `true`,
you must specify an HTTPS URL.

`-v, --verbose`:: Shows verbose output.

[discrete]
=== Examples

The following example uses the `-u` parameter to tell the tool where to submit
its user management API requests:

[source,shell]
--------------------------------------------------
bin/elasticsearch-setup-passwords auto -u "http://localhost:9201"
--------------------------------------------------