Elasticsearch Version: 5.6.14
Search Guard Version: 5.6.14-19.2
Currently I have the following sg_internal_users.yml file as my config:
# This is the internal user database
# The hash value is a bcrypt hash and can be generated with plugin/tools/hash.sh
admin:
hash: ${ADMIN_PWD_HASH}
#password is: ${ADMIN_PASSWORD}
roles:
- sg_admin
readonly:
hash: ${READONLY_PWD_HASH}
#password is: ${READONLY_PASSWORD}
roles:
- sg_readonly
This is so that when I’m inside the node, during the start up (via entrypoint function) I can generate the hash for the password that is provided by the user
chmod +x hash.sh
ADMIN_PWD_HASH=$(./hash.sh -p $ADMIN_PASSWORD)
READONLY_PWD_HASH=$(./hash.sh -p $READONLY_PASSWORD)
However this does not seem to be working as when I try and validate through I curl I get back an ‘unauthorized’ message. I know that admin/readall come predefined with a username/password but I wanted to know how the process would work for new users. Would the user have to generate the password using the hasher themselves and then copy paste the hash into the internal config file before running elasticsearch? For a cluster would this mean that each node in the cluster would have the same hash in the internal file? Thank you!