I’ve managed to lock myself out. I think that I’ve saved a bad configuration in the clusterwide settings. In the logs, I see this.
[2017-10-05T18:34:24,824][INFO ][o.e.p.r.e.ReloadableSettingsImpl] [CLUSTERWIDE SETTINGS] good settings found in index, overriding elasticsearch.yml
Which tells me that my elasticsearch.yml file is being overwritten.
I’m hoping that there is a way to backout or reset the changes in the index.
Mark
Hi @mching,
Oh snap! 
This is pretty common. Fortunately the solution is very simple. Just delete the .readonlyrest index.
For example, you could log in into the ElasticSearch node and run this curl command. This assumes you have at least one set of credentials that work (in this example user:kibana, password:kibana).
curl -XDELETE -k -ukibana:kibana https://localhost:900/.readonlyrest
```
If you **completely** locked yourself out, edit your `elasticsearch.yml` and disable ReadonlyREST:
readonlyrest:
enable: false
Now **restart** the ES node, and use the curl command above.Thank you Simone.
Appreciate the quick response.
Mark
Hi Simone,
Is the syntax right? I’ve set enable: false on all of the nodes, brought the entire cluster down and restarted.
The startup logs says this:
[2017-10-05T19:29:42,722][DEBUG][o.e.a.ActionModule ] Using REST wrapper from plugin org.elasticsearch.plugin.readonlyrest.es.ReadonlyRestPlugin
[2017-10-05T19:29:42,823][INFO ][o.e.d.DiscoveryModule ] [escluster-data1] using discovery type [zen]
[2017-10-05T19:29:43,300][INFO ][o.e.p.r.e.IndexLevelActionFilter] Configuration reloaded - ReadonlyREST disabled
[2017-10-05T19:29:43,315][INFO ][o.e.p.r.e.IndexLevelActionFilter] Readonly REST plugin was loaded…
Then further down, once the nodes get into quorum, it reads this:
[2017-10-05T19:30:35,959][INFO ][o.e.p.r.e.ReloadableSettingsImpl] [CLUSTERWIDE SETTINGS] Cluster is ready!
[2017-10-05T19:30:35,960][INFO ][o.e.p.r.e.ReloadableSettingsImpl] [CLUSTERWIDE SETTINGS] Stopping cluster poller…
[2017-10-05T19:30:36,019][INFO ][o.e.p.r.e.ReloadableSettingsImpl] [CLUSTERWIDE SETTINGS] good settings found in index, overriding elasticsearch.yml
[2017-10-05T19:30:36,346][INFO ][o.e.p.r.a.ACL ] ADDING BLOCK: { name: ‘::USER:: mching’, policy: ALLOW}
[2017-10-05T19:30:36,346][INFO ][o.e.p.r.e.IndexLevelActionFilter] Configuration reloaded - ReadonlyREST enabled
Which says that it’s enabling the readonlyrest ES plugin.
I’m going to try enabled: false
Beyond that it’ll be an uninstall of the plugin, removal of the index, and a re-install.
Mark
Uninstalling the plugin across the cluster, starting the cluster, deleting the index (using your curl command), and re-installing the plugin did get me access to the cluster again.
Well done @mching, even simpler! BTW you could have uninstalled the ES plugin in just a single node