Locked out - how do I reset

(Mark Ching) #1

I’ve managed to lock myself out. I think that I’ve saved a bad configuration in the clusterwide settings. In the logs, I see this.
[2017-10-05T18:34:24,824][INFO ][o.e.p.r.e.ReloadableSettingsImpl] [CLUSTERWIDE SETTINGS] good settings found in index, overriding elasticsearch.yml

Which tells me that my elasticsearch.yml file is being overwritten.

I’m hoping that there is a way to backout or reset the changes in the index.


(Simone Scarduzio) #2

Hi @mching,
Oh snap! :slight_smile: This is pretty common. Fortunately the solution is very simple. Just delete the .readonlyrest index.

For example, you could log in into the ElasticSearch node and run this curl command. This assumes you have at least one set of credentials that work (in this example user:kibana, password:kibana).

curl -XDELETE  -k -ukibana:kibana  https://localhost:900/.readonlyrest
If you **completely** locked yourself out,  edit your `elasticsearch.yml` and disable ReadonlyREST:

       enable: false
Now **restart** the ES node, and use the curl command above.

(Mark Ching) #3

Thank you Simone.

Appreciate the quick response.


(Mark Ching) #4

Hi Simone,

Is the syntax right? I’ve set enable: false on all of the nodes, brought the entire cluster down and restarted.

The startup logs says this:

[2017-10-05T19:29:42,722][DEBUG][o.e.a.ActionModule ] Using REST wrapper from plugin org.elasticsearch.plugin.readonlyrest.es.ReadonlyRestPlugin
[2017-10-05T19:29:42,823][INFO ][o.e.d.DiscoveryModule ] [escluster-data1] using discovery type [zen]
[2017-10-05T19:29:43,300][INFO ][o.e.p.r.e.IndexLevelActionFilter] Configuration reloaded - ReadonlyREST disabled
[2017-10-05T19:29:43,315][INFO ][o.e.p.r.e.IndexLevelActionFilter] Readonly REST plugin was loaded…

Then further down, once the nodes get into quorum, it reads this:

[2017-10-05T19:30:35,959][INFO ][o.e.p.r.e.ReloadableSettingsImpl] [CLUSTERWIDE SETTINGS] Cluster is ready!
[2017-10-05T19:30:35,960][INFO ][o.e.p.r.e.ReloadableSettingsImpl] [CLUSTERWIDE SETTINGS] Stopping cluster poller…
[2017-10-05T19:30:36,019][INFO ][o.e.p.r.e.ReloadableSettingsImpl] [CLUSTERWIDE SETTINGS] good settings found in index, overriding elasticsearch.yml
[2017-10-05T19:30:36,346][INFO ][o.e.p.r.a.ACL ] ADDING BLOCK: { name: ‘::USER:: mching’, policy: ALLOW}
[2017-10-05T19:30:36,346][INFO ][o.e.p.r.e.IndexLevelActionFilter] Configuration reloaded - ReadonlyREST enabled

Which says that it’s enabling the readonlyrest ES plugin.

I’m going to try enabled: false

Beyond that it’ll be an uninstall of the plugin, removal of the index, and a re-install.


(Mark Ching) #5

Uninstalling the plugin across the cluster, starting the cluster, deleting the index (using your curl command), and re-installing the plugin did get me access to the cluster again.

(Simone Scarduzio) #6

Well done @mching, even simpler! BTW you could have uninstalled the ES plugin in just a single node :slight_smile: