ElasticSearch8重置密码

es8的高版本中，安装完之后默认会开启xpack.security.enabled安全项，即默认需要密码

第一种方式是rpm安装之后，会提示设置密码，按照给出的提示执行即可

第二种方式为正常的重置密码

需要注意，两种方式都需要确保elasticsearch处于运行状态（service elasticsearch start）

编辑elasticsearch.yml

rpm安装后的路径在/etc/elasticsearch/elasticsearch.yml

正常来说把xpack.security.enabled设置为true，xpack.security.http.ssl.enabled设置为false即可

# 安全总开关
xpack.security.enabled: true

# 是否开启https，如果是内网环境的话一般把他置为false关掉也没事，开启的话就需要使用https来访问REST API
# Enable encryption for HTTP API client connections, such as Kibana, Logstash, and Agents
xpack.security.http.ssl:
  enabled: false
  keystore.path: certs/http.p12

重置密码（第一种）

rpm安装之后的提示如下，如果不需要kibana等服务，只需要输入以下指令即可：

/usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic

执行之后，输入y继续，elasticsearch就会输出用户elastic的一个随机密码，记住即可

重置密码（第二种）

找到elasticsearch的安装目录（rpm安装的默认在/usr/share/elasticsearch），进入到bin中，执行：

./elasticsearch-setup-passwords interactive

******************************************************************************
Note: The 'elasticsearch-setup-passwords' tool has been deprecated. This       command will be removed in a future release.
******************************************************************************

Initiating the setup of passwords for reserved users elastic,apm_system,kibana,kibana_system,logstash_system,beats_system,remote_monitoring_user.
You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N]y


# 这个就是elasticsearch的elastic用户的密码，如果不使用kibana等服务，改这个就行，当然全部写一样也无所谓
Enter password for [elastic]:
Reenter password for [elastic]:
Enter password for [apm_system]:
Reenter password for [apm_system]:
Enter password for [kibana_system]:
Reenter password for [kibana_system]:
Enter password for [logstash_system]:
Reenter password for [logstash_system]:
Enter password for [beats_system]:
Reenter password for [beats_system]:
Enter password for [remote_monitoring_user]:
Reenter password for [remote_monitoring_user]:
Changed password for user [apm_system]
Changed password for user [kibana_system]
Changed password for user [kibana]
Changed password for user [logstash_system]
Changed password for user [beats_system]
Changed password for user [remote_monitoring_user]
Changed password for user [elastic]

完事之后重启elasticsearch

service elasticsearch restart

之后使用elastic账户和自己设置的密码成功登录，注意如果提示EOF什么的，可能是因为你开启了ssl，需要使用https方式进行访问

附上Java客户端使用方式

@Data
@ToString
@ConfigurationProperties(prefix = "elasticsearch")
public class ElasticsearchConfig {

    private String host = "localhost";
    private Integer port = 9200;
    private String apiKey;
    private String user;
    private String password;

}

/**
     * 注册低级客户端
     */
    @Bean
    @Order(Ordered.HIGHEST_PRECEDENCE)
    public RestClient getClient() {
        RestClientBuilder builder = RestClient.builder(
                new HttpHost(elasticsearchConfig.getHost(), elasticsearchConfig.getPort()));
        // apiKey鉴权方式
        if (StrUtil.isNotBlank(elasticsearchConfig.getApiKey())) {
            builder.setDefaultHeaders(new Header[]{
                    new BasicHeader("Authorization", "ApiKey " + elasticsearchConfig.getApiKey())
            });
        }
        // 用户密码鉴权方式
        if (StrUtil.isNotBlank(elasticsearchConfig.getUser()) && StrUtil.isNotBlank(elasticsearchConfig.getPassword())) {
            CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
            credentialsProvider.setCredentials(AuthScope.ANY,
                    new UsernamePasswordCredentials(elasticsearchConfig.getUser(), elasticsearchConfig.getPassword()));
            builder.setHttpClientConfigCallback(httpClientBuilder -> {
                httpClientBuilder.disableAuthCaching();
                return httpClientBuilder.setDefaultCredentialsProvider(credentialsProvider);
            });
        }
        RestClient restClient = builder.build();
        this.restClient = restClient;
        return restClient;
    }