0

I've installed Elasticsearch on Windows server with ansible AWX. Now I'm trying to reset initial password to my new password (with ansible as well).

I know I can do it manually with:

D:\elasticsearch-8.6.0\bin\elasticsearch-reset-password -b -u elastic -i

but I can't find a way to do it / read it via ansible.

I can also send API request with ansible:

    - name: Push password
      ansible.windows.win_uri:
        url: http://localhost:9200/_security/user/_password?pretty
        method: PUT
        url_username: elastic
        url_password: my_password
        body:
          password: my_new_password
        headers:
          Content-Type: "application/json"

but it requires me providing old password, which I don't know before I reset it manually (and this is what I'm trying to automate).

Is there a way to do it with ansible?

Improve this question

1 Answer 1

Reset to default
3

The most efficient way would be to reset the password directly to the target one. But since you can only do that interactively with elasticsearch-reset-password, this would require using the ansible.builtin.expect module which is unfortunately available only for linux hosts

So under windows, I'm affraid the only alternative is to:

  1. reset to a random password and read it in a variable
  2. change the random password to the one you want to configure

Issuing the following command:

elasticsearch-reset-password -u elastic -b

Outputs something like the following on stdout:

Password for the [elastic] user successfully reset.
New value: dTrR*tAdnCCkTZ4+Edgd

So the information we are looking for is on the last line

Taking this into account, the (untested) following playbook should do what you expect (or at the very least put you on the good track).

- name: Reset elastic user password to random
  ansible.builtin.win_command: elasticsearch-reset-password -u elastic -b
  register: reset_cmd

- name: Push password
  vars:
    my_password: "{{ reset_cmd.stdout_lines[-1]
      | regex_replace('^New value: (.*)$', '\\1') }}"
  ansible.windows.win_uri:
    url: http://localhost:9200/_security/user/_password?pretty
    method: PUT
    url_username: elastic
    url_password: "{{ my_password }}"
    body:
      password: "verysecurenewpassword"
    headers:
      Content-Type: "application/json"
Improve this answer
1
  • I've tested your solution and it worked! Before I tried win_shell instead of ansible.windows.win_uri and there was nothing saved in register. Thanks!
    – maltum
    Commented Jan 23, 2023 at 18:58

Not the answer you're looking for? Browse other questions tagged or ask your own question.