Security entries lost after modifiying admin password

After modifying the admin password in the internal_users.yml file and after issuing this command

sudo sh securityadmin.sh -cd ../securityconfig/ -icl -nhnv -cacert /etc/elasticsearch/root-ca.pem -cert /etc/elasticsearch/kirk.pem -key /etc/elasticsearch/kirk-key.pem

I’ve lost the users,roles and role mappings that I had created. Is this the expected behavior?

Yes, this is the current expected behavior. Security admin tool re-initialized .opendistro_security index based on filter types (roles, users, role-mapping or all ) . By default if you do not provide any filter it will re-configured entire .opendistro_security index from .yml config files.

If you want to avoid losing your per-configured roles, users and role-mapping, you should download current configuration using security admin tools and then make required changes into those configuration before using above command to upload it back.

To download existing configuration:

sudo sh securityadmin.sh -r -cacert /etc/elasticsearch/root-ca.pem -cert /etc/elasticsearch/kirk.pem -key /etc/elasticsearch/kirk-key.pem

This will dump the active configuration from your cluster to individual files (like roles.yml, internal_users.yml etc) in the current working directory. You can then modify these files and upload it back using below command.

sudo sh securityadmin.sh -cd ./  -icl -nhnv -cacert
 /etc/elasticsearch/root-ca.pem -cert /etc/elasticsearch/kirk.pem -key 
/etc/elasticsearch/kirk-key.pem

I hope this will help!

1 Like

Related post for backing up configuration.