Elastic doesn't start again after I shut it down

->Elasticsearch version:- 6.3.2

->JVM version (java -version):

java version "10.0.2" 2018-07-17
Java(TM) SE Runtime Environment 18.3 (build 10.0.2+13)
Java HotSpot(TM) 64-Bit Server VM 18.3 (build 10.0.2+13, mixed mode)

->OS version (uname -a if on a Unix-like system):
Darwin Amrs-MacBook-Pro.local 17.6.0 Darwin Kernel Version 17.6.0: Tue May 8 15:22:16 PDT 2018; root:xnu-4570.61.1~1/RELEASE_X86_64 x86_64

-> The case is as below:-
I can start Elasticsearch normally by executing "./bin/elasticsearch" and everything goes fine. Once I shut it down, I can't start again; I believe it's related to memory issue, however, the minimum and maximum JVM heap is 1G [-Xms1g, -Xmx1g]

->The error is as below; please advise

Amrs-MacBook-Pro:elasticsearch-6.3.2 amrmostafa$ ./bin/elasticsearch
Java HotSpot(TM) 64-Bit Server VM warning: Option UseConcMarkSweepGC was deprecated in version 9.0 and will likely be removed in a future release.
Java HotSpot(TM) 64-Bit Server VM warning: UseAVX=2 is not supported on this CPU, setting it to UseAVX=1
2018-08-05 14:36:42,362 main ERROR Unable to create file /var/log/elasticsearch/logging-test.log java.io.IOException: Could not create directory /private/var/log/elasticsearch
at org.apache.logging.log4j.core.util.FileUtils.mkdir(FileUtils.java:127)
at org.apache.logging.log4j.core.util.FileUtils.makeParentDirs(FileUtils.java:144)
at org.apache.logging.log4j.core.appender.rolling.RollingFileManager$RollingFileManagerFactory.createManager(RollingFileManager.java:627)
at org.apache.logging.log4j.core.appender.rolling.RollingFileManager$RollingFileManagerFactory.createManager(RollingFileManager.java:608)
at org.apache.logging.log4j.core.appender.AbstractManager.getManager(AbstractManager.java:113)
at org.apache.logging.log4j.core.appender.OutputStreamManager.getManager(OutputStreamManager.java:115)
at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.getFileManager(RollingFileManager.java:188)
at org.apache.logging.log4j.core.appender.RollingFileAppender$Builder.build(RollingFileAppender.java:144)
at org.apache.logging.log4j.core.appender.RollingFileAppender$Builder.build(RollingFileAppender.java:60)
at org.apache.logging.log4j.core.config.plugins.util.PluginBuilder.build(PluginBuilder.java:122)
at org.apache.logging.log4j.core.config.AbstractConfiguration.createPluginObject(AbstractConfiguration.java:958)
at org.apache.logging.log4j.core.config.AbstractConfiguration.createConfiguration(AbstractConfiguration.java:898)
at org.apache.logging.log4j.core.config.AbstractConfiguration.createConfiguration(AbstractConfiguration.java:890)
at org.apache.logging.log4j.core.config.AbstractConfiguration.doConfigure(AbstractConfiguration.java:513)
at org.apache.logging.log4j.core.config.AbstractConfiguration.initialize(AbstractConfiguration.java:237)
at org.apache.logging.log4j.core.config.AbstractConfiguration.start(AbstractConfiguration.java:249)
at org.apache.logging.log4j.core.LoggerContext.setConfiguration(LoggerContext.java:545)
at org.apache.logging.log4j.core.LoggerContext.start(LoggerContext.java:261)
at org.elasticsearch.common.logging.LogConfigurator.configure(LogConfigurator.java:163)
at org.elasticsearch.common.logging.LogConfigurator.configure(LogConfigurator.java:119)
at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:294)
at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:136)
at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:127)
at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86)
at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124)
at org.elasticsearch.cli.Command.main(Command.java:90)
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:93)
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:86)

2018-08-05 14:36:42,396 main ERROR Could not create plugin of type class

Small update...
I've restarted my laptop and still can't start elasticsearch

Please advise :slight_smile:

This looks like a file permissions issue.
My best guess is either
(1) you're trying to start it as a different user to the previous time you ran it, so the log directory already exists, and cannot be overwritten
(2) ES is running as a service as well as you trying to run it by hand
(3) It's just a plain old permissions problem, and the fact that you successfully ran it once is just a coincidence.

Have a look at the permissions for that directory (and its parent)

ls -l /var/log/elasticsearch/ /var/log/

Thanks TimV for your feedback! Actually, I can't find elasticsearch directory under /var/log and below you can find output of ls -l /var/log: [What am I missing here to be able to start elastic search?]

drwxr-xr-x 3 root wheel 102 Jun 7 10:53 Bluetooth
-rw-r--r--@ 1 root wheel 12 Jun 7 10:49 CDIS.custom
drwxr-xr-x 2 root wheel 68 Feb 22 04:43 CoreDuet
drwxrwx--- 19 root admin 646 Aug 7 00:30 DiagnosticMessages
-rw------- 1 root wheel 172032 Aug 5 00:34 SleepWakeStacks.bin
drwxr-xr-x 4 root wheel 136 Jun 7 10:52 apache2
drwxr-xr-x 20 root wheel 680 Aug 7 00:16 asl
drwxr-xr-x 2 root wheel 68 May 1 07:38 com.apple.xpc.launchd
-rw-r--r-- 1 root wheel 2129558 Aug 6 22:18 corecaptured.log
drwxr-xr-x 2 root wheel 68 Apr 23 01:41 cups
-rw-r--r-- 1 root wheel 53363 Aug 5 12:35 daily.out
drwxr-xr-x 4 _displaypolicyd _displaypolicyd 136 Jun 8 02:08 displaypolicy
-rw-r--r-- 1 root wheel 0 Jun 7 10:52 displaypolicyd.stdout.log
drwxr-xr-x 3 root wheel 102 Oct 7 2017 emond
-rw-r--r-- 1 root wheel 26729 Aug 6 22:24 fsck_hfs.log
-rw-r--r-- 1 root wheel 4890 Jun 7 10:21 hfs_convert.log
-rw-r--r--@ 1 amrmostafa staff 23191319 Aug 6 22:21 install.log
-rw-r--r-- 1 root wheel 480 Jul 20 19:10 monthly.out
drwxr-xr-x@ 13 root admin 442 Aug 7 00:30 powermanagement
drwxr-xr-x 2 root wheel 68 May 9 00:29 ppp
-rw-r-----@ 1 root admin 7389 Aug 7 01:01 system.log
-rw-r----- 1 root admin 50512 Aug 7 00:00 system.log.0.gz
-rw-r----- 1 root admin 9945 Aug 5 00:32 system.log.1.gz
-rw-r----- 1 root admin 18265 Aug 4 14:17 system.log.2.gz
-rw-r----- 1 root admin 1210 Aug 3 19:36 system.log.3.gz
-rw-r----- 1 root admin 11755 Aug 2 00:00 system.log.4.gz
-rw-r----- 1 root admin 7989 Aug 1 19:00 system.log.5.gz
drwxr-xr-x 2 _uucp wheel 68 Oct 7 2017 uucp
-rw-r--r-- 1 root wheel 783 Aug 3 19:38 weekly.out
-rw-r--r-- 1 root admin 69 Aug 7 00:30 wifi.log
-rw-r----- 1 root admin 6378 Aug 7 00:30 wifi.log.0.bz2
-rw-r----- 1 root admin 7285 Aug 5 00:32 wifi.log.1.bz2
-rw-r----- 1 root admin 1862 Jun 8 00:30 wifi.log.10.bz2
-rw-r----- 1 root admin 6673 Aug 2 00:30 wifi.log.2.bz2
-rw-r----- 1 root admin 2850 Jul 24 00:30 wifi.log.3.bz2
-rw-r----- 1 root admin 20358 Jul 21 00:30 wifi.log.4.bz2
-rw-r----- 1 root admin 8800 Jul 2 00:30 wifi.log.5.bz2
-rw-r----- 1 root admin 2659 Jun 30 00:30 wifi.log.6.bz2
-rw-r----- 1 root admin 4024 Jun 30 00:16 wifi.log.7.bz2
-rw-r----- 1 root admin 8584 Jun 22 00:30 wifi.log.8.bz2
-rw-r----- 1 root admin 3316 Jun 9 00:30 wifi.log.9.bz2

Moreover, find below my feedback on your guessing points:-

(1) you're trying to start it as a different user to the previous time you ran it, so the log directory already exists, and cannot be overwritten
-->Nope, I didn't change the user
(2) ES is running as a service as well as you trying to run it by hand
-->No, confirmed
(3) It's just a plain old permissions problem, and the fact that you successfully ran it once is just a coincidence.
-->Do you believe coincidence can happen twice :slight_smile:

I think Tim is right. The output points to a permission issue. The directory seems to have write permission only to the root user.
Are you running elastic search as root?

You said this happened twice, could you verify if on the second attempt as well you got the same error?

Also, please format your output it is not friendly to read.

Thanks so much @TimV and @NerdSec for your help :slight_smile:
I've changed the permissions of /var/log to be 777 and elasticsearch has started normally.

Can you please clarify why Elastic doesn't run as root and being run as other user "Elasticsearch"?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.