Good day,
I'm new to Linux and New to elastic I'm attempting an installation on Red Hat server. elastic installed and I was able to create the service however when I try to start the service it stops immediately. at fist I believed it to be permission on the location of the data files and log file so I gave permissions to my elastic user to write to the new location it still fails.
Started Elasticsearch.
Aug 09 16:51:25 ESSEP01 elasticsearch[2923]: log4j:ERROR setFile(null,true) call failed.
Aug 09 16:51:25 ESSEP01 elasticsearch[2923]: java.io.FileNotFoundException: /eslogs/elasticlogs/es-winlogs.log (Permission denied)
Aug 09 16:51:25 ESSEP01 elasticsearch[2923]: at java.io.FileOutputStream.open0(Native Method)
Aug 09 16:51:25 ESSEP01 elasticsearch[2923]: at java.io.FileOutputStream.open(FileOutputStream.java:270)
Aug 09 16:51:25 ESSEP01 elasticsearch[2923]: at java.io.FileOutputStream.(FileOutputStream.java:213)
Aug 09 16:51:25 ESSEP01 elasticsearch[2923]: at java.io.FileOutputStream.(FileOutputStream.java:133)
Aug 09 16:51:25 ESSEP01 elasticsearch[2923]: at org.apache.log4j.FileAppender.setFile(FileAppender.java:294)
Aug 09 16:51:25 ESSEP01 elasticsearch[2923]: at org.apache.log4j.FileAppender.activateOptions(FileAppender.java:165)
Aug 09 16:51:25 ESSEP01 elasticsearch[2923]: at org.apache.log4j.DailyRollingFileAppender.activateOptions(DailyRollingFileAppender.java:223)
Aug 09 16:51:25 ESSEP01 elasticsearch[2923]: at org.apache.log4j.config.PropertySetter.activate(PropertySetter.java:307)
Aug 09 16:51:25 ESSEP01 elasticsearch[2923]: at org.apache.log4j.config.PropertySetter.setProperties(PropertySetter.java:172)
Aug 09 16:51:25 ESSEP01 elasticsearch[2923]: at org.apache.log4j.config.PropertySetter.setProperties(PropertySetter.java:104)
Aug 09 16:51:25 ESSEP01 elasticsearch[2923]: at org.apache.log4j.PropertyConfigurator.parseAppender(PropertyConfigurator.java:842)
Aug 09 16:51:25 ESSEP01 elasticsearch[2923]: at org.apache.log4j.PropertyConfigurator.parseCategory(PropertyConfigurator.java:768)
Aug 09 16:51:25 ESSEP01 elasticsearch[2923]: at org.apache.log4j.PropertyConfigurator.configureRootCategory(PropertyConfigurator.java:648)
Aug 09 16:51:25 ESSEP01 elasticsearch[2923]: at org.apache.log4j.PropertyConfigurator.doConfigure(PropertyConfigurator.java:514)
Aug 09 16:51:25 ESSEP01 elasticsearch[2923]: at org.apache.log4j.PropertyConfigurator.configure(PropertyConfigurator.java:440)
Aug 09 16:51:25 ESSEP01 elasticsearch[2923]: at org.elasticsearch.common.logging.log4j.LogConfigurator.configure(LogConfigurator.java:128)
Aug 09 16:51:25 ESSEP01 elasticsearch[2923]: at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:243)
Aug 09 16:51:25 ESSEP01 elasticsearch[2923]: at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:35)
Aug 09 16:51:25 ESSEP01 elasticsearch[2923]: log4j:ERROR Either File or DatePattern options are not set for appender [file].
Aug 09 16:51:25 ESSEP01 elasticsearch[2923]: log4j:ERROR setFile(null,true) call failed.
this is the YML file with only the items modified
# Use a descriptive name for your cluster:
#
cluster.name: "es-winlogs"
# Use a descriptive name for the node:
#
node.name: essep01
# Path to directory where to store the data (separate multiple locations by comma):
#
path.data: /apps/elasticdata
#
# Path to log files:
#
path.logs: /eslogs/elasticlogs
# Set the bind address to a specific IP (IPv4 or IPv6):
#
network.host: localhost
I'm new to Linux and that is what I am trying to use the user I created "elasticadmin" to start the service but unless I use sudo the service says it does not have permission on its own.... can you explain a bit more.
Which user runs service ... start doesn't matter. It's the Elasticsearch configuration that determines what user the service runs as, and unless configured otherwise Elasticsearch will start as the elasticsearch user. Until you know better, stick to the defaults. You will most likely not need an elasticadmin user.
magnus can you elaborate further... I did the install based on the instructions on the elastic site I haven't deviated from that. and my install is plane
Neither /apps/elasticdata nor /eslogs are standard directories so I'm pretty sure you've deviated somehow. Anyway, make sure the directories that ES uses are owned by the elasticsearch user and nothing else.
correct I moved the paths so that we can have separate disk for them, is that a bad thing?
Not at all.
Aug 10 13:54:39 ESSEP01 elasticsearch[4996]: Likely root cause: java.nio.file.FileSystemException: /apps/elasticdata/es-winlogs/nodes/0: Not a directory
I wonder if that directory has ended up in a weird state. Perhaps wipe it to start fresh?
so it seems the local user created by the rpm installer "elasticsearch" was the culprit. and I can now curl the local install using local host, however I need to allow external connection and I don't have IP tables.
so I made a change as recommended on the config file and now it wont start.
Aug 11 13:40:10 ESSEP01 systemd[1]: Started Elasticsearch.
Aug 11 13:40:12 ESSEP01 elasticsearch[1010]: Exception in thread "main" SettingsException[Failed to load settings from [
Aug 11 13:40:12 ESSEP01 elasticsearch[1010]: in 'reader', line 54, column 2:
Aug 11 13:40:12 ESSEP01 elasticsearch[1010]: network.host:[inet, _local]
Aug 11 13:40:12 ESSEP01 elasticsearch[1010]: ^
Aug 11 13:40:12 ESSEP01 elasticsearch[1010]: could not find expected ':'
Aug 11 13:40:12 ESSEP01 elasticsearch[1010]: in 'reader', line 55, column 1:
Aug 11 13:40:12 ESSEP01 elasticsearch[1010]: #
Aug 11 13:40:12 ESSEP01 elasticsearch[1010]: network.host:[inet, _local]
Aug 11 13:40:12 ESSEP01 elasticsearch[1010]: ^
Aug 11 13:40:12 ESSEP01 elasticsearch[1010]: could not find expected ':'
Aug 11 13:40:12 ESSEP01 elasticsearch[1010]: in 'reader', line 55, column 1:
Aug 11 13:40:12 ESSEP01 elasticsearch[1010]: #
Aug 11 13:40:12 ESSEP01 elasticsearch[1010]: ^
Aug 11 13:40:12 ESSEP01 elasticsearch[1010]: ];
Aug 11 13:40:12 ESSEP01 elasticsearch[1010]: Likely root cause: while scanning a simple key
Aug 11 13:40:12 ESSEP01 elasticsearch[1010]: in 'reader', line 54, column 2:
Aug 11 13:40:12 ESSEP01 elasticsearch[1010]: network.host:[inet, _local]
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.