Elasticsearch 7.1 failed to start

Hello Guys,

I am trying to configure Elasticsearch 7.1 in one of our test VM's. I have created a repo file and installed the package through yum in centos 7. After installing I tried setting up the yml file in the /etc/elasticsearch/elasticsearch.yml with my localmachine IP address and port 9200.

After doing when I try to start it from systemctl start elasticsearch. It excecuted without any errors. When I tried to see systemctl status elasticsearch. I have received a failed error. Please find the log below.
note: I have installed JDK 12 for this. I don't have any previous versions of Java installed in that machine.

I can't seem to find out the elasticsearch executable in bin or sbin. Can you guys please help me out with this .

Much much thanks in advance. Please let me know if you need more info
Error Log

snapshot.PNG1344×669 31 KB

image.png1229×213 10.3 KB

Please refer to the snap shot above.

Log in text format:

-- The start-up result is done.
Jun 26 19:10:01 elk.server CROND[22840]: (root) CMD (/usr/lib64/sa/sa1 1 1)
Jun 26 19:10:43 elk.server kernel: type=1400 audit(1561556443.032:226): avc: denied { dac_override } for pid=22881 comm="pgrep" capability=1 scontext=system_u:syste
Jun 26 19:10:43 elk.server kernel: type=1400 audit(1561556443.032:227): avc: denied { dac_read_search } for pid=22881 comm="pgrep" capability=2 scontext=system_u:sy
Jun 26 19:10:43 elk.server kernel: type=1400 audit(1561556443.032:228): avc: denied { dac_override } for pid=22881 comm="pgrep" capability=1 scontext=system_u:syste
Jun 26 19:10:43 elk.server kernel: type=1400 audit(1561556443.032:229): avc: denied { dac_read_search } for pid=22881 comm="pgrep" capability=2 scontext=system_u:sy
Jun 26 19:11:43 elk.server kernel: type=1400 audit(1561556503.073:230): avc: denied { dac_override } for pid=22937 comm="pgrep" capability=1 scontext=system_u:syste
Jun 26 19:11:43 elk.server kernel: type=1400 audit(1561556503.073:231): avc: denied { dac_read_search } for pid=22937 comm="pgrep" capability=2 scontext=system_u:sy
Jun 26 19:11:43 elk.server kernel: type=1400 audit(1561556503.073:232): avc: denied { dac_override } for pid=22937 comm="pgrep" capability=1 scontext=system_u:syste
Jun 26 19:11:43 elk.server kernel: type=1400 audit(1561556503.073:233): avc: denied { dac_read_search } for pid=22937 comm="pgrep" capability=2 scontext=system_u:sy
Jun 26 19:12:43 elk.server kernel: type=1400 audit(1561556563.129:234): avc: denied { dac_override } for pid=22992 comm="pgrep" capability=1 scontext=system_u:syste
Jun 26 19:12:43 elk.server kernel: type=1400 audit(1561556563.129:235): avc: denied { dac_read_search } for pid=22992 comm="pgrep" capability=2 scontext=system_u:sy
Jun 26 19:12:43 elk.server kernel: type=1400 audit(1561556563.129:236): avc: denied { dac_override } for pid=22992 comm="pgrep" capability=1 scontext=system_u:syste
Jun 26 19:12:43 elk.server kernel: type=1400 audit(1561556563.129:237): avc: denied { dac_read_search } for pid=22992 comm="pgrep" capability=2 scontext=system_u:sy
Jun 26 19:13:18 elk.server sudo[23025]: oracle : TTY=pts/1 ; PWD=/home/oracle ; USER=root ; COMMAND=/bin/systemctl start elasticsearch
Jun 26 19:13:18 elk.server sudo[23025]: pam_unix(sudo:session): session opened for user root by oracle(uid=0)
Jun 26 19:13:18 elk.server polkitd[9863]: Registered Authentication Agent for unix-process:23027:225814 (system bus name :1.64 [/usr/bin/pkttyagent --notify-fd 5 --fall
Jun 26 19:13:18 elk.server systemd[1]: Started Elasticsearch.
-- Subject: Unit elasticsearch.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel

-- Unit elasticsearch.service has finished starting up.

-- The start-up result is done.
Jun 26 19:13:19 elk.server polkitd[9863]: Unregistered Authentication Agent for unix-process:23027:225814 (system bus name :1.64, object path /org/freedesktop/PolicyKit
Jun 26 19:13:19 elk.server sudo[23025]: pam_unix(sudo:session): session closed for user root
Jun 26 19:13:20 elk.server elasticsearch[23033]: /usr/share/elasticsearch/bin/elasticsearch-env: line 73: /etc/sysconfig/elasticsearch: Permission denied
Jun 26 19:13:20 elk.server systemd[1]: elasticsearch.service: main process exited, code=exited, status=1/FAILURE
Jun 26 19:13:20 elk.server systemd[1]: Unit elasticsearch.service entered failed state.
Jun 26 19:13:20 elk.server systemd[1]: elasticsearch.service failed.
Jun 26 19:13:28 elk.server sudo[23070]: oracle : TTY=pts/1 ; PWD=/home/oracle ; USER=root ; COMMAND=/bin/systemctl status elasticsearch
Jun 26 19:13:28 elk.server sudo[23070]: pam_unix(sudo:session): session opened for user root by oracle(uid=0)
Jun 26 19:13:28 elk.server sudo[23070]: pam_unix(sudo:session): session closed for user root
Jun 26 19:13:34 elk.server sudo[23078]: oracle : TTY=pts/1 ; PWD=/home/oracle ; USER=root ; COMMAND=/bin/systemctl status elasticsearch -l
Jun 26 19:13:34 elk.server sudo[23078]: pam_unix(sudo:session): session opened for user root by oracle(uid=0)
Jun 26 19:13:34 elk.server sudo[23078]: pam_unix(sudo:session): session closed for user root
Jun 26 19:13:43 elk.server kernel: type=1400 audit(1561556623.166:238): avc: denied { dac_override } for pid=23091 comm="pgrep" capability=1 scontext=system_u:syste
Jun 26 19:13:43 elk.server kernel: type=1400 audit(1561556623.166:239): avc: denied { dac_read_search } for pid=23091 comm="pgrep" capability=2 scontext=system_u:sy
Jun 26 19:13:43 elk.server kernel: type=1400 audit(1561556623.166:240): avc: denied { dac_override } for pid=23091 comm="pgrep" capability=1 scontext=system_u:syste
Jun 26 19:13:43 elk.server kernel: type=1400 audit(1561556623.166:241): avc: denied { dac_read_search } for pid=23091 comm="pgrep" capability=2 scontext=system_u:sy

These are the entries in the config files:

/usr/lib/systemd/system/elasticsearch.service

image.png745×710 15.4 KB

/etc/sysconfig/elasticsearch

image.png850×722 15.6 KB

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.