Hell All,
First of all, apologies if I am in the wrong place to post this and for any question that may seem trivial as I am not a linux admin and am basically feeling in the dark.
Using a guide I found online, I installed a graylog instance on to a an Ubuntu 22.04 server. Guide is located here: https://www.howtoforge.com/how-to-install-graylog-4-on-ubuntu-22-04/. The server has two partitions. There is one 7TB partition and one 16TB partition. So using user jondoe i went through the guide and installed everything and everything works as expected. I have successfully sent logs to the server as a test. To finalize the install, I wanted to create a directory on the larger partition for the logs to be sent to. So I created the directory called "Logs" and went into my elasticsearch .yml and edited the data.path variable to be the path of the new directory which turned out to be this: /media/jondoe/54e50272-07fc-44b2-af31
6105a670f4db/Logs/. Now the Elasticsearch service will not start. If I change it back to the original path, it immediately loads.
I assume that the issue is a permissions issue but I am not sure of the process to correct it. I went searching for the log to find a clue and when i went to the etc directory and tried to enter the elasticsearch directory to look for logs, I got an access denied messsage. Therefore, I am kind of stuck. I can always go back to the other path but, I had just rather use the larger directory. Any helpful pointers or suggestions would be greatly apprecaited. Thank you very much.
Without any log is kinda hard to know what the issue is.
First, there are two paths you configure in elasticsearch.yml, the path.data which is where the data of all your indices and system data will be stored, and the path.logs, which is where the logs for the service will be stored.
Please share your elasticsearch.yml with the paths when you start and work and also the paths that doesn't work.
Also, you said that you want in to the /etc/elasticsearch directory to look for logs, the logs won't be there, will be in the path.logs, which per default is /var/log/elasticsearch.
Do you have sudo access to this server? You need sudo access to edit any file inside /etc/elasticsearch and other things.
What are the permissions of the paths in path.data and path.logs? Are you running elasticsearch as a service? If you are using systemctl to start/stop elasticsearch, it will run as the elasticsearch user, and this user needs to have write permissions access to those directories.
Sorry I meant to specify path.data and not path.logs
The yml is below.
I do have sudo and root access to this box.
Permissions :
jondoe@fclogserve:/media/jondoe/54e50272-07fc-44b2-af31-6105a670f4db$ ls
Logs lost+found
jondoe@fclogserve:/media/jondoe/54e50272-07fc-44b2-af31-6105a670f4db$ ls -ld Logs
drwxrwxrwx 2 jrpayne jrpayne 4096 Dec 16 09:02 Logs
jondoe@fclogserve:/var/log$ ls
alternatives.log auth.log.2.gz bootstrap.log dmesg.0 dpkg.log fsck kern.log.2.gz mongodb syslog.2.gz ubuntu-advantage.log.1 wtmp
alternatives.log.1 auth.log.3.gz btmp dmesg.1.gz dpkg.log.1 graylog-server kern.log.3.gz nginx syslog.3.gz ubuntu-advantage-timer.log xrdp.log
apt auth.log.4.gz btmp.1 dmesg.2.gz elasticsearch journal kern.log.4.gz private syslog.4.gz ubuntu-advantage-timer.log.1 xrdp-sesman.log
auth.log boot.log dist-upgrade dmesg.3.gz faillog kern.log landscape syslog tallylog unattended-upgrades
auth.log.1 boot.log.1 dmesg dmesg.4.gz fontconfig.log kern.log.1 lastlog syslog.1 ubuntu-advantage.log upgrade
jondoe@fclogserve:/var/log$ cd elasticsearch/
-bash: cd: elasticsearch/: Permission denied
jondoe@fclogserve:/var/log$ su
Password:
root@fclogserve:/var/log#
**************************************************************************************************************
Logs from the /var/log/elasticsearch directory using root to access
[2022-12-16T12:15:06,000][ERROR][o.e.b.Bootstrap ] [fclogserve] Exception
java.lang.IllegalStateException: Unable to access 'path.data' (/media/jrpayne/54e50272-07fc-44b2-af31-6105a670f4db/Logs)
at org.elasticsearch.bootstrap.FilePermissionUtils.addDirectoryPath(FilePermissionUtils.java:72) ~[elasticsearch-7.10.2.jar:7.10.2]
at org.elasticsearch.bootstrap.Security.addFilePermissions(Security.java:306) ~[elasticsearch-7.10.2.jar:7.10.2]
at org.elasticsearch.bootstrap.Security.createPermissions(Security.java:253) ~[elasticsearch-7.10.2.jar:7.10.2]
at org.elasticsearch.bootstrap.Security.configure(Security.java:121) ~[elasticsearch-7.10.2.jar:7.10.2]
at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:222) ~[elasticsearch-7.10.2.jar:7.10.2]
at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:393) [elasticsearch-7.10.2.jar:7.10.2]
at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:170) [elasticsearch-7.10.2.jar:7.10.2]
at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:161) [elasticsearch-7.10.2.jar:7.10.2]
at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86) [elasticsearch-7.10.2.jar:7.10.2]
at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:127) [elasticsearch-cli-7.10.2.jar:7.10.2]
at org.elasticsearch.cli.Command.main(Command.java:90) [elasticsearch-cli-7.10.2.jar:7.10.2]
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:126) [elasticsearch-7.10.2.jar:7.10.2]
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:92) [elasticsearch-7.10.2.jar:7.10.2]
Caused by: java.nio.file.AccessDeniedException: /media/jrpayne/54e50272-07fc-44b2-af31-6105a670f4db
at sun.nio.fs.UnixException.translateToIOException(UnixException.java:90) ~[?:?]
at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:106) ~[?:?]
at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:111) ~[?:?]
at sun.nio.fs.UnixFileSystemProvider.checkAccess(UnixFileSystemProvider.java:312) ~[?:?]
at java.nio.file.Files.createDirectories(Files.java:766) ~[?:?]
at org.elasticsearch.bootstrap.Security.ensureDirectoryExists(Security.java:398) ~[elasticsearch-7.10.2.jar:7.10.2]
at org.elasticsearch.bootstrap.FilePermissionUtils.addDirectoryPath(FilePermissionUtils.java:70) ~[elasticsearch-7.10.2.jar:7.10.2]
... 12 more
[2022-12-16T12:15:06,007][ERROR][o.e.b.ElasticsearchUncaughtExceptionHandler] [fclogserve] uncaught exception in thread [main]
org.elasticsearch.bootstrap.StartupException: java.lang.IllegalStateException: Unable to access 'path.data' (/media/jrpayne/54e50272-07fc-44b2-af31-6105a670f4db/Logs)
at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:174) ~[elasticsearch-7.10.2.jar:7.10.2]
at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:161) ~[elasticsearch-7.10.2.jar:7.10.2]
at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86) ~[elasticsearch-7.10.2.jar:7.10.2]
at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:127) ~[elasticsearch-cli-7.10.2.jar:7.10.2]
at org.elasticsearch.cli.Command.main(Command.java:90) ~[elasticsearch-cli-7.10.2.jar:7.10.2]
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:126) ~[elasticsearch-7.10.2.jar:7.10.2]
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:92) ~[elasticsearch-7.10.2.jar:7.10.2]
Caused by: java.lang.IllegalStateException: Unable to access 'path.data' (/media/jrpayne/54e50272-07fc-44b2-af31-6105a670f4db/Logs)
at org.elasticsearch.bootstrap.FilePermissionUtils.addDirectoryPath(FilePermissionUtils.java:72) ~[elasticsearch-7.10.2.jar:7.10.2]
at org.elasticsearch.bootstrap.Security.addFilePermissions(Security.java:306) ~[elasticsearch-7.10.2.jar:7.10.2]
at org.elasticsearch.bootstrap.Security.createPermissions(Security.java:253) ~[elasticsearch-7.10.2.jar:7.10.2]
at org.elasticsearch.bootstrap.Security.configure(Security.java:121) ~[elasticsearch-7.10.2.jar:7.10.2]
at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:222) ~[elasticsearch-7.10.2.jar:7.10.2]
at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:393) ~[elasticsearch-7.10.2.jar:7.10.2]
at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:170) ~[elasticsearch-7.10.2.jar:7.10.2]
... 6 more
Caused by: java.nio.file.AccessDeniedException: /media/jrpayne/54e50272-07fc-44b2-af31-6105a670f4db
at sun.nio.fs.UnixException.translateToIOException(UnixException.java:90) ~[?:?]
at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:106) ~[?:?]
at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:111) ~[?:?]
at sun.nio.fs.UnixFileSystemProvider.checkAccess(UnixFileSystemProvider.java:312) ~[?:?]
at java.nio.file.Files.createDirectories(Files.java:766) ~[?:?]
at org.elasticsearch.bootstrap.Security.ensureDirectoryExists(Security.java:398) ~[elasticsearch-7.10.2.jar:7.10.2]
at org.elasticsearch.bootstrap.FilePermissionUtils.addDirectoryPath(FilePermissionUtils.java:70) ~[elasticsearch-7.10.2.jar:7.10.2]
at org.elasticsearch.bootstrap.Security.addFilePermissions(Security.java:306) ~[elasticsearch-7.10.2.jar:7.10.2]
at org.elasticsearch.bootstrap.Security.createPermissions(Security.java:253) ~[elasticsearch-7.10.2.jar:7.10.2]
at org.elasticsearch.bootstrap.Security.configure(Security.java:121) ~[elasticsearch-7.10.2.jar:7.10.2]
at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:222) ~[elasticsearch-7.10.2.jar:7.10.2]
at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:393) ~[elasticsearch-7.10.2.jar:7.10.2]
at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:170) ~[elasticsearch-7.10.2.jar:7.10.2]
... 6 more
******************************************************************************************************************************************
# ======================== Elasticsearch Configuration =========================
#
# NOTE: Elasticsearch comes with reasonable defaults for most settings.
# Before you set out to tweak and tune the configuration, make sure you
# understand what are you trying to accomplish and the consequences.
#
# The primary way of configuring a node is via this file. This template lists
# the most important settings you may want to configure for a production cluster.
#
# Please consult the documentation for further information on configuration options:
# https://www.elastic.co/guide/en/elasticsearch/reference/index.html
#
# ---------------------------------- Cluster -----------------------------------
#
# Use a descriptive name for your cluster:
#
cluster.name: graylog
action.auto_create_index: false
#
# ------------------------------------ Node ------------------------------------
#
# Use a descriptive name for the node:
#
#node.name: node-1
#
# Add custom attributes to the node:
#
#node.attr.rack: r1
#
# ----------------------------------- Paths ------------------------------------
#
# Path to directory where to store the data (separate multiple locations by comma):
#path.data: /media/jondoe/54e50272-07fc-44b2-af31-6105a670f4db/Logs/
path.data: /var/lib/elasticsearch
#
# Path to log files:
#
path.logs: /var/log/elasticsearch
#
#
# ----------------------------------- Memory -----------------------------------
#
# Lock the memory on startup:
#
#bootstrap.memory_lock: true
#
# Make sure that the heap size is set to about half the memory available
# on the system and that the owner of the process is allowed to use this
# limit.
#
# Elasticsearch performs poorly when the system is swapping the memory.
#
# ---------------------------------- Network -----------------------------------
#
# Set the bind address to a specific IP (IPv4 or IPv6):
#
#network.host: 192.168.0.1
#
# Set a custom port for HTTP:
#
#http.port: 9200
#
# For more information, consult the network module documentation.
#
# --------------------------------- Discovery ----------------------------------
#
# Pass an initial list of hosts to perform discovery when this node is started:
# The default list of hosts is ["127.0.0.1", "[::1]"]
#
#discovery.seed_hosts: ["host1", "host2"]
#
# Bootstrap the cluster using an initial set of master-eligible nodes:
#
#cluster.initial_master_nodes: ["node-1", "node-2"]
#
# For more information, consult the discovery and cluster formation module documentation.
#
# ---------------------------------- Gateway -----------------------------------
#
# Block initial recovery after a full cluster restart until N nodes are started:
#
#gateway.recover_after_nodes: 3
#
# For more information, consult the gateway module documentation.
#
# ---------------------------------- Various -----------------------------------
#
# Require explicit names when deleting indices:
#
#action.destructive_requires_name: true
The error is pretty clear, the user running elasticsearch does not have access to the path you are using in path.data
As I said in the previous answer, if you are using systemctl to star/stop elasticsearch, it will run as the elasticsearch user, this user needs to have read an write permissions to the paths in path.data and path.logs.
You will need to change the permissions of the /media/jrpayne/54e50272-07fc-44b2-af31-6105a670f4db/Logs path to the elasticsearch user.
My apologies. I pasted the wrong permissions in the last reply. When I cd to that path and do an ls -ld, this is what I see. Is this what I should see?
root@fclogserve:/media/jrpayne/54e50272-07fc-44b2-af31-6105a670f4db/Logs# ls -ld
drwxrwxrwx+ 2 jrpayne elasticsearch 4096 Dec 16 09:02 .
root@fclogserve:/media/jrpayne/54e50272-07fc-44b2-af31-6105a670f4db/Logs#
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.