Elastisearch installation

Abhi_Abhishek · February 16, 2022, 9:04am

Hello
Greetings of the day,
I am trying to install Elasticsearch in linux server but its not installing & throwing error & logs are also not generating in var/log/Elasticsearch.
Elasticsearch status:

journalctl -xe

Please help me to solve this issue.

auasad · February 16, 2022, 9:39pm

You are not running the command with super user, just type below;
sudo systemctl start elasticsearch.service

and
sudo systemctl start kibana.service

warkolm · February 16, 2022, 9:42pm

Please don't post pictures of text, logs or code. They are difficult to read, impossible to search and replicate (if it's code), and some people may not be even able to see them

Abhi_Abhishek · February 17, 2022, 2:23am

I am already inside the root access, Even than I tried sudo systemctl start Elasticsearch.service but getting the same output
Job for Elasticsearch.service failed because the control process exited with error code. See "systemctl status Elasticsearch.service" and "journalctl -xe" for details.

Abhi_Abhishek · February 17, 2022, 2:26am

systemctl status Elasticsearch.service Output

elasticsearch.service - Elasticsearch
   Loaded: loaded (/usr/lib/systemd/system/elasticsearch.service; disabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Wed 2022-02-16 20:22:22 CST; 1min 37s ago
     Docs: https://www.elastic.co
  Process: 511 ExecStart=/usr/share/elasticsearch/bin/systemd-entrypoint -p ${PID_DIR}/elasticsearch.pid --quiet (code=exited, status=203/EXEC)
 Main PID: 511 (code=exited, status=203/EXEC)

Feb 16 20:22:22 vm0pnelkdaa0001 systemd[1]: Starting Elasticsearch...
Feb 16 20:22:22 vm0pnelkdaa0001 systemd[511]: Failed at step EXEC spawning /usr/share/elasticsearch/bin/systemd-entrypoint: Permission denied
Feb 16 20:22:22 vm0pnelkdaa0001 systemd[1]: elasticsearch.service: main process exited, code=exited, status=203/EXEC
Feb 16 20:22:22 vm0pnelkdaa0001 systemd[1]: Failed to start Elasticsearch.
Feb 16 20:22:22 vm0pnelkdaa0001 systemd[1]: Unit elasticsearch.service entered failed state.
Feb 16 20:22:22 vm0pnelkdaa0001 systemd[1]: elasticsearch.service failed.

journalctl -xe output

-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit session-7098.scope has finished starting up.
--
-- The start-up result is done.
Feb 16 20:25:01 vm0pnelkdaa0001 systemd[1]: Started Session 7099 of user root.
-- Subject: Unit session-7099.scope has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit session-7099.scope has finished starting up.
--
-- The start-up result is done.
Feb 16 20:25:01 vm0pnelkdaa0001 systemd[1]: Started Session 7097 of user root.
-- Subject: Unit session-7097.scope has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit session-7097.scope has finished starting up.
--
-- The start-up result is done.
Feb 16 20:25:01 vm0pnelkdaa0001 audispd[969]: node=vm0pnelkdaa0001 type=USER_START msg=audit(1645064701.908:64718): pid=1567 uid=0 auid=0 ses=7098 subj=syste
Feb 16 20:25:01 vm0pnelkdaa0001 audispd[969]: node=vm0pnelkdaa0001 type=USER_START msg=audit(1645064701.908:64717): pid=1568 uid=0 auid=0 ses=7097 subj=syste
Feb 16 20:25:01 vm0pnelkdaa0001 audispd[969]: node=vm0pnelkdaa0001 type=USER_START msg=audit(1645064701.908:64719): pid=1566 uid=0 auid=0 ses=7099 subj=syste
Feb 16 20:25:01 vm0pnelkdaa0001 audispd[969]: node=vm0pnelkdaa0001 type=CRED_REFR msg=audit(1645064701.910:64720): pid=1568 uid=0 auid=0 ses=7097 subj=system
Feb 16 20:25:01 vm0pnelkdaa0001 audispd[969]: node=vm0pnelkdaa0001 type=CRED_REFR msg=audit(1645064701.910:64721): pid=1566 uid=0 auid=0 ses=7099 subj=system
Feb 16 20:25:01 vm0pnelkdaa0001 audispd[969]: node=vm0pnelkdaa0001 type=CRED_REFR msg=audit(1645064701.910:64722): pid=1567 uid=0 auid=0 ses=7098 subj=system
Feb 16 20:25:01 vm0pnelkdaa0001 CROND[1574]: (root) CMD (/usr/openv/pdde/vpfs/bin/spws_monitor.sh > /dev/null 2>&1)
Feb 16 20:25:01 vm0pnelkdaa0001 CROND[1573]: (root) CMD (/usr/sbin/logrotate /usr/openv/pdde/vpfs/etc/logrotate.conf >> /var/log/vpfs/rotate.log 2>&1 )
Feb 16 20:25:01 vm0pnelkdaa0001 CROND[1572]: (root) CMD (/usr/openv/pdde/vpfs/bin/vpfs_monitor_s.sh > /dev/null 2>&1)
Feb 16 20:25:01 vm0pnelkdaa0001 audispd[969]: node=vm0pnelkdaa0001 type=CRED_DISP msg=audit(1645064701.921:64723): pid=1567 uid=0 auid=0 ses=7098 subj=system
Feb 16 20:25:01 vm0pnelkdaa0001 audispd[969]: node=vm0pnelkdaa0001 type=CRED_DISP msg=audit(1645064701.921:64724): pid=1566 uid=0 auid=0 ses=7099 subj=system
Feb 16 20:25:01 vm0pnelkdaa0001 audispd[969]: node=vm0pnelkdaa0001 type=USER_END msg=audit(1645064701.923:64725): pid=1566 uid=0 auid=0 ses=7099 subj=system_
Feb 16 20:25:01 vm0pnelkdaa0001 audispd[969]: node=vm0pnelkdaa0001 type=USER_END msg=audit(1645064701.923:64726): pid=1567 uid=0 auid=0 ses=7098 subj=system_
Feb 16 20:25:01 vm0pnelkdaa0001 audispd[969]: node=vm0pnelkdaa0001 type=CRED_DISP msg=audit(1645064701.927:64727): pid=1568 uid=0 auid=0 ses=7097 subj=system
Feb 16 20:25:01 vm0pnelkdaa0001 audispd[969]: node=vm0pnelkdaa0001 type=USER_END msg=audit(1645064701.928:64728): pid=1568 uid=0 auid=0 ses=7097 subj=system_
Feb 16 20:25:01 vm0pnelkdaa0001 systemd[1]: Removed slice User Slice of root.
-- Subject: Unit user-0.slice has finished shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--

-- Unit user-0.slice has finished shutting down.

warkolm · February 17, 2022, 2:33am

Can you please check /var/log/elasticsearch/elasticsearch.log.

Abhi_Abhishek · February 17, 2022, 2:40am

Their is nothing in /var/log/Elasticsearch/ , its totally empty

leandrojmp · February 17, 2022, 2:46am

You need to check the system logs for some hint of why Elasticsearch was not able to start.

Look at /var/log/messages or /var/log/syslog for what happened when you ran systemctl start elasticsearch.

Abhi_Abhishek · February 17, 2022, 2:49am

I am getting Their are no such directories , actually the logs are not generating only.

leandrojmp · February 17, 2022, 2:53am

It is not clear what is the issue.

Do you have anything in the files /var/log/messages or /var/log/syslog ?

Without seeing what was logged in the systems log it is not possible to know what could be the issue.

Abhi_Abhishek · February 17, 2022, 3:04am

In /var/log/messages, I am getting like this & their is no syslog file in /var/log

Feb 16 21:00:01 vm0pnelkdaa0001 audispd: node=vm0pnelkdaa0001 type=CRED_ACQ msg=audit(1645066801.386:64903): pid=5443 uid=0 auid=4294967295 ses=4294967295 su
bj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_tally2,pam_unix acct="root" exe="/usr/sbin/crond" hostname=? addr=? term
inal=cron res=success'
Feb 16 21:00:01 vm0pnelkdaa0001 audispd: node=vm0pnelkdaa0001 type=LOGIN msg=audit(1645066801.387:64904): pid=5443 uid=0 subj=system_u:system_r:crond_t:s0-s0
:c0.c1023 old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=7125 res=1
Feb 16 21:00:01 vm0pnelkdaa0001 systemd: Created slice User Slice of root.
Feb 16 21:00:01 vm0pnelkdaa0001 systemd: Started Session 7121 of user root.
Feb 16 21:00:01 vm0pnelkdaa0001 systemd: Started Session 7122 of user root.
Feb 16 21:00:01 vm0pnelkdaa0001 systemd: Started Session 7123 of user root.
Feb 16 21:00:01 vm0pnelkdaa0001 systemd: Started Session 7124 of user root.
Feb 16 21:00:01 vm0pnelkdaa0001 systemd: Started Session 7125 of user root.
Feb 16 21:00:01 vm0pnelkdaa0001 audispd: node=vm0pnelkdaa0001 type=USER_START msg=audit(1645066801.419:64905): pid=5444 uid=0 auid=0 ses=7121 subj=system_u:s
ystem_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_loginuid,pam_keyinit,pam_limits,pam_systemd acct="root" exe="/usr/sbin/crond" hostname=?
 addr=? terminal=cron res=success'
Feb 16 21:00:01 vm0pnelkdaa0001 audispd: node=vm0pnelkdaa0001 type=USER_START msg=audit(1645066801.419:64906): pid=5446 uid=0 auid=0 ses=7122 subj=system_u:s
ystem_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_loginuid,pam_keyinit,pam_limits,pam_systemd acct="root" exe="/usr/sbin/crond" hostname=?
 addr=? terminal=cron res=success'
Feb 16 21:00:01 vm0pnelkdaa0001 audispd: node=vm0pnelkdaa0001 type=USER_START msg=audit(1645066801.420:64907): pid=5447 uid=0 auid=0 ses=7123 subj=system_u:s
ystem_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_loginuid,pam_keyinit,pam_limits,pam_systemd acct="root" exe="/usr/sbin/crond" hostname=?
 addr=? terminal=cron res=success'
Feb 16 21:00:01 vm0pnelkdaa0001 audispd: node=vm0pnelkdaa0001 type=USER_START msg=audit(1645066801.420:64908): pid=5445 uid=0 auid=0 ses=7124 subj=system_u:s
ystem_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_loginuid,pam_keyinit,pam_limits,pam_systemd acct="root" exe="/usr/sbin/crond" hostname=?
 addr=? terminal=cron res=success'
Feb 16 21:00:01 vm0pnelkdaa0001 audispd: node=vm0pnelkdaa0001 type=USER_START msg=audit(1645066801.420:64909): pid=5443 uid=0 auid=0 ses=7125 subj=system_u:s
ystem_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_loginuid,pam_keyinit,pam_limits,pam_systemd acct="root" exe="/usr/sbin/crond" hostname=?
 addr=? terminal=cron res=success'
Feb 16 21:00:01 vm0pnelkdaa0001 audispd: node=vm0pnelkdaa0001 type=CRED_REFR msg=audit(1645066801.421:64910): pid=5446 uid=0 auid=0 ses=7122 subj=system_u:sy
stem_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_tally2,pam_unix acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=
success'
Feb 16 21:00:01 vm0pnelkdaa0001 audispd: node=vm0pnelkdaa0001 type=CRED_REFR msg=audit(1645066801.421:64911): pid=5444 uid=0 auid=0 ses=7121 subj=system_u:sy
stem_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_tally2,pam_unix acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=
success'
Feb 16 21:00:01 vm0pnelkdaa0001 audispd: node=vm0pnelkdaa0001 type=CRED_REFR msg=audit(1645066801.421:64912): pid=5445 uid=0 auid=0 ses=7124 subj=system_u:sy
stem_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_tally2,pam_unix acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=
success'
Feb 16 21:00:01 vm0pnelkdaa0001 audispd: node=vm0pnelkdaa0001 type=CRED_REFR msg=audit(1645066801.421:64913): pid=5443 uid=0 auid=0 ses=7125 subj=system_u:sy
stem_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_tally2,pam_unix acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=
success'
Feb 16 21:00:01 vm0pnelkdaa0001 audispd: node=vm0pnelkdaa0001 type=CRED_REFR msg=audit(1645066801.422:64914): pid=5447 uid=0 auid=0 ses=7123 subj=system_u:sy
stem_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_tally2,pam_unix acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=
success'
Feb 16 21:00:01 vm0pnelkdaa0001 audispd: node=vm0pnelkdaa0001 type=CRED_DISP msg=audit(1645066801.432:64915): pid=5445 uid=0 auid=0 ses=7124 subj=system_u:sy
stem_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_tally2,pam_unix acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=
success'
Feb 16 21:00:01 vm0pnelkdaa0001 audispd: node=vm0pnelkdaa0001 type=CRED_DISP msg=audit(1645066801.433:64916): pid=5444 uid=0 auid=0 ses=7121 subj=system_u:sy
stem_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_tally2,pam_unix acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=
success'
Feb 16 21:00:01 vm0pnelkdaa0001 audispd: node=vm0pnelkdaa0001 type=USER_END msg=audit(1645066801.434:64917): pid=5445 uid=0 auid=0 ses=7124 subj=system_u:sys
tem_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_loginuid,pam_keyinit,pam_limits,pam_systemd acct="root" exe="/usr/sbin/crond" hostname=?
addr=? terminal=cron res=success'
Feb 16 21:00:01 vm0pnelkdaa0001 audispd: node=vm0pnelkdaa0001 type=USER_END msg=audit(1645066801.435:64918): pid=5444 uid=0 auid=0 ses=7121 subj=system_u:sys
tem_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_loginuid,pam_keyinit,pam_limits,pam_systemd acct="root" exe="/usr/sbin/crond" hostname=?
addr=? terminal=cron res=success'
Feb 16 21:00:01 vm0pnelkdaa0001 audispd: node=vm0pnelkdaa0001 type=CRED_DISP msg=audit(1645066801.436:64919): pid=5446 uid=0 auid=0 ses=7122 subj=system_u:sy
stem_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_tally2,pam_unix acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=
success'
Feb 16 21:00:01 vm0pnelkdaa0001 audispd: node=vm0pnelkdaa0001 type=CRED_DISP msg=audit(1645066801.438:64920): pid=5443 uid=0 auid=0 ses=7125 subj=system_u:sy
stem_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_tally2,pam_unix acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=
success'
Feb 16 21:00:01 vm0pnelkdaa0001 audispd: node=vm0pnelkdaa0001 type=USER_END msg=audit(1645066801.440:64921): pid=5446 uid=0 auid=0 ses=7122 subj=system_u:sys
tem_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_loginuid,pam_keyinit,pam_limits,pam_systemd acct="root" exe="/usr/sbin/crond" hostname=?
addr=? terminal=cron res=success'
Feb 16 21:00:01 vm0pnelkdaa0001 audispd: node=vm0pnelkdaa0001 type=USER_END msg=audit(1645066801.443:64922): pid=5443 uid=0 auid=0 ses=7125 subj=system_u:sys
tem_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_loginuid,pam_keyinit,pam_limits,pam_systemd acct="root" exe="/usr/sbin/crond" hostname=?
addr=? terminal=cron res=success'
Feb 16 21:00:54 vm0pnelkdaa0001 sshd[6388]: Did not receive identification string from 142.136.105.187 port 51318

leandrojmp · February 17, 2022, 3:56am

If you have /var/log/messages you won't have /var/log/syslog, one is for CentOS based systems and the other is for some Debian based systems, since you didn't specified your distribution, I mentioned both files.

You need the logs from the time period when you executes systemctl start elasticsearch to give context.

The log you shared you executed the command around 20:22, but you didn´t share any logs from that period from /var/log/mesages.

Try to run systemctl start elasticsearch again and get recente logs from /var/log/messages , look for some hint that would indicate the reason.

Abhi_Abhishek · February 17, 2022, 4:04am

Feb 16 22:00:52 vm0pnelkdaa0001 audispd: node=vm0pnelkdaa0001 type=PATH msg=audit(1645070452.570:65363): item=0 name="/tmp/sh-thd-9635339875" inode=79 dev=fd:05 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:user_tmp_t:s0 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
Feb 16 22:00:52 vm0pnelkdaa0001 audispd: node=vm0pnelkdaa0001 type=PATH msg=audit(1645070452.570:65363): item=1 name="/tmp/" inode=64 dev=fd:05 mode=041777 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:tmp_t:s0 objtype=PARENT cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
Feb 16 22:00:52 vm0pnelkdaa0001 audispd: node=vm0pnelkdaa0001 type=PATH msg=audit(1645070452.570:65363): item=2 name="/tmp/sh-thd-9635339875" inode=79 dev=fd:05 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:user_tmp_t:s0 objtype=DELETE cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
Feb 16 22:00:52 vm0pnelkdaa0001 audispd: node=vm0pnelkdaa0001 type=PROCTITLE msg=audit(1645070452.570:65363): proctitle="-bash"
Feb 16 22:01:01 vm0pnelkdaa0001 audispd: node=vm0pnelkdaa0001 type=USER_ACCT msg=audit(1645070461.220:65364): pid=3601 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_access,pam_tally2,pam_unix,pam_localuser acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'
Feb 16 22:01:01 vm0pnelkdaa0001 audispd: node=vm0pnelkdaa0001 type=CRED_ACQ msg=audit(1645070461.220:65365): pid=3601 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_tally2,pam_unix acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'
Feb 16 22:01:01 vm0pnelkdaa0001 audispd: node=vm0pnelkdaa0001 type=LOGIN msg=audit(1645070461.221:65366): pid=3601 uid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=7170 res=1
Feb 16 22:01:01 vm0pnelkdaa0001 systemd: Created slice User Slice of root.
Feb 16 22:01:01 vm0pnelkdaa0001 systemd: Started Session 7170 of user root.
Feb 16 22:01:01 vm0pnelkdaa0001 audispd: node=vm0pnelkdaa0001 type=USER_START msg=audit(1645070461.241:65367): pid=3601 uid=0 auid=0 ses=7170 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_loginuid,pam_keyinit,pam_limits,pam_systemd acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'
Feb 16 22:01:01 vm0pnelkdaa0001 audispd: node=vm0pnelkdaa0001 type=CRED_REFR msg=audit(1645070461.243:65368): pid=3601 uid=0 auid=0 ses=7170 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_tally2,pam_unix acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'
Feb 16 22:01:01 vm0pnelkdaa0001 audispd: node=vm0pnelkdaa0001 type=CRED_DISP msg=audit(1645070461.263:65369): pid=3601 uid=0 auid=0 ses=7170 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_tally2,pam_unix acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'
Feb 16 22:01:01 vm0pnelkdaa0001 audispd: node=vm0pnelkdaa0001 type=USER_END msg=audit(1645070461.264:65370): pid=3601 uid=0 auid=0 ses=7170 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_loginuid,pam_keyinit,pam_limits,pam_systemd acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'
Feb 16 22:01:01 vm0pnelkdaa0001 systemd: Removed slice User Slice of root.
Feb 16 22:01:47 vm0pnelkdaa0001 sshd[3654]: Did not receive identification string from 142.136.105.187 port 62701
Feb 16 22:02:47 vm0pnelkdaa0001 sshd[3704]: Did not receive identification string from 142.136.105.187 port 50309
Feb 16 22:03:39 vm0pnelkdaa0001 systemd: Starting Elasticsearch...
Feb 16 22:03:39 vm0pnelkdaa0001 systemd: Failed at step EXEC spawning /usr/share/elasticsearch/bin/systemd-entrypoint: Permission denied
Feb 16 22:03:39 vm0pnelkdaa0001 systemd: elasticsearch.service: main process exited, code=exited, status=203/EXEC
Feb 16 22:03:39 vm0pnelkdaa0001 systemd: Failed to start Elasticsearch.
Feb 16 22:03:39 vm0pnelkdaa0001 systemd: Unit elasticsearch.service entered failed state.
Feb 16 22:03:39 vm0pnelkdaa0001 audispd: node=vm0pnelkdaa0001 type=SERVICE_START msg=audit(1645070619.386:65371): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=elasticsearch comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'
Feb 16 22:03:39 vm0pnelkdaa0001 systemd: elasticsearch.service failed.
Feb 16 22:03:47 vm0pnelkdaa0001 sshd[3766]: Did not receive identification string from 142.136.105.187 port 51390`Preformatted text`

leandrojmp · February 17, 2022, 4:24am

Do you have anything else in the logs? Still no hint of the root cause and you already shared those errors.

But you may have some permission issues per this line:

systemd: Failed at step EXEC spawning /usr/share/elasticsearch/bin/systemd-entrypoint: Permission denied

Check the permission for the directories that Elasticsearch needs to use, for example /var/log/elasticsearch and /var/lib/elasticsearch, those directories need to be owned by the elasticsearch user and group.

Since you said that you do not have nothing in /var/log/elasticsearch maybe the directory is not owned by the elasticsearch user for some reason.

Have you run Elasticsearch manually as a root before in this machine?

Abhi_Abhishek · February 17, 2022, 4:29am

In /var/log/Elasticsearch
drwxr-s---. 2 Elasticsearch Elasticsearch 6 Dec 18 13:49 Elasticsearch
In /var/lib/Elasticsearch
drwxr-s---. 2 Elasticsearch Elasticsearch 6 Dec 18 13:49 Elasticsearch

Yeah I tried to run Elasticsearch a week back but I was getting the same isues while installing Elasticsearch.

Abhi_Abhishek · February 17, 2022, 1:01pm

@leandrojmp
Is Java installation is necessary for Elasticsearch in a server?

leandrojmp · February 17, 2022, 1:24pm

You dont need to install Java as the Elasticsearch installation alreayd have a bundled Java JDK.

Unfortunatelly is not possible to know what could be your issue without more context from your system log. Can you share your /var/log/messages from some minutes before you tried to start Elasticsearch and some minutes after you tried to start?

Also, you didn't share your elasticsearc.yml, please share your elasticsearch.yml file.

Abhi_Abhishek · February 17, 2022, 2:20pm

I didn't change anything in Elasticsearch.yml & i tried unistall & reinstalling the Elasticsearch now /var/log/messages is also not creating

Abhi_Abhishek · February 17, 2022, 3:43pm

Ran this command for /usr/share/
chmod 775 Elasticsearch
&
ES_JAVA_OPTS= "-Djna.tmpdir=/var/lib/Elasticsearch/tmp"
in /etc/sysconfig/Elasticsearch
Solved my issues.
Thank you for everyone.

system · March 17, 2022, 3:43pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.