Installation Woes on Ubuntu/Linux

Tried out installing Elastic, Logstash and Kibana on Ubuntu 17.6 (running on VMWare Player on Windows 10) and it was a bit difficult. Not sure if it's because I'm not a Linux guru or what.

  1. Installing elasticsearch via apt-get works but it does not run because of some YAML library missing

  2. Installing manually (wget/download) works but all the permissions are wrong and it won't run without a lot of tweaking (chown).

Point 2 is the real issue and applies equally to ElasticSearch, LogStash and Kibana. It's catch 22: you can't install without sudo but if you use sudo then all the created directories are owned by root and you have no access to them so nothing runs (permission errors).

So the only way to get things running is to sudo install them and then chown 4 different folders: one for each application. So for logstash you have to do:

  1. sudo chown -R myuser /usr/share/logstash
  2. sudo chown -R myuser /etc/logstash
  3. sudo chown -R myuser /var/lib/logstash
  4. sudo chown -R myuser /var/log/logstash

Do that 3 times and you might have ELK running.

Then, when you install X-Pack you have to do similar antics.

Am I missing something?

I might add that running elasticsearch itself with sudo results in (from memory) something like: "Cannot run elastic search as root".

So I got ES running but it won't run as a service. sudo service elasticsearch start runs without error but ES is not running.

I assume it's permissions of the elasticsearch user so I tried setting the group ownership to "adm" on all relevant folders and adding the elasticsearch user to the adm group (myuser was already a member). This has not helped issues.

Any way to diagnose why a service won't start in linux? Can't see anything in syslog or /var/log/elasticsearch/*.log

That should not be the case. What was the error you saw?

Unfortunately I have no way of recalling the exact message but it should be reproducible on a new installation of Ubuntu 17.6 on VMWare. Just ran sudo apt-get install elasticsearch (after sudo apt-get update).

Googling the issue at the time brought up posts saying the apt-get package for elasticsearch was not quite "ready for the masses" or similar. I think basically some YAML library was missing or out of date.

I think the following link describes the error:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=829078

i.e.

Exception in thread "main" java.lang.NoClassDefFoundError: org/elasticsearch/common/jackson/dataformat/yaml/snakeyaml/error/YAMLException

There's been 200 million or so downloads of our product and I don't recall seeing this problem in the last few years. Not trying to put the blame on you, but it's super helpful if you can record things so we can dig deeper and find a solution.

Also it doesn't actually look like Ubuntu 17 has been released?

It may well have been Ubuntu 17.10 which is released here:
https://www.ubuntu.com/download/desktop

The experience was written "posthumously" after I'd gotten things running and I thought I'd let you guys know but I'm fairly certain the link I posted is the correct error message "NoClassDefFoundError".

What version of elasticsearch are you installing? That Debian bug link is for a very old version (1.7) and trying to install from that repository on a recent distro would likely have many issues. See the current docs for installing on Debian systems.

I actually did follow the guide you linked BUT I'll admit that I skipped the following steps:

  • "Import the Elasticsearch PGP Keyedit"
  • The first 2 steps under "Installing from the APT repository"

I did not specify a version, I just did "apt-get install elasticsearch".

As I said I'm a noob and I assumed apt-get would install the latest version. Perhaps what is missing was this:

echo "deb https://artifacts.elastic.co/packages/6.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-6.x.list

Would that tell apt-get the correct version? I had assumed apt-get was a centralized repo like npm.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.