Issue with systemd startup and keystore values

stwilliams · August 30, 2019, 12:31pm

We are rolling out a cluster with security high on the list of targets - so using SSL, authentication etc

In our filebeat.yml, we have
output.elasticsearch.username = "${ES_USER}"
output.elasticsearch.password = "${ES_PASS}"

and we have stored the relevant data in the filebeat keystore.

when we run systemctl start filebeat, we get an error
instance/beat.go:877 - Exiting: error initializing publisher: missing field accessing 'output.elasticsearch.username' (source:'/etc/filebeat/filebeat.yml')

but if we run the start command manually, it works....

So we are deducing that systemd is doing something with these variables before filebeat gets a look in.
We have tried quoting - single and double - / escaping but it still fails.

Any ideas?

I have entered the values into the yaml file and it works as expected but then that exposes the username and the password to prying eyes so not good.

stwilliams · August 30, 2019, 1:23pm

Solved this by simplying the ExecStart file to ...filebeat -c ...yml
and deleting all that environment lines.

Also removed the command line overriding so logging settings in yaml file actually works as expected.

Answer: Keep systemd simple....

system · September 27, 2019, 1:23pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Using Keystores - not working (v6.6.0) Beats	2	1432	March 7, 2019
Credentials' variables blocking beats from running as services on Windows Beats	12	1323	April 20, 2020
Filebeat keystore for basic security Beats filebeat	3	2649	January 6, 2022
Filebeat can't connect to Elastic search Beats filebeat	25	851	May 10, 2024
Elasticsearch permissions required by Filebeat Beats filebeat	7	3891	November 30, 2018

Issue with systemd startup and keystore values

Related topics