Issue with systemd startup and keystore values

We are rolling out a cluster with security high on the list of targets - so using SSL, authentication etc

In our filebeat.yml, we have
output.elasticsearch.username = "${ES_USER}"
output.elasticsearch.password = "${ES_PASS}"

and we have stored the relevant data in the filebeat keystore.

when we run systemctl start filebeat, we get an error
instance/beat.go:877 - Exiting: error initializing publisher: missing field accessing 'output.elasticsearch.username' (source:'/etc/filebeat/filebeat.yml')

but if we run the start command manually, it works....

So we are deducing that systemd is doing something with these variables before filebeat gets a look in.
We have tried quoting - single and double - / escaping but it still fails.

Any ideas?

I have entered the values into the yaml file and it works as expected but then that exposes the username and the password to prying eyes so not good.

Solved this by simplying the ExecStart file to ...filebeat -c ...yml
and deleting all that environment lines.

Also removed the command line overriding so logging settings in yaml file actually works as expected.

Answer: Keep systemd simple....

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.