Logstash.service unable to access Keystore

Elastic Stack Logstash
1

Hello everyone,

while trying to setup a test Logstash instance, i struggle to get it running.
The following error appears, viewable via journalctl:

ERROR: Failed to load settings file from "path.settings". Aborting... path.setting=/etc/logstash, exception=Java::OrgLogstashSecretStore::SecretStoreException::AccessException, message=>Can not access Logstash keystore at /etc/logstash/logstash.keystore. Please verify correct file permissions and keystore password.

I already went through the available topics here and other resources dealing with the same issue, which unfortunately did not help to resolve the issue.

The interesting aspect is that even when the keystore is password-less and with most open permissions, the error remains.

SSL communication to elasticsearch is intended, certs are in the correct place, relevant passwords are in the keystore and the logstash.yml is adjusted accordingly.

Maybe someone can help out. Thank you all!

2

Hi there,

In the past I have had issues with keystores and the reason for this was that I wasn't specifying the path.settings when it was created.

Did you specify this when you created the keystore?

3

The user doesn't have permissions to path.setting=/etc/logstash
How do you run LS, as a process or as a systemctl service?

4

I provided the path.settings while creating the keystore.
The keystore was generated with the following command:

sudo -E /usr/share/logstash/bin/logstash-keystore --path.settings /etc/logstash create

Still, thank you!

5

I'm running LS as a systemctl service which is launched via sudo.

6

Hi there,

One other point. When adding passwords, remember to add the path to settings to the command.

1 Like
7

The most likely your OS and user accounts have restrictions.
The /etc/logstash/ is normally owned by root:root. Additionally, systemctl run LS as the "logstash" user which reads config path -> /etc/logstash/.

  1. Check permissions on the config directory and logstash.keystore
  2. If 1. doesn't work, test purpose set different user in: /usr/lib/systemd/system/logstash.service and run the service again.
8

Are you running logstash as a service?

The logstash service runs with the logstash user, you need to make share that this user can read the permissions of the logstash.keystore file.

What are the permissions for this file?

9

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.