Not a valid keystore when running Logstash as a service

Hi,

I am trying to use keystore as documented in https://www.elastic.co/guide/en/logstash/current/keystore.html

I was able to succesfully implement it and also run it. However, when I run Logstash as a service it will throw an error.

[2020-03-20T18:22:40,385][ERROR][logstash.agent ] Failed to execute action {:action=>LogSta sh::PipelineAction::Create/pipeline_id:pipeline-es-filebeat, :exception=>"Java::OrgLogstashSecretStor e::SecretStoreException::LoadException", :message=>"Found a file at /data001/logstash/config/logstash .keystore, but it is not a valid Logstash keystore.", :backtrace=>["org.logstash.secret.store.backend .JavaKeyStore.load(JavaKeyStore.java:268)", "org.logstash.secret.store.backend.JavaKeyStore.load(Java KeyStore.java:40)", "org.logstash.secret.store.SecretStoreFactory.doIt(SecretStoreFactory.java:109)", "org.logstash.secret.store.SecretStoreFactory.load(SecretStoreFactory.java:95)", "org.logstash.secre t.store.SecretStoreExt.getIfExists(SecretStoreExt.java:37)", "org.logstash.execution.AbstractPipeline Ext.getSecretStore(AbstractPipelineExt.java:383)", "org.logstash.execution.JavaBasePipelineExt.initia lize(JavaBasePipelineExt.java:60)", "org.logstash.execution.JavaBasePipelineExt$INVOKER$i$1$0$initial ize.call(JavaBasePipelineExt$INVOKER$i$1$0$initialize.gen)", "org.jruby.internal.runtime.methods.Java Method$JavaMethodN.call(JavaMethod.java:837)", "org.jruby.ir.runtime.IRRuntimeHelpers.instanceSuper(I RRuntimeHelpers.java:1156)", "org.jruby.ir.runtime.IRRuntimeHelpers.instanceSuperSplatArgs(IRRuntimeH elpers.java:1143)", "org.jruby.ir.targets.InstanceSuperInvokeSite.invoke(InstanceSuperInvokeSite.java :39)", "data001.logstash.logstash_minus_core.lib.logstash.java_pipeline.RUBY$method$initialize$0(/dat a001/logstash/logstash-core/lib/logstash/java_pipeline.rb:26)", "org.jruby.internal.runtime.methods.C ompiledIRMethod.call(CompiledIRMethod.java:91)", "org.jruby.internal.runtime.methods.MixedModeIRMetho d.call(MixedModeIRMethod.java:90)", "org.jruby.runtime.callsite.CachingCallSite.cacheAndCall(CachingC allSite.java:332)", "org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:86)", "org. jruby.RubyClass.newInstance(RubyClass.java:915)", "org.jruby.RubyClass$INVOKER$i$newInstance.call(Rub yClass$INVOKER$i$newInstance.gen)", "org.jruby.runtime.callsite.CachingCallSite.cacheAndCall(CachingC allSite.java:332)", "org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:86)", "org. jruby.ir.instructions.CallBase.interpret(CallBase.java:540)", "org.jruby.ir.interpreter.InterpreterEn gine.processCall(InterpreterEngine.java:361)", "org.jruby.ir.interpreter.StartupInterpreterEngine.int erpret(StartupInterpreterEngine.java:72)", "org.jruby.ir.interpreter.InterpreterEngine.interpret(Inte rpreterEngine.java:92)", "org.jruby.internal.runtime.methods.MixedModeIRMethod.INTERPRET_METHOD(Mixed ModeIRMethod.java:204)", "org.jruby.internal.runtime.methods.MixedModeIRMethod.call(MixedModeIRMethod .java:191)", "org.jruby.internal.runtime.methods.DynamicMethod.call(DynamicMethod.java:208)", "data00 1.logstash.logstash_minus_core.lib.logstash.agent.RUBY$block$converge_state$2(/data001/logstash/logst ash-core/lib/logstash/agent.rb:326)", "org.jruby.runtime.CompiledIRBlockBody.callDirect(CompiledIRBlo ckBody.java:136)", "org.jruby.runtime.IRBlockBody.call(IRBlockBody.java:77)", "org.jruby.runtime.Bloc k.call(Block.java:129)", "org.jruby.RubyProc.call(RubyProc.java:295)", "org.jruby.RubyProc.call(RubyP roc.java:274)", "org.jruby.RubyProc.call(RubyProc.java:270)", "org.jruby.internal.runtime.RubyRunnabl e.run(RubyRunnable.java:105)", "java.base/java.lang.Thread.run(Thread.java:834)"]}

I am running the service as a non-root user. Here is my service file.

[root@fcaelk03 ~]# cat /usr/lib/systemd/system/logstash.service
[Unit]
Description=Logstash
Documentation=https://www.elastic.co
Wants=network-online.target
After=network-online.target

[Service]
Type=simple
Restart=always
User=username
ExecStart=/data/logstash/bin/logstash

[Install]
WantedBy=multi-user.target

The environment variable LOGSTASH_KEYSTORE_PASS is available in both root and non-root user used to run Logstash.

Anyone encountered the same? Any ideas?