"runuser: cannot set groups: Operation not permitted" Error While running ES as Service

deepanshu_mittal · March 9, 2018, 3:12pm

I am getting "runuser: cannot set groups: Operation not permitted" Error while running ES as service on OEL6 linux machine. I am using following /etc/init.d/elasticsearch file

#!/bin/bash

elasticsearch

chkconfig: 2345 80 20

description: Starts and stops a single elasticsearch instance on this system

BEGIN INIT INFO

Provides: Elasticsearch

Required-Start: $network $named

Required-Stop: $network $named

Default-Start: 2 3 4 5

Default-Stop: 0 1 6

Short-Description: This service manages the elasticsearch daemon

Description: Elasticsearch is a very scalable, schema-free and high-performance search solution supporting multi-tenancy and near realtime search.

END INIT INFO

init.d / servicectl compatibility (openSUSE)

if [ -f /etc/rc.status ]; then
. /etc/rc.status
rc_reset
fi

Source function library.

if [ -f /etc/rc.d/init.d/functions ]; then
. /etc/rc.d/init.d/functions
fi

Sets the default values for elasticsearch variables used in this script

#SU="sudo -u"
ES_USER="root"
ES_GROUP="root"
ES_HOME="/etc/elasticsearch"
MAX_OPEN_FILES=65536
MAX_MAP_COUNT=262144
LOG_DIR="/var/log/elasticsearch"
DATA_DIR="/var/lib/elasticsearch"
CONF_DIR="/etc/elasticsearch"

PID_DIR="/var/run/elasticsearch"

Source the default env file

ES_ENV_FILE="/etc/sysconfig/elasticsearch"
if [ -f "$ES_ENV_FILE" ]; then
. "$ES_ENV_FILE"
fi

CONF_FILE setting was removed

if [ ! -z "$CONF_FILE" ]; then
echo "CONF_FILE setting is no longer supported. elasticsearch.yml must be placed in the config directory and cannot be renamed."
exit 1
fi

exec="$ES_HOME/bin/elasticsearch"
prog="elasticsearch"
pidfile="$PID_DIR/${prog}.pid"

export ES_JAVA_OPTS
export JAVA_HOME
export ES_INCLUDE
export ES_JVM_OPTIONS
export ES_STARTUP_SLEEP_TIME

export unsupported variables so bin/elasticsearch can reject them and inform the user these are unsupported

if test -n "$ES_MIN_MEM"; then export ES_MIN_MEM; fi
if test -n "$ES_MAX_MEM"; then export ES_MAX_MEM; fi
if test -n "$ES_HEAP_SIZE"; then export ES_HEAP_SIZE; fi
if test -n "$ES_HEAP_NEWSIZE"; then export ES_HEAP_NEWSIZE; fi
if test -n "$ES_DIRECT_SIZE"; then export ES_DIRECT_SIZE; fi
if test -n "$ES_USE_IPV4"; then export ES_USE_IPV4; fi
if test -n "$ES_GC_OPTS"; then export ES_GC_OPTS; fi
if test -n "$ES_GC_LOG_FILE"; then export ES_GC_LOG_FILE; fi

lockfile=/var/lock/subsys/$prog

backwards compatibility for old config sysconfig files, pre 0.90.1

if [ -n $USER ] && [ -z $ES_USER ] ; then
ES_USER=$USER
fi

if [ ! -x "$exec" ]; then
echo "The elasticsearch startup script does not exists or it is not executable, tried: $exec"
exit 1
fi

checkJava() {
if [ -x "$JAVA_HOME/bin/java" ]; then
JAVA="$JAVA_HOME/bin/java"
else
JAVA=which java
fi

if [ ! -x "$JAVA" ]; then
    echo "Could not find any executable java binary. Please install java in your PATH or set JAVA_HOME"
    exit 1
fi

}

start() {
checkJava
[ -x $exec ] || exit 5

if [ -n "$MAX_OPEN_FILES" ]; then
    ulimit -n $MAX_OPEN_FILES
fi
if [ -n "$MAX_LOCKED_MEMORY" ]; then
    ulimit -l $MAX_LOCKED_MEMORY
fi

if [ -n "$MAX_MAP_COUNT" -a -f /proc/sys/vm/max_map_count ]; then

sysctl -q -w vm.max_map_count=$MAX_MAP_COUNT

fi

# Ensure that the PID_DIR exists (it is cleaned at OS startup time)
if [ -n "$PID_DIR" ] && [ ! -e "$PID_DIR" ]; then
    mkdir -p "$PID_DIR" && chown "$ES_USER":"$ES_GROUP" "$PID_DIR"
fi
if [ -n "$pidfile" ] && [ ! -e "$pidfile" ]; then
    touch "$pidfile" && chown "$ES_USER":"$ES_GROUP" "$pidfile"
fi

cd $ES_HOME
echo -n $"Starting $prog: "
# if not running, start it up here, usually something like "daemon $exec"
daemon --user $ES_USER --pidfile $pidfile $exec -p $pidfile -d -Edefault.path.logs=$LOG_DIR -Edefault.path.data=$DATA_DIR -Edefault.path.conf=$CONF_DIR
retval=$?
echo
[ $retval -eq 0 ] && touch $lockfile
return $retval

}

stop() {
echo -n $"Stopping $prog: "
# stop it here, often "killproc $prog"
killproc -p $pidfile -d 86400 $prog
retval=$?
echo
[ $retval -eq 0 ] && rm -f $lockfile
return $retval
}

restart() {
stop
start
}

reload() {
restart
}

force_reload() {
restart
}

rh_status() {
# run checks to determine if the service is running or use generic status
status -p $pidfile $prog
}

rh_status_q() {
rh_status >/dev/null 2>&1
}

case "$1" in
start)
rh_status_q && exit 0
$1
;;
stop)
rh_status_q || exit 0
$1
;;
restart)
$1
;;
reload)
rh_status_q || exit 7
$1
;;
force-reload)
force_reload
;;
status)
rh_status
;;
condrestart|try-restart)
rh_status_q || exit 0
restart
;;
*)
echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}"
exit 2
esac
exit $?

Please help me on same to get this issue resolved. I am using ES6.1.2

dadoonet · March 9, 2018, 3:29pm

Please format your code, logs or configuration files using </> icon as explained in this guide and not the citation button. It will make your post more readable.

Or use markdown style like:

```
CODE
```

There's a live preview panel for exactly this reasons.

Lots of people read these forums, and many of them will simply skip over a post that is difficult to read, because it's just too large an investment of their time to try and follow a wall of badly formatted text.
If your goal is to get an answer to your questions, it's in your interest to make it as easy to read and understand as possible.
Please update your post.

system · April 7, 2018, 3:01am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.