Service fails to start, I don't know why

ant2ne · December 8, 2022, 10:49pm

When security is disabled, they are talking via tcp (10. is the remote host sending rsyslog to elk and the 3. is the elk server).....

21:50:01.334042 tun0  Out IP 10.226.28.173.53286 > 3.133.215.55.5044: Flags [S], seq 520455032, win 64800, options [mss 1350,sackOK,TS val 1111856841 ecr 0,nop,wscale 7], length 0
21:50:01.388741 tun0  In  IP 3.133.215.55.5044 > 10.226.28.173.53286: Flags [S.], seq 3257028177, ack 520455033, win 62643, options [mss 1350,sackOK,TS val 3883257497 ecr 1111856841,nop,wscale 7], length 0
21:50:01.388765 tun0  Out IP 10.226.28.173.53286 > 3.133.215.55.5044: Flags [.], ack 1, win 507, options [nop,nop,TS val 1111856896 ecr 3883257497], length 0
21:50:01.388909 tun0  Out IP 10.226.28.173.53286 > 3.133.215.55.5044: Flags [P.], seq 1:111, ack 1, win 507, options [nop,nop,TS val 1111856896 ecr 3883257497], length 110
21:50:01.449930 tun0  In  IP 3.133.215.55.5044 > 10.226.28.173.53286: Flags [.], ack 111, win 489, options [nop,nop,TS val 3883257557 ecr 1111856896], length 0
21:50:01.449944 tun0  Out IP 10.226.28.173.53286 > 3.133.215.55.5044: Flags [P.], seq 111:1112, ack 1, win 507, options [nop,nop,TS val 1111856957 ecr 3883257557], length 1001
21:50:01.466175 tun0  In  IP 3.133.215.55.5044 > 10.226.28.173.53286: Flags [R.], seq 1, ack 111, win 489, options [nop,nop,TS val 3883257575 ecr 1111856896], length 0

But, I can't find the remote test host within kibana. I suspect I need to enable security. I will need to do it eventually anyway. But, when I enable security as per.....

xpack.security.enabled: true
xpack.security.authc.api_key.enabled: true

systemctl status elasticsearch

× elasticsearch.service - Elasticsearch
     Loaded: loaded (/lib/systemd/system/elasticsearch.service; enabled; vendor preset: enabled)
     Active: failed (Result: exit-code) since Thu 2022-12-08 22:27:24 UTC; 17min ago
       Docs: https://www.elastic.co
    Process: 8565 ExecStart=/usr/share/elasticsearch/bin/systemd-entrypoint -p ${PID_DIR}/elasticsearch.pid --quiet (code=exited, status=1/FAILURE)
   Main PID: 8565 (code=exited, status=1/FAILURE)
        CPU: 5.684s
Dec 08 22:27:24 ip-172-31-35-85 systemd-entrypoint[8565]:      ^
Dec 08 22:27:24 ip-172-31-35-85 systemd-entrypoint[8565]:         at org.yaml.snakeyaml.parser.ParserImpl$ParseBlockMappingKey.produce(ParserImpl.java:679)
Dec 08 22:27:24 ip-172-31-35-85 systemd-entrypoint[8565]:         at org.yaml.snakeyaml.parser.ParserImpl.peekEvent(ParserImpl.java:185)
Dec 08 22:27:24 ip-172-31-35-85 systemd-entrypoint[8565]:         at org.yaml.snakeyaml.parser.ParserImpl.getEvent(ParserImpl.java:195)
Dec 08 22:27:24 ip-172-31-35-85 systemd-entrypoint[8565]:         at com.fasterxml.jackson.dataformat.yaml.YAMLParser.nextToken(YAMLParser.java:355)
Dec 08 22:27:24 ip-172-31-35-85 systemd-entrypoint[8565]:         ... 14 more
Dec 08 22:27:24 ip-172-31-35-85 systemd[1]: elasticsearch.service: Main process exited, code=exited, status=1/FAILURE
Dec 08 22:27:24 ip-172-31-35-85 systemd[1]: elasticsearch.service: Failed with result 'exit-code'.
Dec 08 22:27:24 ip-172-31-35-85 systemd[1]: Failed to start Elasticsearch.
Dec 08 22:27:24 ip-172-31-35-85 systemd[1]: elasticsearch.service: Consumed 5.684s CPU time.

tail -f the logs shows nothing. nothing. like it crashes before it can write a log.

I did a "chown -R elasticsearch:elasticsearch /usr/share/elasticsearch" but made no difference

What else can I try?

ubuntu 2204 fallowing this tutorial

leandrojmp · December 8, 2022, 11:39pm

You need to look in to the system logs, probably /var/log/syslog.

But from the snippet of the error you shared, probably is related to the elasticsearch.yml config file, maybe something is wrong.

Can you share the entire file?

ant2ne · December 9, 2022, 10:33am

it is mostly stock. Below is the file with the comments # removed so that only the following are uncommented lines...

sudo grep -v "#" /etc/elasticsearch/elasticsearch.yml 
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
network.host: localhost
 xpack.security.enabled: true
 xpack.security.authc.api_key.enabled: true

Yang_Wang · December 11, 2022, 11:48pm

There are whitespaces before xpack.security.... You need to remove them. YAML files are indentation sensitive.

system · January 8, 2023, 11:48pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.