Hello,
I am trying to configure logstah 5.0.0 apha3 and when I start the logstash init I get the following message:
"Logstash has a new settings file which defines start up time settings. This file is typically located in $LS_HOME/config or /etc/logstash. If you installed Logstash through a package and are starting it manually please specify the location to this settings file by passing in "--path.settings=/path/.." in the command line options {:level=>:warn}
I have changed the /etc/default/logstash to point to the correct folders but still not managing to start it up.
I would appreciate any help on this matter.
Regards,
What system is this?
How are you starting Logstash?
It is a docker built on debian jessie. Since systemd does not work in docker I am forced to fail over to systemv but the init script for systemv are not getting generated.
From what I can tell, this is more of a Docker issue, and it can be worked around:
opened 07:32PM - 09 Sep 15 UTC
closed 08:55PM - 09 Sep 15 UTC
not-our-bug
Using Debian 8.2 (Jessie/stable) on the host with systemd 215-17+deb8u2 and with… Docker 1.6.2, starting a container from a Debian Stretch/testing container with systemd 225, systemd inside the container does not start any services and systemctl does not work either.
```
$ sudo docker run --detach --name test --hostname test giantmonkey/test
2c9d8a5af59e50f6288e6c7999a75b06c772e53d4feea33a344a096f1d536f27
$ sudo docker exec -ti gomus-webshop-demo bash
root@test:/home/app# systemctl status
Failed to get D-Bus connection: Operation not permitted
root@test:/home/app# apt update
Get:1 http://httpredir.debian.org stretch InRelease [157 kB]
Err http://httpredir.debian.org stretch/main amd64 Packages
Get:2 http://httpredir.debian.org stretch/main Translation-en [4793 kB]
Get:3 http://httpredir.debian.org stretch/main amd64 Packages [7128 kB]
Fetched 12.1 MB in 1s (10.3 MB/s)
Reading package lists... Done
Building dependency tree
Reading state information... Done
All packages are up to date.
root@test:/home/app# apt upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
root@test:/home/app# ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.5 0.0 38324 3376 ? Ss 19:18 0:00 /lib/systemd/systemd
root 6 0.0 0.0 20208 3284 ? Ss 19:18 0:00 bash
root 30 0.0 0.0 43604 3032 ? R+ 19:18 0:00 ps aux
root@test:/home/app# apt install dbus
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
libcap-ng0 libdbus-1-3
Suggested packages:
dbus-x11
The following NEW packages will be installed:
dbus libcap-ng0 libdbus-1-3
0 upgraded, 3 newly installed, 0 to remove and 0 not upgraded.
Need to get 479 kB of archives.
After this operation, 1437 kB of additional disk space will be used.
Do you want to continue? [Y/n]
Get:1 http://httpredir.debian.org/debian/ stretch/main libcap-ng0 amd64 0.7.6-1 [13.5 kB]
Get:2 http://httpredir.debian.org/debian/ stretch/main libdbus-1-3 amd64 1.8.20-1 [170 kB]
Get:3 http://httpredir.debian.org/debian/ stretch/main dbus amd64 1.8.20-1 [295 kB]
Fetched 479 kB in 0s (3329 kB/s)
debconf: unable to initialize frontend: Dialog
debconf: (TERM is not set, so the dialog frontend is not usable.)
debconf: falling back to frontend: Readline
Selecting previously unselected package libcap-ng0:amd64.
(Reading database ... 22889 files and directories currently installed.)
Preparing to unpack .../libcap-ng0_0.7.6-1_amd64.deb ...
Unpacking libcap-ng0:amd64 (0.7.6-1) ...
Selecting previously unselected package libdbus-1-3:amd64.
Preparing to unpack .../libdbus-1-3_1.8.20-1_amd64.deb ...
Unpacking libdbus-1-3:amd64 (1.8.20-1) ...
Selecting previously unselected package dbus.
Preparing to unpack .../dbus_1.8.20-1_amd64.deb ...
Unpacking dbus (1.8.20-1) ...
Processing triggers for systemd (225-1) ...
Setting up libcap-ng0:amd64 (0.7.6-1) ...
Setting up libdbus-1-3:amd64 (1.8.20-1) ...
Setting up dbus (1.8.20-1) ...
Starting system message bus: dbus.
Processing triggers for libc-bin (2.19-19) ...
Processing triggers for systemd (225-1) ...
root@test:/home/app# ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.2 0.0 38324 3376 ? Ss 19:18 0:00 /lib/systemd/systemd
root 6 0.0 0.0 20208 3284 ? Ss 19:18 0:00 bash
message+ 146 0.0 0.0 47688 2536 ? Ss 19:19 0:00 /usr/bin/dbus-daemon --system
root 154 0.0 0.0 43604 3176 ? R+ 19:19 0:00 ps aux
root@test:/home/app# systemctl status
Failed to get D-Bus connection: Operation not permitted
root@test:/home/app# systemctl start nginx
Failed to get D-Bus connection: Operation not permitted
root@test:/home/app# exit
```
As a test, adding the capability `SYS_ADMIN` to the container, everything starts up fine.
```
$ sudo docker exec -ti gomus-webshop-demo bash
root@test:/home/app# systemctl
WARNING: terminal is not fully functional
UNIT LOAD ACTIVE SUB DESCRIPTION
-.mount loaded active mounted /
dev-hugepages.mount loaded active mounted Huge Pages File System
dev-mqueue.mount loaded active mounted POSIX Message Queue File System
etc-hostname.mount loaded active mounted /etc/hostname
etc-hosts.mount loaded active mounted /etc/hosts
etc-resolv.conf.mount loaded active mounted /etc/resolv.conf
proc-bus.mount loaded active mounted /proc/bus
proc-fs.mount loaded active mounted /proc/fs
proc-irq.mount loaded active mounted /proc/irq
proc-kcore.mount loaded active mounted /proc/kcore
proc-sysrq\x2dtrigger.mount loaded active mounted /proc/sysrq-trigger
proc-timer_stats.mount loaded active mounted /proc/timer_stats
sys-fs-fuse-connections.mount loaded active mounted FUSE Control File System
systemd-ask-password-console.path loaded active waiting Dispatch Password Requests to Console Directory Watch
systemd-ask-password-wall.path loaded active waiting Forward Password Requests to Wall Directory Watch
cron.service loaded active running Regular background program processing daemon
nginx.service loaded active running A high performance web server and a reverse proxy server
rc-local.service loaded active exited /etc/rc.local Compatibility
rsyslog.service loaded active running System Logging Service
systemd-journal-flush.service loaded active exited Flush Journal to Persistent Storage
systemd-journald.service loaded active running Journal Service
systemd-random-seed.service loaded active exited Load/Save Random Seed
systemd-remount-fs.service loaded active exited Remount Root and Kernel File Systems
systemd-tmpfiles-setup.service loaded active exited Create Volatile Files and Directories
systemd-update-utmp.service loaded active exited Update UTMP about System Boot/Shutdown
systemd-user-sessions.service loaded active exited Permit User Sessions
udev-finish.service loaded active exited Copy rules generated while the root was ro
-.slice loaded active active Root Slice
system-getty.slice loaded active active system-getty.slice
system.slice loaded active active System Slice
user.slice loaded active active User and Session Slice
syslog.socket loaded active running Syslog Socket
systemd-initctl.socket loaded active listening /dev/initctl Compatibility Named Pipe
systemd-journald-dev-log.socket loaded active running Journal Socket (/dev/log)
systemd-journald.socket loaded active running Journal Socket
basic.target loaded active active Basic System
cryptsetup.target loaded active active Encrypted Volumes
getty.target loaded active active Login Prompts
graphical.target loaded active active Graphical Interface
local-fs-pre.target loaded active active Local File Systems (Pre)
local-fs.target loaded active active Local File Systems
multi-user.target loaded active active Multi-User System
paths.target loaded active active Paths
remote-fs-pre.target loaded active active Remote File Systems (Pre)
remote-fs.target loaded active active Remote File Systems
slices.target loaded active active Slices
sockets.target loaded active active Sockets
swap.target loaded active active Swap
sysinit.target loaded active active System Initialization
time-sync.target loaded active active System Time Synchronized
timers.target loaded active active Timers
systemd-tmpfiles-clean.timer loaded active waiting Daily Cleanup of Temporary Directories
LOAD = Reflects whether the unit definition was properly loaded.
ACTIVE = The high-level unit activation state, i.e. generalization of SUB.
SUB = The low-level unit activation state, values depend on unit type.
52 loaded units listed. Pass --all to see loaded but inactive units, too.
To show all installed unit files use 'systemctl list-unit-files'.
root@test:/home/app# mount | grep sysfs
sysfs on /sys type sysfs (ro,nosuid,nodev,noexec,relatime)
root@test:/home/app# grep sysfs /proc/self/mounts
sysfs /sys sysfs ro,nosuid,nodev,noexec,relatime 0 0
```
Do not drop CAP_SYS_ADMIN from the container. A number of fs namespacing related settings, such as PrivateDevices=, ProtectHome=, ProtectSystem=, MountFlags=, PrivateTmp=, ReadWriteDirectories=, ReadOnlyDirectories=, InaccessibleDirectories=, MountFlags= need to be able to open new mount namespaces and the mount certain file system into it. You break all services that make use of these flags if you drop the flag. Note that already quite a number of services make use of this as we actively encourage users to make use of this security functionality. Also note that logind mounts XDG_RUNTIME_DIR as tmpfs for all logged in users and won't work either if you take away the capability. (Also see section about fully unprivileged containers below.)
Re-adding CAP_SYS_ADMIN seems to fix the issue. We may try to allow users to force init styles, but this is not pressing if there's a way to fix the larger issue by fixing the container instead.
Got it fixed. adding --cap-add SYS_ADMIN with the /sbin/init command will make systemctl command work as expected. Thanks for your help