Try to run elasticsearch but keeps stopping immediately

Elastic Stack Elasticsearch
1

I'm using elasticsearch 6.3 on Ubuntu. Whenever I start it up, it runs for a couple of minutes and then immediately fails. I get this error when checking satus

   Loaded: loaded (/usr/lib/systemd/system/elasticsearch.service; enabled; vendor preset: enabled)
   Active: failed (Result: exit-code) since Fri 2018-07-27 11:34:31 IST; 48min ago
  Docs: http://www.elastic.co
  Process: 7337 ExecStart=/usr/share/elasticsearch/bin/elasticsearch -p ${PID_DIR}/elasticsearch.pid --quiet (code=exited, status=1/FAILURE)
  Main PID: 7337 (code=exited, status=1/FAILURE)

  Jul 27 11:34:26 shrey systemd[1]: Started Elasticsearch.
  Jul 27 11:34:31 shrey systemd[1]: elasticsearch.service: Main process exited, code=exited, status=1/FAILURE
  Jul 27 11:34:31 shrey systemd[1]: elasticsearch.service: Unit entered failed state.
  Jul 27 11:34:31 shrey systemd[1]: elasticsearch.service: Failed with result 'exit-code'.

when I use it directly from bin/elasticsearch, I'm getting this:

[2018-07-27T12:27:46,745][WARN ][o.e.b.ElasticsearchUncaughtExceptionHandler] [] uncaught exception in thread [main]
org.elasticsearch.bootstrap.StartupException: java.lang.RuntimeException: can not run elasticsearch as root
	at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:140) ~[elasticsearch-6.3.1.jar:6.3.1]
	at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:127) ~[elasticsearch-6.3.1.jar:6.3.1]
	at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86) ~[elasticsearch-6.3.1.jar:6.3.1]
	at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124) ~[elasticsearch-cli-6.3.1.jar:6.3.1]
	at org.elasticsearch.cli.Command.main(Command.java:90) ~[elasticsearch-cli-6.3.1.jar:6.3.1]
	at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:93) ~[elasticsearch-6.3.1.jar:6.3.1]
	at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:86) ~[elasticsearch-6.3.1.jar:6.3.1]
Caused by: java.lang.RuntimeException: can not run elasticsearch as root
	at org.elasticsearch.bootstrap.Bootstrap.initializeNatives(Bootstrap.java:104) ~[elasticsearch-6.3.1.jar:6.3.1]
	at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:171) ~[elasticsearch-6.3.1.jar:6.3.1]
	at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:326) ~[elasticsearch-6.3.1.jar:6.3.1]
	at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:136) ~[elasticsearch-6.3.1.jar:6.3.1]
	... 6 more

At first I thought it was an X-pack issue because 6.3 includes X-pack automattically, but even after disabling security for X-pack in the yml files for Kibana and Elasticsearch, I am still getting the same error

Can someone help me ASAP?

2

can't run as root...

3

The reason it won't start manually is that you are trying to run as root, which we do not allow.
That is unlikely to be the cause of your systemd problem. To diagnose that we need to see some logs.

Check /var/log/elasticsearch/elasticsearch.log

4 
[2018-07-27T10:52:20,992][INFO ][o.e.n.Node               ] [] initializing ...
[2018-07-27T10:52:21,327][INFO ][o.e.e.NodeEnvironment    ] [P0sZjuJ] using [1] data paths, mounts [[/ (/dev/sda7)]], net usable_space [12.5gb], net total_space [23.3gb], types [ext4]
[2018-07-27T10:52:21,327][INFO ][o.e.e.NodeEnvironment    ] [P0sZjuJ] heap size [990.7mb], compressed ordinary object pointers [true]
[2018-07-27T10:52:21,473][INFO ][o.e.n.Node               ] [P0sZjuJ] node name derived from node ID [P0sZjuJjSQm_IOslBJ-moQ]; set [node.name] to override
[2018-07-27T10:52:21,473][INFO ][o.e.n.Node               ] [P0sZjuJ] version[6.3.1], pid[1220], build[default/deb/eb782d0/2018-06-29T21:59:26.107521Z], OS[Linux/4.4.0-130-generic/amd64], JVM[Oracle Corporation/Java HotSpot(TM) 64-Bit Server VM/1.8.0_171/25.171-b11]
[2018-07-27T10:52:21,473][INFO ][o.e.n.Node               ] [P0sZjuJ] JVM arguments [-Xms1g, -Xmx1g, -XX:+UseConcMarkSweepGC, -XX:CMSInitiatingOccupancyFraction=75, -XX:+UseCMSInitiatingOccupancyOnly, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.io.tmpdir=/tmp/elasticsearch.MlP4iHem, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=/var/lib/elasticsearch, -XX:ErrorFile=/var/log/elasticsearch/hs_err_pid%p.log, -XX:+PrintGCDetails, -XX:+PrintGCDateStamps, -XX:+PrintTenuringDistribution, -XX:+PrintGCApplicationStoppedTime, -Xloggc:/var/log/elasticsearch/gc.log, -XX:+UseGCLogFileRotation, -XX:NumberOfGCLogFiles=32, -XX:GCLogFileSize=64m, -Des.path.home=/usr/share/elasticsearch, -Des.path.conf=/etc/elasticsearch, -Des.distribution.flavor=default, -Des.distribution.type=deb]
[2018-07-27T10:52:25,950][ERROR][o.e.b.Bootstrap          ] Exception
java.lang.IllegalArgumentException: Plugin [ingest-geoip] was built for Elasticsearch version 6.3.0 but version 6.3.1 is running
	at org.elasticsearch.plugins.PluginsService.verifyCompatibility(PluginsService.java:421) ~[elasticsearch-6.3.1.jar:6.3.1]
	at org.elasticsearch.plugins.PluginsService.loadBundle(PluginsService.java:618) ~[elasticsearch-6.3.1.jar:6.3.1]
	at org.elasticsearch.plugins.PluginsService.loadBundles(PluginsService.java:557) ~[elasticsearch-6.3.1.jar:6.3.1]
	at org.elasticsearch.plugins.PluginsService.<init>(PluginsService.java:162) ~[elasticsearch-6.3.1.jar:6.3.1]
	at org.elasticsearch.node.Node.<init>(Node.java:311) ~[elasticsearch-6.3.1.jar:6.3.1]
	at org.elasticsearch.node.Node.<init>(Node.java:252) ~[elasticsearch-6.3.1.jar:6.3.1]
	at org.elasticsearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:213) ~[elasticsearch-6.3.1.jar:6.3.1]
	at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:213) ~[elasticsearch-6.3.1.jar:6.3.1]
	at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:326) [elasticsearch-6.3.1.jar:6.3.1]
	at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:136) [elasticsearch-6.3.1.jar:6.3.1]
	at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:127) [elasticsearch-6.3.1.jar:6.3.1]
	at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86) [elasticsearch-6.3.1.jar:6.3.1]
	at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124) [elasticsearch-cli-6.3.1.jar:6.3.1]
	at org.elasticsearch.cli.Command.main(Command.java:90) [elasticsearch-cli-6.3.1.jar:6.3.1]
	at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:93) [elasticsearch-6.3.1.jar:6.3.1]
	at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:86) [elasticsearch-6.3.1.jar:6.3.1]
[2018-07-27T10:52:25,956][WARN ][o.e.b.ElasticsearchUncaughtExceptionHandler] [] uncaught exception in thread [main]
org.elasticsearch.bootstrap.StartupException: java.lang.IllegalArgumentException: Plugin [ingest-geoip] was built for Elasticsearch version 6.3.0 but version 6.3.1 is running
	at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:140) ~[elasticsearch-6.3.1.jar:6.3.1]
	at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:127) ~[elasticsearch-6.3.1.jar:6.3.1]
	at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86) ~[elasticsearch-6.3.1.jar:6.3.1]
	at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124) ~[elasticsearch-cli-6.3.1.jar:6.3.1]
	at org.elasticsearch.cli.Command.main(Command.java:90) ~[elasticsearch-cli-6.3.1.jar:6.3.1]
	at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:93) ~[elasticsearch-6.3.1.jar:6.3.1]
	at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:86) ~[elasticsearch-6.3.1.jar:6.3.1]
Caused by: java.lang.IllegalArgumentException: Plugin [ingest-geoip] was built for Elasticsearch version 6.3.0 but version 6.3.1 is running
	at org.elasticsearch.plugins.PluginsService.verifyCompatibility(PluginsService.java:421) ~[elasticsearch-6.3.1.jar:6.3.1]
	at org.elasticsearch.plugins.PluginsService.loadBundle(PluginsService.java:618) ~[elasticsearch-6.3.1.jar:6.3.1]
	at org.elasticsearch.plugins.PluginsService.loadBundles(PluginsService.java:557) ~[elasticsearch-6.3.1.jar:6.3.1]
	at org.elasticsearch.plugins.PluginsService.<init>(PluginsService.java:162) ~[elasticsearch-6.3.1.jar:6.3.1]
	at org.elasticsearch.node.Node.<init>(Node.java:311) ~[elasticsearch-6.3.1.jar:6.3.1]
	at org.elasticsearch.node.Node.<init>(Node.java:252) ~[elasticsearch-6.3.1.jar:6.3.1]
	at org.elasticsearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:213) ~[elasticsearch-6.3.1.jar:6.3.1]
	at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:213) ~[elasticsearch-6.3.1.jar:6.3.1]
	at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:326) ~[elasticsearch-6.3.1.jar:6.3.1]
	at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:136) ~[elasticsearch-6.3.1.jar:6.3.1]
	... 6 more

Here are some of the logs. I hope you can make something out of it

5

You have an out of date plugin installed.
Someone or something upgraded your elasticsearch version and didn't follow the upgrade instructions.

Run

bin/elasticsearch-plugin remove ingest-geoip 
bin/elasticsearch-plugin install ingest-geoip
6

Thanks, That seemed to have helped :slight_smile:

7

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.