Brand new installation of ElasticSearch with the elasticsearch-6.3.0-1.noarch RPM. The following message shows up in the logs. On further inspection I decided to try to manually initialize the keystore using:
sudo -u elasticsearch -s /usr/share/elasticsearch/bin/elasticsearch-keystore create
which resulted in the same error. Checking the permissions again, I saw that the /etc/elasticsearch directory was indeed not writable:
total 40
-rw-rw----. 1 root elasticsearch 0 Jun 11 19:44 users_roles
-rw-rw----. 1 root elasticsearch 0 Jun 11 19:44 users
-rw-rw----. 1 root elasticsearch 197 Jun 11 19:44 roles.yml
-rw-rw----. 1 root elasticsearch 473 Jun 11 19:44 role_mapping.yml
-rw-rw----. 1 root elasticsearch 6380 Jun 11 19:44 log4j2.properties
-rw-rw----. 1 root elasticsearch 2920 Jun 11 19:44 jvm.options
-rw-r--r--. 1 root elasticsearch 0 Jun 18 22:46 .elasticsearch.keystore.initial_md5sum
drwxr-xr-x. 82 root root 8192 Jun 19 00:32 ..
-rw-rw----. 1 root elasticsearch 2868 Jun 19 00:34 elasticsearch.yml
-rw-rw----. 1 elasticsearch elasticsearch 207 Jun 19 00:48 elasticsearch.keystore
drwxr-s---. 2 root elasticsearch 224 Jun 19 00:48 .
So I changed that, then restarted the server:
chmod g+w /etc/elasticsearch
and viola. You may want to change back the permissions after the keystore is created for security purposes, but there is clearly an issue right out the gates that the installation steps do not walk you through.
@ElasticCo Would be good to update the manuals to note having to run the keystore creation as root or doing as I did above here: https://www.elastic.co/guide/en/elasticsearch/reference/current/rpm.html