Unable to start Elastic on RHEL host

I installed Elastic as per this guide - https://www.elastic.co/guide/en/elasticsearch/reference/7.6/rpm.html

OS info - NAME="Red Hat Enterprise Linux Server", VERSION="7.7 (Maipo)"

Since my tmp direcgtory is set to NOEXEC, I added the following to 'elasticsearch.service' and '/etc/sysconfig/elasticsearch' files - ES_TMPDIR=/usr/share/elasticsearch/tmp

When i try to start the elasticsearch service using systemd, it fails.

When i run systemctl status command i see this -

bash-4.2# systemctl status elasticsearch.service
● elasticsearch.service - Elasticsearch
   Loaded: loaded (/etc/systemd/system/elasticsearch.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Tue 2020-03-24 02:47:29 EDT; 10min ago
     Docs: http://www.elastic.co
  Process: 1539 ExecStart=/usr/share/elasticsearch/bin/elasticsearch -p ${PID_DIR}/elasticsearch.pid (code=exited, status=216/GROUP)
 Main PID: 1539 (code=exited, status=216/GROUP)

Mar 24 02:47:29 infprduls102 systemd[1]: Starting Elasticsearch...
Mar 24 02:47:29 infprduls102 systemd[1539]: **Failed at step GROUP spawning /usr/share/elasticsearch/bin/elasticsearch: No such process**
Mar 24 02:47:29 infprduls102 systemd[1]: elasticsearch.service: main process exited, code=exited, status=216/GROUP
Mar 24 02:47:29 infprduls102 systemd[1]: Failed to start Elasticsearch.
Mar 24 02:47:29 infprduls102 systemd[1]: Unit elasticsearch.service entered failed state.
Mar 24 02:47:29 infprduls102 systemd[1]: elasticsearch.service failed.

I tried again, and then ran 'journalctl -xe' to get more info and saw this -

Mar 24 02:58:06 infprduls102 polkitd[1151]: Registered Authentication Agent for unix-process:11547:64742 (system bus name :1.26 [/usr/bin/pkttyagent --notify-fd 6 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, lo
Mar 24 02:58:06 infprduls102 systemd[1]: Starting Elasticsearch...
-- Subject: Unit elasticsearch.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit elasticsearch.service has begun starting up.
Mar 24 02:58:06 infprduls102 systemd[11553]: Failed at step GROUP spawning /usr/share/elasticsearch/bin/elasticsearch: No such process
-- Subject: Process /usr/share/elasticsearch/bin/elasticsearch could not be executed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- **The process /usr/share/elasticsearch/bin/elasticsearch could not be executed and failed.**
-- 
-- The error number returned by this process is 3.
Mar 24 02:58:06 infprduls102 systemd[1]: elasticsearch.service: main process exited, code=exited, status=216/GROUP
Mar 24 02:58:06 infprduls102 systemd[1]: Failed to start Elasticsearch.
-- Subject: Unit elasticsearch.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit elasticsearch.service has failed.
-- 
-- The result is failed.
Mar 24 02:58:06 infprduls102 systemd[1]: Unit elasticsearch.service entered failed state.
Mar 24 02:58:06 infprduls102 systemd[1]: elasticsearch.service failed.
Mar 24 02:58:06 infprduls102 polkitd[1151]: Unregistered Authentication Agent for unix-process:11547:64742 (system bus name :1.26, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)
lines 1629-1688/1688 (END)

I checked /var/log/elaticsearch and none of the logs there have any updated info. Looks like this thing is failing to run as service.
I checked '/usr/share/elasticsearch/bin/elasticsearch' and it exists.

Any ideas on why this is failing?

Maybe you can try using journalctl and see if you get any error message. See https://www.elastic.co/guide/en/elasticsearch/reference/7.6/starting-elasticsearch.html

I did. I muted quite mode and pasted the output above. The error message it captures is - 'The process /usr/share/elasticsearch/bin/elasticsearch could not be executed and failed.'

I disabled noexec on tmp and vfar/tmp and also disabled the firewall. that seems to have fixed the issue. I can now start, stop and restart the elasticsearch service through systemctl.

I have however discovered another issue. The install documentation recommends disabling '--quite' option in the elasticsearch.service file to enable jornal logging. Doing this causes the elasticsearch service to become un-startable. I get the same error as above. I did multiple remove and re-installs to verify this issue. I am leaving this battle for someone else to fight.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.