Unable to start Elasticsearch as a service

Elasticsearch version: 7.12
Elasticsearch is installed as an RPM on RHEL 7.9 server.
We running ELK on a single VM. For the path.data we have an NFS mounted. When I try to start elasticsearch with path.data set to /var/lib/elasticsearch it starts. But when path.data is set to point to the NFS mountpoint, we are seeing the below error.

When trying to start the process we are seeing the following error in the logs.

[2021-05-11T09:27:05,830][INFO ][o.e.e.NodeEnvironment    ] [jcpvirtualserver-new.sl.edst.ibm.com] using [1] data paths, mounts [[/elk (fsf-dal1202d-fz.adn.networklayer.com:/IBM02SEV1529259_387)]], net usable_space [999.9gb], net total_space [1000gb], types [nfs4]
[2021-05-11T09:27:05,831][INFO ][o.e.e.NodeEnvironment    ] [jcpvirtualserver-new.sl.edst.ibm.com] heap size [1gb], compressed ordinary object pointers [true]
[2021-05-11T09:27:05,941][INFO ][o.e.n.Node               ] [jcpvirtualserver-new.sl.edst.ibm.com] node name [jcpvirtualserver-new.sl.edst.ibm.com], node ID [TJnXqwHXTfOiiiB3FCBMVw], cluster name [janssen], roles [transform, data_frozen, master, remote_cluster_client, data, ml, data_content, data_hot, data_warm, data_cold, ingest]
[2021-05-11T09:27:11,266][INFO ][o.e.x.m.p.l.CppLogMessageHandler] [jcpvirtualserver-new.sl.edst.ibm.com] [controller/11309] [Main.cc@117] controller (64 bit): Version 7.12.0 (Build 778cc7261dfdd1) Copyright (c) 2021 Elasticsearch BV
[2021-05-11T09:27:11,848][INFO ][o.e.x.s.a.s.FileRolesStore] [jcpvirtualserver-new.sl.edst.ibm.com] parsed [0] roles from file [/etc/elasticsearch/roles.yml]
[2021-05-11T09:27:13,406][INFO ][o.e.t.NettyAllocator     ] [jcpvirtualserver-new.sl.edst.ibm.com] creating NettyAllocator with the following configs: [name=unpooled, suggested_max_allocation_size=1mb, factors={es.unsafe.use_unpooled_allocator=null, g1gc_enabled=true, g1gc_region_size=4mb, heap_size=1gb}]
[2021-05-11T09:27:13,493][INFO ][o.e.d.DiscoveryModule    ] [jcpvirtualserver-new.sl.edst.ibm.com] using discovery type [single-node] and seed hosts providers [settings]
[2021-05-11T09:27:13,983][INFO ][o.e.g.DanglingIndicesState] [jcpvirtualserver-new.sl.edst.ibm.com] gateway.auto_import_dangling_indices is disabled, dangling indices will not be automatically detected or imported and must be managed manually
[2021-05-11T09:27:14,461][INFO ][o.e.n.Node               ] [jcpvirtualserver-new.sl.edst.ibm.com] initialized
[2021-05-11T09:27:14,461][INFO ][o.e.n.Node               ] [jcpvirtualserver-new.sl.edst.ibm.com] starting ...
[2021-05-11T09:27:14,486][INFO ][o.e.x.s.c.PersistentCache] [jcpvirtualserver-new.sl.edst.ibm.com] persistent cache index loaded
[2021-05-11T09:27:14,606][INFO ][o.e.t.TransportService   ] [jcpvirtualserver-new.sl.edst.ibm.com] publish_address {169.48.231.149:9300}, bound_addresses {[::]:9300}
[2021-05-11T09:27:15,016][INFO ][o.e.c.c.Coordinator      ] [jcpvirtualserver-new.sl.edst.ibm.com] cluster UUID [CF7U90-_SEeXC38vmH1oOQ]
[2021-05-11T09:27:15,189][INFO ][o.e.c.s.MasterService    ] [jcpvirtualserver-new.sl.edst.ibm.com] elected-as-master ([1] nodes joined)[{jcpvirtualserver-new.sl.edst.ibm.com}{TJnXqwHXTfOiiiB3FCBMVw}{5tEUteN-RuinUSY-mb-y-w}{169.48.231.149}{169.48.231.149:9300}{cdfhilmrstw}{ml.machine_memory=67374616576, xpack.installed=true, transform.node=true, ml.max_open_jobs=20, ml.max_jvm_size=1073741824} elect leader, _BECOME_MASTER_TASK_, _FINISH_ELECTION_], term: 13, version: 70, delta: master node changed {previous [], current [{jcpvirtualserver-new.sl.edst.ibm.com}{TJnXqwHXTfOiiiB3FCBMVw}{5tEUteN-RuinUSY-mb-y-w}{169.48.231.149}{169.48.231.149:9300}{cdfhilmrstw}{ml.machine_memory=67374616576, xpack.installed=true, transform.node=true, ml.max_open_jobs=20, ml.max_jvm_size=1073741824}]}
[2021-05-11T09:27:15,405][INFO ][o.e.c.s.ClusterApplierService] [jcpvirtualserver-new.sl.edst.ibm.com] master node changed {previous [], current [{jcpvirtualserver-new.sl.edst.ibm.com}{TJnXqwHXTfOiiiB3FCBMVw}{5tEUteN-RuinUSY-mb-y-w}{169.48.231.149}{169.48.231.149:9300}{cdfhilmrstw}{ml.machine_memory=67374616576, xpack.installed=true, transform.node=true, ml.max_open_jobs=20, ml.max_jvm_size=1073741824}]}, term: 13, version: 70, reason: Publication{term=13, version=70}
[2021-05-11T09:27:15,495][INFO ][o.e.h.AbstractHttpServerTransport] [jcpvirtualserver-new.sl.edst.ibm.com] publish_address {169.48.231.149:9200}, bound_addresses {[::]:9200}
[2021-05-11T09:27:15,496][INFO ][o.e.n.Node               ] [jcpvirtualserver-new.sl.edst.ibm.com] started
[2021-05-11T09:27:15,786][INFO ][o.e.l.LicenseService     ] [jcpvirtualserver-new.sl.edst.ibm.com] license [73ad384a-415c-4c4b-a1a7-720917442406] mode [basic] - valid
[2021-05-11T09:27:15,788][INFO ][o.e.x.s.s.SecurityStatusChangeListener] [jcpvirtualserver-new.sl.edst.ibm.com] Active license is now [BASIC]; Security is enabled
[2021-05-11T09:27:15,794][INFO ][o.e.g.GatewayService     ] [jcpvirtualserver-new.sl.edst.ibm.com] recovered [0] indices into cluster_state
[2021-05-11T09:27:16,089][INFO ][o.e.x.s.a.AuthenticationService] [jcpvirtualserver-new.sl.edst.ibm.com] Authentication of [kibana] was terminated by realm [reserved] - failed to authenticate user [kibana]
[2021-05-11T09:27:18,399][INFO ][o.e.x.s.a.AuthenticationService] [jcpvirtualserver-new.sl.edst.ibm.com] Authentication of [kibana] was terminated by realm [reserved] - failed to authenticate user [kibana]

This is my elasticsearch.yml file:

# ======================== Elasticsearch Configuration =========================
#
# NOTE: Elasticsearch comes with reasonable defaults for most settings.
#       Before you set out to tweak and tune the configuration, make sure you
#       understand what are you trying to accomplish and the consequences.
#
# The primary way of configuring a node is via this file. This template lists
# the most important settings you may want to configure for a production cluster.
#
# Please consult the documentation for further information on configuration options:
# https://www.elastic.co/guide/en/elasticsearch/reference/index.html
#
# ---------------------------------- Cluster -----------------------------------
#
# Use a descriptive name for your cluster:
#
cluster.name: janssen
#
# ------------------------------------ Node ------------------------------------
#
# Use a descriptive name for the node:
#
#node.name: node-1
#
# Add custom attributes to the node:
#
#node.attr.rack: r1
node.master: true
node.data: true

#
# ----------------------------------- Paths ------------------------------------
#
# Path to directory where to store the data (separate multiple locations by comma):
#
path.data: /elk/data01/
#path.data: /elasticsearch
#path.data: /var/lib/elasticsearch
#path.data: /elasticsearch/data02
#
# Path to log files:
#
path.logs: /var/log/elasticsearch
#
# ----------------------------------- Memory -----------------------------------
#
# Lock the memory on startup:
#
#bootstrap.memory_lock: true
#
# Make sure that the heap size is set to about half the memory available
# on the system and that the owner of the process is allowed to use this
# limit.
#
# Elasticsearch performs poorly when the system is swapping the memory.
#
# ---------------------------------- Network -----------------------------------
#
# Set the bind address to a specific IP (IPv4 or IPv6):
#
#network.host: 192.168.0.1
network.host: 0.0.0.0
#
# Set a custom port for HTTP:
#
http.port: 9200
#
# For more information, consult the network module documentation.
#
# --------------------------------- Discovery ----------------------------------
#
# Pass an initial list of hosts to perform discovery when this node is started:
# The default list of hosts is ["127.0.0.1", "[::1]"]
#
#discovery.seed_hosts: ["host1", "host2"]
#
# Bootstrap the cluster using an initial set of master-eligible nodes:
#
#cluster.initial_master_nodes: ["node-1", "node-2"]
#
# For more information, consult the discovery and cluster formation module documentation.
#
# ---------------------------------- Gateway -----------------------------------
#
# Block initial recovery after a full cluster restart until N nodes are started:
#
#gateway.recover_after_nodes: 3
#
# For more information, consult the gateway module documentation.
#
# ---------------------------------- Various -----------------------------------
#
# Require explicit names when deleting indices:
#
#action.destructive_requires_name: true

xpack.security.enabled: true
discovery.type: single-node
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /etc/elasticsearch/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /etc/elasticsearch/elastic-certificates.p12
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: "http.p12"

Pavan

Attaching my Kibana.yml as the first ran out of characters limit:

# Kibana is served by a back end server. This setting specifies the port to use.
server.port: 5601

# Specifies the address to which the Kibana server will bind. IP addresses and host names are both valid values.
# The default is 'localhost', which usually means remote machines will not be able to connect.
# To allow connections from remote users, set this parameter to a non-loopback address.
#server.host: "localhost"
server.host: "169.48.231.149"

# Enables you to specify a path to mount Kibana at if you are running behind a proxy.
# Use the `server.rewriteBasePath` setting to tell Kibana if it should remove the basePath
# from requests it receives, and to prevent a deprecation warning at startup.
# This setting cannot end in a slash.
#server.basePath: ""

# Specifies whether Kibana should rewrite requests that are prefixed with
# `server.basePath` or require that they are rewritten by your reverse proxy.
# This setting was effectively always `false` before Kibana 6.3 and will
# default to `true` starting in Kibana 7.0.
#server.rewriteBasePath: false

# The maximum payload size in bytes for incoming server requests.
#server.maxPayloadBytes: 1048576

# The Kibana server's name.  This is used for display purposes.
#server.name: "your-hostname"

# The URLs of the Elasticsearch instances to use for all your queries.
#elasticsearch.hosts: ["http://localhost:9200"]
elasticsearch.hosts: ["https://169.48.231.149:9200"]

# When this setting's value is true Kibana uses the hostname specified in the server.host
# setting. When the value of this setting is false, Kibana uses the hostname of the host
# that connects to this Kibana instance.
#elasticsearch.preserveHost: true

# Kibana uses an index in Elasticsearch to store saved searches, visualizations and
# dashboards. Kibana creates a new index if the index doesn't already exist.
#kibana.index: ".kibana"

# The default application to load.
#kibana.defaultAppId: "home"

# If your Elasticsearch is protected with basic authentication, these settings provide
# the username and password that the Kibana server uses to perform maintenance on the Kibana
# index at startup. Your Kibana users still need to authenticate with Elasticsearch, which
# is proxied through the Kibana server.
#elasticsearch.username: "kibana"
#elasticsearch.password: "kibana"

# Enables SSL and paths to the PEM-format SSL certificate and SSL key files, respectively.
# These settings enable SSL for outgoing requests from the Kibana server to the browser.
#server.ssl.enabled: true
#server.ssl.certificate: /path/to/your/server.crt
#server.ssl.key: /path/to/your/server.key
server.ssl.enabled: true
server.ssl.keystore.path: /etc/kibana/kibana-server.p12

# Optional settings that provide the paths to the PEM-format SSL certificate and key files.
# These files are used to verify the identity of Kibana to Elasticsearch and are required when
# xpack.security.http.ssl.client_authentication in Elasticsearch is set to required.
#elasticsearch.ssl.certificate: /path/to/your/client.crt
#elasticsearch.ssl.key: /path/to/your/client.key
xpack.security.enabled: true
xpack.security.encryptionKey: "mZvobNeX5JnPlD2tSnGvun2/fzfMUkrqPBPQuDQL/Y"
xpack.encryptedSavedObjects.encryptionKey: "CZ2o5ZMg6n+Uz9QoTQcnLxpM94Stri8T0oT1r2KK+no="
xpack.security.session.idleTimeout: "60m"
xpack.security.session.lifespan: "24h"

# Optional setting that enables you to specify a path to the PEM file for the certificate
# authority for your Elasticsearch instance.
#elasticsearch.ssl.certificateAuthorities: [ "/path/to/your/CA.pem" ]
elasticsearch.ssl.truststore.path: "/etc/kibana/http.p12"
#elasticsearch.ssl.certificateAuthorities: "/etc/kibana/elasticsearch-ca.pem"

# To disregard the validity of SSL certificates, change this setting's value to 'none'.
elasticsearch.ssl.verificationMode: certificate

# Time in milliseconds to wait for Elasticsearch to respond to pings. Defaults to the value of
# the elasticsearch.requestTimeout setting.
#elasticsearch.pingTimeout: 1500

# Time in milliseconds to wait for responses from the back end or Elasticsearch. This value
# must be a positive integer.
#elasticsearch.requestTimeout: 30000

# List of Kibana client-side headers to send to Elasticsearch. To send *no* client-side
# headers, set this value to [] (an empty list).
#elasticsearch.requestHeadersWhitelist: [ authorization ]

# Header names and values that are sent to Elasticsearch. Any custom headers cannot be overwritten
# by client-side headers, regardless of the elasticsearch.requestHeadersWhitelist configuration.
#elasticsearch.customHeaders: {}

# Time in milliseconds for Elasticsearch to wait for responses from shards. Set to 0 to disable.
#elasticsearch.shardTimeout: 30000

# Time in milliseconds to wait for Elasticsearch at Kibana startup before retrying.
#elasticsearch.startupTimeout: 5000

# Logs queries sent to Elasticsearch. Requires logging.verbose set to true.
#elasticsearch.logQueries: false

# Specifies the path where Kibana creates the process ID file.
#pid.file: /var/run/kibana.pid

# Enables you to specify a file where Kibana stores log output.
logging.dest: /var/log/kibana/kibana.log

# Set the value of this setting to true to suppress all logging output.
#logging.silent: false

# Set the value of this setting to true to suppress all logging output other than error messages.
#logging.quiet: false

# Set the value of this setting to true to log all events, including system usage information
# and all requests.
#logging.verbose: true

# Set the interval in milliseconds to sample system and process performance
# metrics. Minimum is 100ms. Defaults to 5000.
#ops.interval: 5000

# Specifies locale to be used for all localizable strings, dates and number formats.
# Supported languages are the following: English - en , by default , Chinese - zh-CN .
#i18n.locale: "en"

Please let me know if you need any other info from my end.

Regards,
Pavan

There are no errors in that log

And that suggests that Elasticsearch has started and is listening.

Does this mean my Elasticsearch is up, but my Kibana is not connecting to it?
When I try to open Kibana, I get "Kibana server is not ready"

I see this error in my Kibana logs:

{"type":"log","@timestamp":"2021-05-11T22:49:43-05:00","tags":["warning","plugins","licensing"],"pid":1359,"message":"License information could not be obtained from Elasticsearch due to [security_exception] unable to authenticate user [kibana] for REST request [/_xpack?accept_enterprise=true], with { header={ WWW-Authenticate={ 0=\"Basic realm=\\\"security\\\" charset=\\\"UTF-8\\\"\" & 1=\"Bearer realm=\\\"security\\\"\" & 2=\"ApiKey\" } } } :: {\"path\":\"/_xpack?accept_enterprise=true\",\"statusCode\":401,\"response\":\"{\\\"error\\\":{\\\"root_cause\\\":[{\\\"type\\\":\\\"security_exception\\\",\\\"reason\\\":\\\"unable to authenticate user [kibana] for REST request [/_xpack?accept_enterprise=true]\\\",\\\"header\\\":{\\\"WWW-Authenticate\\\":[\\\"Basic realm=\\\\\\\"security\\\\\\\" charset=\\\\\\\"UTF-8\\\\\\\"\\\",\\\"Bearer realm=\\\\\\\"security\\\\\\\"\\\",\\\"ApiKey\\\"]}}],\\\"type\\\":\\\"security_exception\\\",\\\"reason\\\":\\\"unable to authenticate user [kibana] for REST request [/_xpack?accept_enterprise=true]\\\",\\\"header\\\":{\\\"WWW-Authenticate\\\":[\\\"Basic realm=\\\\\\\"security\\\\\\\" charset=\\\\\\\"UTF-8\\\\\\\"\\\",\\\"Bearer realm=\\\\\\\"security\\\\\\\"\\\",\\\"ApiKey\\\"]}},\\\"status\\\":401}\",\"wwwAuthenticateDirective\":\"Basic realm=\\\"security\\\" charset=\\\"UTF-8\\\", Bearer realm=\\\"security\\\", ApiKey\"} error"}

Should I create a topic under Kibana for this?

Regards,
Pavan

I also tried to reset the password for Kibana based on this post:
I lost the password that has been changed
I am getting this error for both users Elastic and Kibana.

[root@jcpvirtualserver-new ~]# curl -u elastic:1QdjDELm7ITSikVh -XPUT -k 'https://localhost:9200/_xpack/security/user/elastic/_password?pretty' -H 'Content-Type: application/json' -d' {  "password" : "janssenelastic" } '
{
  "error" : {
    "root_cause" : [
      {
        "type" : "security_exception",
        "reason" : "unable to authenticate user [elastic] for REST request [/_xpack/security/user/elastic/_password?pretty]",
        "header" : {
          "WWW-Authenticate" : [
            "Basic realm=\"security\" charset=\"UTF-8\"",
            "Bearer realm=\"security\"",
            "ApiKey"
          ]
        }
      }
    ],
    "type" : "security_exception",
    "reason" : "unable to authenticate user [elastic] for REST request [/_xpack/security/user/elastic/_password?pretty]",
    "header" : {
      "WWW-Authenticate" : [
        "Basic realm=\"security\" charset=\"UTF-8\"",
        "Bearer realm=\"security\"",
        "ApiKey"
      ]
    }
  },
  "status" : 401
}

[root@jcpvirtualserver-new ~]# curl -u elastic:1QdjDELm7ITSikVh -XPUT -k 'https://localhost:9200/_xpack/security/user/kibana/_password?pretty' -H 'Content-Type: application/json' -d' {  "password" : "janssenkibana" } '
{
  "error" : {
    "root_cause" : [
      {
        "type" : "security_exception",
        "reason" : "unable to authenticate user [elastic] for REST request [/_xpack/security/user/kibana/_password?pretty]",
        "header" : {
          "WWW-Authenticate" : [
            "Basic realm=\"security\" charset=\"UTF-8\"",
            "Bearer realm=\"security\"",
            "ApiKey"
          ]
        }
      }
    ],
    "type" : "security_exception",
    "reason" : "unable to authenticate user [elastic] for REST request [/_xpack/security/user/kibana/_password?pretty]",
    "header" : {
      "WWW-Authenticate" : [
        "Basic realm=\"security\" charset=\"UTF-8\"",
        "Bearer realm=\"security\"",
        "ApiKey"
      ]
    }
  },
  "status" : 401
}

Is there any other way to authenticate the built-in users?

Regards,
Pavan

I started Elasticsearch from my mounted path.data and run the elasticsearch-setup-passwords command, and I was able to solve that authentication error.

Thanks,
Pavan

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.