Unable to start logstash on FreeBSD

odhiambo · April 12, 2023, 11:01pm

I have installed logstash on FreeBSD. For some reason, starting or stopping it prompts for Kerberos authentication. I am not sure where it is getting this from, although it does seem there is some kerberos config somewhere on this server, but I never use it.

root@gw:/ # /usr/local/etc/rc.d/logstash stop
Stopping logstash.
logstash@FQDN's Password: [I press ENTER here]
su: krb5_verify_user: unable to reach any KDC in realm FQDN
Waiting for PIDS: 88577
^C
root@gw:/ # kill -9 88577
root@gw:/ #

As shown above, I have to kill the process or I will wait forever!

Same issue when starting it:

root@gw:/ # /usr/local/etc/rc.d/logstash start
Starting logstash.
logstash@FQDN's Password: [I press ENTER]
su: krb5_verify_user: unable to reach any KDC in realm FQDN

But it has started....

root@gw:/ # /usr/local/etc/rc.d/logstash status
logstash is running as pid 84273.
root@gw:/ #

How do I disable this Kerberos requirement from logstash??

TIA

leandrojmp · April 13, 2023, 2:29am

How did you install it?

Logstash has no requirement for Kerberos, your issue is coming from the script you are using to start/stop logstash.

This one /usr/local/etc/rc.d/logstash. Did you wrote it?

odhiambo · April 13, 2023, 8:56am

Hello and thanks for your response.
As I mentioned, I installed on FreeBSD. With FreeBSD we have 3 options to install - the pkg system (precompiled), the ports system (compiled on host) and the manual system (you do by hand). I installed using the ports (cd /usr/ports/sysutils/logstash8 && make install clean). The control script - /usr/local/etc/rc.d/logstash - was written by the port maintainer. You can see it below:

FreeBSD control script for logstash

I do not see anything in it that would invoke the requirement for Kerberos so I do not think it's the issue, but I am new to all this so I am counting on help from the experts.

leandrojmp · April 13, 2023, 12:31pm

Yeah, but as I said before, there is no issue with Logstash, it is related to your system and how you are running it.

In the end of the script you shared you have this line:

run_rc_command "$1"

If you check the documentation for this command you will see that the variable ${name}_user is required, in this case the variable is logstash_user, this will indicate the user to run the command, which is the logstash user since logstash should not be run by the root user.

In the documentation you also have this:

${name}user User to run command as, using chroot(8) if ${name}chroot is set, otherwise uses su(1). Only supported after /usr is mounted.

So, your script is calling su to run as the logstash user and for some reason running su in your system will call kerberos.

This is not an issue with Logstash, it is an issue in your system.

odhiambo · April 13, 2023, 1:05pm

I don't think you are right. In FreeBSD, the control scripts can be invoked by root the same way I can control a service in Linux with systemctl. Let me give you a rundown of Linux vs FreeBSD service controls:

LINUX                                   FreeBSD
systemctl start servicename == service servicename start;
systemctl stop servicename == service servicename stop;
systemctl status service name == service servicename status;

Linux also has the same control system - service xrdp status

On FreeBSD, service SERVICENAME status is the same thing as /usr/local/etc/rc.d/servicename status. So start|stop|status|restart are all controls.

On FreeBSD system, the user a service runs as can be specified in /etc/rc.conf and the control script is supposed to use that user to 'runas'. The service is supposed to drop privileges and runas the specified user after it starts.

So in my /etc/rc.conf I have:

# Logstash
logstash_enable="YES"
logstash_java_home="/usr/local/openjdk19"
logstash_user="logstash"
logstash_group="logstash"

Using the same control as Linux would do gives me the same headache:

root@gw:/usr/home/wash # su -m logstash -c '/usr/local/etc/rc.d/logstash start'
logstash already running?  (pid=82582).
root@gw:/usr/home/wash # su -m logstash -c '/usr/local/etc/rc.d/logstash stop'
Stopping logstash.
Waiting for PIDS: 82582
^C

root@gw:/usr/home/wash # kill -9 82582
root@gw:/usr/home/wash # service logstash status
logstash is not running.
root@gw:/usr/home/wash # service logstash start
Starting logstash.
logstash@FQDN's Password:

Trying another way:

root@gw:/usr/home/wash # su -m logstash -c '/usr/local/etc/rc.d/logstash start'
Starting logstash.
limits: setrlimit datasize: Operation not permitted
/usr/local/etc/rc.d/logstash: WARNING: failed to start logstash

I can workaround the above issue, but I hate having a workaround in a production system. Plus the service has a problem getting stopped. I have to kill it with signal 9.

So I will wait and hope someone else has a better idea why this is happening.

Thank you.

system · May 11, 2023, 1:06pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.