Working with elasticsearch-keystore

I'm running through a basic install on a Ubuntu server 20.04 VM. I'm able to get ES installed with no trouble, but am having some issues when I start working through setting up security and encryption.

Specifically I'm having an issue using the elasticsearch-keystore tool to create the file or add/remove settings from it. It seems like I'm having an issue at the file system level as it appears to be choking on accessing the /etc/elasticsearch directory.

/usr/share/elasticsearch$ ./bin/elasticsearch-keystore list
./bin/elasticsearch-env: line 75: /etc/default/elasticsearch: Permission denied

I'm logged in as a non-root user. My default when I get a Permission denied is to rerun with sudo...

/usr/share/elasticsearch$ sudo ./bin/elasticsearch-keystore list

But as soon as I try to add a setting by running with sudo I get a message that elasticsearch should not be run as root. Also documentation suggests I should be running the keystore tool as the same user that will be running elasticsearch.

Digging in the elasticsearch.service file shows that it will be running as the elasticsearch user, so I started trying to figure out if I can run the keystore tool as that user, but haven't been able to get that to work successfully either. This led me to the discussion forums and it looks like nobody that's talking about the keystore tool is mentioning having to do anything with the user to get it to work. This makes me believe I'm doing something fundamentally wrong.

Any help?

How did you install elasticsearch and how do you run elasticsearch ? What are the permissions of /etc/default/elasticsearch (run ls -la /etc/default/elasticsearch )

Thanks for the response. I used the deb package and installed with sudo dpkg -i

Attempting to run the keystore tool as elasticsearch user:

su -
runuser -u elasticsearch /urs/share/elasticsearch/bin/elasticsearch-keystore add some.setting
Enter value for some.setting:
ERROR: unable to create temporary keystore at [/etc/elasticsearch/elasticsearch.keystore.tmp], write permissions required for [/etc/elasticsearch] or run [elasticsearch-keystore upgrade]

So, I did try elasticsearch-keystore upgrade but it didn't change the outcome of the above command when run again.

I don't have an /etc/default/elasticsearch, but I do have /etc/elasticsearch...

sudo ls -la /etc/elasticsearch
total 52
drwxr-s---  2 root elasticsearch  4096 May 29 00:11 .
drwxr-xr-x 99 root root           4096 May 27 22:18 ..
-rw-rw----  1 root elasticsearch   199 May 26 21:00 elasticsearch.keystore
-rw-r--r--  1 root elasticsearch    76 May 26 21:00 .elasticsearch.keystore.initial_md5sum
-rw-rw----  1 root elasticsearch  3001 May 28 22:29 elasticsearch.yml
-rw-rw----  1 root elasticsearch  2373 Mar 26 06:39 jvm.options
-rw-rw----  1 root elasticsearch 17545 Mar 26 06:39
-rw-rw----  1 root elasticsearch   473 Mar 26 06:39 role_mapping.yml
-rw-rw----  1 root elasticsearch   197 Mar 26 06:39 roles.yml
-rw-rw----  1 root elasticsearch     0 Mar 26 06:39 users
-rw-rw----  1 root elasticsearch     0 Mar 26 06:39 users_roles

On a side note... Using the same technique to run the kibana-keystore tool as the kibana user worked with no issues. Though it seems to be creating the kibana.keystore file in /var/lib/kibana where as the elasticsearch.keystore file is in /etc/elasticsearch.

ls -la /etc/kibana
total 20
drwxrwxr-x  2 root root 4096 May 29 00:12 .
drwxr-xr-x 99 root root 4096 May 27 22:18 ..
-rw-r--r--  1 root root 3009 Mar 26 07:22 apm.js
-rw-r--r--  1 root root 5291 May 29 00:12 kibana.yml

Kibana was installed with in the same way, with dpkg and the deb package. I have not changed folder or file permissions from what was established at install.

Thanks for the details, we can try and reproduce this now . One final question ( that I should probably have asked already ) : what version are you trying to install ?

7.6.2, and only because 7.7 wasn't out when I starting poking around at this.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.