I have installed the .tgz of graylog & elasticsearch on a Raspberry Pi 4B in Ubuntu 20.04.2 LTS.
I have Graylog 4.x working with elasticsearch 7.x and mongodb 4.2.
Mongodb is starting automatically at each start of the raspberry because there is packages for arm in mongdb, so it’s working well.
It’s working well when i start them manually with the command :
./elasticsearch -d and ./graylogctl start
No problem i have graylog working well.
Now i just want to get this elasticsearch & graylog running automatically. I can’t always be on the raspberry, he has to work alone !
I don’t know if you can help me but i’m really in need!
HI @Veak
these are official systemd service unit files, which is used to start graylog and elasticsearch. Use it as a example.
Create files /etc/systemd/system/graylog-server.service and /etc/systemd/system/elasticsearch.service.
Update files for your environments, like paths in ExecStart parameter.
Update systemd using command: sudo systemctl daemon-reload
Enable services to start on startup: sudo systemctl enable graylog-server.service sudo systemctl enable elasticsearch.service
graylog-server.service
[Unit]
Description=Graylog server
Documentation=http://docs.graylog.org/
Wants=network-online.target
After=network-online.target
[Service]
Type=simple
Restart=on-failure
RestartSec=10
User=graylog
Group=graylog
LimitNOFILE=64000
ExecStart=/usr/share/graylog-server/bin/graylog-server
# When a JVM receives a SIGTERM signal it exits with 143.
SuccessExitStatus=143
# Make sure stderr/stdout is captured in the systemd journal.
StandardOutput=journal
StandardError=journal
[Install]
WantedBy=multi-user.target
elasticsearch.service
[Unit]
Description=Elasticsearch
Documentation=https://www.elastic.co
Wants=network-online.target
After=network-online.target
[Service]
Type=notify
RuntimeDirectory=elasticsearch
PrivateTmp=true
Environment=ES_HOME=/usr/share/elasticsearch
Environment=ES_PATH_CONF=/etc/elasticsearch
Environment=PID_DIR=/var/run/elasticsearch
Environment=ES_SD_NOTIFY=true
EnvironmentFile=-/etc/default/elasticsearch
WorkingDirectory=/usr/share/elasticsearch
User=elasticsearch
Group=elasticsearch
ExecStart=/usr/share/elasticsearch/bin/systemd-entrypoint -p ${PID_DIR}/elasticsearch.pid --quiet
# StandardOutput is configured to redirect to journalctl since
# some error messages may be logged in standard output before
# elasticsearch logging system is initialized. Elasticsearch
# stores its logs in /var/log/elasticsearch and does not use
# journalctl by default. If you also want to enable journalctl
# logging, you can simply remove the "quiet" option from ExecStart.
StandardOutput=journal
StandardError=inherit
# Specifies the maximum file descriptor number that can be opened by this process
LimitNOFILE=65535
# Specifies the maximum number of processes
LimitNPROC=4096
# Specifies the maximum size of virtual memory
LimitAS=infinity
# Specifies the maximum file size
LimitFSIZE=infinity
# Disable timeout logic and wait until process is stopped
TimeoutStopSec=0
# SIGTERM signal is used to stop the Java process
KillSignal=SIGTERM
# Send the signal only to the JVM rather than its control group
KillMode=process
# Java process is never killed
SendSIGKILL=no
# When a JVM receives a SIGTERM signal it exits with code 143
SuccessExitStatus=143
# Allow a slow startup before the systemd notifier module kicks in to extend the timeout
TimeoutStartSec=75
[Install]
WantedBy=multi-user.target
# Built for packages-7.10.2 (packages)
I did the steps that you told me.
As you can see, i have this error but i don’t know what am i supposed to do.
Do you have any idea?
Thank you very much
It’s hard to say, what’s wrong. But to start it correctly, you need to create user and group elastisearch, setup correct permissions for directories, create directory /var/run/elasticsearch for PID and so on.
Another problem is your missing parameter -p pid:
elasticsearch -d -p ${PID_DIR}/elasticsearch.pid
Your changed directory is also wierd, you put all elasticsearch data to /etc direcotory, which is not a good idea I think.
Good example if how to install from tgz package to distribution should be Arch linux PKGBUILD.
Also check elasticsearch log for more error description.
So I might be wrong here, but you should be able to use the .deb packages to deploy Graylog (and Elasticsearch) since the packages are noarch. Those packages will contain all the systemd unit files and should just work ™️.
I tried to do what you said, but as you can see in the screen, there is the error from java again…
I would love to know how to make running this PKGBUILD on my raspberry (if it can make all the things working correctly). But i’ve never used it, so i don’t really know how to process. Even if i’ve just tried to watch on the internet how to use that i’m still lost…
I already tried to do it, but unfortunaly it’s not working because i’m on arm & not on amd…
I would really love to get a package on ARM made by Graylog to make all the things working properly…
(I already tried to say that on the github from your company) but it looks like that your developpers don’t want to do it… I don’t know why
You can use official steps to install elastic, mongo and graylog from apt repository using Ubuntu installation steps to Raspberry ARM64, only some minor changes is required. You don’t need to use tgz installation, so services will start on startup, no manual steps needed. https://docs.graylog.org/en/4.0/pages/installation/os/ubuntu.html
I’ve one spare Raspberry Pi 3, so I’ve sucessfuly tested and installed Elasticsearch 7.10.2, MongoDB 4.4 and Graylog 4.0 on Ubuntu server 20.04 ARM64 image.
I have followed official steps, and only changes these ones:
