Tonight I upgraded my home Graylog server from v3.0.0 to the new v3.1. I’m running it on a virtual Ubuntu 18.04.2 server, with Elasticsearch v 6.6.0, Mongo db version v4.0.12, and Open JDK v8. I followed the upgrade guide in the DEB section of: https://docs.graylog.org/en/3.1/pages/installation/operating_system_packages.html#deb-apt
After adjusting the new server.conf file to some specific values I had, I started up Graylog with “systemctl start graylog-server”. While it did load, it failed to listen on port 9000, and produced several curious lines in the /var/log/graylog-server/server.log:
2019-08-18T20:45:12.499-04:00 ERROR [Permissions] Error adding permissions for plugin: org.graylog.plugins.enterprise.search.rest.EnterpriseSearchRestPermissions
2019-08-18T20:45:18.113-04:00 ERROR [CmdLineTool] Guice error (more detail on log level debug): Error injecting constructor, java.lang.IllegalArgumentException: Duplicate permission found. Permission “Permission{permission=view:create, description=Create new view}” already exists!
After attempting a number of restarts trying to get debug logging working, when I finally added “level=debug” to about every line in log4j2.xml, it was really no help on the above error. Finding an older blog post about a problem plugin, I removed all the plugins from /usr/share/graylog-server/plugin. Here are the ones I had following the upgrade:
-rw-r–r-- 1 root root 21198709 Aug 18 23:00 graylog-plugin-aws-3.1.0.jar
-rw-r–r-- 1 root root 3729809 Aug 18 22:57 graylog-plugin-collector-3.1.0.jar
-rw-r–r-- 1 root root 25155812 Aug 18 22:52 graylog-plugin-enterprise-3.1.0.jar
-rw-r–r-- 1 root root 5239350 Aug 18 22:46 graylog-plugin-threatintel-3.1.0.jar
At this point, the server was able to start. I added them back one by one, restarting each time, and each time it continue to start up fine.
At this point, no further help is needed, but I decided to post this in case anyone else has a similar issue.