Don’t forget to select tags to help index your topic!
1. Describe your incident:
I am installing Graylog 7 and I manage to start up mongodb, graylog-datanode and graylog-enterprise server started with no error. However, when it comes to Provisioning of Certificates in the Preflight screen, I get a failure that Opensearch was not initialized.
2. Describe your environment:
-
OS Information: Rocky Linux 9.7
-
Package Version: mongodb 8.0.19-1.el9, Graylog-datanode 7.0.4-1, Graylog-Enterprise 7.0.4-1.
-
Service logs, configurations, and environment variables: below are some of my log observations.
-
2026-02-26T15:32:07.446+02:00 WARN [OpensearchProcessImpl] [0.000s][error][logging] Error opening log file ‘/tmp/gc.log’: Permission denied
2026-02-26T15:32:07.446+02:00 WARN [OpensearchProcessImpl] [0.000s][error][logging] Initialization of output ‘file=/tmp/gc.log’ using options ‘filecount=32,filesize=64
m’ failed.
2026-02-26T15:32:07.446+02:00 WARN [OpensearchProcessImpl] error:
2026-02-26T15:32:07.446+02:00 WARN [OpensearchProcessImpl] Could not rename log file ‘/tmp/gc.log’ to ‘/tmp/gc.log.06’ (Operation not permitted).
2026-02-26T15:32:07.446+02:00 WARN [OpensearchProcessImpl] Invalid -Xlog option ‘-Xlog:gc*,gc+age=trace,safepoint:file=/tmp/gc.log:utctime,pid,tags:filecount=32,filesi
ze=64m’, see error log for details.
2026-02-26T15:32:07.447+02:00 WARN [OpensearchProcessImpl] Error: Could not create the Java Virtual Machine.
2026-02-26T15:32:07.447+02:00 WARN [OpensearchProcessImpl] Error: A fatal exception has occurred. Program will exit.
2026-02-26T15:32:07.447+02:00 WARN [OpensearchProcessImpl] at org.opensearch.tools.launchers.JvmErgonomics.flagsFinal(JvmErgonomics.java:125)
2026-02-26T15:32:07.447+02:00 WARN [OpensearchProcessImpl] at org.opensearch.tools.launchers.JvmErgonomics.finalJvmOptions(JvmErgonomics.java:87)
2026-02-26T15:32:07.447+02:00 WARN [OpensearchProcessImpl] at org.opensearch.tools.launchers.JvmErgonomics.choose(JvmErgonomics.java:70)
2026-02-26T15:32:07.447+02:00 WARN [OpensearchProcessImpl] at org.opensearch.tools.launchers.JvmOptionsParser.jvmOptions(JvmOptionsParser.java:150)
2026-02-26T15:32:07.447+02:00 WARN [OpensearchProcessImpl] at org.opensearch.tools.launchers.JvmOptionsParser.main(JvmOptionsParser.java:108)
2026-02-26T15:32:07.461+02:00 WARN [OpensearchProcessImpl] Opensearch process failed
org.apache.commons.exec.ExecuteException: Process exited with an error: 1 (Exit value: 1)
at org.apache.commons.exec.DefaultExecutor.executeInternal(DefaultExecutor.java:394)
at org.apache.commons.exec.DefaultExecutor.lambda$execute$0(DefaultExecutor.java:308)
at java.base/java.lang.Thread.run(Unknown Source)
2026-02-26T15:32:07.466+02:00 INFO [OpensearchCommandLineProcess] Process 97966 still alive, waiting for termination. Retry #1
2026-02-26T15:32:07.466+02:00 INFO [OpensearchCommandLineProcess] Process 97966 successfully terminated. -
2026-02-26T15:32:19.856+02:00 INFO [OpensearchProcessImpl] 15:32:19.854 [main] ERROR org.opensearch.security.auditlog.sink.SinkProvider - Default endpoint could not be created, auditlog will not work properly.
2026-02-26T15:32:23.688+02:00 INFO [OpensearchProcessImpl] 15:32:23.688 [opensearch[SiriusVM][transport_worker][T#7]] ERROR org.opensearch.security.auth.BackendRegistry - Not yet initialized (you may need to run securityadmin)
2026-02-26T15:32:23.737+02:00 WARN [OpensearchNodeHeartbeat] Opensearch REST api of process 98493 unavailable. Cause: Unable to parse response body
3. What steps have you already taken to try and solve the problem?
I have done 3 clean installs and the issue arises each time. I am a bit wary of changing the permissions of /tmp/gc.log without advice. Is this a known issue I should know about?
4. How can the community help?
How can the permission issue of /tmp/gc.log be fixed so that Opensearch can start? How can I complete this Provision certificate in Preflight?
Helpful Posting Tips: Tips for Posting Questions that Get Answers [Hold down CTRL and link on link to open tips documents in a separate tab]