New graylog cluster - data node

i began using the graylog in its rpm version. i have one data node and one server.
in the data node i am trying to redirect the path:data to a mount i have on the server (external storage) and when i restart the elasticsearch process i keep getting this error and the process fails

Caused by: java.nio.file.AccessDeniedException: /app/nodes
        at sun.nio.fs.UnixException.translateToIOException( ~[?:?]
        at sun.nio.fs.UnixException.rethrowAsIOException( ~[?:?]
        at sun.nio.fs.UnixException.rethrowAsIOException( ~[?:?]
        at sun.nio.fs.UnixFileSystemProvider.createDirectory( ~[?:?]
        at java.nio.file.Files.createDirectory( ~[?:1.8.0_131]
        at java.nio.file.Files.createAndCheckIsDirectory( ~[?:1.8.0_131]
        at java.nio.file.Files.createDirectories( ~[?:1.8.0_131]
        at org.elasticsearch.env.NodeEnvironment.<init>( ~[elasticsearch-5.6.8.jar:5.6.8]
        at org.elasticsearch.node.Node.<init>( ~[elasticsearch-5.6.8.jar:5.6.8]
        at org.elasticsearch.node.Node.<init>( ~[elasticsearch-5.6.8.jar:5.6.8]
        at org.elasticsearch.bootstrap.Bootstrap$5.<init>( ~[elasticsearch-5.6.8.jar:5.6.8]
        at org.elasticsearch.bootstrap.Bootstrap.setup( ~[elasticsearch-5.6.8.jar:5.6.8]
        at org.elasticsearch.bootstrap.Bootstrap.init( ~[elasticsearch-5.6.8.jar:5.6.8]
        at org.elasticsearch.bootstrap.Elasticsearch.init( ~[elasticsearch-5.6.8.jar:5.6.8]

You have to ensure that the system user running Elasticsearch is able to write into the configured directories (see elasticsearch.yml).

my system user is root. and the external directory has full permissions.
where in the yml file can i find something related to user?

I’m pretty sure that Elasticsearch doesn’t run as the system root user. If it does, you should change that.

Are you sure about that? What’s the output of the following command?

# namei -l /app/nodes

You don’t, that’s configured in the start script of Elasticsearch.
But you’ll find configuration settings for the paths on disk used by Elasticsearch.

namei -l /app/nodes
f: /app/nodes
dr-xr-xr-x root root /
drwxrwxrwx root root app
drwxr-xr-x root root nodes

So, do you see the problem? (Hint: It’s the permissions)

but now its like that and still does not work
namei -l /app
f: /app
drwxrwxrwx root root /
drwxrwxrwx root root app
every directory under /app has full permissions

Check the logs of your Elasticsearch node and make sure that the directories it writes into are owned by the system user running Elasticsearch.

If you need more individual support, please consider booking Graylog Enterprise support:

i tried to own directories with users graylog and elasticsearch but nothing works.
nothing is shown in logs regarding user auth

i solved the issue

It would be great if you could share your solution so that other users with a similar problem can find it.

i saw that in the /etc/passwd file the elasticsearch user has the /sbin/nologin param.
after advising with my system linux expert he changed it to /bin/sh
after restarting the elasticsearch service the problem was solved.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.