Elasticsearch not running on fresh install
ralphyz opened this issue · 4 comments
ralphyz commented
I cloned the repo, then docker-compose-up -d (no need to create _data, as it exists). The errors below about Elasticsearch occurred. I don't know what is going on, or how to fix.
System info:
wfcody@hunt-bison:~/docker_offensive_elk$ uname -a
Linux hunt-bison 4.15.0-38-generic #41-Ubuntu SMP Wed Oct 10 10:59:38 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
wfcody@hunt-bison:~/docker_offensive_elk$ docker-compose -v
docker-compose version 1.21.2, build a133471
wfcody@hunt-bison:~/docker_offensive_elk$ docker -v
Docker version 18.09.0, build 4d60db4
Errors:
wfcody@hunt-bison:~/docker_offensive_elk$docker-compose up -d
Creating elk_elasticsearch ... done
Creating elk_logstash ... done
Creating elk_kibana ... done
Creating elk_ingestor ... done
wfcody@hunt-bison:~/docker_offensive_elk$ curl -XPUT 'localhost:9200/nmap-vuln-to-es'
curl: (7) Failed to connect to localhost port 9200: Connection refused
wfcody@hunt-bison:~/docker_offensive_elk$ netstat -antp
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:6010 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:6011 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:6012 0.0.0.0:* LISTEN -
tcp 0 0 192.168.176.169:22 192.168.184.240:2614 ESTABLISHED -
tcp 0 36 192.168.176.169:22 192.168.184.240:1795 ESTABLISHED -
tcp 0 0 192.168.176.169:22 192.168.184.240:32705 ESTABLISHED -
tcp 0 0 192.168.176.169:22 192.168.184.240:32706 ESTABLISHED -
tcp 0 0 192.168.176.169:22 192.168.184.240:1796 ESTABLISHED -
tcp 0 0 192.168.176.169:22 192.168.184.240:2613 ESTABLISHED -
tcp6 0 0 :::22 :::* LISTEN -
tcp6 0 0 ::1:6010 :::* LISTEN -
tcp6 0 0 ::1:6011 :::* LISTEN -
tcp6 0 0 ::1:6012 :::* LISTEN -
tcp6 0 0 :::5601 :::* LISTEN -
tcp6 0 0 :::5000 :::* LISTEN -
wfcody@hunt-bison:~/docker_offensive_elk$ docker-compose down
Stopping elk_logstash ... done
Stopping elk_kibana ... done
Stopping elk_elasticsearch ... done
Removing elk_ingestor ... done
Removing elk_logstash ... done
Removing elk_kibana ... done
Removing elk_elasticsearch ... done
Removing network docker_offensive_elk_elk
wfcody@hunt-bison:~/docker_offensive_elk$ docker ps -aq
wfcody@hunt-bison:~/docker_offensive_elk$ docker-compose up
Creating network "docker_offensive_elk_elk" with driver "bridge"
Creating elk_elasticsearch ... done
Creating elk_logstash ... done
Creating elk_kibana ... done
Creating elk_ingestor ... done
Attaching to elk_elasticsearch, elk_logstash, elk_ingestor, elk_kibana
elk_elasticsearch | OpenJDK 64-Bit Server VM warning: Option UseConcMarkSweepGC was deprecated in version 9.0 and will likely be removed in a future release.
elk_elasticsearch | [2018-12-05T20:31:29,687][INFO ][o.e.n.Node ] [] initializing ...
elk_elasticsearch | [2018-12-05T20:31:29,698][WARN ][o.e.b.ElasticsearchUncaughtExceptionHandler] [] uncaught exception in thread [main]
elk_elasticsearch | org.elasticsearch.bootstrap.StartupException: java.lang.IllegalStateException: Failed to create node environment
elk_elasticsearch | at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:140) ~[elasticsearch-6.3.0.jar:6.3.0]
elk_elasticsearch | at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:127) ~[elasticsearch-6.3.0.jar:6.3.0]
elk_elasticsearch | at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86) ~[elasticsearch-6.3.0.jar:6.3.0]
elk_elasticsearch | at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124) ~[elasticsearch-cli-6.3.0.jar:6.3.0]
elk_elasticsearch | at org.elasticsearch.cli.Command.main(Command.java:90) ~[elasticsearch-cli-6.3.0.jar:6.3.0]
elk_elasticsearch | at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:93) ~[elasticsearch-6.3.0.jar:6.3.0]
elk_elasticsearch | at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:86) ~[elasticsearch-6.3.0.jar:6.3.0]
elk_elasticsearch | Caused by: java.lang.IllegalStateException: Failed to create node environment
elk_elasticsearch | at org.elasticsearch.node.Node.<init>(Node.java:273) ~[elasticsearch-6.3.0.jar:6.3.0]
elk_elasticsearch | at org.elasticsearch.node.Node.<init>(Node.java:252) ~[elasticsearch-6.3.0.jar:6.3.0]
elk_elasticsearch | at org.elasticsearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:213) ~[elasticsearch-6.3.0.jar:6.3.0]
elk_elasticsearch | at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:213) ~[elasticsearch-6.3.0.jar:6.3.0]
elk_elasticsearch | at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:326) ~[elasticsearch-6.3.0.jar:6.3.0]
elk_elasticsearch | at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:136) ~[elasticsearch-6.3.0.jar:6.3.0]
elk_elasticsearch | ... 6 more
elk_elasticsearch | Caused by: java.nio.file.AccessDeniedException: /usr/share/elasticsearch/data/nodes
elk_elasticsearch | at sun.nio.fs.UnixException.translateToIOException(UnixException.java:90) ~[?:?]
elk_elasticsearch | at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:111) ~[?:?]
elk_elasticsearch | at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:116) ~[?:?]
elk_elasticsearch | at sun.nio.fs.UnixFileSystemProvider.createDirectory(UnixFileSystemProvider.java:385) ~[?:?]
elk_elasticsearch | at java.nio.file.Files.createDirectory(Files.java:682) ~[?:?]
elk_elasticsearch | at java.nio.file.Files.createAndCheckIsDirectory(Files.java:789) ~[?:?]
elk_elasticsearch | at java.nio.file.Files.createDirectories(Files.java:775) ~[?:?]
elk_elasticsearch | at org.elasticsearch.env.NodeEnvironment.<init>(NodeEnvironment.java:203) ~[elasticsearch-6.3.0.jar:6.3.0]
elk_elasticsearch | at org.elasticsearch.node.Node.<init>(Node.java:270) ~[elasticsearch-6.3.0.jar:6.3.0]
elk_elasticsearch | at org.elasticsearch.node.Node.<init>(Node.java:252) ~[elasticsearch-6.3.0.jar:6.3.0]
elk_elasticsearch | at org.elasticsearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:213) ~[elasticsearch-6.3.0.jar:6.3.0]
elk_elasticsearch | at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:213) ~[elasticsearch-6.3.0.jar:6.3.0]
elk_elasticsearch | at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:326) ~[elasticsearch-6.3.0.jar:6.3.0]
elk_elasticsearch | at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:136) ~[elasticsearch-6.3.0.jar:6.3.0]
elk_elasticsearch | ... 6 more
elk_ingestor exited with code 0
elk_kibana | {"type":"log","@timestamp":"2018-12-05T20:31:33Z","tags":["status","plugin:kibana@6.3.0","info"],"pid":1,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"}
elk_kibana | {"type":"log","@timestamp":"2018-12-05T20:31:33Z","tags":["status","plugin:elasticsearch@6.3.0","info"],"pid":1,"state":"yellow","message":"Status changed from uninitialized to yellow - Waiting for Elasticsearch","prevState":"uninitialized","prevMsg":"uninitialized"}
elk_kibana | {"type":"log","@timestamp":"2018-12-05T20:31:34Z","tags":["status","plugin:timelion@6.3.0","info"],"pid":1,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"}
elk_kibana | {"type":"log","@timestamp":"2018-12-05T20:31:34Z","tags":["status","plugin:console@6.3.0","info"],"pid":1,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"}
elk_kibana | {"type":"log","@timestamp":"2018-12-05T20:31:34Z","tags":["status","plugin:metrics@6.3.0","info"],"pid":1,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"}
elk_kibana | {"type":"log","@timestamp":"2018-12-05T20:31:34Z","tags":["listening","info"],"pid":1,"message":"Server running at http://0:5601"}
elk_kibana | {"type":"log","@timestamp":"2018-12-05T20:31:34Z","tags":["error","elasticsearch","admin"],"pid":1,"message":"Request error, retrying\nHEAD http://elasticsearch:9200/ => connect ECONNREFUSED 172.23.0.2:9200"}
elk_kibana | {"type":"log","@timestamp":"2018-12-05T20:31:34Z","tags":["warning","elasticsearch","admin"],"pid":1,"message":"Unable to revive connection: http://elasticsearch:9200/"}
elk_kibana | {"type":"log","@timestamp":"2018-12-05T20:31:34Z","tags":["warning","elasticsearch","admin"],"pid":1,"message":"No living connections"}
elk_kibana | {"type":"log","@timestamp":"2018-12-05T20:31:34Z","tags":["status","plugin:elasticsearch@6.3.0","error"],"pid":1,"state":"red","message":"Status changed from yellow to red - Unable to connect to Elasticsearch at http://elasticsearch:9200.","prevState":"yellow","prevMsg":"Waiting for Elasticsearch"}
elk_elasticsearch exited with code 1
elk_kibana | {"type":"log","@timestamp":"2018-12-05T20:31:36Z","tags":["warning","elasticsearch","admin"],"pid":1,"message":"Unable to revive connection: http://elasticsearch:9200/"}
elk_kibana | {"type":"log","@timestamp":"2018-12-05T20:31:36Z","tags":["warning","elasticsearch","admin"],"pid":1,"message":"No living connections"}
elk_elasticsearch | OpenJDK 64-Bit Server VM warning: Option UseConcMarkSweepGC was deprecated in version 9.0 and will likely be removed in a future release.
elk_elasticsearch | [2018-12-05T20:31:29,687][INFO ][o.e.n.Node ] [] initializing ...
elk_elasticsearch | [2018-12-05T20:31:29,698][WARN ][o.e.b.ElasticsearchUncaughtExceptionHandler] [] uncaught exception in thread [main]
elk_elasticsearch | org.elasticsearch.bootstrap.StartupException: java.lang.IllegalStateException: Failed to create node environment
elk_elasticsearch | at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:140) ~[elasticsearch-6.3.0.jar:6.3.0]
elk_elasticsearch | at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:127) ~[elasticsearch-6.3.0.jar:6.3.0]
elk_elasticsearch | at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86) ~[elasticsearch-6.3.0.jar:6.3.0]
elk_elasticsearch | at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124) ~[elasticsearch-cli-6.3.0.jar:6.3.0]
elk_elasticsearch | at org.elasticsearch.cli.Command.main(Command.java:90) ~[elasticsearch-cli-6.3.0.jar:6.3.0]
elk_elasticsearch | at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:93) ~[elasticsearch-6.3.0.jar:6.3.0]
elk_elasticsearch | at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:86) ~[elasticsearch-6.3.0.jar:6.3.0]
elk_elasticsearch | Caused by: java.lang.IllegalStateException: Failed to create node environment
elk_elasticsearch | at org.elasticsearch.node.Node.<init>(Node.java:273) ~[elasticsearch-6.3.0.jar:6.3.0]
elk_elasticsearch | at org.elasticsearch.node.Node.<init>(Node.java:252) ~[elasticsearch-6.3.0.jar:6.3.0]
elk_elasticsearch | at org.elasticsearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:213) ~[elasticsearch-6.3.0.jar:6.3.0]
elk_elasticsearch | at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:213) ~[elasticsearch-6.3.0.jar:6.3.0]
elk_elasticsearch | at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:326) ~[elasticsearch-6.3.0.jar:6.3.0]
elk_elasticsearch | at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:136) ~[elasticsearch-6.3.0.jar:6.3.0]
elk_elasticsearch | ... 6 more
elk_elasticsearch | Caused by: java.nio.file.AccessDeniedException: /usr/share/elasticsearch/data/nodes
elk_elasticsearch | at sun.nio.fs.UnixException.translateToIOException(UnixException.java:90) ~[?:?]
elk_elasticsearch | at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:111) ~[?:?]
elk_elasticsearch | at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:116) ~[?:?]
elk_elasticsearch | at sun.nio.fs.UnixFileSystemProvider.createDirectory(UnixFileSystemProvider.java:385) ~[?:?]
elk_elasticsearch | at java.nio.file.Files.createDirectory(Files.java:682) ~[?:?]
elk_elasticsearch | at java.nio.file.Files.createAndCheckIsDirectory(Files.java:789) ~[?:?]
elk_elasticsearch | at java.nio.file.Files.createDirectories(Files.java:775) ~[?:?]
elk_elasticsearch | at org.elasticsearch.env.NodeEnvironment.<init>(NodeEnvironment.java:203) ~[elasticsearch-6.3.0.jar:6.3.0]
elk_elasticsearch | at org.elasticsearch.node.Node.<init>(Node.java:270) ~[elasticsearch-6.3.0.jar:6.3.0]
elk_elasticsearch | at org.elasticsearch.node.Node.<init>(Node.java:252) ~[elasticsearch-6.3.0.jar:6.3.0]
elk_elasticsearch | at org.elasticsearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:213) ~[elasticsearch-6.3.0.jar:6.3.0]
elk_elasticsearch | at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:213) ~[elasticsearch-6.3.0.jar:6.3.0]
elk_elasticsearch | at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:326) ~[elasticsearch-6.3.0.jar:6.3.0]
elk_elasticsearch | at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:136) ~[elasticsearch-6.3.0.jar:6.3.0]
elk_elasticsearch | ... 6 more
elk_elasticsearch | OpenJDK 64-Bit Server VM warning: Option UseConcMarkSweepGC was deprecated in version 9.0 and will likely be removed in a future release.
marco-lancini commented
Hi @ralphyz, did you chown the _data folder?
❯ sudo chown -R <user>:<user> ./_data/
redxking commented
I have the same issue. I do not know much about docker. I am assuming its a security issue within the container. Has anyone fixed this yet? Also is there a username and password for logging into the containers? Sorry i'm not well versed on Docker.
mcruz-gh commented
Hello there @ralphyz,
To solve this, you have to change the ownership of _data directory to the elasticsearch user: sudo chown -R 1000:1000 ./_data/. That was described in this elasticsearch-docker issue: elastic/elasticsearch-docker#21 (comment)
Good luck!
ralphyz commented
That worked for me.