-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
kibana does not start due to wrong permissions of optimize dir #77590
Comments
Pinging @elastic/kibana-operations (Team:Operations) |
I've also encountered the same issue on Amazon Linux 2; running This issue seems to be related: #6730 However I'm getting a different (maybe related?) issue when trying the same on Aliyun Linux. It fails even if i
And I'm not certain how to debug this further |
As a followup to my issues on Aliyun, I've edited the service file to run kibana through strace (
However, this directory already exists and is owned by the kibana user:
Edit: If I set the optimize directory permissions to 0777 it was able to start correctly |
@mlaterman In my case, after installing the 7.9.1 RPM, these directories (all in /usr/share/kibana/) are owned by root and therefore not writable for the kibana user:
If I make the same test with 7.8.1 RPM it looks like this:
I`m not sure in which direction your investigation likes to go. but its quite obvious that in 7.8 rpm the post_install.sh script had chmods for this directories as pointed out in the description and the 7.9 rpm does not. So I suggest, just fix the post_install.sh and we should be good. no? |
@meierfra-ergon, it seems like a fair place to start. |
@mlaterman yes that is strange. It looks like that with Aliyun the the execute (x) permissions of the bundles directory was not set: |
Can confirm that we are seeing the same problem between version 7.8.x and 7.9.x On 7.8.x the premissions are (working):
On 7.9.x the permissions are (this is for both 7.9.1 and 7.9.2):
We are running the keystore commands as the kibana user and this fails with permission error on 7.9.x. Currently running: Red Hat Enterprise Linux Server release 7.8 (Maipo) |
Meanwhile I found out, that the described EACCES error does not occur when kibana is installed and used without any configuration changes in /etc/kibana.yml. I forgot, that we disable some xpack features, for example we set 'xpack.spaces.enabled: false' in kibana.yml. With this setting the mentioned EACCES error happens (-> Issue description updated). I guess, that there are cases when kibana needs to 'reorganize' something in the 'optimize' directory after config changes. If this is a valid process, the directory should be writable by the kibana user. Otherwise this process should maybe be optional? does anyone know why this has to happen at all? |
Have you had a chance to install 7.10? We made a sweep on all the permissions and they should be resolved with respects to the optimize directory. For the keystore issues, we have a fix that should follow in 7.11. |
@jbudz I retestet with 7.10 and can now confirm, that Kibana is starting properly with our settings. And the directories show the correct ownership now. |
That's great to hear, thanks for the feedback. I'm going to close this out for now then, but I'll stay subscribed and we can reopen if there's any further issues. |
Kibana version: 7.9.1
Elasticsearch version: 7.9.1
Server OS version: CentOS-7
Original install method (e.g. download page, yum, from source, etc.): yum
Describe the bug:
After installing kibana RPM on Centos 7 and starting it via systemctl start kibana, kibana does not start and logs the following error, seen via systemctl status kibana:
The problem is, that the directory /usr/share/kibana/optimize/ is owned by root. in previous versions as 7.8.1 this was owned by kibana. While comparing the post_install.sh scripts from 7.8 to 7.9 ([1],[2]) one sees, that in 7.8 there was a chown that is missing in 7.9 [3]. And the other chown for pluginsDir is also missing.
BTW I think this issue is similiar to #77392.
update: this does not happen with the default kibana config (/etc/kibana/kibana.yml). It happens at least if the setting 'xpack.spaces.enabled: false' is added to kibana.yml.
[1] https://github.com/elastic/kibana/blob/7.8/src/dev/build/tasks/os_packages/package_scripts/post_install.sh
[2] https://github.com/elastic/kibana/blob/7.9/src/dev/build/tasks/os_packages/package_scripts/post_install.sh
[3]
kibana/src/dev/build/tasks/os_packages/package_scripts/post_install.sh
Line 37 in 4187578
Steps to reproduce:
Expected behavior:
kibana should start successfully
The text was updated successfully, but these errors were encountered: