由于权限问题,linux systemctl无法启动elasticsearch systemd服务
我想在Amazon云虚拟机中将elasticsearch作为由于权限问题,linux systemctl无法启动elasticsearch systemd服务,linux,
elasticsearch,amazon-ec2,systemd,Linux,
elasticsearch,Amazon Ec2,Systemd,我想在Amazon云虚拟机中将elasticsearch作为systemd服务运行。它将在子shell的后台运行,但一旦连接终止,就会立即运行 因此,我创建了一个服务/etc/systemd/system/multi-user.target.wants/indexstorage.service [Unit] Description=indexing-store [Service] Type=forking ExecStart=/usr/local/elasticsearch-5.2.2/bin
systemd
服务运行。它将在子shell的后台运行,但一旦连接终止,就会立即运行
因此,我创建了一个服务/etc/systemd/system/multi-user.target.wants/indexstorage.service
[Unit]
Description=indexing-store
[Service]
Type=forking
ExecStart=/usr/local/elasticsearch-5.2.2/bin/elasticsearch
TimeoutSec=infinity
Restart=always
[Install]
WantedBy=multi-user.target
并复制到/etc/systemd/system/indexstorage.service
然后像往常一样,重新加载并启用indexstorage.service
但当我启动indexstorage.service
时,它会要求提供虚拟机的根密码,而虚拟机实际上是一台亚马逊云计算机
ubuntu@ip-172-21-3-18:~$ /bin/systemctl start indexstorage.service
==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units ===
Authentication is required to start 'indexstorage.service'.
Authenticating as: Ubuntu (ubuntu)
Password:
polkit-agent-helper-1: pam_authenticate failed: Authentication failure
==== AUTHENTICATION FAILED ===
Failed to start indexstorage.service: Access denied
See system logs and 'systemctl status indexstorage.service' for details.
我不知道密码。如果以sudo
用户的身份运行它,它将永远不会运行,因为elasticsearch限制以sudo用户的身份运行
我当前的用户/组是ubuntu:ubuntu
ubuntu@ip-172-21-3-18:~$ users
ubuntu
ubuntu@ip-172-21-3-18:~$ groups
ubuntu adm dialout cdrom floppy sudo audio dip video plugdev netdev lxd
我也尝试过更改/etc/sudoers
以允许组访问ubuntu
,但没有效果
#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults env_reset
Defaults mail_badpass
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"
# Host alias specification
# User alias specification
# Cmnd alias specification
# User privilege specification
root ALL=(ALL:ALL) ALL
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL
# See sudoers(5) for more information on "#include" directives:
#includedir /etc/sudoers.d
%ubuntu ALL=NOPASSWD: /bin/systemctl daemon-reload
%ubuntu ALL=NOPASSWD: /bin/systemctl restart indexstorage.service
%ubuntu ALL=NOPASSWD: /bin/systemctl stop indexstorage.service
%ubuntu ALL=NOPASSWD: /bin/systemctl start indexstorage.service
或者
当我开始服务时
ubuntu@ip-172-21-3-18:~$ /bin/systemctl start indexstorage.service
==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units ===
Authentication is required to start 'indexstorage.service'.
Authenticating as: Ubuntu (ubuntu)
Password:
目前我的临时解决方案是将其作为noHUP进程运行,这将忽略
但这篇文章的问题是,我如何才能以非sudo用户的身份运行systemctl命令?
工具书类
要以ubuntu用户身份运行SystemD服务,您可以在服务文件中使用
user=ubuntu
。请参见man systemd.exec
或者,您可以将该服务作为每个用户的服务安装。在这种情况下,您使用
systemctl--user start
启动服务,并且必须将您的单位文件放入每个用户的目录中,通常是$HOME/.config/systemd/user
,$HOME/.local/share/systemd/user
。请参见mansystemd.unit
将其作为用户服务安装是否足够---user
?您是说将--user
提供给systemctl
(/bin/systemctl start indexstorage.service--user ubuntu
)?不过不需要。--user
将其设置为按用户服务。你不需要“ubuntu”参数。回顾一下,这实际上可能不是你想要的,也不会起作用。当你说“如果以sudo用户的身份运行它,它将永远不会运行,因为elasticsearch限制以sudo用户的身份运行。”。真正地所以,如果您以“管理员”身份登录并且sudo systemctl start…
它不会工作,因为它是sudoed?不要相信。您的服务会出现什么错误-sudo journalctl-xe
?是的,elasticsearch不会在root用户下运行,这是真的。他们所称的systemctl--user start indexstorage.service
也不起作用,错误为Unit indexstorage.service找不到。
我会试试。
%ubuntu ubuntu=NOPASSWD: /bin/systemctl daemon-reload
%ubuntu ubuntu=NOPASSWD: /bin/systemctl restart indexstorage.service
%ubuntu ubuntu=NOPASSWD: /bin/systemctl stop indexstorage.service
%ubuntu ubuntu=NOPASSWD: /bin/systemctl start indexstorage.service
ubuntu@ip-172-21-3-18:~$ /bin/systemctl start indexstorage.service
==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units ===
Authentication is required to start 'indexstorage.service'.
Authenticating as: Ubuntu (ubuntu)
Password:
nohup /usr/local/elasticsearch-5.2.2/bin/elasticsearch &