Text only | Text with Images

OPNsense Forum

English Forums => Zenarmor (Sensei) => Topic started by: tcpip on December 20, 2021, 12:03:30 PM

Title: Elasticsearch does not start after installing recent Log4j patches
Post by: tcpip on December 20, 2021, 12:03:30 PM
Hello,

I installed the latest patched versions of Elasticsearch via OPNsense update after applying the log4j_fix.sh that was linked on https://www.sunnyvalley.io/post/apache-log4j-status-update (https://www.sunnyvalley.io/post/apache-log4j-status-update) (the link to the script seems to be gone now) last Monday. Now it seems that Elasticsearch is somehow broken and unable to start.

The log says:

Code Select
/usr/local/etc/rc.d/elasticsearch: WARNING: /usr/local/etc/elasticsearch/elasticsearch.yml is not readable.

This file doesn't even exist. There are only sample files in this directory.

Is there any fix for this issue? Any help is appreciated.

Thanks!
Title: Re: Elasticsearch does not start after installing recent Log4j patches
Post by: athurdent on December 20, 2021, 12:15:38 PM
FWIW, I simply installed those updates via the normal GUI update function. Maybe take a backup, remove Sensei and re-install it using the GUI?
Title: Re: Elasticsearch does not start after installing recent Log4j patches
Post by: tcpip on December 20, 2021, 12:23:59 PM
I did the same.

Before there were patched versions of Elasticsearch there was a simple patch script pushblished on the mentioned page. However, this script didn't change the config files.

I can try to reinstall, but I wanted to know if there are any known issues. Maybe there is something faulty with one of the recent upgrades?
Title: Re: Elasticsearch does not start after installing recent Log4j patches
Post by: athurdent on December 20, 2021, 12:30:22 PM
Quote from: tcpip on December 20, 2021, 12:23:59 PM
I did the same.

Before there were patched versions of Elasticsearch there was a simple patch script pushblished on the mentioned page. However, this script didn't change the config files.

I can try to reinstall, but I wanted to know if there are any known issues. Maybe there is something faulty with one of the recent upgrades?

Both of my updates using the GUI went fine, I also just restarted my Elasticsearch service as a test and that was no problem.
Title: Re: Elasticsearch does not start after installing recent Log4j patches
Post by: sy on December 20, 2021, 05:08:50 PM
Hi,

Elasticsearch published a new version and it is elasticsearch5-5.6.8_7 now.
Title: Re: Elasticsearch does not start after installing recent Log4j patches
Post by: tcpip on December 20, 2021, 07:13:41 PM
Hi,

Yes, 5.6.8_7 is the version currently installed. I think the issues with were already there with the fixed release before this one.

What is best way to resolve the issue? Just reinstalling elasticsearch5 or completely uninstalling and re-installing zenarmor?
Title: Re: Elasticsearch does not start after installing recent Log4j patches
Post by: tcpip on December 20, 2021, 10:23:05 PM
Just re-installing elasticsearch didn't help as the config file was still missing. Zenarmor also lost the database path. Very strange.

However, performing a backup within Zenarmor, uninstalling and re-installing it and then restoring the backup resolved the issue.

I'm still not sure which of the latest updates caused the issues.
Title: Re: Elasticsearch does not start after installing recent Log4j patches
Post by: Tubs on January 23, 2022, 09:51:00 PM
Quote from: tcpip on December 20, 2021, 10:23:05 PM
However, performing a backup within Zenarmor, uninstalling and re-installing it and then restoring the backup resolved the issue.

Perfect, this solved my issue. It took me a while to find this help. I already thought I am the only one with this issue.
Text only | Text with Images