Elasticsearch does not start after installing recent Log4j patches

Started by tcpip, December 20, 2021, 12:03:30 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
December 20, 2021, 12:03:30 PM
Hello,

I installed the latest patched versions of Elasticsearch via OPNsense update after applying the log4j_fix.sh that was linked on https://www.sunnyvalley.io/post/apache-log4j-status-update (the link to the script seems to be gone now) last Monday. Now it seems that Elasticsearch is somehow broken and unable to start.

The log says:

Code Select
/usr/local/etc/rc.d/elasticsearch: WARNING: /usr/local/etc/elasticsearch/elasticsearch.yml is not readable.

This file doesn't even exist. There are only sample files in this directory.

Is there any fix for this issue? Any help is appreciated.

Thanks!
December 20, 2021, 12:15:38 PM #1
FWIW, I simply installed those updates via the normal GUI update function. Maybe take a backup, remove Sensei and re-install it using the GUI?
December 20, 2021, 12:23:59 PM #2
I did the same.

Before there were patched versions of Elasticsearch there was a simple patch script pushblished on the mentioned page. However, this script didn't change the config files.

I can try to reinstall, but I wanted to know if there are any known issues. Maybe there is something faulty with one of the recent upgrades?
December 20, 2021, 12:30:22 PM #3
Quote from: tcpip on December 20, 2021, 12:23:59 PM
I did the same.

Before there were patched versions of Elasticsearch there was a simple patch script pushblished on the mentioned page. However, this script didn't change the config files.

I can try to reinstall, but I wanted to know if there are any known issues. Maybe there is something faulty with one of the recent upgrades?

Both of my updates using the GUI went fine, I also just restarted my Elasticsearch service as a test and that was no problem.
December 20, 2021, 05:08:50 PM #4
Hi,

Elasticsearch published a new version and it is elasticsearch5-5.6.8_7 now.
December 20, 2021, 07:13:41 PM #5
Hi,

Yes, 5.6.8_7 is the version currently installed. I think the issues with were already there with the fixed release before this one.

What is best way to resolve the issue? Just reinstalling elasticsearch5 or completely uninstalling and re-installing zenarmor?
December 20, 2021, 10:23:05 PM #6
Just re-installing elasticsearch didn't help as the config file was still missing. Zenarmor also lost the database path. Very strange.

However, performing a backup within Zenarmor, uninstalling and re-installing it and then restoring the backup resolved the issue.

I'm still not sure which of the latest updates caused the issues.
January 23, 2022, 09:51:00 PM #7
Quote from: tcpip on December 20, 2021, 10:23:05 PM
However, performing a backup within Zenarmor, uninstalling and re-installing it and then restoring the backup resolved the issue.

Perfect, this solved my issue. It took me a while to find this help. I already thought I am the only one with this issue.
Print
Go Up Pages1
User actions