我想在 Amazon 云 VM 中将 elasticsearch 作为 systemd 服务运行。 If I run it simply through command line shell它将在子 shell 中在后台运行,但一旦连接终止,process is killed .
所以,我创建了一个服务/etc/systemd/system/multi-user.target.wants/indexstorage.service
[Unit]
Description=indexing-store
[Service]
Type=forking
ExecStart=/usr/local/elasticsearch-5.2.2/bin/elasticsearch
TimeoutSec=infinity
Restart=always
[Install]
WantedBy=multi-user.target
并复制到/etc/systemd/system/indexstorage.service。
然后像往常一样重新加载并启用indexstorage.service。
但是当我启动 indexstorage.service 时,它要求输入 VM 的根密码,这实际上是一台亚马逊云机器。
ubuntu@ip-172-21-3-18:~$ /bin/systemctl start indexstorage.service
==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units ===
Authentication is required to start 'indexstorage.service'.
Authenticating as: Ubuntu (ubuntu)
Password:
polkit-agent-helper-1: pam_authenticate failed: Authentication failure
==== AUTHENTICATION FAILED ===
Failed to start indexstorage.service: Access denied
See system logs and 'systemctl status indexstorage.service' for details.
我不知道密码。如果以 sudo 用户身份运行它,它将永远不会运行,因为 elasticsearch 限制以 sudo 用户身份运行 safety reasons .
ubuntu@ip-172-21-3-18:~$ sudo /bin/systemctl start indexstorage.service
Job for indexstorage.service failed because the control process exited with error code. See "systemctl status indexstorage.service" and "journalctl -xe" for details.
我当前的用户/组是 ubuntu:ubuntu
ubuntu@ip-172-21-3-18:~$ users
ubuntu
ubuntu@ip-172-21-3-18:~$ groups
ubuntu adm dialout cdrom floppy sudo audio dip video plugdev netdev lxd
我也尝试更改 /etc/sudoers 以允许组访问 ubuntu 但没有效果,
#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults env_reset
Defaults mail_badpass
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"
# Host alias specification
# User alias specification
# Cmnd alias specification
# User privilege specification
root ALL=(ALL:ALL) ALL
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL
# See sudoers(5) for more information on "#include" directives:
#includedir /etc/sudoers.d
%ubuntu ALL=NOPASSWD: /bin/systemctl daemon-reload
%ubuntu ALL=NOPASSWD: /bin/systemctl restart indexstorage.service
%ubuntu ALL=NOPASSWD: /bin/systemctl stop indexstorage.service
%ubuntu ALL=NOPASSWD: /bin/systemctl start indexstorage.service
或者,
%ubuntu ubuntu=NOPASSWD: /bin/systemctl daemon-reload
%ubuntu ubuntu=NOPASSWD: /bin/systemctl restart indexstorage.service
%ubuntu ubuntu=NOPASSWD: /bin/systemctl stop indexstorage.service
%ubuntu ubuntu=NOPASSWD: /bin/systemctl start indexstorage.service
当我开始服务时,
ubuntu@ip-172-21-3-18:~$ /bin/systemctl start indexstorage.service
==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units ===
Authentication is required to start 'indexstorage.service'.
Authenticating as: Ubuntu (ubuntu)
Password:
我目前的临时解决方案是将其作为 noHUP 进程运行,这将忽略 hangup signals
nohup /usr/local/elasticsearch-5.2.2/bin/elasticsearch &
但这篇文章的问题是如何以非 sudo 用户身份运行 systemctl 命令?
引用资料
How could we allow non-root users to control a system.d service?
最佳答案
要以 ubuntu 用户身份运行 SystemD 服务,您可以使用 User=ubuntu在服务文件中。参见 man systemd.exec .
或者,您可以将服务安装为按用户服务。在这种情况下,您可以使用 systemctl --user start <service> 启动服务并且你必须将你的单元文件放在每个用户目录中,通常是 $HOME/.config/systemd/user , $HOME/.local/share/systemd/user .参见 man systemd.unit .
关于linux systemctl 由于权限问题无法启动elasticsearch systemd服务,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/43443744/