1、使用root用户启动失败
在有一次搭建elasticsearch的时候,使用systemctl启动elasticsearch失败,然后在bin目录下面去使用启动脚本启动,发现报错不能用root用户启动,报“Caused by: : can not run elasticsearch as root”:
[root@localhost bin]# ./elasticsearch
[2017-12-20T17:01:47,922][WARN ][] [node-1] uncaught exception in thread [main]
: : can not run elasticsearch as root
at (:125) ~[elasticsearch-6.1.:6.1.1]
at (:112) ~[elasticsearch-6.1.:6.1.1]
at (:86) ~[elasticsearch-6.1.:6.1.1]
at (:124) ~[elasticsearch-cli-6.1.:6.1.1]
at (:90) ~[elasticsearch-cli-6.1.:6.1.1]
at (:92) ~[elasticsearch-6.1.:6.1.1]
at (:85) ~[elasticsearch-6.1.:6.1.1]
Caused by: : can not run elasticsearch as root
at (:104) ~[elasticsearch-6.1.:6.1.1]
at (:171) ~[elasticsearch-6.1.:6.1.1]
at (:322) ~[elasticsearch-6.1.:6.1.1]
at (:121) ~[elasticsearch-6.1.:6.1.1]
... 6 more
[root@localhost bin]# cd ..解决:
创建一个独立的用户,比如elk来启动elasticsearch,不用root用户启动
2、elasticsearch安装目录权限不对
遇到启动elasticsearch失败,使用的是专门的用户elk来启动的,启动日志提示不能加载配置文件:
[elk@docker bin]$ ./elasticsearch
Exception in thread "main" 2018-06-03 17:36:23,881 main ERROR No log4j2 configuration file found. Using default configuration: logging only errors to the console. Set system property '' to show Log4j2 internal initialization logging.
2018-06-03 17:36:24,113 main ERROR Could not register mbeans : access denied ("" "register")
at (:472)
at (:585)
at (:1848)
at (:322)
at (:522)
at .(:389)
at .(:167)
at .(:140)
at .(:556)
at .(:617)
at .(:634)
at .(:229)
at ..(:242)
at ..(:45)
at .(:174)
at .(:618)
at (:54)
at (:62)
at (:101)
at .<clinit>(:42)
at (:663)
at (:2994)
at (:821)
at $(:748)
at (:655)
at (:643)
at (:1061)
at (:1052)
at (:1959)
SettingsException[Failed to load settings from /usr/local/elasticsearch-5.6.0/config/]; nested: AccessDeniedException[/usr/local/elasticsearch-5.6.0/config/];
at (:102)
at (:72)
at (:67)
at (:134)
at (:90)
at (:91)
at (:84)
Caused by: : /usr/local/elasticsearch-5.6.0/config/
at (:84)
at (:102)
at (:107)
at (:214)
at (:361)
at (:407)
at (:384)
at (:152)
at $(:1032)
at (:100)
... 6 more
[elk@docker bin]$ 解决:
看到“Caused by: : /usr/local/elasticsearch-5.6.0/config/”的提示,就去检查目录的权限,果然是root:root权限,使用elk用户去启动,就报错了。
将目录的权限改成elk:elk就好了。
[root@docker ~]# ll /usr/local/
drwxr-xr-x 7 root root 123 9月 7 2017 elasticsearch-5.6.0
[root@docker local]# chown -R elk:elk elasticsearch-5.6.0
[root@docker local]# ll
drwxr-xr-x 7 elk elk 123 9月 7 2017 elasticsearch-5.6.03、使用yum安装方式,赋权错误,启动失败
在一次使用yum安装elasticsearch的时候,执行完yum -y install elasticsearch 命令后,进行了下面的操作:
1、修改文件
2、创建elk用户
3、创建/opt/elk/data目录,并且赋权为elk:elk
4、修改/var/log/elasticsearch权限为elk:elk
5、启动服务,但是报下面的错(截取了部分):
[root@test101 ]# ./elasticsearch start
Starting elasticsearch: 2018-06-12 15:13:50,287 main ERROR Unable to create file /var/log/elasticsearch/ : 权限不够
at (Native Method)
at (:1012)
at .$(:628)
at .$(:608)
at .(:113)
at .(:115)
at .(:188)
at .$(:144)
at .$(:60)
at .(:122)
at .(:958)
at .(:898)
at .(:890)
at .(:513)
at .(:237)
at .(:249)
at .(:545)
at .(:261)
at (:166)
at (:122)
at (:307)
at (:132)
at (:123)
at (:70)
at (:134)
at (:90)
at (:91)
at (:84)
2018-06-12 15:13:50,296 main ERROR Could not create plugin of type class . for element RollingFile: : ManagerFactory [.$RollingFileManagerFactory@16293aa2] unable to create manager for [/var/log/elasticsearch/] with data [.$FactoryData@5158b42f[pattern=/var/log/elasticsearch/elk-%d{yyyy-MM-dd}.log, append=true, bufferedIO=true, bufferSize=8192, policy=CompositeTriggeringPolicy(policies=[TimeBasedTriggeringPolicy(nextRolloverMillis=0, interval=1, modulate=true)]), strategy=DefaultRolloverStrategy(min=1, max=7, useMax=true), advertiseURI=null, layout=[%d{ISO8601}][%-5p][%-25c{1.}] %marker%.-10000m%n, filePermissions=null, fileOwner=null]] : ManagerFactory [.$RollingFileManagerFactory@16293aa2] unable to create manager for [/var/log/elasticsearch/] with data [.$FactoryData@5158b42f[pattern=/var/log/elasticsearch/elk-%d{yyyy-MM-dd}.log, append=true, bufferedIO=true, bufferSize=8192, policy=CompositeTriggeringPolicy(policies=[TimeBasedTriggeringPolicy(nextRolloverMillis=0, interval=1, modulate=true)]), strategy=DefaultRolloverStrategy(min=1, max=7, useMax=true), advertiseURI=null, layout=[%d{ISO8601}][%-5p][%-25c{1.}] %marker%.-10000m%n, filePermissions=null, fileOwner=null]]
at .(:115)
at .(:115)
at .(:188)
at .$(:144)
at .$(:60)
at .(:122)
at .(:958)
at .(:898)
at .(:890)
at .(:513)
at .(:237)
at .(:249)
at .(:545)
at .(:261)
at (:166)
at (:122)
at (:307)
at (:132)
at (:123)
at (:70)
at (:134)
at (:90)
at (:91)
at (:84)
2018-06-12 15:13:50,311 main ERROR Unable to invoke factory method in class . for element RollingFile: : No factory method found for class . : No factory method found for class .
at .(:229)
at .(:134)
at .(:958)
at .(:898)
at .(:890)
at .(:513)
at .(:237)
at .(:249)
at .(:545)
at .(:261)
at (:166)
at (:122)
at (:307)
at (:132)
at (:123)
at (:70)
at (:134)
at (:90)
at (:91)
at (:84)解决:
原来在执行yum -y install elasticsearch的时候,就已经自动创建了一个单独的管理用户elasticsearch,但是我又自己创建了一个elk用户,并且把data和log目录授权给elk,所以就会出现“Starting elasticsearch: 2018-06-12 15:13:50,287 main ERROR Unable to create file /var/log/elasticsearch/ : 权限不够”的报错。
因此只需要将/opt/elk/data和/var/log/elasticsearch目录权限改为elasticsearch:elasticsearch就好了:
然后重启服务成功:
[root@test101 ]# ./elasticsearch start
Starting elasticsearch: [ 确定 ]
[root@test101 ]# ps -ef|grep elasticsearch
elastic+ 5157 1 80 15:49 ? 00:00:08 /usr/local/jdk1.8.0_151/bin/java -Xms512m -Xmx512m -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -XX:+AlwaysPreTouch -server -Xss1m -=true -=UTF-8 -=true -=true -=true -=true -=0 -=false -=true -=true -XX:+HeapDumpOnOutOfMemoryError -=/usr/share/elasticsearch -cp /usr/share/elasticsearch/lib/* -p /var/run/elasticsearch/ -d -=/var/log/elasticsearch -=/var/lib/elasticsearch -=/etc/elasticsearch
root 5177 921 0 15:50 pts/0 00:00:00 grep --color=auto elasticsearch
[root@test101 ]# netstat -tlunp|grep 9200
tcp6 0 0 :::9200 :::* LISTEN 5157/java
[root@test101 ]# 4、日志和数据目录权限异常,启动失败
在一次启动elasticsearch的时候启动失败,日志有提示“main ERROR Unable to create file /home/elk/logs/my-application_index_indexing_slowlog.log : 权限不够”和“Caused by: : /home/elk/data/nodes”。关键日志信息如下(下面两段日志是节选的,日志信息太多了,有很多重复的):
[elk@docker bin]$ ./elasticsearch
2018-06-04 01:15:07,609 main ERROR Unable to create file /home/elk/logs/ : 权限不够
at (Native Method)
at (:1012)后面还有一段:
Caused by: : Failed to create node environment
at .<init>(:268) ~[elasticsearch-5.6.:5.6.0]
at .<init>(:245) ~[elasticsearch-5.6.:5.6.0]
at $5.<init>(:233) ~[elasticsearch-5.6.:5.6.0]
at (:233) ~[elasticsearch-5.6.:5.6.0]
at (:342) ~[elasticsearch-5.6.:5.6.0]
at (:132) ~[elasticsearch-5.6.:5.6.0]
... 6 more
Caused by: : /home/elk/data/nodes
at (:84) ~[?:?]日志报的“/home/elk/data/”和“/home/elk/logs/”目录都是在配置文件里面配置的两个目录,查看权限果然不对,权限是elk的目录权限是elk,但是下面的data目录和logs目录权限还是root,因此引起了启动失败:
[root@docker home]# ll
drwx------ 5 elk elk 125 6月 3 17:35 elk #elk目录权限正常
[root@docker home]# cd elk/
[root@docker elk]# ll
总用量 0
drwxr-xr-x 2 root root 6 6月 3 17:34 data #下面的data和logs目录还是root
drwxr-xr-x 2 root root 6 6月 3 17:34 logs解决:
将目录权限修改成elk之后,启动就OK了
[root@docker elk]# chown elk:elk -R ./*
[root@docker elk]# ll
总用量 0
drwxr-xr-x 2 elk elk 6 6月 3 17:34 data
drwxr-xr-x 2 elk elk 6 6月 3 17:34 logs
[root@docker elk]# 5、内存不够,启动失败
在一次使用虚拟机做实验的过程中启动elasticsearch遇到了这样的报错:
[elk@docker bin]$ ./elasticsearch
Java HotSpot(TM) 64-Bit Server VM warning: INFO: os::commit_memory(0x0000000085330000, 2060255232, 0) failed; error='Cannot allocate memory' (errno=12)
#
# There is insufficient memory for the Java Runtime Environment to continue.
# Native memory allocation (mmap) failed to map 2060255232 bytes for committing reserved memory.
# An error report file with more information is saved as:
# /usr/local/elasticsearch-5.6.0/bin/hs_err_pid2819.log解决:
原因:
查看了 /usr/local/elasticsearch-5.6.0/bin/hs_err_pid1027.log日志文件,出现这样的报错,有两种可能:
1、系统进程数达到上限了,部署服务的时候/etc/security/文件修改没有生效。
2、确实物理内存不够
解决:
通过命令查看系统限制:ulimit -a查看open files不够大,如果不够大,就尝试通过设大该值:
[root@docker ~]# ulimit -n
1024果然是部属的时候修改的/etc/security/文件没有生效。于是将机器reboot了一下,在查看就生效了:
[root@docker ~]# ulimit -n
65536但是在启动的时候还是报同样的错,查看了一下内存,这个虚拟机的内存只有1G,那应该就是物理内存不够了。目前还剩下这么多:
[root@docker ~]# free -h
total used free shared buff/cache available
Mem: 974M 119M 79M 7.7M 775M 680M
Swap: 819M 0B 819M手动清理了一下内存:
[root@docker ~]# echo 3 > /proc/sys/vm/drop_caches
[root@docker ~]# free -h
total used free shared buff/cache available
Mem: 974M 114M 789M 7.7M 69M 739M
Swap: 819M 0B 819M
[root@docker ~]# 但是在启动报错依旧。
于是增加物理内存到2G:
[root@docker elk]# free -h
total used free shared buff/cache available
Mem: 1.8G 1.6G 77M 4K 72M 29M
Swap: 819M 691M 128M然后切换到elk用户去启动服务,就OK了:
[elk@docker bin]$ ./elasticsearch #为了看启动日志就前台启动的,ctrl+c 进程就会over掉检查端口,起来了
[root@docker elk]# netstat -tlunp|grep 9200
tcp6 0 0 10.0.0.16:9200 :::* LISTEN 9628/java
[root@docker elk]# 然后关掉进程重新后台启动:
[elk@docker bin]$ nohup ./elasticsearch >/dev/null 2>&1 & #后台启动
[2] 9808
[elk@docker bin]$ ps -ef|grep elasticsearch #检查进程
elk 9808 4115 10 01:29 pts/0 00:00:23 /usr/local/jdk1.8.0_151/bin/java -Xms2g -Xmx2g -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -XX:+AlwaysPreTouch -server -Xss1m -=true -=UTF-8 -=true -=true -=true -=true -=0 -=false -=true -=true -XX:+HeapDumpOnOutOfMemoryError -=/usr/local/elasticsearch-5.6.0 -cp /usr/local/elasticsearch-5.6.0/lib/*
elk 9890 4115 0 01:32 pts/0 00:00:00 grep --color=auto elasticsearch
[elk@docker bin]$
[root@docker elk]# netstat -tlunp|grep 9200 #用root用户检查端口
tcp6 0 0 10.0.0.16:9200 :::* LISTEN 9808/java
[root@docker elk]# 6、 的bind的IP写错,服务起不来
在一次安装 elasticsearc的时候,服务起不来,提示“Failed to bind to [9300-9400]”。启动服务报下面的错误:
[elk@host1 bin]$ ./elasticsearch
[2018-06-15T09:56:53,019][INFO ][ ] [node1] initializing ...
[2018-06-15T09:56:53,141][INFO ][ ] [node1] using [1] data paths, mounts [[/data (/dev/mapper/data-data)]], net usable_space [179.8gb], net total_space [179.9gb], spins? [possibly], types [xfs]
[2018-06-15T09:56:53,142][INFO ][ ] [node1] heap size [1.9gb], compressed ordinary object pointers [true]
[2018-06-15T09:56:53,143][INFO ][ ] [node1] node name [node1], node ID [F0PzQ9qSRPWq8YNcwjj0vg]
[2018-06-15T09:56:53,144][INFO ][ ] [node1] version[5.6.0], pid[27627], build[781a835/2017-09-07T03:09:58.087Z], OS[Linux/3.10.0-514.el7.x86_64/amd64], JVM[Oracle Corporation/OpenJDK 64-Bit Server VM/1.8.0_102/25.102-b14]
[2018-06-15T09:56:53,144][INFO ][ ] [node1] JVM arguments [-Xms2g, -Xmx2g, -XX:+UseConcMarkSweepGC, -XX:CMSInitiatingOccupancyFraction=75, -XX:+UseCMSInitiatingOccupancyOnly, -XX:+AlwaysPreTouch, -Xss1m, -=true, -=UTF-8, -=true, -=true, -=true, -=true, -=0, -=false, -=true, -=true, -XX:+HeapDumpOnOutOfMemoryError, -=/usr/local/elasticsearch-5.6.0]
[2018-06-15T09:56:54,161][INFO ][ ] [node1] loaded module [aggs-matrix-stats]
[2018-06-15T09:56:54,162][INFO ][ ] [node1] loaded module [ingest-common]
[2018-06-15T09:56:54,162][INFO ][ ] [node1] loaded module [lang-expression]
[2018-06-15T09:56:54,162][INFO ][ ] [node1] loaded module [lang-groovy]
[2018-06-15T09:56:54,162][INFO ][ ] [node1] loaded module [lang-mustache]
[2018-06-15T09:56:54,162][INFO ][ ] [node1] loaded module [lang-painless]
[2018-06-15T09:56:54,163][INFO ][ ] [node1] loaded module [parent-join]
[2018-06-15T09:56:54,163][INFO ][ ] [node1] loaded module [percolator]
[2018-06-15T09:56:54,163][INFO ][ ] [node1] loaded module [reindex]
[2018-06-15T09:56:54,163][INFO ][ ] [node1] loaded module [transport-netty3]
[2018-06-15T09:56:54,163][INFO ][ ] [node1] loaded module [transport-netty4]
[2018-06-15T09:56:54,164][INFO ][ ] [node1] no plugins loaded
[2018-06-15T09:56:55,941][INFO ][ ] [node1] using discovery type [zen]
[2018-06-15T09:56:56,770][INFO ][ ] [node1] initialized
[2018-06-15T09:56:56,770][INFO ][ ] [node1] starting ...
[2018-06-15T09:56:57,059][WARN ][] [node1] uncaught exception in thread [main]
: BindTransportException[Failed to bind to [9300-9400]]; nested: BindException[Cannot assign requested address];
at (:136) ~[elasticsearch-5.6.:5.6.0]
at (:123) ~[elasticsearch-5.6.:5.6.0]
at (:67) ~[elasticsearch-5.6.:5.6.0]
at (:134) ~[elasticsearch-5.6.:5.6.0]
at (:90) ~[elasticsearch-5.6.:5.6.0]
at (:91) ~[elasticsearch-5.6.:5.6.0]
at (:84) ~[elasticsearch-5.6.:5.6.0]
Caused by: : Failed to bind to [9300-9400]
at (:771) ~[elasticsearch-5.6.:5.6.0]
at (:736) ~[elasticsearch-5.6.:5.6.0]
at .netty4.(:173) ~[?:?]
at (:69) ~[elasticsearch-5.6.:5.6.0]
at (:209) ~[elasticsearch-5.6.:5.6.0]
at (:69) ~[elasticsearch-5.6.:5.6.0]
at (:694) ~[elasticsearch-5.6.:5.6.0]
at (:278) ~[elasticsearch-5.6.:5.6.0]
at (:351) ~[elasticsearch-5.6.:5.6.0]
at (:132) ~[elasticsearch-5.6.:5.6.0]
... 6 more
Caused by: : Cannot assign requested address
at .bind0(Native Method) ~[?:?]
at (:433) ~[?:?]
at (:425) ~[?:?]
at (:223) ~[?:?]
at (:128) ~[?:?]
at $(:554) ~[?:?]
at $(:1258) ~[?:?]
at (:501) ~[?:?]
at (:486) ~[?:?]
at (:980) ~[?:?]
at (:250) ~[?:?]
at $(:365) ~[?:?]
at (:163) ~[?:?]
at (:403) ~[?:?]
at (:462) ~[?:?]
at $(:858) ~[?:?]
at (:745) [?:1.8.0_102]
[2018-06-15T09:56:57,822][INFO ][ ] [node1] stopping ...
[2018-06-15T09:56:57,826][INFO ][ ] [node1] stopped
[2018-06-15T09:56:57,826][INFO ][ ] [node1] closing ...
[2018-06-15T09:56:57,839][INFO ][ ] [node1] closed
[elk@host1 bin]$
[elk@host1 bin]$
[root@host1 bin]# netstat -tlunp|grep 9300
[root@host1 bin]# netstat -tlunp|grep 9200
[root@host1 bin]#解决:
开始以为是端口被占用了,检查端口,发现并没有被占用:
[root@host1 bin]# netstat -tlunp|grep 9300
[root@host1 bin]# netstat -tlunp|grep 9200
[root@host1 bin]#然后检查配置,发现 文件里面有一行的IP写错了:
: 10.0.0.10 #这一行的IP地址写错了,不是本机IP修改文件,将IP改正确,重新启动服务,就OK了
7、配置文件的权限异常,导致启动失败
有一次在安装elasticsearch的时候,因为文件改得有问题,就从原来备份的文件cp重新生成了一份,改好之后启动报错不能加载配置文件:
[elk@es bin]$ ./elasticsearch
Exception in thread "main" 2018-09-14 09:04:49,470 main ERROR No log4j2 configuration file found. Using default configuration: logging only errors to the console. Set system property '' to show Log4j2 internal initialization logging.
SettingsException[Failed to load settings from /usr/local/elasticsearch-5.6.0/config/]; nested: AccessDeniedException[/usr/local/elasticsearch-5.6.0/config/];
at (:102)
at (:72)
at (:67)
at (:134)
at (:90)
at (:91)
at (:84)
Caused by: : /usr/local/elasticsearch-5.6.0/config/
at (:84)
at (:102)
at (:107)
at (:214)
at (:361)
at (:407)
at (:384)
at (:152)
at $(:1032)
at (:100)
... 6 more
[elk@es bin]$ 原来新生成的配置文件还是root权限,用elk用户去启动,当然加载不了:
[root@es config]# ll
total 20
-rw-r----- 1 root root 2961 Sep 14 09:04
-rw-r----- 1 elk elk 2854 Sep 14 08:49
-rw-rw---- 1 elk elk 3064 Sep 7 2017
-rw-rw---- 1 elk elk 4456 Sep 7 2017
[root@es config]# 解决:
修改配置文件的权限,再重新启动就好了:
[root@es config]# chown elk:elk
[root@es config]# ll
total 20
-rw-r----- 1 elk elk 2961 Sep 14 09:04
-rw-r----- 1 elk elk 2854 Sep 14 08:49
-rw-rw---- 1 elk elk 3064 Sep 7 2017
-rw-rw---- 1 elk elk 4456 Sep 7 2017
[root@es config]# 8、yum安装的elasticsearch,找不到java路径,启动失败
今天使用yum安装elasticsearch的过程中,发现elasticsearch起不来,messages日志有如下的报错:
May 31 14:00:19 test103 systemd: Started Elasticsearch.
May 31 14:00:19 test103 systemd: Starting Elasticsearch...
May 31 14:00:19 test103 elasticsearch: which: no java in (/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin) #elasticsearch在这个路径下面去找java,没有找到
May 31 14:00:19 test103 systemd: : main process exited, code=exited, status=1/FAILURE
May 31 14:00:19 test103 elasticsearch: warning: Falling back to java on path. This behavior is deprecated. Specify JAVA_HOME
May 31 14:00:19 test103 elasticsearch: could not find java; set JAVA_HOME
May 31 14:00:19 test103 systemd: Unit entered failed state.
May 31 14:00:19 test103 systemd: failed.报错说找不到java,但是实际上我是安装过jdk了,查看当前java路径为:
[root@test103 ~]# whereis java
java: /usr/local/jdk1.8.0_151/bin/java
[root@test103 ~]# 然后查看/usr/local/sbin/目录下没有java,所以elasticsearch在启动的时候找不到java路径。
解决:
把/usr/local/jdk1.8.0_151/bin/java做了个软连接到 /usr/local/sbin下面:
[root@test103 sbin]# ln -s /usr/local/jdk1.8.0_151/bin/java /usr/local/sbin/java
[root@test103 sbin]# ll
总用量 0
lrwxrwxrwx 1 root root 32 5月 31 14:01 java -> /usr/local/jdk1.8.0_151/bin/java现在查看java路径,就有/usr/local/sbin/java了:
[root@test103 sbin]# whereis java
java: /usr/local/sbin/java /usr/local/jdk1.8.0_151/bin/java
[root@test103 sbin]# 然后重新启动elasticsearch,发现就可以正常启动了:
[root@test103 sbin]# systemctl start elasticsearch
[root@test103 sbin]# ps -ef|grep elasticsearch
elastic+ 13635 1 70 14:02 ? 00:00:12 /usr/local/sbin/java -Xms1g -Xmx1g -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -=60 -=10 -XX:+AlwaysPreTouch -Xss1m -=true -=UTF-8 -=true -XX:-OmitStackTraceInFastThrow -=true -=true -=0 -=false -=true -=/tmp/elasticsearch-7859403592413850651 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/var/lib/elasticsearch -XX:ErrorFile=/var/log/elasticsearch/hs_err_pid% -XX:+PrintGCDetails -XX:+PrintGCDateStamps -XX:+PrintTenuringDistribution -XX:+PrintGCApplicationStoppedTime -Xloggc:/var/log/elasticsearch/ -XX:+UseGCLogFileRotation -XX:NumberOfGCLogFiles=32 -XX:GCLogFileSize=64m -=/usr/share/elasticsearch -=/etc/elasticsearch -=default -=rpm -cp /usr/share/elasticsearch/lib/* -p /var/run/elasticsearch/ --quiet
elastic+ 13692 13635 0 14:02 ? 00:00:00 /usr/share/elasticsearch/modules/x-pack-ml/platform/linux-x86_64/bin/controller
root 13698 10140 0 14:02 pts/0 00:00:00 grep --color=auto elasticsearch
[root@test103 sbin]# netstat -tlunp|grep 9300
tcp6 0 0 10.0.0.103:9300 :::* LISTEN 13635/java
[root@test103 sbin]# netstat -tlunp|grep 9200
tcp6 0 0 10.0.0.103:9200 :::* LISTEN 13635/java
[root@test103 sbin]#