Crush 6.7.6 when run from systemd unit

ep4sh · March 4, 2019, 3:10pm

Must-share information (formatted with Markdown):

* which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension):

SonarQube:

6.7.6 TLS

Plugins (out of the box):

NONE

openjdk:

version “1.8.0_191”

My systemd unit:

[Unit]
Description=SonarQube service
After=syslog.target network.target

[Service]
Type=simple

ExecStart=/opt/sonar/sonarqube-6.7.6/bin/linux-x86-64/sonar.sh start
ExecStop=/opt/sonar/sonarqube-6.7.6/bin/linux-x86-64/sonar.sh stop
ExecReload=/opt/sonar/sonarqube-6.7.6/bin/linux-x86-64/sonar.sh stop &&  /opt/sonar/sonarqube-6.7.6/bin/linux-x86-64/sonar.sh start
User=sonar
Group=sonar
Restart=always

[Install]
WantedBy=multi-user.target

* what are you trying to achieve:
Try to run from sonar user

what have you tried so far to achieve this:
???

Error in sonar.log log file:

2019.03.04 15:01:17 INFO app[o.s.a.AppFileSystem] Cleaning or creating temp directory /opt/sonar/sonarqube-6.7.6/temp
2019.03.04 15:01:17 INFO app[o.s.a.es.EsSettings] Elasticsearch listening on /127.0.0.1:9001
2019.03.04 15:01:17 INFO app[o.s.a.p.ProcessLauncherImpl] Launch process[[key=‘es’, ipcIndex=1, logFilenamePrefix=es]] from [/opt/sonar/sonarqube-6.7.6/elasticsearch]: /opt/sonar/sonarqube-6.7.6/elasticsearch/bin/elasticsearch -Epath.conf=/opt/sonar/sonarqube-6.7.6/temp/conf/es
2019.03.04 15:01:17 INFO app[o.s.a.SchedulerImpl] Waiting for Elasticsearch to be up and running
2019.03.04 15:01:17 INFO app[o.e.p.PluginsService] no modules loaded
2019.03.04 15:01:17 INFO app[o.e.p.PluginsService] loaded plugin [org.elasticsearch.transport.Netty4Plugin]
2019.03.04 15:01:19 INFO app[o.s.a.SchedulerImpl] Stopping SonarQube
2019.03.04 15:01:19 INFO app[o.s.a.SchedulerImpl] Process [es] is stopped
2019.03.04 15:01:19 INFO app[o.s.a.SchedulerImpl] SonarQube is stopped
2019.03.04 15:01:19 WARN app[o.s.a.p.AbstractProcessMonitor] Process exited with exit value [es]: 143
← Wrapper Stopped
→ Wrapper Started as Daemon
Launching a JVM…
Wrapper (Version 3.2.3) http://wrapper.tanukisoftware.org
Copyright 1999-2006 Tanuki Software, Inc. All Rights Reserved.

TERM trapped. Shutting down.

So if I run from root / any sudo account with systemd unit (even i have sonar User/Group explicitly specified) → I get an error.

If i run from user (su sonar):

/opt/sonar/sonarqube-6.7.6/bin/linux-x86-64/sonar.sh start

it works fine!

[root@testlab vagrant]# netstat -tuplan | grep 9000
tcp6 0 0 :::9000 :::* LISTEN 13624/java

Why?

ganncamp · March 4, 2019, 3:20pm

Hi,

You can’t run SonarQube as root because of restrictions in the underlying ElasticSearch instance. That will be clearer starting in the 7.7 docs.

Ann

ep4sh · March 4, 2019, 3:24pm

Thanks a lot, but I have specified USER and GROUP in my systemd.unit, or it doesn’t enough?

Also my es.log:

2019.03.04 15:20:19 INFO es[o.e.n.Node] initializing …
2019.03.04 15:20:19 INFO es[o.e.e.NodeEnvironment] using [1] data paths, mounts [[/ (rootfs)]], net usable_space [36gb], net total_space [39.9gb], spins? [unknown], types [rootfs]
2019.03.04 15:20:19 INFO es[o.e.e.NodeEnvironment] heap size [495.3mb], compressed ordinary object pointers [true]
2019.03.04 15:20:19 INFO es[o.e.n.Node] node name [sonarqube], node ID [D-XVo-v3Tle7OQhlboYinQ]
2019.03.04 15:20:19 INFO es[o.e.n.Node] version[5.6.3], pid[15859], build[1a2f265/2017-10-06T20:33:39.012Z], OS[Linux/3.10.0-957.1.3.el7.x86_64/amd64], JVM[Oracle Corporation/OpenJDK 64-Bit Server VM/1.8.0_191/25.191-b12]
2019.03.04 15:20:19 INFO es[o.e.n.Node] JVM arguments [-XX:+UseConcMarkSweepGC, -XX:CMSInitiatingOccupancyFraction=75, -XX:+UseCMSInitiatingOccupancyOnly, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -Djdk.io.permissionsUseCanonicalPath=true, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Dlog4j.skipJansi=true, -Xms512m, -Xmx512m, -XX:+HeapDumpOnOutOfMemoryError, -Des.path.home=/opt/sonar/sonarqube-6.7.6/elasticsearch]
2019.03.04 15:20:19 INFO es[o.e.p.PluginsService] loaded module [aggs-matrix-stats]
2019.03.04 15:20:19 INFO es[o.e.p.PluginsService] loaded module [ingest-common]
2019.03.04 15:20:19 INFO es[o.e.p.PluginsService] loaded module [parent-join]
2019.03.04 15:20:19 INFO es[o.e.p.PluginsService] loaded module [percolator]
2019.03.04 15:20:19 INFO es[o.e.p.PluginsService] loaded module [reindex]
2019.03.04 15:20:19 INFO es[o.e.p.PluginsService] loaded module [transport-netty4]
2019.03.04 15:20:19 INFO es[o.e.p.PluginsService] no plugins loaded
2019.03.04 15:20:20 INFO es[o.e.d.DiscoveryModule] using discovery type [zen]

2019.03.04 15:20:23 INFO es[o.e.n.Node] initializing …

Could you give me an advice - how to properly run SonarQube like a service?

ep4sh · March 4, 2019, 3:43pm

There was incorrect systemd.unit syntax for this purpose.

This is correct type (forking / oneshot) and commands:

[Unit]
Description=SonarQube service
After=syslog.target network.target

[Service]
Type=forking
ExecStart=/opt/sonar/sonarqube-6.7.6/bin/linux-x86-64/sonar.sh start
ExecStop=/opt/sonar/sonarqube-6.7.6/bin/linux-x86-64/sonar.sh stop
ExecReload=/opt/sonar/sonarqube-6.7.6/bin/linux-x86-64/sonar.sh stop && /opt/sonar/sonarqube-6.7.6/bin/linux-x86-64/sonar.sh start
User=sonar
Group=sonar
Restart=always

[Install]
WantedBy=multi-user.target

ganncamp · March 4, 2019, 4:35pm

Hi,

My reply was based on a quick skim, and this (emphasis in original):

and this

On closer reading, one might think you’re asking, “Why does my service run as root even though user and group are specified for it?” But you’re not running the service when you directly invoke /opt/.../sonar.sh start; you’re running a script, and passing the string “start” as an argument. Probably if you started the service, it would work just fine.

Ann