ElasticSearch as non-root user

upgrade
ops
elasticsearch

(Matt Drozdz) #1

Hello,

I am currently upgrading from sonar 5.6.6 to 6.7.5 (LTS). I never changed ElasticSearch from the root user and did not have issues with Sonarqube starting up. I want to change ElasticSearch since this is not recommended to have it running as root. What is the simpliest way to do this. I was going to do a chown -R on the elasticsearch directory, but the problem with this is that new files won’t maintain ownership as the non superuser. Is there a better alternative approach to this?

Matt


(G Ann Campbell) #2

Hi,

You’ll have to run SonarQube itself as a non-root user & the ES process that’s spawned will naturally run with the same user.

Ann


(Matt Drozdz) #3

Thanks Ann. Its my understanding that if it is running as root that sonar won’t start up. Is that correct?


(Simon Brandhof) #4

Correct. Note that this restriction on non-root user does not apply to analyzers, that usually run on CI machines.


(Matt Drozdz) #5

Its interesting because Sonar starts up fine for me as root and I don’t see any issues in the logs. I tried to change the sonar.sh script and uncomment Run_AS_USER, however when trying to start up sonar it tells me unable to start sonar. I do not see any logs in the sonar directory either to see what the issue may be. I’m thinking it is a permissions issue. Are their any files that the RUN_AS_USER may change that I should check?


(G Ann Campbell) #6

SonarQube 5.6.6 may indeed run fine as root. SonarQube 6.7.5 will not. You can check the upgrade notes (linked from the bottom of this page) if you feel compelled to identify the exact intermediate version that introduced the restriction.