我想将弹性搜索作为亚马逊云虚拟机中的systemd服务运行。 If I run it simply through command line shell它将在子shell中以后台运行,但只要连接终止process is killed。
所以,我创建了一个服务/etc/systemd/system/multi-user.target.wants/indexstorage.service
[Unit]
Description=indexing-store
[Service]
Type=forking
ExecStart=/usr/local/elasticsearch-5.2.2/bin/elasticsearch
TimeoutSec=infinity
Restart=always
[Install]
WantedBy=multi-user.target
并复制到/etc/systemd/system/indexstorage.service。
然后像往常一样,重新加载并启用indexstorage.service。
但是当我启动indexstorage.service时,它会要求提供实际是亚马逊云计算机的虚拟机的root密码。
ubuntu@ip-172-21-3-18:~$ /bin/systemctl start indexstorage.service
==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units ===
Authentication is required to start 'indexstorage.service'.
Authenticating as: Ubuntu (ubuntu)
Password:
polkit-agent-helper-1: pam_authenticate failed: Authentication failure
==== AUTHENTICATION FAILED ===
Failed to start indexstorage.service: Access denied
See system logs and 'systemctl status indexstorage.service' for details.
我不知道密码。如果以sudo用户身份运行它,它将永远不会运行,因为elasticsearch限制作为safety reasons的sudo用户运行。
ubuntu@ip-172-21-3-18:~$ sudo /bin/systemctl start indexstorage.service
Job for indexstorage.service failed because the control process exited with error code. See "systemctl status indexstorage.service" and "journalctl -xe" for details.
我当前的用户/群组是ubuntu:ubuntu
ubuntu@ip-172-21-3-18:~$ users
ubuntu
ubuntu@ip-172-21-3-18:~$ groups
ubuntu adm dialout cdrom floppy sudo audio dip video plugdev netdev lxd
我也尝试更改/etc/sudoers以允许群组ubuntu访问但不起作用,
#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults env_reset
Defaults mail_badpass
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"
# Host alias specification
# User alias specification
# Cmnd alias specification
# User privilege specification
root ALL=(ALL:ALL) ALL
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL
# See sudoers(5) for more information on "#include" directives:
#includedir /etc/sudoers.d
%ubuntu ALL=NOPASSWD: /bin/systemctl daemon-reload
%ubuntu ALL=NOPASSWD: /bin/systemctl restart indexstorage.service
%ubuntu ALL=NOPASSWD: /bin/systemctl stop indexstorage.service
%ubuntu ALL=NOPASSWD: /bin/systemctl start indexstorage.service
或者,
%ubuntu ubuntu=NOPASSWD: /bin/systemctl daemon-reload
%ubuntu ubuntu=NOPASSWD: /bin/systemctl restart indexstorage.service
%ubuntu ubuntu=NOPASSWD: /bin/systemctl stop indexstorage.service
%ubuntu ubuntu=NOPASSWD: /bin/systemctl start indexstorage.service
当我开始服务时,
ubuntu@ip-172-21-3-18:~$ /bin/systemctl start indexstorage.service
==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units ===
Authentication is required to start 'indexstorage.service'.
Authenticating as: Ubuntu (ubuntu)
Password:
我现在的临时解决方案是将其作为noHUP流程运行,这将忽略hangup signals
nohup /usr/local/elasticsearch-5.2.2/bin/elasticsearch &
但是这篇文章的问题是如何以非sudo用户身份运行systemctl命令?
How could we allow non-root users to control a system.d service?
答案 0 :(得分:1)
要以ubuntu用户身份运行SystemD服务,您可以在服务文件中使用User=ubuntu。请参阅man systemd.exec。
或者,您可以将服务安装为每用户服务。在这种情况下,您使用systemctl --user start <service>启动服务,并且必须将您的单元文件放在每个用户目录中,通常是$HOME/.config/systemd/user,$HOME/.local/share/systemd/user。请参阅man systemd.unit。