Elasticsearch on Dreamhost VPS

Susan Aprill

unread,

Apr 30, 2015, 12:33:18 PM4/30/15

to ica-ato...@googlegroups.com

Hello all,

I'm trying to install the dependencies on a Dreamhost VPS account.

I can't seem to start ElasticSearch.

After following the AtoM instructions up to

"Start the service and configure it to start when the system is booted."

when I enter

sudo /etc/init.d/elasticsearch start

I get

* Starting Elasticsearch Server

error: permission denied on key 'vm.max_map_count'

then a long string of [fail]

then I get dumped out of PuTTY

I tried changing the memory allocation per Elasticsearch instructions, but permission was denied.

Right now I have vm.max_map_count=65530, which seems not to be enough.

I realize that this might be a Dreamhost issue, but since I have seen at least two people with AtoM 2.0 running, I thought I'd ask here first for suggestions.

Thanks for anything!

Susan

Jesús García Crespo

unread,

Apr 30, 2015, 1:34:38 PM4/30/15

to ica-ato...@googlegroups.com

Hi Susan,

You need root access to change kernel state (sysctl). Try running the same command as the superuser and it should be fine.

I managed a VPS in Dreamhost once and I remember that there was a way to access as root after activating it via the web admin interface. You can find more details here: http://wiki.dreamhost.com/Users#VPS_and_Dedicated_Server_Admin_Users.

Be aware that Elasticsearch + JVM needs a lot of memory, make sure that you have at least 512M to start.

--
You received this message because you are subscribed to the Google Groups "ICA-AtoM Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ica-atom-user...@googlegroups.com.
To post to this group, send email to ica-ato...@googlegroups.com.
Visit this group at http://groups.google.com/group/ica-atom-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/ica-atom-users/fd75a1c8-6da6-4a4a-86d3-b91ee5aa40a8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

Jesús García Crespo,
Software Engineer, Artefactual Systems Inc.
http://www.artefactual.com | +1.604.527.2056

Susan Aprill

unread,

Apr 30, 2015, 1:59:33 PM4/30/15

to ica-ato...@googlegroups.com

Hi Jesús,
Thanks for the quick reply.

I successfully ran earlier sudo commands as the same user.

It's set up in Dreamhost as "Admin user - has SSH command-line access, SFTP file transfer access, and can use "sudo" to run commands as root" [description from the Dreamhost account screen in their web panel]

Is that the same as a superuser?

Thanks

> You received this message because you are subscribed to a topic in the Google Groups "ICA-AtoM Users" group.
> To unsubscribe from this topic, visit https://groups.google.com/d/topic/ica-atom-users/FwNoXbODBaQ/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to ica-atom-user...@googlegroups.com.

> To post to this group, send email to ica-ato...@googlegroups.com.
> Visit this group at http://groups.google.com/group/ica-atom-users.

> To view this discussion on the web visit https://groups.google.com/d/msgid/ica-atom-users/CALavCbQXGLK%3D5rKuZ4hWMFUx7sFsF%3D%3D3Un6SinNUyTCn2_S3PQ%40mail.gmail.com.

>
> For more options, visit https://groups.google.com/d/optout.

--

Susan Aprill, Archivist
Kingston Public Library
Kingston, Massachusetts
781-585-0517 x123

kingstonpubliclibrary.org
piqueoftheweek.wordpress.com

Jesús García Crespo

unread,

Apr 30, 2015, 2:06:36 PM4/30/15

to ica-ato...@googlegroups.com

Yes, "sudo command" will run "command" as root.

To view this discussion on the web visit https://groups.google.com/d/msgid/ica-atom-users/CAFXK_evL04eTQHaQ38T4LzM6LvP53EUsvredncpDwu1fSYgFYw%40mail.gmail.com.

For more options, visit https://groups.google.com/d/optout.

Susan Aprill

unread,

Apr 30, 2015, 2:11:51 PM4/30/15

to ica-ato...@googlegroups.com

So, it seems I have an adequate user account, but Dreamhost won't let me make the change to memory. I will talk to them next

(Please let me know if I'm misunderstanding here; this is all new to me.)

Thanks very much for the help.

To view this discussion on the web visit https://groups.google.com/d/msgid/ica-atom-users/CALavCbTdgYmxq439ZbkKbDCwX31PgR9uanfU79C_aUfHiOWMVg%40mail.gmail.com.

For more options, visit https://groups.google.com/d/optout.

Jesús García Crespo

unread,

Apr 30, 2015, 2:24:07 PM4/30/15

to ica-ato...@googlegroups.com

I think that you are right. They may have some hard limits in place.

To view this discussion on the web visit https://groups.google.com/d/msgid/ica-atom-users/CAFXK_etOzAb9gWAMXy8EOq_ybhqK4EpDbF_Hs%3DEEtfyM-k04hA%40mail.gmail.com.

For more options, visit https://groups.google.com/d/optout.

Daniela Moneta

unread,

May 3, 2015, 4:35:47 PM5/3/15

to ica-ato...@googlegroups.com

Dear Susan,

We have used DreamHost since 2012 for AtoM on a VPS. It worked fine until February 2015 when someone hacked our database and used it to flood the Internet. DreamHost shut our AtoM database down. The problem they said was with ElasticSearch. That is probably why you can't get past that point. We do not know if it was because were were using an older version of AtoM which may be fixed by now or what was the problem. I posted this issue to this group but did not receive any answer to what was the problem with ElasticSearch or if the newer version solves the problem. It was not because we did not have enough bandwidth which was a suggestion that someone made. That same person suggested that we use another host for our database.

I am very interested in what the discussion will be about ElasticSearch. We have not had access to our database since February and are considering other options than DreamHost.

Daniela Moneta, Archivist
World Subud Association

David Juhasz

unread,

May 4, 2015, 6:03:45 PM5/4/15

to ica-ato...@googlegroups.com

Hi Daniela,

I'm sorry to hear about your Dreamhost AtoM site being compromised. There is a known exploit against Elasticsearch when installed on a publicly accessible server, see: <https://www.elastic.co/blog/scripting-security>. Elasticsearch versions after 1.2 are not as vulnerable to this exploit, but Elastic recommends blocking public access to port 9200 and 9300 via a firewall for all versions of Elasticsearch. Port 9200 and 9300 are the default ports that Elasticsearch uses for communication.

AtoM 2.1+ is developed and tested for use with Elasticsearch 1.3+, but in all cases a firewall should be used to block port 9200 and 9300 if Elasticsearch is installed on a server with a public IP.

Best regards,

David

--

David Juhasz
Director, AtoM Technical Services

Artefactual Systems Inc.
www.artefactual.com

--
You received this message because you are subscribed to the Google Groups "ICA-AtoM Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ica-atom-user...@googlegroups.com.
To post to this group, send email to ica-ato...@googlegroups.com.
Visit this group at http://groups.google.com/group/ica-atom-users.

To view this discussion on the web visit https://groups.google.com/d/msgid/ica-atom-users/663e1ff3-318d-4e6a-971b-4d5451d54a7c%40googlegroups.com.

Daniela Moneta

unread,

May 4, 2015, 11:41:52 PM5/4/15

to ica-ato...@googlegroups.com

Hi David, that is exactly what I needed to know. Thank you!!!

Reply all

Reply to author

Forward