CONFIG_SECCOMP not compiled into kernel, CONFIG_SECCOMP and CONFIG_SECCOMP_FILTER are needed

Elastic Stack Elasticsearch
1

Hello EveryOne,

I just installed elasticsearch on a server as a service. It's a brand new VM.
Elasticsearch worked normally but wanting to restart the service it shows me now the following error :
elasticsearch dead but pid file exists

I have done a df -h to know the state of my files system and I get this :

Filesystem Size Used Avail Use% Mounted on
/dev/mapper/rootvg-lvroot
3.9G 3.1G 555M 86% /
tmpfs 935M 0 935M 0% /dev/shm
/dev/mapper/rootvg-lvappli
2.0G 6.1M 1.9G 1% /appli
/dev/mapper/rootvg-lvapplilog
2.0G 3.1M 1.9G 1% /appli_log
/dev/mapper/rootvg-lvapplivar
2.0G 476M 1.4G 26% /appli_var
/dev/sda1 240M 36M 193M 16% /boot
/dev/mapper/rootvg-lvtmp
2.0G 3.3M 1.9G 1% /tmp
/dev/mapper/rootvg-lvvar
3.9G 1.4G 2.3G 39% /var

Thank you for your help.

2

Hi,

would be nice to know why is dead. Maybe you can post log file.
If you don't care the cause, just delete pid file and restart :slight_smile: elasticsearch.

pts0

3

The worry is that every time I restart elasticsearch the PID change. And he gives me the same error again.

4

Sure PID change every time you restart elasticsearch. This is the normal way unix process work.
Normally when elasticsearch ist stopped regulary the PID file will be deleted. You got the message because elasticsearch crashed oder the VM crashed.

5

OK. Is that the good command To delete pid file ?

$ bin/elasticsearch -d -p pid
$ kill cat pid

When I try this command, that told me :

cat: pid: No such file or directory
kill: usage: kill [-s sigspec | -n signum | -sigspec] pid | jobspec ... or kill -l [sigspec]
[root@lcmci023 elasticsearch]# Exception in thread "main" org.elasticsearch.bootstrap.BootstrapException: java.nio.file.NoSuchFileException: /usr/share/elasticsearch/config
Likely root cause: java.nio.file.NoSuchFileException: /usr/share/elasticsearch/config
        at sun.nio.fs.UnixException.translateToIOException(UnixException.java:86)
        at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:102)
        at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:107)
        at sun.nio.fs.UnixFileAttributeViews$Basic.readAttributes(UnixFileAttributeViews.java:55)
        at sun.nio.fs.UnixFileSystemProvider.readAttributes(UnixFileSystemProvider.java:144)
        at sun.nio.fs.LinuxFileSystemProvider.readAttributes(LinuxFileSystemProvider.java:99)
        at java.nio.file.Files.readAttributes(Files.java:1737)
        at java.nio.file.FileTreeWalker.getAttributes(FileTreeWalker.java:225)
        at java.nio.file.FileTreeWalker.visit(FileTreeWalker.java:276)
        at java.nio.file.FileTreeWalker.walk(FileTreeWalker.java:322)
        at java.nio.file.Files.walkFileTree(Files.java:2662)
        at org.elasticsearch.common.logging.LogConfigurator.configure(LogConfigurator.java:101)
        at org.elasticsearch.common.logging.LogConfigurator.configure(LogConfigurator.java:84)
        at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:326)
        at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:123)
        at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:114)
        at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:67)
        at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:122)
        at org.elasticsearch.cli.Command.main(Command.java:88)
        at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:91)
        at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:84)
Refer to the log for complete error details.
6

no :slight_smile:
kill is to kill a process.
Just let elasticsearch handle himself pid file please, is safer.
To delete pidfile just use rm /this/is/my/pidfile

7

Thanks for you help.
I have remove the elasticsearch.pid like tou told me and I restart Elasticsearch service. But I still have the error message : elasticsearch dead but pid file exists.

8

Then you removed the wrong file.

9

I removed this one : rm /var/run/elasticsearch/elasticsearch.pid
It is the good one or there is another one ?

10

When I deleted it and restarted elasticsearch, I ran the command status. He told me that elasticsearch is running : elasticsearch (pid 64795) is running...

Then I restarted the command status a second time and again the error message :
elasticsearch dead but pid file exists

11

You should have a look where the pid is stored in the start script of service.

12

The path of pid file is the good one : /var/run/elasticsearch/

So I don't understand why I have this error.

13

Can you provide us the log file. It see to me elasticsearch ist crashing for some reason at startup.

14

I have many of them :
Here is the contents of one of them :

[2017-06-01T09:23:18,185][WARN ][o.e.b.JNANatives         ] unable to install syscall filter:
java.lang.UnsupportedOperationException: seccomp unavailable: CONFIG_SECCOMP not compiled into kernel, CONFIG_SECCOMP and CONFIG_SECCOMP_FILTER are needed
        at org.elasticsearch.bootstrap.SystemCallFilter.linuxImpl(SystemCallFilter.java:363) ~[elasticsearch-5.4.0.jar:5.4.0]
        at org.elasticsearch.bootstrap.SystemCallFilter.init(SystemCallFilter.java:638) ~[elasticsearch-5.4.0.jar:5.4.0]
        at org.elasticsearch.bootstrap.JNANatives.tryInstallSystemCallFilter(JNANatives.java:215) [elasticsearch-5.4.0.jar:5.4.0]
        at org.elasticsearch.bootstrap.Natives.tryInstallSystemCallFilter(Natives.java:99) [elasticsearch-5.4.0.jar:5.4.0]
        at org.elasticsearch.bootstrap.Bootstrap.initializeNatives(Bootstrap.java:111) [elasticsearch-5.4.0.jar:5.4.0]
        at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:204) [elasticsearch-5.4.0.jar:5.4.0]
        at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:360) [elasticsearch-5.4.0.jar:5.4.0]
        at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:123) [elasticsearch-5.4.0.jar:5.4.0]
        at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:114) [elasticsearch-5.4.0.jar:5.4.0]
        at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:67) [elasticsearch-5.4.0.jar:5.4.0]
        at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:122) [elasticsearch-5.4.0.jar:5.4.0]
        at org.elasticsearch.cli.Command.main(Command.java:88) [elasticsearch-5.4.0.jar:5.4.0]
        at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:91) [elasticsearch-5.4.0.jar:5.4.0]
        at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:84) [elasticsearch-5.4.0.jar:5.4.0]
~

Thank you for the help.

15

Hi,
How you can read in the log, your kernel (linux installation) is not providing all needed component in the kernel needed to run elasticsearch.
Did you have a custom Kernel ? What is telling you
uname -r
and
cat /lib/modules/$(uname -r)/modules.builtin

16

For the command uname -r I have the following result :
2.6.32-696.1.1.el6.x86_64

And for the second command I have this :
cat: /lib/modules/2.6.32-696.1.1.el6.x86_64/modules.builtin: No such file or directory

17

Try to contact you sysadmin and send him :slight_smile:

java.lang.UnsupportedOperationException: seccomp unavailable: CONFIG_SECCOMP not compiled into kernel, CONFIG_SECCOMP and CONFIG_SECCOMP_FILTER are needed

You probably can't solve yourself this issue.

Maybe change the subject of thread, the issue is not pid file.

18

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.