i have 6 node ECK cluster, when ever node reboots elastic 7.5 pod is not starting it goes in 'crashloop node'. If I delete the pod, then its starting properly. I am un shure why POD goes into crashloop.
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Warning BackOff 21m (x5767 over 21h) kubelet, ecknode04 Back-off restarting failed container
Normal SandboxChanged 17m kubelet, ecknode04 Pod sandbox changed, it will be killed and re-created.
Normal Pulled 17m kubelet, ecknode04 Container image "docker.elastic.co/elasticsearch/elasticsearch:7.5.0" already present on machine
Normal Created 17m kubelet, ecknode04 Created container elastic-internal-init-filesystem
Normal Started 17m kubelet, ecknode04 Started container elastic-internal-init-filesystem
Normal Pulled 17m (x4 over 17m) kubelet, ecknode04 Container image "docker.elastic.co/elasticsearch/elasticsearch:7.5.0" already present on machine
Normal Created 17m (x4 over 17m) kubelet, ecknode04 Created container elastic-internal-init-keystore
Normal Started 17m (x4 over 17m) kubelet, ecknode04 Started container elastic-internal-init-keystore
Warning BackOff 2m50s (x77 over 17m) kubelet, ecknode04 Back-off restarting failed container
Error syncing pod 16eff8e8-6b1a-4de7-b031-6af8d78ddb12 ("elk-prd-es-default-4_elastic-system(16eff8e8-6b1a-4de7-b031-6af8d78ddb12)"), skipping: failed to "StartContainer" for "elastic-internal-init-keystore" with CrashLoopBackOff: "back-off 5m0s restarting failed container=elastic-internal-init-keystore pod=elk-prd-es-default-4_elastic-system(16eff8e8-6b1a-4de7-b031-6af8d78ddb12)"
Here is the output: unsure why its looking for terminal.
# kubectl logs elk-prd-es-default-0 -c elastic-internal-init-keystore
+ echo 'Initializing keystore.'
+ /usr/share/elasticsearch/bin/elasticsearch-keystore create
Initializing keystore.
Exception in thread "main" java.lang.IllegalStateException: unable to read from standard input; is standard input open and a tty attached?
at org.elasticsearch.cli.Terminal$SystemTerminal.readText(Terminal.java:207)
at org.elasticsearch.cli.Terminal.promptYesNo(Terminal.java:140)
at org.elasticsearch.common.settings.CreateKeyStoreCommand.execute(CreateKeyStoreCommand.java:43)
at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86)
at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:125)
at org.elasticsearch.cli.MultiCommand.execute(MultiCommand.java:77)
at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:125)
at org.elasticsearch.cli.Command.main(Command.java:90)
at org.elasticsearch.common.settings.KeyStoreCli.main(KeyStoreCli.java:41)
Where are we with this issue?
I am seeing the exact same one in my ECK Cluster v1.1.2.
We run a kubernetes cluster at AWS that is being suspended every night to safe money. Before adding the secureSettings section the elasticsearch.yaml was working fine. The cluster was coming up every morning without any issue. However, this morning the cluster stuck in crashloopbackoff. We started with the usage of the secureSettings yesterday to add some gcs-credentials to the cluster. This lead unfortunately to the below listed issue:
elastic-internal-init-keystore:
Container ID: docker://7eb7d89d6150d2a5983a9ea9461e7cea9c541a1443c181e1dbf96fa7f96df867
Image: docker.elastic.co/elasticsearch/elasticsearch:7.8.0
Image ID: docker-pullable://docker.elastic.co/elasticsearch/elasticsearch@sha256:161bc8c7054c622b057324618a2e8bc49ae703e64901b141a16d9c8bdd3b82f9
Port: <none>
Host Port: <none>
Command:
/usr/bin/env
bash
-c
#!/usr/bin/env bash
set -eux
echo "Initializing keystore."
# create a keystore in the default data path
/usr/share/elasticsearch/bin/elasticsearch-keystore create
# add all existing secret entries into it
for filename in /mnt/elastic-internal/secure-settings/*; do
[[ -e "$filename" ]] || continue # glob does not match
key=$(basename "$filename")
echo "Adding "$key" to the keystore."
/usr/share/elasticsearch/bin/elasticsearch-keystore add-file "$key" "$filename"
done
echo "Keystore initialization successful."
State: Waiting
Reason: CrashLoopBackOff
Last State: Terminated
Reason: Error
Exit Code: 1
Started: Thu, 16 Jul 2020 07:31:32 +0200
Finished: Thu, 16 Jul 2020 07:31:33 +0200
Ready: False
Restart Count: 14
Logs of the failing init container show the following:
[raulgs@raulgs-xm1 elastic]$ klogs -f pod/elastic-es-data-0 elastic-internal-init-keystore
+ echo 'Initializing keystore.'
+ /usr/share/elasticsearch/bin/elasticsearch-keystore create
Initializing keystore.
Exception in thread "main" java.lang.IllegalStateException: unable to read from standard input; is standard input open and a tty attached?
at org.elasticsearch.cli.Terminal$SystemTerminal.readText(Terminal.java:273)
at org.elasticsearch.cli.Terminal.promptYesNo(Terminal.java:152)
at org.elasticsearch.common.settings.CreateKeyStoreCommand.execute(CreateKeyStoreCommand.java:51)
at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86)
at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:127)
at org.elasticsearch.cli.MultiCommand.execute(MultiCommand.java:91)
at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:127)
at org.elasticsearch.cli.Command.main(Command.java:90)
at org.elasticsearch.common.settings.KeyStoreCli.main(KeyStoreCli.java:43)
Deleting the pod so that it gets re-deployed by k8s fixes the issue.
However, this is only a workaround.
After pod deletion and re-deployment the log of the keystore init container looks like that:
[raulgs@raulgs-xm1 elastic]$ klogs -f pod/elastic-es-data-0 elastic-internal-init-keystore
+ echo 'Initializing keystore.'
+ /usr/share/elasticsearch/bin/elasticsearch-keystore create
Initializing keystore.
Created elasticsearch keystore in /usr/share/elasticsearch/config/elasticsearch.keystore
+ for filename in '/mnt/elastic-internal/secure-settings/*'
+ [[ -e /mnt/elastic-internal/secure-settings/gcs.client.default.credentials_file ]]
++ basename /mnt/elastic-internal/secure-settings/gcs.client.default.credentials_file
+ key=gcs.client.default.credentials_file
+ echo 'Adding gcs.client.default.credentials_file to the keystore.'
+ /usr/share/elasticsearch/bin/elasticsearch-keystore add-file gcs.client.default.credentials_file /mnt/elastic-internal/secure-settings/gcs.client.default.credentials_file
Adding gcs.client.default.credentials_file to the keystore.
+ echo 'Keystore initialization successful.'
Keystore initialization successful.
I suspect this is the underlying cause for the issue you are seeing. When you suspend and resume the cluster in the morning the init containers for the existing Pods are run again. The init-keystore init container script is not expecting repeated runs and the elasticsearch-keystore command will ask for user permission if it encounters an existing keystore in the config directory which causes the error you are seeing.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.