ELK fails after enabling : readOnlyRootFilesystem in psp:restricted

Mayank_Srivastava · February 28, 2021, 3:28am

Hi , We are running elasticsearch container in k8s environment with root filesystems in read-only mode (readOnlyRootFilesystem: true).
So we tried to enable this and we observed all the three pods of elk fails.

we are getting below errors

root@cb0512-control-0 ~]# kubectl logs belk-belk-elasticsearch-data-0
sed: couldn't open temporary file /etc/elasticsearch/sedVfrQWU: Read-only file system
cp: cannot create regular file '/etc/elasticsearch/certs/client-keystore.jks': Read-only file system
cp: cannot create regular file '/etc/elasticsearch/certs/clientCrtPem': Read-only file system
cp: cannot create regular file '/etc/elasticsearch/certs/clientKeyPem': Read-only file system
cp: cannot create regular file '/etc/elasticsearch/certs/keystore.jks': Read-only file system
cp: cannot create regular file '/etc/elasticsearch/certs/truststore.jks': Read-only file system
rm: cannot remove '/etc/elasticsearch/certs/root.jks': Read-only file system
chmod: changing permissions of '/etc/elasticsearch/certs/root.jks': Read-only file system
chmod: changing permissions of '/etc/elasticsearch/certs': Read-only file system
/usr/share/elasticsearch/bin/elasticsearch-cli: line 7: cannot create temp file for here-document: Read-only file system
Exception in thread "main" java.nio.file.FileSystemException: /tmp/elasticsearch-15899033822709196667: Read-only file system
at java.base/sun.nio.fs.UnixException.translateToIOException(UnixException.java:100)
at java.base/sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:111)
at java.base/sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:116)
at java.base/sun.nio.fs.UnixFileSystemProvider.createDirectory(UnixFileSystemProvider.java:389)
at java.base/java.nio.file.Files.createDirectory(Files.java:689)
at java.base/java.nio.file.TempFileHelper.create(TempFileHelper.java:135)
at java.base/java.nio.file.TempFileHelper.createTempDirectory(TempFileHelper.java:172)
at java.base/java.nio.file.Files.createTempDirectory(Files.java:1006)
at org.elasticsearch.tools.launchers.Launchers.createTempDirectory(Launchers.java:66)
at org.elasticsearch.tools.launchers.TempDirectory.main(TempDirectory.java:54)

Can you please help us on this ?

warkolm · February 28, 2021, 11:34pm

You will need to make your root FS writable.

Mayank_Srivastava · March 2, 2021, 9:07am

There is any configuration to make elasticsearch not write root file system despite it will write in some other file system or in the different file path.Or we can write in emplty directory.

system · March 30, 2021, 9:08am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Getting "Read-only file system" error with Elasticsearch deployment on Kubernetes Elasticsearch docker	0	252	May 3, 2024
Elasticsearch 7.17.7 ReadOnly Root FileSystem/Privileged Container Elasticsearch docker	1	364	December 19, 2022
elasticsearch error: /usr/local/bin/docker-entrypoint.sh: cannot create temp file for here-document: Permission denied Kibana elastic-stack-alerting , docker	1	141	October 21, 2024
ElasticSearch Service Startup Issue Elasticsearch	1	213	September 21, 2023
Elk 6.2.3 starting Elasticsearch Server fails Elasticsearch	3	1195	July 16, 2018

ELK fails after enabling : readOnlyRootFilesystem in psp:restricted

Related topics