Two cluster member failing to start

Russell_Fulton · October 9, 2024, 2:26am

Version 1.17.12

two members of the my cluster are failing to start with the following error

[2024-10-09T15:17:43,176][ERROR][o.e.b.Bootstrap          ] [secesprd07] node validation exception
[1] bootstrap checks failed. You must address the points described in the following [1] lines before starting Elasticsearch.
bootstrap check failure [1] of [1]: system call filters failed to install; check the logs and fix your configuration or disable system call filters at your own risk

What are "system call filters" ?

config file:

cluster.name: security
cluster.max_shards_per_node: 600
node.name: secesprd07
node.roles: [data_cold]

path.data: /data/elasticsearch/security
path.repo: [/home/elasticsearch/esbackups ]
path.logs: /var/log/elasticsearch/

xpack.security.enabled: true
xpack.security.http.ssl.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.http.ssl.key: /etc/elasticsearch/ssl/privkey.pem
xpack.security.http.ssl.certificate: /etc/elasticsearch/ssl/fullchain.pem
xpack.security.transport.ssl.key: /etc/elasticsearch/ssl/privkey.pem
xpack.security.transport.ssl.certificate: /etc/elasticsearch/ssl/fullchain.pem
xpack.security.transport.ssl.verification_mode: certificate

network.host: [ 0.0.0.0 ]

cluster.routing.allocation.disk.watermark.low: 80%
cluster.routing.allocation.disk.watermark.high: 85%

discovery.seed_hosts: ["secesprd07.its.auckland.ac.nz", "secesprd08.its.auckland.ac.nz", "secesprd09.its.auckland.ac.nz", "secesprd10.its.auckland.ac.nz", "secesprd11.its.auckland.ac.nz"]

dadoonet · October 9, 2024, 4:45am

The documentation says:

Elasticsearch installs system call filters of various flavors depending on the operating system (e.g., seccomp on Linux). These system call filters are installed to prevent the ability to execute system calls related to forking as a defense mechanism against arbitrary code execution attacks on Elasticsearch. The system call filter check ensures that if system call filters are enabled, then they were successfully installed. To pass the system call filter check you must fix any configuration errors on your system that prevented system call filters from installing (check your logs).

Is there anything else in the logs?

BTW I guess you wanted to write 7.17.12. I'd use the latest 7.17 version instead. Or better, use 8.15.2.

Russell_Fulton · October 9, 2024, 8:11am

Thanks David

Which logs should i look for. There i nothing else in the he es logs.

The problem started after the machines had security patches applied (ubuntu). Will try updating to latest 7.x

dadoonet · October 9, 2024, 9:07am

May be share the full logs from the start?

Russell_Fulton · October 11, 2024, 5:37pm

Sigh... I went though the logs line by line and found a disk full error which was causing the one of the tests to fail.

Next time I will post the full logs!

Thanks again!

Topic		Replies	Views
Bootstrap checks failed - no specifics Elasticsearch	2	876	May 30, 2018
Bootstrap.system_call_filter to false not able to configure cluster Elasticsearch	12	10705	September 30, 2017
Elastic Cluster on Azure Cloud - Linux - one server fails to startup while the other is successful Elasticsearch	4	422	August 13, 2020
Bootstrap checks failed, Elastic Cloud on Kubernetes (ECK)	5	4174	December 22, 2021
Elasticsearch.service: Main process exited, code=exited, status=1/FAILURE when setting TLS Elasticsearch elastic-stack-security	5	3027	July 25, 2019

Two cluster member failing to start

Related topics