Two cluster member failing to start

Version 1.17.12

two members of the my cluster are failing to start with the following error

[2024-10-09T15:17:43,176][ERROR][o.e.b.Bootstrap          ] [secesprd07] node validation exception
[1] bootstrap checks failed. You must address the points described in the following [1] lines before starting Elasticsearch.
bootstrap check failure [1] of [1]: system call filters failed to install; check the logs and fix your configuration or disable system call filters at your own risk

What are "system call filters" ?

config file:

cluster.name: security
cluster.max_shards_per_node: 600
node.name: secesprd07
node.roles: [data_cold]

path.data: /data/elasticsearch/security
path.repo: [/home/elasticsearch/esbackups ]
path.logs: /var/log/elasticsearch/

xpack.security.enabled: true
xpack.security.http.ssl.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.http.ssl.key: /etc/elasticsearch/ssl/privkey.pem
xpack.security.http.ssl.certificate: /etc/elasticsearch/ssl/fullchain.pem
xpack.security.transport.ssl.key: /etc/elasticsearch/ssl/privkey.pem
xpack.security.transport.ssl.certificate: /etc/elasticsearch/ssl/fullchain.pem
xpack.security.transport.ssl.verification_mode: certificate

network.host: [ 0.0.0.0 ]

cluster.routing.allocation.disk.watermark.low: 80%
cluster.routing.allocation.disk.watermark.high: 85%

discovery.seed_hosts: ["secesprd07.its.auckland.ac.nz", "secesprd08.its.auckland.ac.nz", "secesprd09.its.auckland.ac.nz", "secesprd10.its.auckland.ac.nz", "secesprd11.its.auckland.ac.nz"]

The documentation says:

Elasticsearch installs system call filters of various flavors depending on the operating system (e.g., seccomp on Linux). These system call filters are installed to prevent the ability to execute system calls related to forking as a defense mechanism against arbitrary code execution attacks on Elasticsearch. The system call filter check ensures that if system call filters are enabled, then they were successfully installed. To pass the system call filter check you must fix any configuration errors on your system that prevented system call filters from installing (check your logs).

Is there anything else in the logs?

BTW I guess you wanted to write 7.17.12. I'd use the latest 7.17 version instead. Or better, use 8.15.2.

Thanks David

Which logs should i look for. There i nothing else in the he es logs.

The problem started after the machines had security patches applied (ubuntu). Will try updating to latest 7.x

May be share the full logs from the start?

Sigh... I went though the logs line by line and found a disk full error which was causing the one of the tests to fail.

Next time I will post the full logs!

Thanks again!

1 Like