Two cluster member failing to start

Russell_Fulton · October 9, 2024, 2:26am

Version 1.17.12

two members of the my cluster are failing to start with the following error

[2024-10-09T15:17:43,176][ERROR][o.e.b.Bootstrap          ] [secesprd07] node validation exception
[1] bootstrap checks failed. You must address the points described in the following [1] lines before starting Elasticsearch.
bootstrap check failure [1] of [1]: system call filters failed to install; check the logs and fix your configuration or disable system call filters at your own risk

What are "system call filters" ?

config file:

cluster.name: security
cluster.max_shards_per_node: 600
node.name: secesprd07
node.roles: [data_cold]

path.data: /data/elasticsearch/security
path.repo: [/home/elasticsearch/esbackups ]
path.logs: /var/log/elasticsearch/

xpack.security.enabled: true
xpack.security.http.ssl.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.http.ssl.key: /etc/elasticsearch/ssl/privkey.pem
xpack.security.http.ssl.certificate: /etc/elasticsearch/ssl/fullchain.pem
xpack.security.transport.ssl.key: /etc/elasticsearch/ssl/privkey.pem
xpack.security.transport.ssl.certificate: /etc/elasticsearch/ssl/fullchain.pem
xpack.security.transport.ssl.verification_mode: certificate

network.host: [ 0.0.0.0 ]

cluster.routing.allocation.disk.watermark.low: 80%
cluster.routing.allocation.disk.watermark.high: 85%

discovery.seed_hosts: ["secesprd07.its.auckland.ac.nz", "secesprd08.its.auckland.ac.nz", "secesprd09.its.auckland.ac.nz", "secesprd10.its.auckland.ac.nz", "secesprd11.its.auckland.ac.nz"]

dadoonet · October 9, 2024, 4:45am

The documentation says:

Elasticsearch installs system call filters of various flavors depending on the operating system (e.g., seccomp on Linux). These system call filters are installed to prevent the ability to execute system calls related to forking as a defense mechanism against arbitrary code execution attacks on Elasticsearch. The system call filter check ensures that if system call filters are enabled, then they were successfully installed. To pass the system call filter check you must fix any configuration errors on your system that prevented system call filters from installing (check your logs).

Is there anything else in the logs?

BTW I guess you wanted to write 7.17.12. I'd use the latest 7.17 version instead. Or better, use 8.15.2.

Russell_Fulton · October 9, 2024, 8:11am

Thanks David

Which logs should i look for. There i nothing else in the he es logs.

The problem started after the machines had security patches applied (ubuntu). Will try updating to latest 7.x

dadoonet · October 9, 2024, 9:07am

May be share the full logs from the start?

Russell_Fulton · October 11, 2024, 5:37pm

Sigh... I went though the logs line by line and found a disk full error which was causing the one of the tests to fail.

Next time I will post the full logs!

Thanks again!

Topic		Replies	Views
Bootstrap checks failed - no specifics Elasticsearch	2	871	May 30, 2018
Bootstrap.system_call_filter to false not able to configure cluster Elasticsearch	12	10686	September 30, 2017
How to get logs for system call filters failed to install Elasticsearch	6	6144	July 12, 2019
Unable to create elk cluster due to Node validation error Elasticsearch elastic-stack-alerting	5	1173	October 16, 2023
Elasticsearch - start checks failing as rootless containers Elasticsearch elastic-stack-security , docker	4	271	June 18, 2024

Two cluster member failing to start

Related Topics