一、确认问题
-
elasticsearch节点启动失败
-
elasticsearch版本为6.x及以下版本
-
elasticsearch节点集群日志中有类似如下报错
bash[1] bootstrap checks failed [1]: system call filters failed to install; check the logs and fix your configuration or disable system call filters at your own risk [2017-10-25T00:18:40,284][INFO ][o.e.n.Node ] [FHZVpeX] stopping ... [2017-10-25T00:18:40,316][INFO ][o.e.n.Node ] [FHZVpeX] stopped [2017-10-25T00:18:40,316][INFO ][o.e.n.Node ] [FHZVpeX] closing ... [2017-10-25T00:18:40,335][INFO ][o.e.n.Node ] [FHZVpeX] closed
二、处理办法
问题原因
操作系统不支持SecComp的,而ES6.8.1默认bootstrap.system_call_filter为true,执行以下命令确认操作系统是否支持SecComp。如果输出中包含 "seccomp: 2" 或 "seccomp: 1",表示SecComp已经启用并正在运行。如果输出为空或没有提到seccomp,表示SecComp未启用
bash
cat /proc/self/status | grep seccomp处理办法
禁用bootstrap.system_call_filter,修改elasticsearch.yml配置文件中的bootstrap.system_call_filter配置为false,并重启es服务即可
bash
bootstrap.system_call_filter: false