Tag Archives: ElasticSearch startup error

[Solved] ElasticSearch Startup Error: error updating geoip database

Problem Description:

Error when launching elasticsearch:
error updating geoip database

[2021-12-22T21:07:11,944][INFO ][o.e.i.g.GeoIpDownloader  ] [DESKTOP-5JGQJR8] updating geoip database [GeoLite2-ASN.mmdb]
[2021-12-22T21:07:13,022][ERROR][o.e.i.g.GeoIpDownloader  ] [DESKTOP-5JGQJR8] error updating geoip database [GeoLite2-ASN.mmdb]
org.elasticsearch.cluster.block.ClusterBlockException: index [.geoip_databases] blocked by: [TOO_MANY_REQUESTS/12/disk usage exceeded flood-stage watermark, index has read-only-allow-delete block];

Cause analysis:

This is a bug


Solution:

Add the following configuration to elasticsearch.yml:

ingest.geoip.downloader.enabled: false

Turn off geoip database updates

Elasticsearch Startup Error: unable to install syscall filter: java.lang.UnsupportedOperationException: seccomp

Error Message:

[2021-09-12T10:40:53,855][WARN ][o.e.b.JNANatives         ] [DESKTOP-BPG73KH] unable to install syscall filter:
java.lang.UnsupportedOperationException: seccomp unavailable: CONFIG_SECCOMP not compiled into kernel, CONFIG_SECCOMP and CONFIG_SECCOMP_FILTER are needed
        at org.elasticsearch.bootstrap.SystemCallFilter.linuxImpl(SystemCallFilter.java:342) ~[elasticsearch-7.7.0.jar:7.7.0]
        at org.elasticsearch.bootstrap.SystemCallFilter.init(SystemCallFilter.java:617) ~[elasticsearch-7.7.0.jar:7.7.0]        at org.elasticsearch.bootstrap.JNANatives.tryInstallSystemCallFilter(JNANatives.java:260) [elasticsearch-7.7.0.jar:7.7.0]
        at org.elasticsearch.bootstrap.Natives.tryInstallSystemCallFilter(Natives.java:113) [elasticsearch-7.7.0.jar:7.7.0]
        at org.elasticsearch.bootstrap.Bootstrap.initializeNatives(Bootstrap.java:116) [elasticsearch-7.7.0.jar:7.7.0]
        at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:178) [elasticsearch-7.7.0.jar:7.7.0]
        at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:393) [elasticsearch-7.7.0.jar:7.7.0]
        at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:170) [elasticsearch-7.7.0.jar:7.7.0]
        at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:161) [elasticsearch-7.7.0.jar:7.7.0]
        at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86) [elasticsearch-7.7.0.jar:7.7.0]
        at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:127) [elasticsearch-cli-7.7.0.jar:7.7.0]
        at org.elasticsearch.cli.Command.main(Command.java:90) [elasticsearch-cli-7.7.0.jar:7.7.0]
        at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:126) [elasticsearch-7.7.0.jar:7.7.0]
        at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:92) [elasticsearch-7.7.0.jar:7.7.0]

Solution:

Problem reason: because centos6 does not support seccomp, es5.2.1 defaults to bootstrap.system_call_filter is true for detection, so the detection fails. After the failure, the ES cannot be started directly. See: https://github.com/elastic/elasticsearch/issues/22899

Solution: configure bootstrap.system in elasticsearch. YML _ call_ If the filter is false, note that it should be under memory:

bootstrap.memory_lock: false
bootstrap.system_call_filter: false

[Solved] ElasticSearch startup error: bootstrap checks failed

Modify the elasticsearch.yml configuration file to allow external network access.

vim config/elasticsearch.yml
# add

network.host: 0.0.0.0

Start failed, check did not pass, report error

[2018-05-18T17:44:59,658][INFO ][o.e.b.BootstrapChecks    ] [gFOuNlS] bound or publishing to a non-loopback address, enforcing bootstrap checks
ERROR: [2] bootstrap checks failed
[1]: max file descriptors [4096] for elasticsearch process is too low, increase to at least [65536]

[2]: max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]

 

 

[1]: max file descriptors [65535] for elasticsearch process is too low, increase to at least [65536]

Edit /etc/security/limits.conf and add the following content;
* soft nofile 65536
* hard nofile 65536 After
this file is modified, you need to log in to the user again to take effect

 

[2]: max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]

Edit /etc/sysctl.conf and add the following content:
vm.max_map_count=655360
After saving, execute:

sysctl -p

Restart, success.

 

bin/elasticsearch