溫馨提示×

您好,登錄后才能下訂單哦!

密碼登錄×
登錄注冊(cè)×
其他方式登錄
點(diǎn)擊 登錄注冊(cè) 即表示同意《億速云用戶服務(wù)條款》

Elasticsearch啟動(dòng)分析與問(wèn)題解決-bootstrap checks

發(fā)布時(shí)間:2020-07-21 18:13:25 來(lái)源:網(wǎng)絡(luò) 閱讀:10658 作者:xpleaf 欄目:大數(shù)據(jù)

[TOC]

0 說(shuō)明

使用的es版本為5.6,Linux版本為CentOs 6.5.

1 Elasticsearch bootstrap checks

1.1 開發(fā)環(huán)境

如果在es的配置中沒(méi)有配置network.host來(lái)指定一個(gè)可用的IP地址的話,默認(rèn)情況下,就綁定到localhost上,此時(shí)es會(huì)認(rèn)為用戶只是在開發(fā)環(huán)境下使用es,基于開箱即用的原則,雖然es此時(shí)也會(huì)進(jìn)行bootstrap checks,來(lái)檢查用戶的配置是否與es設(shè)定的安全值相匹配,如下:

  • 如果匹配,則不會(huì)有warnning信息,此時(shí)es正常啟動(dòng);
  • 如果不匹配,則會(huì)有warnning信息,但因?yàn)槭情_發(fā)環(huán)境,es依然會(huì)正常啟動(dòng);

1.2 生產(chǎn)環(huán)境

一旦用戶配置了network.host來(lái)指定一個(gè)可用的非loopback地址,那么es就會(huì)認(rèn)為用戶此時(shí)是在生產(chǎn)環(huán)境下啟動(dòng)es,同樣會(huì)進(jìn)行檢查,但一旦檢查不通過(guò),直接會(huì)將前面的warnning提升為error,所以此時(shí)es會(huì)啟動(dòng)失敗。

2 開發(fā)環(huán)境啟動(dòng)時(shí)的bootstrap checks分析

不配置network.host時(shí),直接啟動(dòng)es,會(huì)有下面的warnning:

[2018-12-07T04:15:44,735][INFO ][o.e.d.DiscoveryModule    ] [PQ85ukj] using discovery type [zen]
[2018-12-07T04:15:45,702][INFO ][o.e.n.Node               ] initialized
[2018-12-07T04:15:45,703][INFO ][o.e.n.Node               ] [PQ85ukj] starting ...
[2018-12-07T04:15:46,071][INFO ][o.e.t.TransportService   ] [PQ85ukj] publish_address {127.0.0.1:9300}, bound_addresses {[::1]:9300}, {127.0.0.1:9300}
[2018-12-07T04:15:46,090][WARN ][o.e.b.BootstrapChecks    ] [PQ85ukj] max file descriptors [4096] for elasticsearch process is too low, increase to at least [65536]
[2018-12-07T04:15:46,090][WARN ][o.e.b.BootstrapChecks    ] [PQ85ukj] max number of threads [1024] for user [hadoop] is too low, increase to at least [2048]
[2018-12-07T04:15:46,090][WARN ][o.e.b.BootstrapChecks    ] [PQ85ukj] max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]
[2018-12-07T04:15:46,090][WARN ][o.e.b.BootstrapChecks    ] [PQ85ukj] system call filters failed to install; check the logs and fix your configuration or disable system call filters at your own risk
[2018-12-07T04:15:49,269][INFO ][o.e.c.s.ClusterService   ] [PQ85ukj] new_master {PQ85ukj}{PQ85ukjdSoeVEpSpByAjMw}{Dbb3lzTWTN-eUEKXO8z-sw}{127.0.0.1}{127.0.0.1:9300}, reason: zen-disco-elected-as-master ([0] nodes joined)
[2018-12-07T04:15:49,313][INFO ][o.e.h.n.Netty4HttpServerTransport] [PQ85ukj] publish_address {127.0.0.1:9200}, bound_addresses {[::1]:9200}, {127.0.0.1:9200}
[2018-12-07T04:15:49,313][INFO ][o.e.n.Node               ] [PQ85ukj] started
[2018-12-07T04:15:49,553][INFO ][o.e.g.GatewayService     ] [PQ85ukj] recovered [0] indices into cluster_state

提取其waarnning信息,如下:

文件描述符:
max file descriptors [4096] for elasticsearch process is too low, increase to at least [65536]

線程數(shù):
 max number of threads [1024] for user [hadoop] is too low, increase to at least [2048]

 虛擬內(nèi)存:
 max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]

 system call filters:
 system call filters failed to install; check the logs and fix your configuration or disable system call filters at your own risk

可以看到有4個(gè)問(wèn)題,分別為:文件描述符、線程數(shù)、虛擬內(nèi)存與system call filters。

雖然有warnning,但因?yàn)閑s本身會(huì)認(rèn)為是在開發(fā)環(huán)境下運(yùn)行,基于開箱即用的特性,是仍然可以正常啟動(dòng)的。

3 生產(chǎn)環(huán)境啟動(dòng)時(shí)的bootstrap checks分析

綁定IP地址后再啟動(dòng),發(fā)現(xiàn)有下面的報(bào)錯(cuò)信息:

ERROR: [4] bootstrap checks failed
[1]: max file descriptors [4096] for elasticsearch process is too low, increase to at least [65536]
[2]: max number of threads [1024] for user [hadoop] is too low, increase to at least [2048]
[3]: max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]
[4]: system call filters failed to install; check the logs and fix your configuration or disable system call filters at your own risk

直接error,所以會(huì)啟動(dòng)失敗,除非進(jìn)行上面的設(shè)置符合安全要求。

4 生產(chǎn)環(huán)境正常啟動(dòng)配置

解決上面出現(xiàn)的問(wèn)題,需要進(jìn)行如下的配置。

4.1 文件描述符

  • 臨時(shí)修改:
 ulimit -n 65536

但是重新登錄后就會(huì)恢復(fù)成默認(rèn)值了。

  • 永久修改

修改/etc/security/limits.conf配置,如下:

hadoop          soft    nofile  65536   # soft表示為超過(guò)這個(gè)值就會(huì)有warnning
hadoop          hadr    nofile  100000  # hard則表示不能超過(guò)這個(gè)值

之后再重新登錄,使用ulimit -n就可以進(jìn)行驗(yàn)證。

4.2 線程數(shù)

修改/etc/security/limits.conf配置,如下:

hadoop          soft    nproc   2048
hadoop          hard    nproc   4096

實(shí)際上,該配置文件對(duì)于nproc的說(shuō)明為進(jìn)程數(shù),而不是線程數(shù):

#<domain>      <type>  <item>         <value>
                                                                                                   39,1          41%
# /etc/security/limits.conf
#
#Each line describes a limit for a user in the form:
#
#<domain>        <type>  <item>  <value>
#
#Where:
#<domain> can be:
#        - an user name
#        - a group name, with @group syntax
#        - the wildcard *, for default entry
#        - the wildcard %, can be also used with %group syntax,
#                 for maxlogin limit
#
#<type> can have the two values:
#        - "soft" for enforcing the soft limits
#        - "hard" for enforcing hard limits
#
#<item> can be one of the following:
#        - core - limits the core file size (KB)
#        - data - max data size (KB)
#        - fsize - maximum filesize (KB)
#        - memlock - max locked-in-memory address space (KB)
#        - nofile - max number of open files
#        - rss - max resident set size (KB)
#        - stack - max stack size (KB)
#        - cpu - max CPU time (MIN)
#        - nproc - max number of processes
#        - as - address space limit (KB)
#        - maxlogins - max number of logins for this user
#        - maxsyslogins - max number of logins on the system
#        - priority - the priority to run user process with
#        - locks - max number of file locks the user can hold
#        - sigpending - max number of pending signals
#        - msgqueue - max memory used by POSIX message queues (bytes)
#        - nice - max nice priority allowed to raise to values: [-20, 19]
#        - rtprio - max realtime priority
#
#<domain>      <type>  <item>         <value>
#

#*               soft    core            0
#*               hard    rss             10000

4.3 虛擬內(nèi)存

  • 查看當(dāng)前值
sysctl vm.max_map_count
  • 臨時(shí)設(shè)置
sysctl -w vm.max_map_count=262144

但是重啟系統(tǒng)后就會(huì)失效。

  • 永久性設(shè)置

修改配置文件/etc/sysctl.conf,如下:

vm.max_map_count=262144

需要重啟后才生效。

4.4 system call filters

  • 原因
    這是在因?yàn)镃entos6不支持SecComp,而ES5.4.0默認(rèn)bootstrap.system_call_filter為true進(jìn)行檢測(cè),所以導(dǎo)致檢測(cè)失敗,失敗后直接導(dǎo)致ES不能啟動(dòng)。

  • 解決
    在elasticsearch.yml中配置bootstrap.system_call_filter為false,注意要在Memory下面:
    bootstrap.memory_lock: false
    bootstrap.system_call_filter: false

參考:https://www.jianshu.com/p/89f8099a6d09

向AI問(wèn)一下細(xì)節(jié)

免責(zé)聲明:本站發(fā)布的內(nèi)容(圖片、視頻和文字)以原創(chuàng)、轉(zhuǎn)載和分享為主,文章觀點(diǎn)不代表本網(wǎng)站立場(chǎng),如果涉及侵權(quán)請(qǐng)聯(lián)系站長(zhǎng)郵箱:is@yisu.com進(jìn)行舉報(bào),并提供相關(guān)證據(jù),一經(jīng)查實(shí),將立刻刪除涉嫌侵權(quán)內(nèi)容。

AI