说明:max_map_count文件包含限制一个进程可以拥有的VMA(虚拟内存区域)的数量。虚拟内存区域是一个连续的虚拟地址空间区域。在进程的生命周期中,每当程序尝试在内存中映射文件,链接到共享内存段,或者分配堆空间的时候,这些区域将被创建。调优这个值将限制进程可拥有VMA的数量。限制一个进程拥有VMA的总数可能导致应用程序出错,因为当进程达到了VMA上线但又只能释放少量的内存给其他的内核进程使用时,操作系统会抛出内存不足的错误。如果你的操作系统在NORMAL区域仅占用少量的内存,那么调低这个值可以帮助释放内存给内核用。
[SfD5sIh] bound or publishing to a non-loopback or non-link-local address, enforcing bootstrap checks 、
ERROR: bootstrap checks failed
max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]
临时提高了vm.max_map_count的大小,此操作需要root权限:
sudo sysctl -w vm.max_map_count=262144
sysctl -a|grep vm.max_map_count
永久修改vm.max_map_count
解决:切换到root用户修改配置sysctl.conf
vi /etc/sysctl.conf
添加下面配置:
vm.max_map_count=655360
并执行命令:
sysctl -p
然后,重新启动elasticsearch,即可启动成功。
max file descriptors [65535] for elasticsearch process is too low, increase to at least [65536]
编辑/etc/security/limits.conf配置文件,修改以下内容:
* soft nofile 65536
* hard nofile 131072
* soft nproc 2048
* hard nproc 4096
max number of threads [1024] for user [elasticsearch] is too low, increase to at least [2048]
系统默认其它普通用户最多进程默认是1024个,而root用户是 unlimited(不受限制),索引启动使用自定义账号,因此进程数有所限制。修改以下内容 /etc/security/limits.d/90-nproc.conf
* soft nproc 1024
* soft nproc 2048
system call filters failed to install; check the logs and fix your configuration or disable system call filters at your own risk
Your kernel does not support seccomp.
Elasticsearch attempts to utilize seccomp by default (via the setting bootstrap.system_call_filter).
Starting in 5.2.0, if you’re in production mode, bootstrap.system_call_filter is enabled, and initializing seccomp fails, then Elasticsearch will refuse to bootstrap.
You either have to migrate to a kernel that supports seccomp, or disable bootstrap.system_call_filter.
Centos6不支持SecComp,而ES5.2.0默认 bootstrap.system_call_filter为true
禁用:在 elasticsearch.yml 中配置 bootstrap.system_call_filter 为 false,注意要在Memory下面:
bootstrap.memory_lock: false
bootstrap.system_call_filter: false
bound or publishing to a non-loopback or non-link-local address, enforcing bootstrap checks
ERROR: bootstrap checks failed
initial heap size [536870912] not equal to maximum heap size [1073741824]; this can cause resize pauses and prevents mlockall from locking the entire heap
vi config/jvm.options
###-Xms 和 -Xmx需要配置的相等,不然无法启动成功。
-Xms1024m
-Xmx1024m
org.elasticsearch.bootstrap.StartupException: java.lang.RuntimeException: can not run elasticsearch as root
at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:134) ~[elasticsearch-6.0.0.jar:6.0.0]
at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:121) ~[elasticsearch-6.0.0.jar:6.0.0]
at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:69) ~[elasticsearch-6.0.0.jar:6.0.0]
at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:134) ~[elasticsearch-6.0.0.jar:6.0.0]
at org.elasticsearch.cli.Command.main(Command.java:90) ~[elasticsearch-6.0.0.jar:6.0.0]
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:92) ~[elasticsearch-6.0.0.jar:6.0.0]
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:85) ~[elasticsearch-6.0.0.jar:6.0.0]
Caused by: java.lang.RuntimeException: can not run elasticsearch as root
at org.elasticsearch.bootstrap.Bootstrap.initializeNatives(Bootstrap.java:104) ~[elasticsearch-6.0.0.jar:6.0.0]
at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:171) ~[elasticsearch-6.0.0.jar:6.0.0]
at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:322) ~[elasticsearch-6.0.0.jar:6.0.0]
at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:130) ~[elasticsearch-6.0.0.jar:6.0.0]
... 6 more
为了安全禁止使用root用户启动,可以创建其它用户,进行授权后再次启动便可解决。
创建 elsearch 用户组及 elsearch 用户
groupadd es
useradd es -g es -p es
更改 elasticsearch 部署文件夹及内部文件的所属用户及组为 elsearch:elsearch
chown -R es:es elasticsearch
切换elsearch用户,进入索引部署bin目录启动,执行./elasticsearch -d
或 临时使用root账号启动
启动命令添加如下语句:
-Des.insecure.allow.root=true
即
bin/elasticsearch -Des.insecure.allow.root=true
或 默认以root账号启动
或者修改/bin/elasticsearch文件,修改如下语句:
exec"$JAVA"$JAVA_OPTS$ES_JAVA_OPTS -Des.path.home="$ES_HOME" -cp "$ES_CLASSPATH" \
修改为
exec"$JAVA"$JAVA_OPTS$ES_JAVA_OPTS -Des.path.home="$ES_HOME" -Des.insecure.allow.root=true -cp "$ES_CLASSPATH"
\