-
Notifications
You must be signed in to change notification settings - Fork 1.9k
Cannot mount elasticsearch keystore in pod, device busy #90
Comments
It looks like you did everything right to me. Can you give me the output of the following commands: You can attach into one of the containers by running
Could you also give me the following:
|
I'm also running into this same issue after following the instructions for using the keystore in the readme - created the same way as in this issue. This is running on GKE 1.11.8-gke-6 and I'm not seeing anything of note in Full error log from the container is:
|
@ofaz Thanks for the report! Could you give me the following information to try to reproduce it:
|
I just bumped one of our internal clusters to use 7.1.0 and got the same error. So this seems to be an issue with how 7.1.0 is accessing the keystore differently to previous releases. No need to send anymore debug information now that I can reproduce it. |
Well that was a fun journey. I found it though! In elastic/elasticsearch#41701 the internal format for the keystore was bumped from version 3 to version 4. On startup Elasticsearch notices this and attempts to upgrade the format of the keystore. All mounted secrets and configmaps in Kubernetes are always readonly. So when it tries to make the change you get the error as seen above. So the fix is to either:
|
Hi, |
@JanKowalik if it really was made with the same version than this sounds like a different issue. Can you give me the exact commands you used to create the keystore and the output of |
I will try it again to make sure and if it does not work I will provide the information you are sking for. |
It did not work this time too. I used helm chart to generate manifests only. I can attach the manifest files and values I used if that helps? elasticsearch-master-nodes.txt I did not include secrets here and The error message I get:
|
@JanKowalik Thank you for providing the extra details. I think that the issue you are running into is because you have the You want to add it with:
Once #154 is finished off there won't be any need to manually create and update the keystore anymore. |
Yeah, I did not add the bootstrap.password. I did not think it was necessary if I am using the default password. Thank you for your help! |
Nearly works. But I think this is a different problem now.
|
Which version of Elasticsearch are your running? In the manifest output I see the image is |
It uses version 6.8.1 |
To be clear, the |
It is all working fine now. I deleted everything and recreated a cluster from scratch and it worked. I tried scaling everything down to 0 and then back up, but it did not help. Not sure why. After that all nodes had authentication errors. Maybe adding bootstrap.password to an existing cluster is not advisable. Thank you for your time and help. |
I have an issue with kibana-keystore if mounted as k8s secret now.
@Crazybus: Shall I open another ticket for that? |
Closes: #90 Adds a kubernetes native way to add strings and files to the Elasticsearch keystore. Previously you needed to manually create the keystore and upload it as a secret. There were a couple of issues with this approach. 1. The Elasticsearch keystore has an internal version for the format. If this is changed it meant needing to recreate each keystore again. 2. If you wanted to add a single new value it meant recreating the entire keystore again
Yes please! If I'm honest I have never actually used the keystore for Kibana with the helm-charts. My bet is that its going to be failing for the same issue as Elasticsearch (docker image trying to automatically add the |
The changes in #90 will also be ported to the other charts which will make this a lot easier to manage. |
Closes: #90 Adds a kubernetes native way to add strings and files to the Elasticsearch keystore. Previously you needed to manually create the keystore and upload it as a secret. There were a couple of issues with this approach. 1. The Elasticsearch keystore has an internal version for the format. If this is changed it meant needing to recreate each keystore again. 2. If you wanted to add a single new value it meant recreating the entire keystore again
Closes: #90 Adds a kubernetes native way to add strings and files to the Elasticsearch keystore. Previously you needed to manually create the keystore and upload it as a secret. There were a couple of issues with this approach. 1. The Elasticsearch keystore has an internal version for the format. If this is changed it meant needing to recreate each keystore again. 2. If you wanted to add a single new value it meant recreating the entire keystore again
I'm trying to mount the elasticsearch keystore per the documentation but I keep getting the error below. I've verified the the elasticsearch keystore file is valid (by adding it to a test continer and testing the values).
Error:
Exception in thread "main" java.nio.file.FileSystemException: /usr/share/elasticsearch/config/elasticsearch.keystore.tmp /usr/share/elasticsearch/config/elasticsearch.keystore: Device or resource busy
Steps taken:
Command to create the secret:
kubectl create secret generic elasticsearch-keystore --from-file=./elasticsearch.keystore
SecretMounts in my yaml configuration:
Is there something I am missing?
The text was updated successfully, but these errors were encountered: