Home Explore Help
Sign In
lqb
/
elasticsearch
mirror of https://gitee.com/mirrors/elasticsearch.git
1
0
Fork 0
Files Issues 0 Wiki
Tree: fcb01deb34
Branches Tags
elasticsearch
/
docs
/
reference
/
setup
/
bootstrap-checks.asciidoc

bootstrap-checks.asciidoc 8.2 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158 
  1. [[bootstrap-checks]]
    2. 

  2. == Bootstrap Checks
    3. 

  3. 

  4. Collectively, we have a lot of experience with users suffering
    5. 

  5. unexpected issues because they have not configured
    6. 

  6. <<important-settings,important settings>>. In previous versions of
    7. 

  7. Elasticsearch, misconfiguration of some of these settings were logged
    8. 

  8. as warnings. Understandably, users sometimes miss these log messages.
    9. 

  9. To ensure that these settings receive the attention that they deserve,
    10. 

  10. Elasticsearch has bootstrap checks upon startup.
    11. 

  11. 

  12. These bootstrap checks inspect a variety of Elasticsearch and system
    13. 

  13. settings and compare them to values that are safe for the operation of
    14. 

  14. Elasticsearch. If Elasticsearch is in development mode, any bootstrap
    15. 

  15. checks that fail appear as warnings in the Elasticsearch log. If
    16. 

  16. Elasticsearch is in production mode, any bootstrap checks that fail will
    17. 

  17. cause Elasticsearch to refuse to start.
    18. 

  18. 

  19. There are some bootstrap checks that are always enforced to prevent
    20. 

  20. Elasticsearch from running with incompatible settings. These checks are
    21. 

  21. documented individually.
    22. 

  22. 

  23. [float]
    24. 

  24. === Development vs. production mode
    25. 

  25. 

  26. By default, Elasticsearch binds and publishes to `localhost`. This is
    27. 

  27. fine for downloading and playing with Elasticsearch, and everyday
    28. 

  28. development but it's useless for production systems. For a production
    29. 

  29. installation to be reachable, it must either bind or publish to an
    30. 

  30. external interface. Thus, we consider Elasticsearch to be in development
    31. 

  31. mode if it does not bind nor publish to an external interface (the
    32. 

  32. default), and is otherwise in production mode if it does bind or publish
    33. 

  33. to an external interface.
    34. 

  34. 

  35. === Heap size check
    36. 

  36. 

  37. If a JVM is started with unequal initial and max heap size, it can be
    38. 

  38. prone to pauses as the JVM heap is resized during system usage. To avoid
    39. 

  39. these resize pauses, it's best to start the JVM with the initial heap
    40. 

  40. size equal to the maximum heap size. Additionally, if
    41. 

  41. <<bootstrap.memory_lock,`bootstrap.memory_lock`>> is enabled, the JVM will
    42. 

  42. lock the initial size of the heap on startup. If the initial heap size
    43. 

  43. is not equal to the maximum heap size, after a resize it will not be the
    44. 

  44. case that all of the JVM heap is locked in memory. To pass the heap size
    45. 

  45. check, you must configure the <<heap-size,heap size>>.
    46. 

  46. 

  47. 

  48. === File descriptor check
    49. 

  49. 

  50. File descriptors are a Unix construct for tracking open "files". In Unix
    51. 

  51. though, https://en.wikipedia.org/wiki/Everything_is_a_file[everything is
    52. 

  52. a file]. For example, "files" could be a physical file, a virtual file
    53. 

  53. (e.g., `/proc/loadavg`), or network sockets. Elasticsearch requires
    54. 

  54. lots file descriptors (e.g., every shard is composed of multiple
    55. 

  55. segments and other files, plus connections to other nodes, etc.). This
    56. 

  56. bootstrap check is enforced on OS X and Linux. To pass the file
    57. 

  57. descriptor check, you might have to configure <<file-descriptors,file
    58. 

  58. descriptors>>.
    59. 

  59. 

  60. === Memory lock check
    61. 

  61. 

  62. When the JVM does a major garbage collection it touches every page of
    63. 

  63. the heap. If any of those pages are swapped out to disk they will have
    64. 

  64. to be swapped back in to memory. That causes lots of disk thrashing that
    65. 

  65. Elasticsearch would much rather use to service requests. There are
    66. 

  66. several ways to configure a system to disallow swapping. One way is by
    67. 

  67. requesting the JVM to lock the heap in memory through `mlockall` (Unix)
    68. 

  68. or virtual lock (Windows). This is done via the Elasticsearch setting
    69. 

  69. <<bootstrap.memory_lock,`bootstrap.memory_lock`>>. However, there are cases
    70. 

  70. where this setting can be passed to Elasticsearch but Elasticsearch is
    71. 

  71. not able to lock the heap (e.g., if the `elasticsearch` user does not
    72. 

  72. have `memlock unlimited`). The memory lock check verifies that *if* the
    73. 

  73. `bootstrap.memory_lock` setting is enabled, that the JVM was successfully
    74. 

  74. able to lock the heap. To pass the memory lock check, you might have to
    75. 

  75. configure <<mlockall,`mlockall`>>.
    76. 

  76. 

  77. === Maximum number of threads check
    78. 

  78. 

  79. Elasticsearch executes requests by breaking the request down into stages
    80. 

  80. and handing those stages off to different thread pool executors. There
    81. 

  81. are different <<modules-threadpool,thread pool executors>> for a variety
    82. 

  82. of tasks within Elasticsearch. Thus, Elasticsearch needs the ability to
    83. 

  83. create a lot of threads. The maximum number of threads check ensures
    84. 

  84. that the Elasticsearch process has the rights to create enough threads
    85. 

  85. under normal use. This check is enforced only on Linux. If you are on
    86. 

  86. Linux, to pass the maximum number of threads check, you must configure
    87. 

  87. your system to allow the Elasticsearch process the ability to create at
    88. 

  88. least 2048 threads. This can be done via `/etc/security/limits.conf`
    89. 

  89. using the `nproc` setting (note that you might have to increase the
    90. 

  90. limits for the `root` user too).
    91. 

  91. 

  92. [[max-size-virtual-memory-check]]
    93. 

  93. === Maximum size virtual memory check
    94. 

  94. 

  95. Elasticsearch and Lucene use `mmap` to great effect to map portions of
    96. 

  96. an index into the Elasticsearch address space. This keeps certain index
    97. 

  97. data off the JVM heap but in memory for blazing fast access. For this to
    98. 

  98. be effective, the Elasticsearch should have unlimited address space. The
    99. 

  99. maximum size virtual memory check enforces that the Elasticsearch
    100. 

  100. process has unlimited address space and is enforced only on Linux. To
    101. 

  101. pass the maximum size virtual memory check, you must configure your
    102. 

  102. system to allow the Elasticsearch process the ability to have unlimited
    103. 

  103. address space. This can be done via `/etc/security/limits.conf` using
    104. 

  104. the `as` setting to `unlimited` (note that you might have to increase
    105. 

  105. the limits for the `root` user too).
    106. 

  106. 

  107. === Maximum map count check
    108. 

  108. 

  109. Continuing from the previous <<max-size-virtual-memory-check,point>>, to
    110. 

  110. use `mmap` effectively, Elasticsearch also requires the ability to
    111. 

  111. create many memory-mapped areas. The maximum map count check checks that
    112. 

  112. the kernel allows a process to have at least 262,144 memory-mapped areas
    113. 

  113. and is enforced on Linux only. To pass the maximum map count check, you
    114. 

  114. must configure `vm.max_map_count` via `sysctl` to be at least `262144`.
    115. 

  115. 

  116. === Client JVM check
    117. 

  117. 

  118. There are two different JVMs provided by OpenJDK-derived JVMs: the
    119. 

  119. client JVM and the server JVM. These JVMs use different compilers for
    120. 

  120. producing executable machine code from Java bytecode. The client JVM is
    121. 

  121. tuned for startup time and memory footprint while the server JVM is
    122. 

  122. tuned for maximizing performance. The difference in performance between
    123. 

  123. the two VMs can be substantial. The client JVM check ensures that
    124. 

  124. Elasticsearch is not running inside the client JVM. To pass the client
    125. 

  125. JVM check, you must start Elasticsearch with the server VM. On modern
    126. 

  126. systems and operating systems, the server VM is the
    127. 

  127. default. Additionally, Elasticsearch is configured by default to force
    128. 

  128. the server VM.
    129. 

  129. 

  130. === Use serial collector check
    131. 

  131. 

  132. There are various garbage collectors for the OpenJDK-derived JVMs targeting
    133. 

  133. different workloads. The serial collector in particular is best suited for
    134. 

  134. single logical CPU machines or extremely small heaps, neither of which are
    135. 

  135. suitable for running Elasticsearch. Using the serial collector with
    136. 

  136. Elasticsearch can be devastating for performance. The serial collector check
    137. 

  137. ensures that Elasticsearch is not configured to run with the serial
    138. 

  138. collector. To pass the serial collector check, you must not start Elasticsearch
    139. 

  139. with the serial collector (whether it's from the defaults for the JVM that
    140. 

  140. you're using, or you've explicitly specified it with `-XX:+UseSerialGC`). Note
    141. 

  141. that the default JVM configuration that ship with Elasticsearch configures
    142. 

  142. Elasticsearch to use the CMS collector.
    143. 

  143. 

  144. === OnError and OnOutOfMemoryError checks
    145. 

  145. 

  146. The JVM options `OnError` and `OnOutOfMemoryError` enable executing
    147. 

  147. arbitrary commands if the JVM encounters a fatal error (`OnError`) or an
    148. 

  148. `OutOfMemoryError` (`OnOutOfMemoryError`). However, by default,
    149. 

  149. Elasticsearch system call filters (seccomp) are enabled and these
    150. 

  150. filters prevent forking. Thus, using `OnError` or `OnOutOfMemoryError`
    151. 

  151. and system call filters are incompatible. The `OnError` and
    152. 

  152. `OnOutOfMemoryError` checks prevent Elasticsearch from starting if
    153. 

  153. either of these JVM options are used and system call filters are
    154. 

  154. enabled. This check is always enforced. To pass this check do not enable
    155. 

  155. `OnError` nor `OnOutOfMemoryError`; instead, upgrade to Java 8u92 and
    156. 

  156. use the JVM flag `ExitOnOutOfMemoryError`. While this does not have the
    157. 

  157. full capabilities of `OnError` nor `OnOutOfMemoryError`, arbitrary
    158. 

  158. forking will not be supported with seccomp enabled.
    159.