Elasticsearch 启动失败:需要 CONFIG_SECCOMP 和 CONFIG_SECCOMP_FILTER

Elasticsearch fails to start: CONFIG_SECCOMP and CONFIG_SECCOMP_FILTER are needed

我已尝试启动 Elasticsearch,failed.I已检查日志并收到以下错误:

[...][WARN ][o.e.b.JNANatives         ] unable to install syscall filter:
java.lang.UnsupportedOperationException: seccomp unavailable: CONFIG_SECCOMP not compiled into kernel, CONFIG_SECCOMP and CONFIG_SECCOMP_FILTER are needed
at org.elasticsearch.bootstrap.SystemCallFilter.linuxImpl(SystemCallFilter.java:342) ~[elasticsearch-5.6.9.jar:5.6.9]
at org.elasticsearch.bootstrap.SystemCallFilter.init(SystemCallFilter.java:617) ~[elasticsearch-5.6.9.jar:5.6.9]
at org.elasticsearch.bootstrap.JNANatives.tryInstallSystemCallFilter(JNANatives.java:258) [elasticsearch-5.6.9.jar:5.6.9]
at org.elasticsearch.bootstrap.Natives.tryInstallSystemCallFilter(Natives.java:113) [elasticsearch-5.6.9.jar:5.6.9]
at org.elasticsearch.bootstrap.Bootstrap.initializeNatives(Bootstrap.java:111) [elasticsearch-5.6.9.jar:5.6.9]
at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:195) [elasticsearch-5.6.9.jar:5.6.9]
at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:342) [elasticsearch-5.6.9.jar:5.6.9]
at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:132) [elasticsearch-5.6.9.jar:5.6.9]
at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:123) [elasticsearch-5.6.9.jar:5.6.9]
at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:70) [elasticsearch-5.6.9.jar:5.6.9]
at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:134) [elasticsearch-5.6.9.jar:5.6.9]
at org.elasticsearch.cli.Command.main(Command.java:90) [elasticsearch-5.6.9.jar:5.6.9]
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:91) [elasticsearch-5.6.9.jar:5.6.9]
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:84) [elasticsearch-5.6.9.jar:5.6.9]

为什么会这样?

我该如何处理?

之所以会出现这个错误是因为你没有在elasticsearch.yml

中设置下面的参数 
bootstrap.system_call_filter: false

表示您知道 seccomp 安全功能已下线。

这引出了另一个问题...

If the SecComp feature is offline, can I use the Elasticsearch security features? or not?

我一直在寻找答案,直到我从 Elasticsearch 本身得到了答案:

Disabling the bootstrap.system_call_filter does not have an effect in the rest of the stack. This check were meant to prevent scenarios when SecComp is silently not initialized yet configured to be initialized - i.e, to prevent that we start Elasticsearch under conditions not wanted by the OS admins.

这意味着您需要做的就是在elasticsearch.yml中设置配置:

bootstrap.system_call_filter: false

并让您的 DevOps 知道 Elasticsearch 与禁用的 SecComp 一起工作。