diff --git a/ELK/elasticsearch/defaults/main.yml b/ELK/elasticsearch/defaults/main.yml index 4dade064..edaf36c8 100644 --- a/ELK/elasticsearch/defaults/main.yml +++ b/ELK/elasticsearch/defaults/main.yml @@ -26,6 +26,8 @@ elasticsearch_define_heap_size: False elasticsearch_heap_size: 2g elasticsearch_additional_java_opts: '-server -Djava.awt.headless=true' elasticsearch_max_open_files: 65536 +# Compatibility with kernels <= 3.5. Set to False if you are using a newer kernel +elasticsearch_disable_bootstrap_syscall_filter: True # bin/plugin for 2.x, bin/elasticsearch-plugin for 5.x #elasticsearch_plugin_bin: /usr/share/elasticsearch/bin/elasticsearch-plugin diff --git a/ELK/elasticsearch/templates/elasticsearch-default.j2 b/ELK/elasticsearch/templates/elasticsearch-default.j2 index 8f1ff171..9fc9bfb0 100644 --- a/ELK/elasticsearch/templates/elasticsearch-default.j2 +++ b/ELK/elasticsearch/templates/elasticsearch-default.j2 @@ -46,8 +46,10 @@ ES_JAVA_OPTS="{{ elasticsearch_additional_java_opts }}" # Note that this setting is only used by the init script. If changed, make sure that # the configured user can read and write into the data, work, plugins and log directories. # For systemd service, the user is usually configured in file /usr/lib/systemd/system/elasticsearch.service +{% if elasticsearch_major_version < 6 %} ES_USER=elasticsearch ES_GROUP=elasticsearch +{% endif %} # The number of seconds to wait before checking if Elasticsearch started successfully as a daemon process ES_STARTUP_SLEEP_TIME=5 diff --git a/ELK/elasticsearch/templates/elasticsearch.yml.j2 b/ELK/elasticsearch/templates/elasticsearch.yml.j2 index 0858b9ea..4fe54c08 100644 --- a/ELK/elasticsearch/templates/elasticsearch.yml.j2 +++ b/ELK/elasticsearch/templates/elasticsearch.yml.j2 @@ -99,3 +99,9 @@ node.max_local_storage_nodes: {{ elasticsearch_max_local_storage_nodes }} # action.destructive_requires_name: {{ elasticsearch_destructive_requires_name }} +{% if elasticsearch_disable_bootstrap_syscall_filter %} +# When using an old kernel +bootstrap.system_call_filter: false +{% endif %} + + diff --git a/ELK/elasticsearch/templates/jvm.options.j2 b/ELK/elasticsearch/templates/jvm.options.j2 index 508946d9..8caf4fbd 100644 --- a/ELK/elasticsearch/templates/jvm.options.j2 +++ b/ELK/elasticsearch/templates/jvm.options.j2 @@ -59,11 +59,20 @@ # use our provided JNA always versus the system one -Djna.nosys=true +# turn off a JDK optimization that throws away stack traces for common +# exceptions because stack traces are important for debugging +-XX:-OmitStackTraceInFastThrow + # flag to explicitly tell Netty to not use unsafe -Dio.netty.noUnsafe=true +-Dio.netty.noKeySetOptimization=true +-Dio.netty.recycler.maxCapacityPerThread=0 +-Dlog4j.shutdownHookEnabled=false -Dlog4j2.disable.jmx=true +-Djava.io.tmpdir=${ES_TMPDIR} + ## heap dumps # generate a heap dump when an allocation from the Java heap fails @@ -95,3 +104,24 @@ # WARNING: This option will be removed in Elasticsearch 6.0.0 and is provided # only for migration purposes. #-Delasticsearch.json.allow_unquoted_field_names=true +# specify an alternative path for heap dumps +# ensure the directory exists and has sufficient space +-XX:HeapDumpPath={{ elasticsearch_data_dir }} + +## JDK 8 GC logging + +8:-XX:+PrintGCDetails +8:-XX:+PrintGCDateStamps +8:-XX:+PrintTenuringDistribution +8:-XX:+PrintGCApplicationStoppedTime +8:-Xloggc:/var/log/elasticsearch/gc.log +8:-XX:+UseGCLogFileRotation +8:-XX:NumberOfGCLogFiles=32 +8:-XX:GCLogFileSize=64m + +# JDK 9+ GC logging +9-:-Xlog:gc*,gc+age=trace,safepoint:file=/var/log/elasticsearch/gc.log:utctime,pid,tags:filecount=32,filesize=64m +# due to internationalization enhancements in JDK 9 Elasticsearch need to set the provider to COMPAT otherwise +# time/date parsing will break in an incompatible way for some date patterns and locals +9-:-Djava.locale.providers=COMPAT +