Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

ElasticSearch entered "read only" mode, node cannot be altered

Tags:

elasticsearch

kibana-4

kibana

elasticsearch-indices

Something happened during the night to my ES cluster (composed of 5 data nodes, 3 master nodes).

I have no idea what happened but all the indices and data were deleted and the cluster entered a "read only" mode, possibly hacked?

When trying to get Kibana running, I get the following: kibana

Tried restarting Kibana - it restarted, nothing changed. Tried restarting Elastic - it restarted (all nodes), nothing changed.

I then had a look at the cluster settings and this is what I got:

{
  "persistent": {
    "cluster": {
      "routing": {
        "allocation": {
          "enable": "all"
        }
      },
      "blocks": {
        "read_only": "true"
      }
    }
  },
  "transient": {
    "cluster": {
      "routing": {
        "allocation": {
          "enable": "all"
        }
      }
    }
  }
}

I tried undoing the read only as follows:

PUT _cluster/settings
{
  "persistent": {
    "blocks.read_only": false
  }
}

No luck as you can see:

{
  "error": {
    "root_cause": [
      {
        "type": "cluster_block_exception",
        "reason": "blocked by: [FORBIDDEN/6/cluster read-only (api)];"
      }
    ],
    "type": "cluster_block_exception",
    "reason": "blocked by: [FORBIDDEN/6/cluster read-only (api)];"
  },
  "status": 403
}

Any ideas?

UPDATE: Problem solved by Andrei Stefan, now for the more important part - why? What happened and why? I've lost all data and my cluster entered a read-only mode.

like image 804
Orz Avatar asked Aug 03 '16 05:08

Orz

People also ask

How do I close Elasticsearch index?

To close all indices, use _all or * . By default, you must explicitly name the indices you are closing. To specify indices to close with _all , * , or other wildcard expressions, change the action. destructive_requires_name setting to false .

What is master node in Elasticsearch?

The master node is responsible for lightweight cluster-wide actions such as creating or deleting an index, tracking which nodes are part of the cluster, and deciding which shards to allocate to which nodes. It is important for cluster health to have a stable master node.

What is coordinator node in Elasticsearch?

Client nodes were removed from Elasticsearch after version 2.4 and became coordinating nodes. Coordinating nodes are nodes that do not hold any configured role. They don't hold data and are not part of the master eligible group nor execute ingest pipelines.

1 Answers

The correct command is:

PUT /_cluster/settings
{
  "persistent" : {
    "cluster.blocks.read_only" : false
  }
}
like image 62
Andrei Stefan Avatar answered Oct 02 '22 15:10

Andrei Stefan
Sign in to Comment

Related questions

Recommended RAM ratios for ELK with docker-compose
Node and elasticSearch client - The client noticed that the server is not a supported distribution of Elasticsearch
Why not use min_score with Elasticsearch?
Indexing a comma-separated value field in Elastic Search
search with special characters in elasticsearch
Storing HTML Documents in Elasticsearch
Why use Elasticsearch or Apache Solr along with Hibernate Search?
ElasticSearch RoutingMissingException
Reindexing Elastic search via Bulk API, scan and scroll
get buckets count in elasticsearch aggregations
Data transfer from SQL Server to ElasticSearch Node
Can't start ElasticSearch on Mac
What is the proper way to unit test Service with NestJS/Elastic
How can elasticsearch objects be boosted based on date or score
ElasticSearch terms aggregation by entire field
What does disable_coord parameter for boolean queries mean?
Check if elasticsearch index is open or closed
How to parse json in logstash /grok from a text file line?
Customize the information in an alert received by elastalert plugin for elasticsearch
Range query in ElasticSearch (GET without body)

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!