honeymoose/OpenSearch
1
0
Fork 0
mirror of https://github.com/honeymoose/OpenSearch.git synced 2025-02-06 04:58:50 +00:00
Code Issues Packages Projects Releases Wiki Activity
OpenSearch/docs/reference/setup/sysconfig.asciidoc
Jason Tedor a6073f5130
Add docs on JNA temp directory not being noexec (#35355) 
If the underlying mount point for the JNA temporary directory is mounted
noexec on Linux, then the JVM will not be able to map the native code in
as executable. This will prevent JNA from executing and will prevent
Elasticsearch from being able to execute some functions that rely on
native code (e.g., memory locking, and installing system call
filters). We do not want to get into the business of catching exceptions
and parsing messages towards this because these exception messages can
change on us. We also do not want to jump through a lot of hoops to
check the underlying mount point for noexec. Instead, we will rely on
documentation to address this problem. This commit adds to the important
system configuration section of the docs that the JNA temporary
directory is not on a mount point with the noexec mount option.
2018-11-07 22:25:37 -05:00

46 lines
1.6 KiB
Plaintext
Raw Blame History

[[system-config]]
== Important System Configuration
Ideally, Elasticsearch should run alone on a server and use all of the
resources available to it. In order to do so, you need to configure your
operating system to allow the user running Elasticsearch to access more
resources than allowed by default.
The following settings *must* be considered before going to production:
* <<setup-configuration-memory,Disable swapping>>
* <<file-descriptors,Increase file descriptors>>
* <<vm-max-map-count,Ensure sufficient virtual memory>>
* <<max-number-of-threads,Ensure sufficient threads>>
* <<networkaddress-cache-ttl,JVM DNS cache settings>>
* <<executable-jna-tmpdir,Temporary directory not mounted with `noexec`>>
[[dev-vs-prod]]
[float]
=== Development mode vs production mode
By default, Elasticsearch assumes that you are working in development mode.
If any of the above settings are not configured correctly, a warning will be
written to the log file, but you will be able to start and run your
Elasticsearch node.
As soon as you configure a network setting like `network.host`, Elasticsearch
assumes that you are moving to production and will upgrade the above warnings
to exceptions. These exceptions will prevent your Elasticsearch node from
starting. This is an important safety measure to ensure that you will not
lose data because of a malconfigured server.
include::sysconfig/configuring.asciidoc[]
include::sysconfig/swap.asciidoc[]
include::sysconfig/file-descriptors.asciidoc[]
include::sysconfig/virtual-memory.asciidoc[]
include::sysconfig/threads.asciidoc[]
include::sysconfig/dns-cache.asciidoc[]
include::sysconfig/executable-jna-tmpdir.asciidoc[]
Reference in New Issue View Git Blame Copy Permalink