This is operating as designed, and is documented. Your kernel does not support seccomp. Elasticsearch attempts to utilize seccomp by default (via the setting bootstrap.system_call_filter). Starting in 5.2.0, if you're in production mode, bootstrap.system_call_filter is enabled, and initializing seccomp fails, then Elasticsearch will refuse to bootstrap. This to prevent scenarios when seccomp is silently not initialized yet configured to be so. You either have to migrate to a kernel that supports seccomp, or disable bootstrap.system_call_filter.

Fair enough, https://www.elastic.co/support/matrix might need an update then.

No, it doesn't. You can still run Elasticsearch on CentOS 6, and we still support it on CentOS 6.

Maybe we should suppress the stack trace here, leaving the warning. Maybe even explaining that elasticsearch will still run just fine but doesn't have the extra fork protection.

I don't think we should suppress the stack trace (there's a few different ways this can fail). We say this in the tail of the logs:

[2017-02-02T03:22:24,059][INFO ][o.e.b.BootstrapChecks    ] [2oC8mTv] bound or publishing to a non-loopback or non-link-local address, enforcing bootstrap checks
ERROR: bootstrap checks failed
system call filters failed to install; check the logs and fix your configuration or disable system call filters at your own risk
[2017-02-02T03:22:24,078][INFO ][o.e.n.Node               ] [2oC8mTv] stopping ...
[2017-02-02T03:22:24,109][INFO ][o.e.n.Node               ] [2oC8mTv] stopped
[2017-02-02T03:22:24,109][INFO ][o.e.n.Node               ] [2oC8mTv] closing ...
[2017-02-02T03:22:24,126][INFO ][o.e.n.Node               ] [2oC8mTv] closed

And the bootstrap check docs say this:

To pass the system call filter check you must either fix any configuration errors on your system that prevented system call filters from installing (check your logs), or at your own risk disable system call filters by setting bootstrap.system_call_filter to false.

Well, 'at your own risk' makes you go looking for a way to make system call filters work on CentOS 6, which it can't.

You will have all CentOS 6 users setting bootstrap.system_call_filter to false now, and forgetting to unset it when they upgrade to CentOS 7+.

Just my two cents :)

Okay, but at least they are aware of the problem whereas they weren't before since we silently failed.

Hi jasontedor, What is a safer way to disable bootstrap.system_call_filter?

in elasticsearch.yml memory after config

Hi jasontedor, What is a safer way to disable bootstrap.system_call_filter?

Just configure it like you would any other configuration option (e.g., in the elasticsearch.yml).

same reason brings me here, now that it's a warn... I decide to ignore it lol

For me it doesnt get the ES started :(

when i started the sonarqube, i had the same problem. I tried to modify elasticsearch.yml(bootstrap.system_call_filter: false) but there is still the same problem. How can i fix it?

@Cavielee please ask your question on our discussion forum. We cannot diagnose your issue here, but there are people who can help on the forums.

@Cavielee please ask your question on our discussion forum. We cannot diagnose your issue here, but there are people who can help on the forums.

Thx, i find the way in the docs

@Cavielee please ask your question on our discussion forum. We cannot diagnose your issue here, but there are people who can help on the forums.

Thx, i find the way in the docs

where is the docs，thks I have the same problem

@Cavielee please ask your question on our discussion forum. We cannot diagnose your issue here, but there are people who can help on the forums.

Thx, i find the way in the docs

where is the docs，thks I have the same problem

the same to me. I found is not system_call_filter done. it's other problem.

@Cavielee please ask your question on our discussion forum. We cannot diagnose your issue here, but there are people who can help on the forums.

Thx, i find the way in the docs
where is the docs，may I hava a look?