@Override public BootstrapCheckResult check(BootstrapContext context) { if ("Oracle Corporation".equals(jvmVendor()) && isJava8() && isG1GCEnabled()) { final String jvmVersion = jvmVersion(); // HotSpot versions on Java 8 match this regular expression; note that this changes with Java 9 after JEP-223 final Pattern pattern = Pattern.compile("(\\d+)\\.(\\d+)-b\\d+"); final Matcher matcher = pattern.matcher(jvmVersion); final boolean matches = matcher.matches(); assert matches : jvmVersion; final int major = Integer.parseInt(matcher.group(1)); final int update = Integer.parseInt(matcher.group(2)); // HotSpot versions for Java 8 have major version 25, the bad versions are all versions prior to update 40 if (major == 25 && update < 40) { final String message = String.format( Locale.ROOT, "JVM version [%s] can cause data corruption when used with G1GC; upgrade to at least Java 8u40", jvmVersion); return BootstrapCheckResult.failure(message); } } return BootstrapCheckResult.success(); }
@Override public BootstrapCheckResult check(BootstrapContext context) { if (getVmName().toLowerCase(Locale.ROOT).contains("client")) { final String message = String.format( Locale.ROOT, "JVM is using the client VM [%s] but should be using a server VM for the best performance", getVmName()); return BootstrapCheckResult.failure(message); } else { return BootstrapCheckResult.success(); } }
@Override public BootstrapCheckResult check(BootstrapContext context) { final String javaVersion = javaVersion(); if ("Oracle Corporation".equals(jvmVendor()) && javaVersion.endsWith("-ea")) { final String message = String.format( Locale.ROOT, "Java version [%s] is an early-access build, only use release builds", javaVersion); return BootstrapCheckResult.failure(message); } else { return BootstrapCheckResult.success(); } }
@Override public final BootstrapCheckResult check(BootstrapContext context) { if (isAllPermissionGranted()) { return BootstrapCheck.BootstrapCheckResult.failure("granting the all permission effectively disables security"); } return BootstrapCheckResult.success(); }
@Override public BootstrapCheckResult check(BootstrapContext context) { if (BootstrapSettings.SYSTEM_CALL_FILTER_SETTING.get(context.settings) && !isSystemCallFilterInstalled()) { final String message = "system call filters failed to install; " + "check the logs and fix your configuration or disable system call filters at your own risk"; return BootstrapCheckResult.failure(message); } else { return BootstrapCheckResult.success(); } }
@Override public BootstrapCheckResult check(BootstrapContext context) { if (isSystemCallFilterInstalled() && mightFork()) { return BootstrapCheckResult.failure(message(context)); } else { return BootstrapCheckResult.success(); } }
@Override public BootstrapCheckResult check(BootstrapContext context) { if (BootstrapSettings.MEMORY_LOCK_SETTING.get(context.settings) && !isMemoryLocked()) { return BootstrapCheckResult.failure("memory locking requested for elasticsearch process but memory is not locked"); } else { return BootstrapCheckResult.success(); } }
@Override public BootstrapCheckResult check(BootstrapContext context) { if (BootstrapSettings.SYSTEM_CALL_FILTER_SETTING.get(context.settings) && !isSystemCallFilterInstalled()) { final String message = "system call filters failed to install; " + "check the logs and fix your configuration or disable system call filters at your own risk"; return BootstrapCheckResult.failure(message); } else { return BootstrapCheckResult.success(); } }
@Override public final BootstrapCheckResult check(BootstrapContext context) { if (isAllPermissionGranted()) { return BootstrapCheck.BootstrapCheckResult.failure("granting the all permission effectively disables security"); } return BootstrapCheckResult.success(); }
@Override public BootstrapCheckResult check(final BootstrapContext context) { // we only enforce the check if mmapfs is an allowed store type if (IndexModule.NODE_STORE_ALLOW_MMAPFS.get(context.settings())) { if (getMaxMapCount() != -1 && getMaxMapCount() < LIMIT) { final String message = String.format( Locale.ROOT, "max virtual memory areas vm.max_map_count [%d] is too low, increase to at least [%d]", getMaxMapCount(), LIMIT); return BootstrapCheckResult.failure(message); } else { return BootstrapCheckResult.success(); } } else { return BootstrapCheckResult.success(); } }
@Override public BootstrapCheckResult check(BootstrapContext context) { final long initialHeapSize = getInitialHeapSize(); final long maxHeapSize = getMaxHeapSize(); if (initialHeapSize != 0 && maxHeapSize != 0 && initialHeapSize != maxHeapSize) { final String message = String.format( Locale.ROOT, "initial heap size [%d] not equal to maximum heap size [%d]; " + "this can cause resize pauses and prevents mlockall from locking the entire heap", getInitialHeapSize(), getMaxHeapSize()); return BootstrapCheckResult.failure(message); } else { return BootstrapCheckResult.success(); } }
@Override public BootstrapCheckResult check(BootstrapContext context) { final long maxFileSize = getMaxFileSize(); if (maxFileSize != Long.MIN_VALUE && maxFileSize != getRlimInfinity()) { final String message = String.format( Locale.ROOT, "max file size [%d] for user [%s] is too low, increase to [unlimited]", getMaxFileSize(), BootstrapInfo.getSystemProperties().get("user.name")); return BootstrapCheckResult.failure(message); } else { return BootstrapCheckResult.success(); } }
@Override public BootstrapCheckResult check(BootstrapContext context) { if (getUseSerialGC().equals("true")) { final String message = String.format( Locale.ROOT, "JVM is using the serial collector but should not be for the best performance; " + "either it's the default for the VM [%s] or -XX:+UseSerialGC was explicitly specified", JvmInfo.jvmInfo().getVmName()); return BootstrapCheckResult.failure(message); } else { return BootstrapCheckResult.success(); } }
@Override public BootstrapCheckResult check(BootstrapContext context) { if (getMaxSizeVirtualMemory() != Long.MIN_VALUE && getMaxSizeVirtualMemory() != getRlimInfinity()) { final String message = String.format( Locale.ROOT, "max size virtual memory [%d] for user [%s] is too low, increase to [unlimited]", getMaxSizeVirtualMemory(), BootstrapInfo.getSystemProperties().get("user.name")); return BootstrapCheckResult.failure(message); } else { return BootstrapCheckResult.success(); } }
@Override public BootstrapCheckResult check(BootstrapContext context) { if (getMaxNumberOfThreads() != -1 && getMaxNumberOfThreads() < MAX_NUMBER_OF_THREADS_THRESHOLD) { final String message = String.format( Locale.ROOT, "max number of threads [%d] for user [%s] is too low, increase to at least [%d]", getMaxNumberOfThreads(), BootstrapInfo.getSystemProperties().get("user.name"), MAX_NUMBER_OF_THREADS_THRESHOLD); return BootstrapCheckResult.failure(message); } else { return BootstrapCheckResult.success(); } }
@Override public final BootstrapCheckResult check(BootstrapContext context) { if (isAllPermissionGranted()) { return BootstrapCheck.BootstrapCheckResult.failure("granting the all permission effectively disables security"); } return BootstrapCheckResult.success(); }
public final BootstrapCheckResult check(BootstrapContext context) { final long maxFileDescriptorCount = getMaxFileDescriptorCount(); if (maxFileDescriptorCount != -1 && maxFileDescriptorCount < limit) { final String message = String.format( Locale.ROOT, "max file descriptors [%d] for elasticsearch process is too low, increase to at least [%d]", getMaxFileDescriptorCount(), limit); return BootstrapCheckResult.failure(message); } else { return BootstrapCheckResult.success(); } }
@Override public BootstrapCheckResult check(BootstrapContext context) { if (BootstrapSettings.SYSTEM_CALL_FILTER_SETTING.get(context.settings()) && !isSystemCallFilterInstalled()) { final String message = "system call filters failed to install; " + "check the logs and fix your configuration or disable system call filters at your own risk"; return BootstrapCheckResult.failure(message); } else { return BootstrapCheckResult.success(); } }
@Override public BootstrapCheckResult check(BootstrapContext context) { if (BootstrapSettings.MEMORY_LOCK_SETTING.get(context.settings()) && !isMemoryLocked()) { return BootstrapCheckResult.failure("memory locking requested for elasticsearch process but memory is not locked"); } else { return BootstrapCheckResult.success(); } }
@Override public BootstrapCheckResult check(BootstrapContext context) { if (isSystemCallFilterInstalled() && mightFork()) { return BootstrapCheckResult.failure(message(context)); } else { return BootstrapCheckResult.success(); } }