Elasticsearch cluster status in yellow due to unassigned shards for .opendistro_security index

ahmadalsajid · December 12, 2021, 9:58am

Hi there,

Recently, our AWS-managed Elasticsearch 7.4 went into Yellow status. After investigating with

GET _cluster/allocation/explain?pretty

We get

{
  "index" : ".opendistro_security",
  "shard" : 0,
  "primary" : false,
  "current_state" : "unassigned",
  "unassigned_info" : {
    "reason" : "REPLICA_ADDED",
    "at" : "2021-12-11T00:47:42.406Z",
    "last_allocation_status" : "no_attempt"
  },
  "can_allocate" : "no",
  "allocate_explanation" : "cannot allocate because allocation is not permitted to any of the nodes",
  "node_allocation_decisions" : [ ... ]
}

I tried the AWS proposed suggestions but seems that .opendistro_security index is protected and I am unable to follow their instructions. Is there any other way to resolve this unassigned shard issue?

Also, some node_allocation_decisions includes

"explanation" : "the shard cannot be allocated to the same node on which a copy of the shard already exists [[.opendistro_security][0], node[xxxx], [R], s[STARTED], a[id=xxxx]]"

and

"explanation" : "there are too many copies of the shard allocated to nodes with attribute [zone], there are [18] total configured shard copies for this shard id and [2] total attribute values, expected the allocated shard count per attribute [10] to be less than or equal to the upper bound of the required number of shards per attribute [9]"

Thanks.

searchymcsearchface · December 13, 2021, 3:20pm

Moved to the security category.

Anthony · December 13, 2021, 3:43pm

@ahmadalsajid as this is AWS managed service, I’m not sure if you have the necessary access to perform the below, however the steps would be to first disable the auto expand using admin certificate (in this case default kirk.pem and kirk-key.pem) with below command:

./securityadmin.sh -dra -icl -nhnv -cacert /usr/share/opensearch/config/root-ca.pem -cert /usr/share/opensearch/config/kirk.pem -key /usr/share/opensearch/config/kirk-key.pem

Then set the necessary replicas using command:

./securityadmin.sh -us {number of replicas needed} -icl -nhnv -cacert /usr/share/opensearch/config/root-ca.pem -cert /usr/share/opensearch/config/kirk.pem -key /usr/share/opensearch/config/kirk-key.pem

If you don’t have access to the script, you might need to raise a support ticket with AWS

ahmadalsajid · December 14, 2021, 8:04am

Hi @Anthony,
Thanks for your quick suggestions. You are right. I had to contact AWS support and they solved it.

Topic		Replies	Views
UNASSIGNED ALLOCATION_FAILED failed shard on node [t8d551UUTkKLOjukvvsKeA]: shard failure, reason [error sending files], failure CorruptIndexException[checksum failed (hardware problem?) : expected=1udzqw9 actual=1i6i2wk (resource=name [_7y8_Lu OpenSearch discuss	1	132	January 4, 2024
Opensearch Observability, Security indices go unassigned after maintenance OpenSearch troubleshoot	2	423	May 26, 2023
The index .opendistro_security remains yellow while adding new pod Open Source Elasticsearch and Kibana troubleshoot , configure , install	1	452	March 31, 2022
Upgrading to opendistro from elasticsearch General Feedback	2	1167	November 13, 2020
Rolling Upgrade for `opendistro_security.disabled=false` Security	4	560	December 13, 2021

Elasticsearch cluster status in yellow due to unassigned shards for .opendistro_security index

Related Topics