Elasticsearch cluster status in yellow due to unassigned shards for .opendistro_security index

ahmadalsajid · December 12, 2021, 9:58am

Hi there,

Recently, our AWS-managed Elasticsearch 7.4 went into Yellow status. After investigating with

GET _cluster/allocation/explain?pretty

We get

{
  "index" : ".opendistro_security",
  "shard" : 0,
  "primary" : false,
  "current_state" : "unassigned",
  "unassigned_info" : {
    "reason" : "REPLICA_ADDED",
    "at" : "2021-12-11T00:47:42.406Z",
    "last_allocation_status" : "no_attempt"
  },
  "can_allocate" : "no",
  "allocate_explanation" : "cannot allocate because allocation is not permitted to any of the nodes",
  "node_allocation_decisions" : [ ... ]
}

I tried the AWS proposed suggestions but seems that .opendistro_security index is protected and I am unable to follow their instructions. Is there any other way to resolve this unassigned shard issue?

Also, some node_allocation_decisions includes

"explanation" : "the shard cannot be allocated to the same node on which a copy of the shard already exists [[.opendistro_security][0], node[xxxx], [R], s[STARTED], a[id=xxxx]]"

and

"explanation" : "there are too many copies of the shard allocated to nodes with attribute [zone], there are [18] total configured shard copies for this shard id and [2] total attribute values, expected the allocated shard count per attribute [10] to be less than or equal to the upper bound of the required number of shards per attribute [9]"

Thanks.

searchymcsearchface · December 13, 2021, 3:20pm

Moved to the security category.

Anthony · December 13, 2021, 3:43pm

@ahmadalsajid as this is AWS managed service, I’m not sure if you have the necessary access to perform the below, however the steps would be to first disable the auto expand using admin certificate (in this case default kirk.pem and kirk-key.pem) with below command:

./securityadmin.sh -dra -icl -nhnv -cacert /usr/share/opensearch/config/root-ca.pem -cert /usr/share/opensearch/config/kirk.pem -key /usr/share/opensearch/config/kirk-key.pem

Then set the necessary replicas using command:

./securityadmin.sh -us {number of replicas needed} -icl -nhnv -cacert /usr/share/opensearch/config/root-ca.pem -cert /usr/share/opensearch/config/kirk.pem -key /usr/share/opensearch/config/kirk-key.pem

If you don’t have access to the script, you might need to raise a support ticket with AWS

ahmadalsajid · December 14, 2021, 8:04am

Hi @Anthony,
Thanks for your quick suggestions. You are right. I had to contact AWS support and they solved it.

Topic		Replies	Views
.opendistro-alerting-* - ALLOCATION_FAILED - UNASSIGNED General Feedback troubleshoot	0	475	July 18, 2022
Problem with the .opendistro-anomaly-checkpoints index OpenSearch	0	16	October 19, 2024
Cannot allocate replica shard to a node with version [7.10.2] since this is older than the primary version [1.2.4] OpenSearch upgrade	0	593	October 31, 2022
Shard allocation failure due to negative free space OpenSearch	3	61	October 9, 2024
UNASSIGNED ALLOCATION_FAILED failed shard on node [t8d551UUTkKLOjukvvsKeA]: shard failure, reason [error sending files], failure CorruptIndexException[checksum failed (hardware problem?) : expected=1udzqw9 actual=1i6i2wk (resource=name [_7y8_Lu OpenSearch discuss	1	342	January 4, 2024

Elasticsearch cluster status in yellow due to unassigned shards for .opendistro_security index

Related topics