Problem installing opensearch on debian in lxc unprivileged container

sena · May 12, 2025, 5:17pm

Hi.
I am installing opensearch in lxc unprivileged container or Debian. I try to follow the instructions here.

When I try to start the systemd unit I get an error:

May 12 17:14:38 titan-opensearch systemd[1]: Starting opensearch.service - OpenSearch...
May 12 17:14:38 titan-opensearch (mkdir)[6301]: opensearch.service: Failed to set up mount namespacing: /run/systemd/unit-root/sys/fs/cgroup/cpu: No such file or directory
May 12 17:14:38 titan-opensearch (mkdir)[6301]: opensearch.service: Failed at step NAMESPACE spawning /bin/mkdir: No such file or directory
May 12 17:14:38 titan-opensearch systemd[1]: opensearch.service: Control process exited, code=exited, status=226/NAMESPACE
May 12 17:14:38 titan-opensearch systemd[1]: opensearch.service: Failed with result 'exit-code'.
May 12 17:14:38 titan-opensearch systemd[1]: Failed to start opensearch.service - OpenSearch

I am completely new to opensearch, but it looks like it tries to start another lxc inside that one. I probably do not need that, as I already doing it inside the container. How to disable that and allow opensearch to run normally? Or may be something I could do better?

sena · May 13, 2025, 4:59pm

Found solution.

mkdir /var/lib/opensearch-shm

systemctl edit opensearch

and add the following overrides:

[Service]
Environment="ES_TMPDIR=/var/lib/opensearch-shm"
# Disable namespace isolation and related mount protections
RestrictNamespaces=false
PrivateTmp=false
ProtectSystem=false
ProtectHome=false
ProtectControlGroups=false
ProtectKernelModules=false
ProtectKernelTunables=false
ProtectProc=noaccess
ProtectClock=false
ProtectHostname=false
ProtectKernelLogs=false
SystemCallFilter=
CapabilityBoundingSet=

# Avoid requiring access to missing cgroup paths in LXC
ReadOnlyPaths=

ExecStartPre=
ExecStartPre=/bin/mkdir -p /var/lib/opensearch-shm/performanceanalyzer
ExecStartPre=/bin/chown opensearch:opensearch /var/lib/opensearch-shm/performanceanalyzer
ReadWritePaths=/var/lib/opensearch-shm

May be it is too much, that needs to be tested, but it works.

Gsmitt · May 14, 2025, 3:32am

@sena

Have you tried to just install OpenSearch and OpenSearch Dashboard with APT? Shown here

sena · May 14, 2025, 12:32pm

Yep, forgot to mention: I am installing using apt

Gsmitt · May 16, 2025, 12:25am

@sena

If you install opensearch and opensearch-dashboard through APT it should have created a service for each one.

Here is my person notes which i acquired from the Opensearch Documentation

sena · May 18, 2025, 12:53am

@Gsmitt

Of course, service is created, there is no problem with that. Problem is that it does not start. Your notes will not help, because you did not install in LXC container.

Topic		Replies	Views
Deb install systemd service fails to start - Could not initialize class com.sun.jna.Native OpenSearch troubleshoot , install	1	1204	April 4, 2024
Systemd Service File for Opensearch tar Installation OpenSearch	1	2061	August 1, 2022
Opensearch.service: Main process exited, code=exited, status=1/FAILURE \| opensearch.service: Failed with result 'exit-code'. \|Failed to start OpenSearch Community	0	1885	May 21, 2024
Opensearch failing to start OpenSearch troubleshoot , install	4	6728	February 15, 2023
Docker and file system volmes OpenSearch troubleshoot , install	1	67	February 7, 2025

Problem installing opensearch on debian in lxc unprivileged container

Related topics