Limitations and known problemsedit

The following limitations and known problems apply to the 2.6.0 release of ECE.

For troubleshooting help, you can also refer to the list of Common issues.

Installation and configurationedit

  • When you install Elastic Cloud Enterprise on a new host and assign it the allocator role from the command line with the --roles "allocator" parameter during installation, new deployments might not get created on the allocator. To resolve this issue, see Allocators Are Not Being Used.
  • Some change management tools that auto-reload firewall rules can cause networking issues. Specifically, Docker networking can fail on new containers after restarting the iptables service. To avoid networking failures, disable the automatic reloading of firewall rules.
  • On RHEL and CentOS, the firewalld service is not compatible with Docker and interferes with the installation of ECE. You must disable firewalld before installing or reinstalling ECE.
  • When you use OverlayFS with Kernel-LT 4.4.156 and later, there is a known regression that prevents Elastic Cloud Enterprise from completing the installation. From the kernel-archive, use Kernel 4.4.155.
  • If you install ECE on AWS, you likely need to modify the cluster endpoint, as the public hostname resolves to a different IP address externally than it does internally on the cluster.
  • ECE is unable to support VMotion functionality in VMWare. To use ECE, you must disable VMotion.
  • When you use virtualization resources, make sure that you avoid resource overallocation.
  • This version of Elastic Cloud Enterprise has a known problem with the installation or upgrade script yielding a false negative exception when journald is used as a logging driver in Docker daemon versions 1.12 and 1.13. This error occurs even though the underlying bootstrap or upgrade process has completed successfully. You need to check the output of bootstrap.log or upgrade.log to determine if the process completed successfully.
  • Due to a known Elasticsearch bug, plans for Elasticsearch versions 7.7.0 and 7.7.1 can fail unexpectedly with an error that indicates that there was a bad request while performing the constructor’s step validate-enough-disk-space. To resolve this, first try manually restarting all nodes of the cluster. If restarting doesn’t resolve the problem, you can edit the cluster plan to set the override_failsafe option to true. We also recommend upgrading to version 7.8 or higher, which resolves this bug. For more details, see the version 2.2.2 release notes.

Securityedit

  • Changing the generated password for the admin user on the administration console deployment that backs the Cloud UI is not supported. This is the admin user on the admin-console-elasticsearch deployment that gets created during the ECE installation.

    Do not change the generated password for the admin user on the administration console deployment or you risk losing administrative access to your installation.

  • When configuring Elastic Cloud Enterprise role-based access control:

    • Trying to use an invalid SAML provider can cause the security deployment to bootloop. The deployment falls back to the previous configuration, but if there are any issues between the UI and the actual configuration, remove or update the SAML provider profile. If the problem persists, review the deployment activity and logs.
    • PEM and PKCS11 formatted certificates are not supported.

Some additional limitations apply when securing your installation. To learn more, see Secure Elastic Cloud Enterprise.

Deploymentsedit

  • This version of ECE is known to have a problem with snapshot storage integrations, breaking support for Minio (when using the Elastic Stack 6.4.2 or later), Google Cloud Storage (GCS), and Microsoft Azure Storage. Except for Microsoft Azure Storage, these storage integrations are available again in ECE 2.1 and we recommend that you upgrade to this later version. A possible workaround to reenable Microsoft Azure Storage is still being investigated. After upgrading to ECE 2.1, you might also need to upgrade your deployments to the Elastic Stack 6.5.0 or later to reenable snapshot storage support.
  • Pending plan changes for your deployment in the Cloud UI that exceed the available capacity will fail as expected, but might then require you to manually recover from the failure. (To recover, locate the details for the plan attempt and copy the diff; manually edit the diff to revert to the original plan and apply the modified plan into the Advanced cluster configuration panel.)
  • X-Pack monitoring features and Marvel can be used only to send monitoring data between Elasticsearch clusters that are running the same version.
  • ECE has a maximum limit of 420 seconds, so we recommend optimizing long-running queries in Elasticsearch.

Upgradingedit

  • A known issue can prevent direct rolling upgrades from Elasticsearch version 5.6.10 to version 6.3.0. As a workaround, we have removed version 6.3.0 from the Cloud UI for new cluster deployments and for upgrading existing ones. If you are affected by this issue, see Rolling upgrades from 5.6.x to 6.3.0 fails with "java.lang.IllegalStateException: commit doesn’t contain history uuid" in our Elastic Support Portal. If these steps do not work or you do not have access to the support portal, you can contact support@elastic.co.
  • If upgrading from a version earlier than 2.1.0 to a version between >2.1.0 and ⇐2.3.1, a known problem will fail the upgrade. If your upgrade path matches these versions, see Before upgrading check your upgrade path.
  • When upgrading to 2.4.0, make sure that nothing listens on your proxy node over port 9000. If a Minio repository runs on the same ECE node, you’ll need to change the default listening port. If there is a port conflict, proxy fails and won’t boot.

Transport clientedit

The transport client is not considered thread safe in a cloud environment. We recommend that you use the Java REST client instead. This restriction relates to the fact that your deployments hosted on Elastic Cloud Enterprise are behind proxies, which prevent the transport client from communicating directly with Elasticsearch clusters.