Briefly, this error occurs when Elasticsearch is unable to recover a primary shard from a replica due to issues like network problems, disk space issues, or corruption of the shard data. To resolve this, you can try the following: 1) Check and ensure there’s enough disk space. 2) Verify network connectivity between the nodes. 3) Try to manually reroute the shard using the cluster reroute API. 4) If corruption is suspected, you may need to restore the shard from a backup. Always ensure your data is regularly backed up to prevent data loss.
This guide will help you check for common problems that cause the log ” recovery failed for primary shadow shard; failing shard ” to appear. To understand the issues related to this log, read the explanation below about the following Elasticsearch concepts: handler, indices, recovery, shard and source.
Overview
In Elasticsearch, an index (plural: indices) contains a schema and can have one or more shards and replicas. An Elasticsearch index is divided into shards and each shard is an instance of a Lucene index.
Indices are used to store the documents in dedicated data structures corresponding to the data type of fields. For example, text fields are stored inside an inverted index whereas numeric and geo fields are stored inside BKD trees.
Examples
Create index
The following example is based on Elasticsearch version 5.x onwards. An index with two shards, each having one replica will be created with the name test_index1
PUT /test_index1?pretty { "settings" : { "number_of_shards" : 2, "number_of_replicas" : 1 }, "mappings" : { "properties" : { "tags" : { "type" : "keyword" }, "updated_at" : { "type" : "date" } } } }
List indices
All the index names and their basic information can be retrieved using the following command:
GET _cat/indices?v
Index a document
Let’s add a document in the index with the command below:
PUT test_index1/_doc/1 { "tags": [ "opster", "elasticsearch" ], "date": "01-01-2020" }
Query an index
GET test_index1/_search { "query": { "match_all": {} } }
Query multiple indices
It is possible to search multiple indices with a single request. If it is a raw HTTP request, index names should be sent in comma-separated format, as shown in the example below, and in the case of a query via a programming language client such as python or Java, index names are to be sent in a list format.
GET test_index1,test_index2/_search
Delete indices
DELETE test_index1
Common problems
- It is good practice to define the settings and mapping of an Index wherever possible because if this is not done, Elasticsearch tries to automatically guess the data type of fields at the time of indexing. This automatic process may have disadvantages, such as mapping conflicts, duplicate data and incorrect data types being set in the index. If the fields are not known in advance, it’s better to use dynamic index templates.
- Elasticsearch supports wildcard patterns in Index names, which sometimes aids with querying multiple indices, but can also be very destructive too. For example, It is possible to delete all the indices in a single command using the following commands:
DELETE /*
To disable this, you can add the following lines in the elasticsearch.yml:
action.destructive_requires_name: true
Overview
In Elasticsearch, recovery refers to the process of recovering a shard when something goes wrong. Shard recoveries can take place in various circumstances, such as when a node fails and a replica shard needs to be recreated from a primary shard, when the cluster needs to relocate shards to different nodes due to a rebalancing or a change in shard allocation settings, or when restoring an index from an Elasticsearch snapshot. Alternatively, Elasticsearch can sometimes perform recoveries automatically, such as when a node restarts or disconnects and connects again. In summary, recovery can happen in the following scenarios:
- Node startup or failure (local store recovery)
- Replication of primary shards to replica shards
- Relocation of a shard to a different node in the same cluster
- Restoration of a snapshot
Planned node restart
If you are planning to restart a node, there are some actions that you can take to speed up the shard recoveries when the node has restarted. For optimal recovery speed, you should stop any indexing to the shards that are hosted on the node that is about to be restarted. Once you’ve stopped your indexing process, you can perform the following actions:
1. Disable shard allocation to prevent shards from being reallocated to other nodes while the node is restarting using the following command:
PUT _cluster/settings { "persistent": { "cluster.routing.allocation.enable": "primaries" } }
It is worth noting that by default the shard relocation process only starts after one minute and that delay can be configured with the `index.unassigned.node_left.delayed_timeout` index setting.
2. Once shard relocation is disabled, you need to flush the transaction logs (using the command below), which will ensure that all operations currently stored in the transactions log are safely committed to the Lucene index on disk. That will save you time during the restart since no operations will need to be replayed, meaning that the recovery of your shards will be faster.
POST /_flush
Note that prior to ES 8.0, this operation was called synced-flush, but it was deprecated in 7.6 and removed in 8.0.
3. At this point, you can restart your node.
4. When the node has properly restarted, you can re-enable shard allocation using the following command:
PUT _cluster/settings { "persistent": { "cluster.routing.allocation.enable": null } }
If you have several nodes to restart or you are performing a full cluster restart, you can use the same procedure. The key points to remember for speeding up the recovery process are to stop any indexing and to flush your transaction log.
While the recovery process is in progress, there are a few API calls that allow us to monitor the status of the shard recoveries:
# Check the recovery status of a specific index
GET /<index>/_recovery
# Check the recovery status of all indexes
GET /_recovery
# Check the recovery status of all indexes (more concise format)
GET _cat/recovery
Tweaking recovery speed
If you cannot stop your indexing process for whatever reason, you can still perform the same procedure. However, since new data will keep flowing in while the node is restarting, all the indexing operations will need to be replayed, which will slow down the recovery process. However, there are a few knobs that you can tune to speed this up provided you have sufficient hardware resources (CPU, RAM, network).
By default, the total inbound and outbound recovery traffic on each hot and warm data node is limited to 40 Mbps. For dedicated cold and frozen nodes, that limit ranges from 40 Mbps to 250 Mbps depending on the total amount of memory available on those nodes. These default values have been determined empirically based on the assumption that the hardware is composed of standard SSD disks and a network interface with 1 Gbps throughput.If you have superior hardware (e.g., 10 Gbps network and 100K IOPS disks), you can increase the recovery traffic limit to a higher value using the following command:
PUT /_cluster/settings { "transient": { "indices.recovery.max_bytes_per_sec": "100mb" } }
You should be very careful when changing this setting as it can harm your cluster performance if the value you set is too high. Also, there are a few other expert settings that you can tweak if you want to optimize the recovery process, but changing the defaults on these expert settings is strongly discouraged unless you know exactly what you’re doing.
Conclusion
In this guide, we have explained what the shard recovery process is and under which circumstances it kicks in. We have also reviewed a few techniques to speed up the recovery process and highlighted what you need to pay attention to when you start tweaking the default recovery settings values.
Log Context
Log “recovery failed for primary shadow shard; failing shard” classname is SharedFSRecoverySourceHandler.java.
We extracted the following from Elasticsearch source code for those seeking an in-depth context :
if (engineClosed) { // If the relocation fails then the primary is closed and can't be // used anymore... (because it's closed) that's a problem; so in // that case; fail the shard to reallocate a new IndexShard and // create a new IndexWriter logger.info("recovery failed for primary shadow shard; failing shard"); // pass the failure as null; as we want to ensure the store is not marked as corrupted shard.failShard("primary relocation failed on shared filesystem caused by: [" + t.getMessage() + "]"; null); } else { logger.info("recovery failed on shared filesystem"; t); }
[ratemypost]