Error running Fess 12.4.3 with 3 elastic 6.5.3 nodes cluster: failed to create index

Hello, I’m trying to setup Fess on linux installed with the .deb package but I’m encountering problems.

I’m using Elasticsearch 6.5.3 and Fess 12.4.3

I’d like to use a 3-nodes external Elasticsearch cluster and let Fess use that. Is the scenario where Elasticsearch is installed on 3 different servers and Fess is installed on a 4th server in the same network supported? Or does fess need a local Elasticsearch node?

As I coulnd’t make Fess start in the previous setup I tried using a different scenario using docker to experiment: 3 Elasticsearch nodes on 3 different containers and a 4th container running Fess and Elasticsearch all belonging to the same cluster.

I tried with docker after trying with actual servers but encountered the same problems.

Fess is configured to talk to the Elasticsearch running on the same container.

On all the Elasticsearch nodes the plugins are installed, same version on each, and the configsync plugin is configured pointing to the same path on each node.

As long as the 3 elastic nodes are not running fess starts correctly and talks with the Elasticsearch node running on the same container. Problems arise when the other 3 nodes are started: they correctly join the cluster and sync the files in the configsync path but on each of the new nodes I receive the following error:

[2019-01-17T14:20:29,326][WARN ][o.e.i.c.IndicesClusterStateService] [node1] [[fess.20190117][2]] marking and sending shard failed due to [failed to create index]
java.security.AccessControlException: access denied ("java.io.FilePermission" "/var/lib/elasticsearch/config/ja/mapping.txt" "read")
    at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472) ~[?:?]
    at java.security.AccessController.checkPermission(AccessController.java:895) ~[?:?]
    at java.lang.SecurityManager.checkPermission(SecurityManager.java:322) ~[?:?]
    at java.lang.SecurityManager.checkRead(SecurityManager.java:661) ~[?:?]
    at sun.nio.fs.UnixChannelFactory.open(UnixChannelFactory.java:255) ~[?:?]
    at sun.nio.fs.UnixChannelFactory.newFileChannel(UnixChannelFactory.java:143) ~[?:?]
    at sun.nio.fs.UnixChannelFactory.newFileChannel(UnixChannelFactory.java:156) ~[?:?]
    at sun.nio.fs.UnixFileSystemProvider.newByteChannel(UnixFileSystemProvider.java:213) ~[?:?]
    at java.nio.file.Files.newByteChannel(Files.java:370) ~[?:?]
    at java.nio.file.Files.newByteChannel(Files.java:421) ~[?:?]
    at java.nio.file.spi.FileSystemProvider.newInputStream(FileSystemProvider.java:420) ~[?:?]
    at java.nio.file.Files.newInputStream(Files.java:155) ~[?:?]
    at java.nio.file.Files.newBufferedReader(Files.java:2838) ~[?:?]
    at org.elasticsearch.index.analysis.Analysis.getWordList(Analysis.java:244) ~[elasticsearch-6.5.3.jar:6.5.3]

However the file is readable and writable by elastic as elastic itself created it in that very folder.

This situation result in the cluster being in a yellow state because of unallocated shards.

Here you can find the docker-compose.yml file used

elastic-img is build with this Dockerfile

fess-img is build from the fess-docker repository, I changed to elastic non-oss release, used the 6.5.3 version instead of 6.5.4 and fixed the cluster.name setting both in elasticsearch.yml and in a fess_config.properties file, the latter is then copied to /opt/fess inside the container.

What am I doing wrong? Why do I get the access denied error? Are there any constrains on the elasticsearch node role? i.e. may all the nodes be master, ingestors and data nodes?