Cannot start after deployment from ISO

[rradee]

Hey there, I deployed Malcolm from ISO and followed full guide, and when I start it get message as on screenshot:

Its running on hyper-v cluster, can you share some information with me how to fix it? Thank you in advance.

[mmguero]

The pcap-monitor container can get that error whiel it's waiting for the opensearch container to start up, but it's not usually fatal as it will catch up when it's finally available and accepting connections.

If you run ./scripts/status after trying to start Malcolm up, what does it show? Are any containers unhealthy or Exited?

[rradee]

This is what i get all the time:

From status:

[mmguero]

The opensearch Restarting message is telling. My guess is it's a resources issue that's preventing opensearch from staying up. What's the memory on the box, e.g.,

$ head /proc/meminfo 
MemTotal:       65763576 kB
MemFree:         4506416 kB
MemAvailable:   28588480 kB
...

And also the allocation for memory to the opensearch/logstash containers from within the Malcolm directory:

$ grep JAVA_OPT config/*.env
config/logstash.env:LS_JAVA_OPTS=-server -Xms2500m -Xmx2500m -Xss1536k -XX:-HeapDumpOnOutOfMemoryError -Djava.security.egd=file:/dev/./urandom -Dlog4j.formatMsgNoLookups=true
config/opensearch.env:OPENSEARCH_JAVA_OPTS=-server -Xms10g -Xmx10g -Xss256k -XX:-HeapDumpOnOutOfMemoryError -Djava.security.egd=file:/dev/./urandom -Dlog4j.formatMsgNoLookups=true

[rradee]

I tried today on another hypervisor, VMware, getting same problem. Is it need for Malcolm to have open access to internet? Maybe my firewall blocking something?

[mmguero]

nope, access to the internet is not required. I'm wondering if the 18gb assigned to opensearch and the 3gb assigned to logstash is too big a percentage of the 24gb total on the system and the out of memory killer is killing opensearch.

If you'd edit those two files, change 3000mb to 2500mb and 18gb to 12gb in both of those files (2 places in each file, as you can see on that line) then do a ./scripts/restart to see if things stay up.

[rradee]

@mmguero Thank you a lot, its up and running! What you suggest to increase ram on VM or to keep it on 12gb for opensearch?

Thank you once more!

[mmguero]

I usually recommend 32GB for a comfortable installation (and then just accepting the defaults during the configuration stage for available memory and whatnot), but I think you should be okay in a VM with that amount. Glad it's up and running for you.