Synology Kernel doesn't support SECCOMP?

[bbilly1]

Moved from here: tubearchivist/tubearchivist#792

For some Synology devices it appears there is a problem with installing ES?

Error logs:

fatal exception while booting Elasticsearch | @timestamp=2024-08-19T21:27:19.150Z log.level=ERROR ecs.version=1.2.0 service.name=ES_ECS event.dataset=elasticsearch.server process.thread.name=main log.logger=org.elasticsearch.bootstrap.Elasticsearch elasticsearch.node.name=c781c410303c elasticsearch.cluster.name=docker-cluster error.type=java.lang.IllegalArgumentException error.message=unknown setting [bootstrap.system_call_filter] please check that any required plugins are installed, or check the breaking changes documentation for removed settings error.stack_trace=java.lang.IllegalArgumentException: unknown setting [bootstrap.system_call_filter] please check that any required plugins are installed, or check the breaking changes documentation for removed settings

Please investigate and add a note to the synology guide if needed.

[DrFrankensteinUK]

It looks like as of today's update (Elastic Search 8.16.0) it has put the final nail in the coffin for Synology users with 4.4.302+ kernels.

Previous versions of ES were generally working for a number of people up to the last version, except for MotWakorb (we had a lot of troubleshooting in Discord as well has their post above)

I completely understand this is out of the control of the dev team and downgrading the ES container will work in order for people to continue access to existing libraries I will be noting my own guide that they do this at their own risk as that container version may not continue to function as TA is updated..

[bbilly1]

Interesting, Synology must maintain their own kernel, otherwise I don't see how they can get away with running 4.4.302, just checked, released in 2016 and EOL in 2022.

How far did you need to downgrade ES? So I can put a mention in the docs.

[m-arndt]

I got it working again with bbilly1/tubearchivist-es:8.14.3 on a DS920+ with DSM 7.2.2-72806 Update 2 (Kernel 4.4.302+)

[DrFrankensteinUK]

Ditto from @m-arndt I just rolled back one version.

@bbilly1 - If we downgrade, can we expect that to work for the foreseeable future with current versions of the app, and yeah they maintain and backport changes/security fixes into their kernels from how I understand it.

[bbilly1]

OK, I updated the docs: b681e6e

As a summary:

• Pin your ES image to the official image: docker.elastic.co/elasticsearch/elasticsearch:8.14.3
• Don't pin the version to, bbilly1/tubearchivist-es, the whole point of that image is to provide a :latest tag so you don't have to pin and update it manually.

But to your question, yes that will cause problems going forward, if you are running hardware that doesn't support at least reasonable modern dependencies, at some point things will stop working for you.

I'm not trying to hate on Synlogoy or anything here, their devices are very convenient. That's how I got started too with selfhosting all these years ago.

Put I'm also not going to hold back development and potentially using newer, better, more performant functionality introduced in newer ES versions. There is also zero testing happening on other none standard hardware, so these things can happen at any time without warning.

[DrFrankensteinUK]

Thanks for the update and completely understandable. I have put the workaround and warning on my guide. Personally I have migrated it to another box with a modern kernel. Keep up the great work!

[jolarsso]

I guess this is the motivation I need to finally start the process of moving my docker host from my Synology to a HP EliteDesk 800 G2 that has been sitting on my desk for at least a year now...

Thanks guys for finding a workaround in the meantime!