(Conditional – Intelligence) If Pods are in CrashLoopBackOff State
When configuring the EFS for deploying Intelligence in AWS, even after setting the permissions in the arcsight-volume folder to 1999:1999, the Elasticsearch and Logstash pods enter into a CrashLoopBackOff state from a Running state.
If the pods enter into the CrashLoopBackOff state, perform the following steps:
-
Log in to the bastion host.
-
Navigate to the following directory and set the permissions to 1999:1999 again:
cd /mnt/efs/<parent_folder_name>
sudo chown -R 1999:1999 arcsight-volume
-
Wait for the Elasticsearch and Logstash pods to come up.
-
If the pods enter into a Running state and then into a CrashLoopBackOff state, keep repeating steps 2 and 3 till the pods are stable, that is, they do not move from the Running state to the CrashLoopBackOff state.