How To Solve Issues Related to Log – Unable to clear role cache

Prevent Your Next ELK Incident

Try our free Check Up to test if your ES issues are caused from misconfigured settings

Fix Issue

Updated: Jan-20

In-Page Navigation (click to jump) :

Opster Offer’s World-Class Elasticsearch Expertise In One Powerful Product
Try Our Free ES Check-Up   Prevent Incident

Troubleshooting background

To troubleshoot Elasticsearch log “Unable to clear role cache” it’s important to understand common problems related to Elasticsearch concepts: cache, plugin. See detailed explanations below complete with common problems, examples and useful tips.

Cache in Elasticsearch

What it is

Elasticsearch uses three types of cache to improve the efficiency of operation.  

  • Node request cache
  • Shard data cache
  • Field data cache
How it works

Node request cache maintains the results of queries used in a filter context.  The results are evicted on a least recently used basis.

Shard level cache maintains the results of frequently used queries where size=0, particularly the results of aggregations.  This cache is particularly relevant for logging use cases where data is not updated on old indices, and regular aggregations can be kept in cache to be reused.

The field data cache is used for sorting and aggregations.  To keep these operations quick Elasticsearch loads these values into memory.   

Examples

Elasticsearch usually manages cache behind the scenes, without the need for any specific settings.  However, it is possible to monitor and limit the amount of memory being used on each node for a given cache type by putting the following in elasticsearch.yml :

indices.queries.cache.size: 10%

indices.fielddata.cache.size: 30%

Note, the above values are in fact the defaults, and there is no need to set them specifically.  The default values are good for most use cases, and should rarely be modified.|
You can monitor use of cache on each node like this:

GET /_nodes/stats/indices/fielddata

GET /_nodes/stats/indices/query_cache

GET /_nodes/stats/indices/request_cache
Notes and good things to know:

Construct your queries with reusable filters.  There are certain parts of your query which are good candidates to be reused across a large number of queries, and you should design your queries with this in mind.  Anything thing that does not need to be scored should go in the filter section of a bool query. Eg. time ranges , language selectors, or clauses that exclude inactive documents are all likely to be excluded in a large number of queries, and should be included in filter parts of the query so that they can be cached and reused. 

In particular, take care with time filters.  “now-15m” cannot be reused, because “now” will continually change as the time window moves on.  On the other hand “now-15/m” will round to the nearest minute, and can be re-used (via cache) for 60 seconds before rolling over to the next minute.

For example when a user enters the search term “brexit”, we may want to also filter on language and time period to return relevant articles.  The query below leaves only the query term “brexit” in the “must” part of the query, because this is the only part which should affect the relevance score.  The time filter and language filter can be reused time and time again for new queries for different searches.

POST results/_search
{
  "query": {
	"bool": {
  	"must": [
    	{
      	"match": {
        	"message": {
          	"query": "brexit"
        	}
      	}
    	}
  	],
  	"filter": [
    	{
      	"range": {
        	"@timestamp": {
          	"gte": "now-10d/d"
          	        	}
      	}
    	},
    	{
      	"term": {
        	"lang.keyword": {
          	"value": "en",
          	"boost": 1
        	}
      	}
    	}
  	]
	}
  }
}

Limit the use of field data. Be careful about using fielddata=true in your mapping where the number of terms will result in a high cardinality.  If you must use fielddata=true, you can also reduce the requirement of fielddata cache by limiting the requirements for fielddata for a given index using a field data frequency filter.

POST results/_search
{
  "query": {
	"bool": {
  	"must": [
    	{
      	"match": {
        	"message": {
          	"query": "brexit"
        	}
      	}
    	}
  	],
  	"filter": [
    	{
      	"range": {
        	"@timestamp": {
          	"gte": "now-10d/d"
          	        	}
      	}
    	},
    	{
      	"term": {
        	"lang.keyword": {
          	"value": "en",
          	"boost": 1
        	}
      	}
    	}
  	]
	}
  }
}

Plugin in Elasticsearch

What it is

A plugin is used to enhance the core functionalities of Elasticsearch. Elasticsearch provides some core plugins as a part of their release installation. In addition to those core plugins, it is possible to write your own custom plugins as well. There are several community plugins available on GitHub for various use cases.

Examples:
  • Get all the instructions for the plugin usage
sudo bin/elasticsearch-plugin -h
  • Installing S3 plugin using URL for storing Elasticsearch snapshots on S3
sudo bin/elasticsearch-plugin install repository-s3
  • Removing a plugin
sudo bin/elasticsearch-plugin remove repository-s3
  • Installing a plugin using the file path
sudo bin/elasticsearch-plugin install file:///path/to/plugin.zip

Notes:
  • Plugins are installed and removed using the elasticsearch-plugin script, which ships as a part of Elasticsearch installation and can be found inside the bin/ directory of the Elasticsearch installation path.
  • A plugin has to be installed on every node of the cluster and each of the nodes has to be restarted to make the plugin visible.
  • You can also download the plugin manually and then install it using the elasticsearch-plugin install command, providing the file name/path of the plugin’s source file.
  • When a plugin is removed, you will need to restart every elasticsearch node in order to complete the removal process.

Common Problems:
  • Managing permission issues during and after plugin installation is the most common problem. If Elasticsearch was installed using the deb or rpm package then the plugin has to be installed using the root user, or else you can install the plugin as the user that owns all of the Elasticsearch files.
  • In case of deb or rpm package installation, it is important to check the permission of the plugins directory after plugin installation and update the permission if it has been modified using the following command:
chown -R elasticsearch:elasticsearch path_to_plugin_directory 
  • If your Elasticsearch nodes are running in a private subnet without internet access, you cannot install a plugin directly. In this case, you can simply download the plugins at once and copy the files inside the plugins directory of the Elasticsearch installation path on every node. The node has to be restarted in this case as well.


To help troubleshoot related issues we have gathered selected Q&A from the community and issues from Github , please review the following for further information :

1 Github Issue Number 35218  

2Upgrade After Trial License  

Ldap Authentication Failed/130558


Log Context

Log ”Unable to clear role cache” classname is NativePrivilegeStore.java
We have extracted the following from Elasticsearch source code to get an in-depth context :

                     listener.onResponse(value);
                }

                
Override
                public void onFailure(Exception e) {
                    logger.error("unable to clear role cache"; e);
                    listener.onFailure(
                        new ElasticsearchException("clearing the role cache failed. please clear the role cache manually"; e));
                }
            }; securityClient::clearRolesCache);
    }





About Opster

Incorporating deep knowledge and broad history of Elasticsearch issues. Opster’s solution identifies and predicts root causes of Elasticsearch problems, provides recommendations and can automatically perform various actions to manage, troubleshoot and prevent issues.

Learn more: Glossary | Blog| Troubleshooting guides | Error Repository

Need help with any Elasticsearch issue ? Contact Opster