Docker compose how to enable read only mode?

Elastic Search
,
1

Hi,
I had a local working docker setup for version 7.9.3
I want want to upgrade to 7.10 I don't care for lost data I just want to upgrade on my local machine. The production setup is on cloud and is already updated. I have struggled with this for a couple of days. The documentation says to put enterprise search into read only mode. But how do you do this in docker compose?

My docker compose:

  elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch:${ELASTICSEARCH_VERSION}
    ports:
      - ${ELASTICSEARCH_PORT}:9200
    expose:
      - ${ELASTICSEARCH_PORT}
    environment:
      - node.name=es-toway-main
      - cluster.name=es-toway-docker-cluster
      - bootstrap.memory_lock=true
      - discovery.type=single-node
      - xpack.security.enabled=true
      - xpack.security.authc.api_key.enabled=true
      - ELASTIC_PASSWORD=${ELASTICSEARCH_PASSWORD}
      - "ES_JAVA_OPTS=-Xms1g -Xmx1g"
    ulimits:
      memlock:
        soft: -1
        hard: -1
    volumes:
      - ./.docker/elasticsearch:/usr/share/elasticsearch/data
  elastic-app-search:
    image: docker.elastic.co/enterprise-search/enterprise-search:${ELASTICSEARCH_VERSION}
    ports:
      - ${ELASTIC_APP_SEARCH_PORT}:3005
    expose:
      - ${ELASTIC_APP_SEARCH_PORT}
    environment:
      - ent_search.auth.source=standard
      - elasticsearch.host=http://elasticsearch:${ELASTICSEARCH_PORT}
      - elasticsearch.username=${ELASTICSEARCH_USER}
      - elasticsearch.password=${ELASTICSEARCH_PASSWORD}
      - "ENT_SEARCH_DEFAULT_PASSWORD=${ELASTIC_APP_SEARCH_PASSWORD}"
      - ent_search.external_url=http://localhost:${ELASTIC_APP_SEARCH_PORT}
      - ent_search.listen_port=${ELASTIC_APP_SEARCH_PORT}
      - allow_es_settings_modification=true
      - secret_management.encryption_keys=[${ELASTIC_APP_SEARCH_ENCRYPTION_KEY}]
    depends_on:
      - elasticsearch
    volumes:
      - ./.docker/elastic-app-search:/usr/share/enterprise-search/data

I get the read only error. I tried to add - enable_read_only_mode=true to the environment but that does nothing. The docs also lack any info on how to do this on docker.

My errors also switch randomly sometimes a get this error:

Elasticsearch API key service must be enabled. It is enabled automatically when you configure Elasticsearch to use TLS on the HTTP interface.
Alternatively, you can explicitly enable the setting within Elasticsearch by opening config/elasticsearch.yml and adding:
xpack.security.authc.api_key.enabled: true

And sometimes i get this one:

We need to perform 9/42 migrations before the service can be started.

Migrations pending: 20200804130700, 20200819161200, 20200820160000, 20200908160000, 20200909083401, 20200922121556, 20200923160000, 20200928151001, 20201001000000
Proceeding with migrations while indices are allowing writes can have unintended consequences.

Please enable read-only mode before proceeding:
Read-only mode | Enterprise Search documentation [8.11] | Elastic

2

Read-only mode has to be enabled via API before upgrading:

After that it should work to switch to 7.10.0.
Once the migrations are done and Enterprise Search 7.10.0 is ready to receive traffic, read-only mode can be disabled using the same API.

3

Thanks for the answer, but that is my question. How do i enable read only mode with docker compose. Exactly the title of my question. The link does not provide any way to do this. The docker container exits before I can trigger that API endpoint.

The provided command in your link is also wrong I think, it has a typo, it is missing a quote after { enabled: true }
I did the command as fast as possible after i restarted my container and got connection refused, because my box goes down immediatly after the read only error. restarted my container again with the same result complaining about read only mode.

Because the server fails so quick im asking for a way to do it on startup, so in the settings in my docker compose file. Your link in the docs is also very unclear, is says to uses your elastic credentials, but that should be enterprise_search i think?

4

There is no docker specific option to enable read-only mode.
In general there are 2 ways to enable read-only mode: via API or via a command line option.

The 2 command line options to enable/disable read-only mode are --enable-read-only-mode and --disable-read-only-mode.
In order to use them one has to SSH into the Enterprise Search container and run:

/usr/share/enterprise-search/bin/enterprise-search --enable-read-only-mode

This is tricky in this case, because as you mentioned, the Enterprise Search container dies immediately.

One solution to make this work is:

  1. Set the Enterprise Search version to 7.9.3 in docker compose.
  2. Boot the containers
  3. When Enterprise Search is ready to receive traffic, enable read-only mode via API.
  4. Stop the containers.
  5. Set the Enterprise Search version to 7.10.0 in docker compose. Enterprise Search should be able to run all migrations.
  6. Boot the containers.
  7. When Enterprise Search is ready to receive traffic, disable read-only mode.

For the API itself, the authenticated user needs to have manage cluster privilege.
The default enterprise_search user does not have it.
In this case, using the elastic user should work, since elastic is a superuser.

We will fix the typo in the documentation, thanks for reporting.

1 Like
5

Wow it worked. These are very specific steps. Also this only works if the main elasticsearch container is already on 7.10 and you have to change only the enterprise_search container to 7.9.3. These steps are impossible to figure out when looking at the current documentation, i would argue that they need to be added under a docker section. Other parts of the documentation already have docker sections yet this one hasn't

6

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.