Docker - Elasticsearch 8 - unable to create temporary keystore

I am upgrading to Elasticsearch 8 on my home docker cluster and I am getting the error:
ERROR: unable to create temporary keystore at [/usr/share/elasticsearch/config/elasticsearch.keystore.tmp], write permissions required for [/usr/share/elasticsearch/config] or run [elasticsearch-keystore upgrade]

If i try to do the upgrade through the Elasticsearch-keystore it shows this:

docker exec -it elasticsearch elasticsearch-keystore upgrade

ERROR: will not overwrite keystore at [/usr/share/elasticsearch/config/elasticsearch.keystore], because this incurs changing the file owner

My docker-compose.yaml looks like:

version: "3.3"
services:
  elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch:|version
    container_name: elasticsearch
    environment:
      - node.name=elasticsearch-|hostname
      - cluster.name=es-docker-cluster
      - cluster.initial_master_nodes=|master-nodes
      - discovery.seed_hosts=|other-hostnames
      - bootstrap.memory_lock=true
      - "ES_JAVA_OPTS=-Xms2g -Xmx2g"
      - "network.publish_host=|ip-add"
      - xpack.security.enabled=true
      - xpack.security.transport.ssl.enabled=true
      - xpack.security.transport.ssl.verification_mode=certificate
      - xpack.security.transport.ssl.client_authentication=required
      - xpack.security.transport.ssl.keystore.path=elastic-certificates.p12
      - xpack.security.transport.ssl.truststore.path=elastic-certificates.p12
      - ELASTIC_PASSWORD=|password
    ulimits:
      memlock:
        soft: -1
        hard: -1
    volumes:
      - |els-datadir:/usr/share/elasticsearch/data
      - |els-confdir:/usr/share/elasticsearch/config
    ports:
      - 9200:9200
      - 9300:9300
    network_mode: bridge
    restart: always

until now I had the permissions 775 on the elsdata and els-datadir and els-confdir. But even after trying 777 on those folders Elasticsearch won't start.

Am I missing something?
Everything was working fine on 7.X.X versions.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.