Docker+elasticsearch: access is denied when creating the log file


(Nikos Skalis) #1

I am trying to run elasticsearch (5.3.0) in a docker container like this:

    docker run 
    --network=host 
    --publish 9203:9200 
    --publish 9300:9300 
    --env ES_JAVA_OPTS="-Xms4g -Xmx4g" 
    --env "bootstrap.memory_lock=true" 
    --cap-add=IPC_LOCK 
    --ulimit memlock=-1:-1 --ulimit nofile=65536:65536 
    --volume /etc/elasticsearch/ip-spotlight.elasticsearch.RR6.yml:/usr/share/elasticsearch/config/elasticsearch.yml 
    --volume /usr/ip-spotlight/elasticsearch/RR6:/usr/share/elasticsearch/data 
    --volume /var/log/elasticsearch:/usr/share/elasticsearch/logs 
    --label app="ip-spotlight" 
    --label service="elasticsearch" 
    --label func="RR6" 
    --name "ip-spotlight.elasticsearch.RR6" 
    docker.elastic.co/elasticsearch/elasticsearch:5.3.2

SElinux is disabled (in order to be completely sure):

    # getenforce
    Disabled

And in order to be completely sure here are the permissions of /var/log/elasticsearch:

    # ls -salt /var/log/elasticsearch/
    total 8
    4 drwxrwxrwx.  2 elasticsearch elasticsearch 4096 May  4 15:12 .

    # cat /etc/*release*
    CentOS Linux release 7.3.1611 (Core) 
    Derived from Red Hat Enterprise Linux 7.3 (Source)
    NAME="CentOS Linux"
    VERSION="7 (Core)"
    ID="centos"
    ID_LIKE="rhel fedora"
    VERSION_ID="7"
    PRETTY_NAME="CentOS Linux 7 (Core)"
    ANSI_COLOR="0;31"
    CPE_NAME="cpe:/o:centos:centos:7"
    HOME_URL="https://www.centos.org/"
    BUG_REPORT_URL="https://bugs.centos.org/"
    
    CENTOS_MANTISBT_PROJECT="CentOS-7"
    CENTOS_MANTISBT_PROJECT_VERSION="7"
    REDHAT_SUPPORT_PRODUCT="centos"
    REDHAT_SUPPORT_PRODUCT_VERSION="7"
    
    CentOS Linux release 7.3.1611 (Core) 
    CentOS Linux release 7.3.1611 (Core) 
    cpe:/o:centos:centos:7

And the error message getting displayed is:

2017-05-04 13:10:24,621 main ERROR Unable to create file /var/log/elasticsearch/ip-spotlight.elasticsearch.RR6_access.log java.io.IOException: No such file or directory

EDIT: official documentations says The container runs Elasticsearch as user elasticsearch using uid:gid 1000:1000. Bind mounted host directories and files, such as custom_elasticsearch.yml above, need to be accessible by this user. but on the server, having installed also elasticsearch as a service I see that:

$ id elasticsearch
uid=990(elasticsearch) gid=988(elasticsearch) groups=988(elasticsearch)

Please note that I did chmod 777 in all related files and directories.
Could you please advise on how-to resolve this ?


(system) #2

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.