Hello,
I was trying to use elasticsearch-docker image for hosting dockerized elastichsearch cluster.
What I have noticed that the es-docker script:
https://github.com/elastic/elasticsearch-docker/blob/master/build/elasticsearch/bin/es-docker
is not assigning any permissions though it is running under non-root user inside container:
USER elasticsearch
CMD ["/bin/bash", "bin/es-docker"]
and documentation suggests to mount a volume for data in README:
docker run -d -p 9200:9200 -v esdatavolume:/usr/share/elasticsearch/data $ELASTIC_REG/elasticsearch
This is how I was thinking to run it:
FROM docker.elastic.co/elasticsearch/elasticsearch
ADD jvm.options /usr/share/elasticsearch/config/
ADD elasticsearch.yml /usr/share/elasticsearch/config/
EXPOSE 9200 9300
And docker-compose:
version: '2'
services:
elasticsearch1:
container_name: es1
build: ./build
ports:
- "9200:9200"
- "9300:9300"
volumes:
- /data/elasticsearch1:/usr/share/elasticsearch/data:rw
mem_limit: 3g
restart: always
Which pretty aligns with README and docker-compose example in repository.
But I was obviously getting exception regarding permissions:
[2016-11-11T10:36:18,442][INFO ][o.e.n.Node ] [] initializing ...
[2016-11-11T10:36:18,462][WARN ][o.e.b.ElasticsearchUncaughtExceptionHandler] [] uncaught exception in thread [main]
Caused by: java.nio.file.AccessDeniedException: /usr/share/elasticsearch/data/nodes
at sun.nio.fs.UnixException.translateToIOException(UnixException.java:84) ~[?:?]
at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:102) ~[?:?]
at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:107) ~[?:?]
at sun.nio.fs.UnixFileSystemProvider.createDirectory(UnixFileSystemProvider.java:384) ~[?:?]
at java.nio.file.Files.createDirectory(Files.java:674) ~[?:1.8.0_92-internal]
at java.nio.file.Files.createAndCheckIsDirectory(Files.java:781) ~[?:1.8.0_92-internal]
at java.nio.file.Files.createDirectories(Files.java:767) ~[?:1.8.0_92-internal]
at org.elasticsearch.env.NodeEnvironment.<init>(NodeEnvironment.java:220) ~[elasticsearch-5.0.0.jar:5.0.0]
at org.elasticsearch.node.Node.<init>(Node.java:240) ~[elasticsearch-5.0.0.jar:5.0.0]
at org.elasticsearch.node.Node.<init>(Node.java:220) ~[elasticsearch-5.0.0.jar:5.0.0]
at org.elasticsearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:191) ~[elasticsearch-5.0.0.jar:5.0.0]
at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:191) ~[elasticsearch-5.0.0.jar:5.0.0]
at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:286) ~[elasticsearch-5.0.0.jar:5.0.0]
at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:112) ~[elasticsearch-5.0.0.jar:5.0.0]
... 6 more
Of course I have already fixed that with another entrypoint script that uses the initial one which is pretty ugly solution though:
#!/bin/bash
chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/data;
su elasticsearch -c "/bin/bash es-docker"
And then Dockerfile change:
FROM docker.elastic.co/elasticsearch/elasticsearch
ADD jvm.options /usr/share/elasticsearch/config/
ADD elasticsearch.yml /usr/share/elasticsearch/config/
COPY entrypoint.sh bin/entrypoint.sh
USER root
CMD ["/bin/bash", "bin/entrypoint.sh"]
EXPOSE 9200 9300
I was really surprised that there was nobody creating any ticket/bug for this and now I am a bit confused if I misunderstood how this image should be used at all and I am missing some obvious solution for that? Am I doing something inappropriate?