Elasticsearch docker image

soniadailyview · December 17, 2019, 7:47am

Hi,

I'm using docker image of elasticsearch:6.4.0 and trying to add a repo path for backup.

But after I add mounted a named volume, the permission in the cluster containers is not owned by elasticsearch but root.

Here is the code snippet of my yaml file:

  data:
    image: elasticsearch:6.4.0
    configs:
      - source: es-data
        target: /usr/share/elasticsearch/config/elasticsearch.yml
      - source: jvm-options-data
        target: /usr/share/elasticsearch/config/jvm.options
    networks:
      - esnet
    volumes:
      - esdata:/usr/share/elasticsearch/data
      - backup:/usr/share/elasticsearch/backup
volumes:
  esdata:
  backup:

If I check the container, data folder is owned by elasticsearch but not backup folder.

drwxr-xr-x  2 root          root   4096 Dec 16 09:24 backup
drwxrwxr-x  3 elasticsearch root   4096 Mar 12  2019 data

Is there any step I missed?

Magnus_Kessler · December 17, 2019, 8:23am

Try setting the gid and uid for the repository in your docker compose file as per the docker compose file documentation.

Elasticsearch runs as uid 1000 and gid 1000 in the docker container, IIRC.

soniadailyview · December 17, 2019, 9:18am

Hi Magnus,

Thanks for the reply. But I'm wondering why data folder doesn't need to set gid/uid.

Magnus_Kessler · December 18, 2019, 8:39am

Have a look at the analysis in this blog post. Essentially, the startup script inside the docker container ensures that the data directory is owned by elasticsearch. In /usr/local/bin/docker-entrypoint.sh you'll find:

if [[ "$(id -u)" == "0" ]]; then
  # If requested and running as root, mutate the ownership of bind-mounts
  if [[ -n "$TAKE_FILE_OWNERSHIP" ]]; then
    chown -R 1000:0 /usr/share/elasticsearch/{data,logs}
  fi
fi

For your own mounted volumes, I'd use the uid and gid settings in the docker compose file rather than changing this script.

soniadailyview · December 23, 2019, 3:35am

Hi Magnus,

Thanks for your information! I did see that in the script. And actually, I know the reason what the default setting didn't include backup repo because usually you wouldn't put the backup files together with the data. Anyways, thanks a lot!

system · January 20, 2020, 3:35am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Elastic/elasticsearch-docker not assigning permissions to data directory on run Elasticsearch	5	78068	December 12, 2016
Elasticsearch on docker: Volume mounted as root user leading to permission issue Elasticsearch	6	18322	July 23, 2018
Group permission inconsistency between Kibana and Elasticsearch docker images Kibana docker	2	433	February 15, 2021
Managing Persistent Volume Claims and UIDs with Kubernetes/Docker Elasticsearch	1	787	March 20, 2017
External Docker Volume for Elasticsearch Snapshot Elasticsearch	1	3043	August 19, 2019

Elasticsearch docker image

Related topics