Hi all,
I've been wrestling with this problem for a few days now and im scratching my head a bit as i can't figure out what's wrong.
I ran a fresh docker pull and install with docker-compose and it ran fine.
then i ran my version of the compose and i errors out like below.
NFO Main.cc@112 Parent process died - ML controller exiting
{"@timestamp":"2022-10-12T13:52:24.496Z", "log.level":"ERROR", "message":"uncaught exception in thread [main]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.bootstrap.ElasticsearchUncaughtExceptionHandler","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"elk-tls-cluster","error.type":"org.elasticsearch.bootstrap.StartupException","error.message":"java.lang.RuntimeException: can not run elasticsearch as root","error.stack_trace":"java.lang.RuntimeException: can not run elasticsearch as root\n\tat org.elasticsearch.bootstrap.Bootstrap.initializeNatives(Bootstrap.java:103)\n\tat org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:183)\n\tat org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:358)\n\tat org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:169)\n\tat org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:160)\n\tat org.elasticsearch.common.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:81)\n\tat org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:112)\n\tat org.elasticsearch.cli.Command.main(Command.java:77)\n\tat org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:125)\n\tat org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:80)\nFor complete error details, refer to the log at /usr/share/elasticsearch/logs/elk-tls-cluster.log\n"}
uncaught exception in thread [main]
java.lang.RuntimeException: can not run elasticsearch as root
at org.elasticsearch.bootstrap.Bootstrap.initializeNatives(Bootstrap.java:103)
at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:183)
at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:358)
at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:169)
at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:160)
at org.elasticsearch.common.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:81)
at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:112)
at org.elasticsearch.cli.Command.main(Command.java:77)
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:125)
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:80)
For complete error details, refer to the log at /usr/share/elasticsearch/logs/elk-tls-cluster.log
2022-10-12 13:52:25,096374 UTC [456] INFO Main.cc@112 Parent process died - ML controller exiting
i cant seem to get elasticsearch to run as a non root user
my compose looks like this:
version: '3.9'
elasticsearch:
container_name: elasticsearch
hostname: es01
domainname: 172-16-3
mac_address: 8a:ca:58:b9:e9:51
build:
context: elasticsearch/
dockerfile: Dockerfile
args:
ELK_VERSION: ${ELK_VERSION}
restart: unless-stopped
environment:
CONFIG_DIR: ${ELASTIC_DIR}/config
ELASTIC_USERNAME: ${ELASTIC_USERNAME}
ELASTIC_PASSWORD: ${ELASTIC_PASSWORD}
ES_JAVA_OPTS: -Xmx${ELASTICSEARCH_HEAP} -Xms${ELASTICSEARCH_HEAP}
bootstrap.memory_lock: "true"
discovery.type: single-node
volumes:
- /share/CACHEDEV2_DATA/containers/container-data/lib/docker/volumes/es_repo/_data:/home/admin/repo_data/:rw
- esdata:${ELASTIC_DIR}
- type: bind
source: ./elasticsearch/config/elasticsearch.yml
target: ${ELASTIC_DIR}/config/elasticsearch.yml
secrets:
- source: elasticsearch.keystore
target: ${ELASTIC_DIR}/config/elasticsearch.keystore
- source: ca.crt
target: ${ELASTIC_DIR}/config/ca.crt
- source: elasticsearch.cert
target: ${ELASTIC_DIR}/config/elasticsearch.crt
- source: elasticsearch.key
target: ${ELASTIC_DIR}/config/elasticsearch.key
networks:
- elk
ports:
- "9200:9200"
- "9300:9300"
healthcheck:
test: curl -s https://es01.172-16-3.local:9200 >/dev/null; if [[ $$? == 52 ]]; then echo 0; else echo 1; fi
interval: 30s
timeout: 10s
retries: 5
ulimits:
memlock:
soft: -1
hard: -1
nofile:
soft: 200000
hard: 200000
volumes:
esdata:
es_repo:
kibana:
container_name: kibana
hostname: kibana
domainname: 172-16-3
mac_address: 8a:ca:58:b9:e9:52
build:
context: kibana/
args:
ELK_VERSION: $ELK_VERSION
COMPOSE_HTTP_TIMEOUT: 200
restart: unless-stopped
volumes:
- kibdata:${KIBANA_DIR}:rw
- ./kibana/config/kibana.yml:${KIBANA_DIR}/config/kibana.yml:rw
#- type: volume
# source: ./kibana/config/kibana.yml:rw
# target: ${KIBANA_DIR}/config/kibana.yml:rw
environment:
CONFIG_DIR: ${KIBANA_DIR}/config
ELASTIC_USERNAME: ${ELASTIC_USERNAME}
ELASTIC_PASSWORD: ${ELASTIC_PASSWORD}
ENCRYPTION_KEY: ${XPACK_ENCRYPTION_KEY}
KIBANA_URL: ${KIBANA_URL}
secrets:
- source: ca.crt
target: ${KIBANA_DIR}/config/ca.crt
- source: kibana.cert
target: ${KIBANA_DIR}/config/kibana.crt
- source: kibana.key
target: ${KIBANA_DIR}/config/kibana.key
healthcheck:
test: curl -s https://kibana.172-16-3.local:5601 >/dev/null; if [[ $$? == 52 ]]; then echo 0; else echo 1; fi
interval: 30s
timeout: 20s
retries: 5
networks:
- elk
ports:
- "5601:5601"
depends_on:
- elasticsearch
logstash:
container_name: logstash
hostname: logstash
domainname: 172-16-3
mac_address: 8a:ca:58:b9:e9:53
build:
context: logstash/
args:
ELK_VERSION: $ELK_VERSION
restart: unless-stopped
volumes:
- type: bind
source: ./logstash/config/logstash.yml
target: ${LOGSTASH_DIR}/config/logstash.yml
- type: bind
source: ./logstash/pipeline/
target: ${LOGSTASH_DIR}/pipeline/
- type: bind
source: ./logstash/pipeline/geo
target: ${LOGSTASH_DIR}/pipeline/geo
environment:
path.settings: null
CONFIG_DIR: ${LOGSTASH_DIR}/config
ELASTIC_USERNAME: ${ELASTIC_USERNAME}
ELASTIC_PASSWORD: ${ELASTIC_PASSWORD}
LS_JAVA_OPTS: "-Xmx${LOGSTASH_HEAP} -Xms${LOGSTASH_HEAP}"
secrets:
- source: ca.crt
target: ${LOGSTASH_DIR}/config/ca.crt
- source: logstash.cert
target: ${LOGSTASH_DIR}/config/logstash.crt
- source: logstash.pkcs8.key
target: ${LOGSTASH_DIR}/config/logstash.pkcs8.key
- source: logstash.key
target: ${LOGSTASH_DIR}/config/logstash.key
- source: logstash.p12
target: ${LOGSTASH_DIR}/config/logstash.p12
networks:
- elk
ports:
- "12201:12201/udp"
- "5044:5044"
- "5045:5045/tcp"
- "5046:5046"
- "9600:9600"
- "5000:5000/tcp"
- "5000:5000/udp"
depends_on:
- elasticsearch
- kibana
elastic-agent:
container_name: elastic-agent
hostname: elastic-agent
domainname: 172-16-3
mac_address: 8a:ca:58:b9:e9:54
build:
context: elastic-agent/
args:
ELK_VERSION: $ELK_VERSION
restart: unless-stopped
environment:
FLEET_CA: '/ca.crt'
ELK_VERSION: ${ELK_VERSION}
KIBANA_HOST: "https://kibana.172-16-3.local:5601"
ELASTICSEARCH_USERNAME: ${ELASTIC_USERNAME}
ELASTICSEARCH_PASSWORD: ${ELASTIC_PASSWORD}
ELASTICSEARCH_HOSTS: "https://es01.172-16-3.local:9200"
#FLEET_ENROLL=1
#FLEET_URL: https://elastic-agent
#FLEET_ENROLLMENT_TOKEN: SUhwZzJvSUJqbFZaOFNIMEU1WE46anN2b0VxWHFUZUNwM0tzY1VZczVNdw==
#PREFLIGHT_CHECK: 1
secrets:
- source: ca.crt
target: ${LOGSTASH_DIR}/config/ca.crt
- source: logstash.cert
target: ${LOGSTASH_DIR}/config/logstash.crt
- source: logstash.pkcs8.key
target: ${LOGSTASH_DIR}/config/logstash.pkcs8.key
- source: logstash.key
target: ${LOGSTASH_DIR}/config/logstash.key
- source: logstash.p12
target: ${LOGSTASH_DIR}/config/logstash.p12
#- source: ca.crt
# target: /ca.crt
networks:
- elk
ports:
- "22:22"
depends_on:
- logstash
networks:
elk:
external: true
name: eth0-6d6da6
driver: local
secrets:
ca.crt:
file: ./secrets/certificate_authority/ca/ca.crt
elasticsearch.keystore:
file: ./secrets/elasticsearch.keystore
elastic-stack-ca.p12:
file: ./secrets/certificate_authority/elastic-stack-ca.p12
elasticsearch.key:
file: ./secrets/certificates/elasticsearch/elasticsearch.key
elasticsearch.cert:
file: ./secrets/certificates/elasticsearch/elasticsearch.crt
kibana.key:
file: ./secrets/certificates/kibana/kibana.key
kibana.cert:
file: ./secrets/certificates/kibana/kibana.crt
logstash.pkcs8.key:
file: ./secrets/certificates/logstash/logstash.pkcs8.key
logstash.key:
file: ./secrets/certificates/logstash/logstash.key
logstash.p12:
file: ./secrets/keystores/logstash/logstash.p12
logstash.cert:
file: ./secrets/certificates/logstash/logstash.crt
elastic-agent.pkcs8.key:
file: ./secrets/certificates/elastic-agent/elastic-agent.pkcs8.key
elastic-agent.key:
file: ./secrets/certificates/elastic-agent/elastic-agent.key
elastic-agent.p12:
file: ./secrets/keystores/elastic-agent/elastic-agent.p12
elastic-agent.cert:
file: ./secrets/certificates/elastic-agent/elastic-agent.crt
and my .env looks like this:
ELK_VERSION=8.4.3
ELASTIC_USERNAME=elastic
ELASTIC_PASSWORD=Pa55word
KIBANA_URL=https://kibana.172-16-3.local:5601
# Configuration Variables
ELASTICSEARCH_HEAP=2g
LOGSTASH_HEAP=1g
# Self signed TLS certificates
CA_PASSWORD=Pa55word
CA_DAYS=3650
ELASTIC_DIR=/usr/share/elasticsearch
LOGSTASH_DIR=/usr/share/logstash
KIBANA_DIR=/usr/share/kibana
#PACKETBEAT_DIR=/usr/share/packetbeat
#FILEBEAT_DIR=/usr/share/filebeat
#METRICBEAT_DIR=/usr/share/metricbeat
STAGING=true
ELASTIC_MEMORY_SIZE=4G
and my Dockerfile is this:
ARG ELK_VERSION
FROM docker.elastic.co/elasticsearch/elasticsearch:${ELK_VERSION}
#USER root
RUN sysctl -w vm.max_map_count=262144
is there a way to force elasticsearch to run as a user like 'elasticsearch' with enough permissions to run elasticsearch just like a bare metal ubuntu running elasticsearch on its own ?
thanks for reading and any help or pointers would be helpful
cheers!!