Elasticsearch Keystore not being created

Hi there,
So, I am trying to run a simple ES single-node cluster.
Here is the Dockerfile:-

FROM elasticsearch:8.7.0
COPY . . #this copies the start_es.sh
ENTRYPOINT ["./start_es.sh"]

The start_es.sh contains nothing but the entrypoint "bin/elasticsearch" only.

But when I am running the following command:-

sudo docker run -it --pull=always --privileged -p 9200:9200 -p 9300:9300 -e discovery.type=single-node -e xpack.ml.enabled=false -e ES_JAVA_OPTS="-Xms1g -Xmx1g" -e ELASTIC_PASSWORD=elastic es_image:latest

The issue is, there is no Elasticsearch keystore created to store the password that i am setting explicitly. Instead it is ignoring the password that I am providing and creating a randomized password similar to what it creates when we run with just xpack.security.enabled=true.

But when i am running with the official ES images it does create the Elasticsearch keystore as expected like this:-

Created elasticsearch keystore in /usr/share/elasticsearch/config/elasticsearch.keystore

I am doing nothing but just running the ES entrypoint from within a shell script and that's it.
All other env variables are working fine but the elasticsearch keystore is not working.

Could someone please help me here to understand the problem or What I am doing wrong?

Thanks in advance!

Why do you want to provide your own startup script instead of using the default behavior?

If you really want to do it, have a look at this:

thanks for the response @dadoonet .
Actually I want to set vm.max_map_count=262144 and max file descriptors during the startup.
Because I have some unavoidable limitation where I cannot set this value from the host VM itself.
therefore I am trying to run a script like this in as an ENTRYPOINT in Dockerfile:-

For your reference here is the script.

#!/bin/bash
new_value=262144
#Check if running as root
if [[ $(id -u) -ne 0 ]]; then
echo "This script must be run as root or with sudo."
exit 1
else
echo "vm.max_map_count = $new_value" >> /etc/sysctl.conf
echo "elasticsearch - nofile 65535" >> /etc/security/limits.conf
sysctl -p
su -c "bin/elasticsearch" elasticsearch #running with elasticsearch user
fi

Kindly suggest if am doing something wrong here.

I believe that this is covered in the documentation. See Install Elasticsearch with Docker | Elasticsearch Guide [8.9] | Elastic

I don't think that covers it @dadoonet, the docs say how to set this up on the host but the OP can't do that for some reason and wants to set it in the Dockerfile instead.

The ENTRYPOINT script doesn't pass any arguments to bin/elasticsearch. If you want to pass command line arguments to Elasticsearch, you need to add them there.

thanks for the reply @DavidTurner !
As suggested by @dadoonet , I am using the docker-entrypoint.sh script.
As below where, I running 2 script from a 3rd script passed in entrypoint. like below:-

#!/bin/bash
#Run the script to set the kernel parameters with root priviledge
./set_kernel_parameters.sh
#Run the docker-entrypoint.sh with elasticsearch user
su -c "./docker-entrypoint.sh" elasticsearch

But here I am getting the following error:-

vm.max_map_count = 262144
./entrypoint.sh: line 44: elasticsearch-keystore: command not found

From above output it says, the kernel parameters are set successfully from ./set_kernel_parameters.sh but docker-entrypoint.sh is having some issue.

I think we are very close to get this solved.
Any help is appreciated!

thanks

Try using an absolute path instead, maybe /usr/share/elasticsearch/bin/elasticsearch-keystore?

I substituted elasticsearch-keystore with /usr/share/elasticsearch/bin/elasticsearch-keystore in the docker-entrypoint.sh and it worked.

Thanks a lot @DavidTurner !

1 Like

Great. I opened docker-entrypoint.sh uses a mix of absolute and relative/implied paths · Issue #98643 · elastic/elasticsearch · GitHub to ask whether we consider that a bug or not.

1 Like

hey @DavidTurner, Now I am getting this error:-

Created elasticsearch keystore in /usr/share/elasticsearch/config/elasticsearch.keystore

ERROR: Missing logging config file at /usr/share/elasticsearch/config/log4j2.properties

Path also matches from the docker-entrypoint.sh

What could be the issue here?

This is occurring when I am mounting my self signed certificates into usr/share/elasticsearch/config
and but working fine when I am mounting them to usr/share/elasticsearch/config/certificates.

thanks in advance!

It says that the file it needs is missing, but unfortunately I don't know any more about this. I think you must not be creating your container image correctly.

I have created a "certificates" directory in /usr/sahre/elasticsearch/config/. It is working fine now.
Is this what you are referring to?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.