Error when starting Elasticsearch single node

My docker-compose.yaml

  elasticsearch:
    container_name: elasticsearch
    image: docker.elastic.co/elasticsearch/elasticsearch:8.6.2
    volumes:
      - elasticsearch_data:/usr/share/elasticsearch/data
      - certs:/usr/share/elasticsearch/config/certs
    environment:
      - discovery.type=single-node
      - ELASTIC_PASSWORD=123456
    ports:
      - 9200:9200
    healthcheck:
      test:
        [
          "CMD-SHELL",
          "curl -s --cacert config/certs/ca/ca.crt http://localhost:9200 | grep -q 'missing authentication credentials'",
        ]
      interval: 10s
      timeout: 10s
      retries: 5

volumes:
  certs:
  elasticsearch_data:

Error when running docker compose up

elasticsearch  | Created elasticsearch keystore in /usr/share/elasticsearch/config/elasticsearch.keystore
elasticsearch  | Exception in thread "main" java.io.IOException: Unable to delete directory /usr/share/elasticsearch/config/certs.
elasticsearch  |        at org.apache.commons.io.FileUtils.deleteDirectory(FileUtils.java:1581)
elasticsearch  |        at org.apache.commons.io.FileUtils.moveDirectory(FileUtils.java:2916)
elasticsearch  |        at org.elasticsearch.xpack.security.cli.AutoConfigureNode.moveDirectory(AutoConfigureNode.java:952)
elasticsearch  |        at org.elasticsearch.xpack.security.cli.AutoConfigureNode.execute(AutoConfigureNode.java:616)
elasticsearch  |        at org.elasticsearch.server.cli.ServerCli.autoConfigureSecurity(ServerCli.java:160)
elasticsearch  |        at org.elasticsearch.server.cli.ServerCli.execute(ServerCli.java:81)
elasticsearch  |        at org.elasticsearch.common.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:54)
elasticsearch  |        at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:85)
elasticsearch  |        at org.elasticsearch.cli.Command.main(Command.java:50)
elasticsearch  |        at org.elasticsearch.launcher.CliToolLauncher.main(CliToolLauncher.java:64)
elasticsearch  |        Suppressed: java.lang.UnsupportedOperationException: Unsupported copy option
elasticsearch  |                at java.base/sun.nio.fs.UnixCopyFile$Flags.fromMoveOptions(UnixCopyFile.java:115)
elasticsearch  |                at java.base/sun.nio.fs.UnixCopyFile.move(UnixCopyFile.java:407)
elasticsearch  |                at java.base/sun.nio.fs.UnixFileSystemProvider.move(UnixFileSystemProvider.java:266)
elasticsearch  |                at java.base/java.nio.file.Files.move(Files.java:1430)
elasticsearch  |                at org.elasticsearch.xpack.security.cli.AutoConfigureNode.execute(AutoConfigureNode.java:634)
elasticsearch  |                ... 6 more
elasticsearch  |        Suppressed: org.apache.commons.io.FileExistsException: Destination '/usr/share/elasticsearch/config/certs' already exists
elasticsearch  |                at org.apache.commons.io.FileUtils.moveDirectory(FileUtils.java:2908)
elasticsearch  |                at org.elasticsearch.xpack.security.cli.AutoConfigureNode.moveDirectory(AutoConfigureNode.java:952)
elasticsearch  |                at org.elasticsearch.xpack.security.cli.AutoConfigureNode.execute(AutoConfigureNode.java:659)
elasticsearch  |                ... 6 more
elasticsearch exited with code 1

I removed the volume and ran docker compose up again but it didn't work.

Welcome!

Are you doing that because you want to use your own certificates?

The Elasticsearch Docker doc says that once the certificates are generated by Elasticsearch, you can retrieve them:

docker cp elasticsearch:/usr/share/elasticsearch/config/certs/http_ca.crt .

I believe that if you want to provide your own certificate, you need to put them in another dir and declare the path to the certificate using ssl.certificate (see Security settings in Elasticsearch | Elasticsearch Guide [8.11] | Elastic)?

This guide is super instructive I think: Set up basic security for the Elastic Stack plus secured HTTPS traffic | Elasticsearch Guide [8.6] | Elastic

I used this line of code because I thought I should persist the certificates. But now I realize that I don't have to persist it so I removed this line of code and it works!.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.