pires / docker-elasticsearch Goto Github PK
View Code? Open in Web Editor NEWDockerfile for a base Elasticsearch image to be extended by others (allow to install plug-ins, change configuration, etc.)
License: Apache License 2.0
Dockerfile for a base Elasticsearch image to be extended by others (allow to install plug-ins, change configuration, etc.)
License: Apache License 2.0
Hi,
trying to build an image, from your base image, that uses elasticsearch-keystore for storing sensitive secrets, that would be used to authenticate against a google cloud storage bucket for snapshotting the indices via a kubernetes curator cronjob.
My Dockerfile:
FROM quay.io/pires/docker-elasticsearch-kubernetes:6.2.2_1
# inital setup
COPY gcs.client.default.credentials_file /tmp/
ENV PATH /elasticsearch/bin:$PATH
WORKDIR /elasticsearch
# Copy configuration
COPY config /elasticsearch/config
# Copy run script
COPY run.sh /
# Set environment variables defaults
ENV ES_JAVA_OPTS "-Xms512m -Xmx512m"
ENV CLUSTER_NAME elasticsearch-default
ENV NODE_MASTER true
ENV NODE_DATA true
ENV NODE_INGEST true
ENV HTTP_ENABLE true
ENV NETWORK_HOST _site_
ENV HTTP_CORS_ENABLE true
ENV HTTP_CORS_ALLOW_ORIGIN *
ENV NUMBER_OF_MASTERS 1
ENV MAX_LOCAL_STORAGE_NODES 1
ENV SHARD_ALLOCATION_AWARENESS ""
ENV SHARD_ALLOCATION_AWARENESS_ATTR ""
ENV MEMORY_LOCK true
ENV REPO_LOCATIONS []
# Volume for Elasticsearch data
VOLUME ["/data"]
# fix "Exception in thread "main" java.lang.IllegalArgumentException: Could not resolve placeholder 'NODE_NAME' when running elasticsearch-keystore
ENV NODE_NAME=""
# fix elasticsearch-keystore failing with mktemp: Invalid argument & create+populate keystore
RUN export ES_TMPDIR=`mktemp -d -t elasticsearch.XXXXXXXX` && /elasticsearch/bin/elasticsearch-keystore create
RUN export ES_TMPDIR=`mktemp -d -t elasticsearch.XXXXXXXX` && /elasticsearch/bin/elasticsearch-keystore add-file gcs.client.default.credentials_file /tmp/gcs.client.default.credentials_file
RUN chown elasticsearch:elasticsearch /elasticsearch/config/elasticsearch.keystore
USER elasticsearch
CMD ["/run.sh"]
run.sh is your script from this repo.
Here's what i get after deploying this as a new client pod:
kubectl logs es-client-canary-598c8f54f7-s47ms
sh: error setting limit: Operation not permitted
-> Downloading repository-gcs from elastic
[=================================================] 100%
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: plugin requires additional permissions @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
- java.lang.RuntimePermission accessDeclaredMembers
- java.lang.RuntimePermission setFactory
- java.lang.reflect.ReflectPermission suppressAccessChecks
- java.net.SocketPermission * connect,resolve
- java.net.URLPermission http://www.googleapis.com/* *:
- java.net.URLPermission https://www.googleapis.com/* *:
See http://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html
for descriptions of what these permissions allow and the associated risks.
-> Installed repository-gcs
[2018-06-20T09:15:40,612][WARN ][o.e.b.JNANatives ] Unable to lock JVM Memory: error=12, reason=Out of memory
[2018-06-20T09:15:40,615][WARN ][o.e.b.JNANatives ] This can result in part of the JVM being swapped out.
[2018-06-20T09:15:40,615][WARN ][o.e.b.JNANatives ] Increase RLIMIT_MEMLOCK, soft limit: 65536, hard limit: 65536
[2018-06-20T09:15:40,616][WARN ][o.e.b.JNANatives ] These can be adjusted by modifying /etc/security/limits.conf, for example:allow user 'elasticsearch' mlockall
elasticsearch soft memlock unlimited
elasticsearch hard memlock unlimited
[2018-06-20T09:15:40,616][WARN ][o.e.b.JNANatives ] If you are logged in interactively, you will have to re-login for the new limits to take effect.
[2018-06-20T09:15:40,905][WARN ][o.e.b.ElasticsearchUncaughtExceptionHandler] [es-client-canary-598c8f54f7-s47ms] uncaught exception in thread [main]
org.elasticsearch.bootstrap.StartupException: java.lang.IllegalStateException: Unable to access 'path.repo' ([])
at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:125) ~[elasticsearch-6.2.2.jar:6.2.2]
at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:112) ~[elasticsearch-6.2.2.jar:6.2.2]
at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86) ~[elasticsearch-6.2.2.jar:6.2.2]
at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124) ~[elasticsearch-cli-6.2.2.jar:6.2.2]
at org.elasticsearch.cli.Command.main(Command.java:90) ~[elasticsearch-cli-6.2.2.jar:6.2.2]
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:92) ~[elasticsearch-6.2.2.jar:6.2.2]
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:85) ~[elasticsearch-6.2.2.jar:6.2.2]
Caused by: java.lang.IllegalStateException: Unable to access 'path.repo' ([])
at org.elasticsearch.bootstrap.FilePermissionUtils.addDirectoryPath(FilePermissionUtils.java:70) ~[elasticsearch-6.2.2.jar:6.2.2]
at org.elasticsearch.bootstrap.Security.addFilePermissions(Security.java:323) ~[elasticsearch-6.2.2.jar:6.2.2]
at org.elasticsearch.bootstrap.Security.createPermissions(Security.java:262) ~[elasticsearch-6.2.2.jar:6.2.2]
at org.elasticsearch.bootstrap.Security.configure(Security.java:123) ~[elasticsearch-6.2.2.jar:6.2.2]
at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:208) ~[elasticsearch-6.2.2.jar:6.2.2]
at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:323) ~[elasticsearch-6.2.2.jar:6.2.2]
at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:121) ~[elasticsearch-6.2.2.jar:6.2.2]
... 6 more
Caused by: java.nio.file.AccessDeniedException: /elasticsearch/[]
at sun.nio.fs.UnixException.translateToIOException(UnixException.java:84) ~[?:1.8.0_151]
at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:102) ~[?:1.8.0_151]
at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:107) ~[?:1.8.0_151]
at sun.nio.fs.UnixFileSystemProvider.createDirectory(UnixFileSystemProvider.java:384) ~[?:1.8.0_151]
at java.nio.file.Files.createDirectory(Files.java:674) ~[?:1.8.0_151]
at java.nio.file.Files.createAndCheckIsDirectory(Files.java:781) ~[?:1.8.0_151]
at java.nio.file.Files.createDirectories(Files.java:767) ~[?:1.8.0_151]
at org.elasticsearch.bootstrap.Security.ensureDirectoryExists(Security.java:421) ~[elasticsearch-6.2.2.jar:6.2.2]
at org.elasticsearch.bootstrap.FilePermissionUtils.addDirectoryPath(FilePermissionUtils.java:68) ~[elasticsearch-6.2.2.jar:6.2.2]
at org.elasticsearch.bootstrap.Security.addFilePermissions(Security.java:323) ~[elasticsearch-6.2.2.jar:6.2.2]
at org.elasticsearch.bootstrap.Security.createPermissions(Security.java:262) ~[elasticsearch-6.2.2.jar:6.2.2]
at org.elasticsearch.bootstrap.Security.configure(Security.java:123) ~[elasticsearch-6.2.2.jar:6.2.2]
at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:208) ~[elasticsearch-6.2.2.jar:6.2.2]
at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:323) ~[elasticsearch-6.2.2.jar:6.2.2]
at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:121) ~[elasticsearch-6.2.2.jar:6.2.2]
... 6 more
Any help would be greatly appreciated.
Thanks in advance!
As per @vganapathy1:
I'm able to deploy and the cluster comes up properly. But, when i scale the data node (any node for that matter), it failed with the below message:
Caused by: java.lang.IllegalStateException: failed to obtain node locks, tried [[/data/data/myesdb]] with lock id [0]; maybe these locations are not writable or multiple nodes were started without increasing [node.max_local_storage_nodes] (was [1])?Can you please add an environment variable for "node.max_local_storage_nodes"?
I am trying to implement the "hot/warm" architecture proposed in the ES blog post “Hot-Warm” Architecture in Elasticsearch 5.x in Kubernetes based on pires/kubernetes-elasticsearch-cluster. One obstacle I have been running into was that Elasticsearch nodes need the attribute node.attr.box_type=hot
to be set. This does not work with Java System Properties (hence the ES_JAVA_OPTS
do not help here), it needs to be passed to elasticsearch
as command line argument: -Enode.attr.box_type=hot
.
Since from version 5, ES no longer supports configuration via System Properties, I think that a generic mechanism for passing command line args to elasticsearch
in run.sh
might come in handy for this but also different, not yet thought-of scenarios. I'm filing a PR for this now for your kind consideration.
3 more versions of elasticsearch were released December 17th:
Elasticsearch 2.1.1
December 17, 2015
Elasticsearch 2.0.2
December 17, 2015
Elasticsearch 1.7.4
December 17, 2015
Do you plan on creating branches to support the different elasticsearch releases? Since you are storing the docker images on a registry, you should be able to provide different images for each release.
Not sure if you are interested in a PR for this or not, if not feel free to close!
I needed es w/ x-pack ML, so I created a fork with the base image ported to debian 9 slim and re-enabled x-pack ML.
@pires Thanks for your work on this. I've been working on bringing this into https://github.com/pires/docker-elasticsearch-kubernetes and I'm having some troubles. It looks like the security context changes introduced in ES 2 prevent the kubernetes plugin from being able to read /var/run/secrets/kubernetes.io/serviceauth/ca.crt
.
After employing some workarounds to get the cert into the kubernetes plugin, it was hitting further permissions errors:
io.fabric8.kubernetes.client.KubernetesClientException: Error executing: GET at: https://kubernetes.default.svc/api/v1/namespaces/default/endpoints/elasticsearch. Cause: access denied ("java.net.NetPermission" "getProxySelector")
at io.fabric8.kubernetes.client.dsl.base.OperationSupport.requestException(OperationSupport.java:245)
at io.fabric8.kubernetes.client.dsl.base.OperationSupport.handleResponse(OperationSupport.java:182)
at io.fabric8.kubernetes.client.dsl.base.OperationSupport.handleGet(OperationSupport.java:173)
at io.fabric8.kubernetes.client.dsl.base.BaseOperation.handleGet(BaseOperation.java:472)
at io.fabric8.kubernetes.client.dsl.base.BaseOperation.get(BaseOperation.java:105)
at io.fabric8.elasticsearch.cloud.kubernetes.KubernetesAPIServiceImpl.endpoints(KubernetesAPIServiceImpl.java:27)
at io.fabric8.elasticsearch.discovery.kubernetes.KubernetesUnicastHostsProvider.buildDynamicNodes(KubernetesUnicastHostsProvider.java:81)
at org.elasticsearch.discovery.zen.ping.unicast.UnicastZenPing.sendPings(UnicastZenPing.java:316)
at org.elasticsearch.discovery.zen.ping.unicast.UnicastZenPing$2$1.doRun(UnicastZenPing.java:234)
at org.elasticsearch.common.util.concurrent.AbstractRunnable.run(AbstractRunnable.java:37)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.security.AccessControlException: access denied ("java.net.NetPermission" "getProxySelector")
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
at java.security.AccessController.checkPermission(AccessController.java:884)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
at java.net.ProxySelector.getDefault(ProxySelector.java:94)
at com.squareup.okhttp.OkHttpClient.copyWithDefaults(OkHttpClient.java:614)
at com.squareup.okhttp.Call.<init>(Call.java:48)
at com.squareup.okhttp.OkHttpClient.newCall(OkHttpClient.java:595)
at io.fabric8.kubernetes.client.dsl.base.OperationSupport.handleResponse(OperationSupport.java:180)
I've got an issue open fabric8io/elasticsearch-cloud-kubernetes#18 to see if they can lend a hand here.
@pires any thoughts?
Hi @pires -
Could you please push the image?
docker pull quay.io/pires/docker-elasticsearch:6.4.2
Error response from daemon: manifest for quay.io/pires/docker-elasticsearch:6.4.2 not found
I can build locally, but perhaps you want it available to be pulled from quay.io as well...
Thanks for your contribution on it! Great stuff you have here in you git :)
The current startup script uses chown -R to set the elasticsearch:elasticsearch owner of the data folder.
However, this can get VERY slow when the folder already contains indexes.
https://www.unixlore.net/articles/speeding-up-bulk-file-operations.html provides an alternative logic:
find . -type f -print0 | xargs -0 chown elasticsearch:elasticsearch
I'm trying to replicate a cluster setup with docker-compose. Please, see docker-compose
file below.
version: '3'
services:
elasticsearch-master:
image: quay.io/pires/docker-elasticsearch:6.2.3_1
container_name: elasticsearch-master
privileged: true
environment:
- "HTTP_ENABLE=false"
- "NODE_DATA=false"
- "CLUSTER_NAME=elasticsearch"
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
networks:
- elastic
elasticsearch:
image: quay.io/pires/docker-elasticsearch:6.2.3_1
container_name: elasticsearch
privileged: true
ports:
- "9200:9200"
- "9300:9300"
environment:
- "NODE_MASTER=false"
- "NODE_DATA=false"
- "CLUSTER_NAME=elasticsearch"
- "ES_JAVA_OPTS=-Xms256m -Xmx256m"
# - "discovery.zen.ping.unicast.hosts=[\"elasticsearch-master\"]"
networks:
- elastic
depends_on:
- elasticsearch-master
elasticsearch-data1:
image: quay.io/pires/docker-elasticsearch:6.2.3_1
container_name: elasticsearch-data1
privileged: true
environment:
- "NODE_MASTER=false"
- "HTTP_ENABLE=false"
- "CLUSTER_NAME=elasticsearch"
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
- "discovery.zen.ping.unicast.hosts=[\"elasticsearch-master\"]"
depends_on:
- elasticsearch-master
networks:
- elastic
elasticsearch-data2:
image: quay.io/pires/docker-elasticsearch:6.2.3_1
container_name: elasticsearch-data2
privileged: true
environment:
- "NODE_MASTER=false"
- "HTTP_ENABLE=false"
- "CLUSTER_NAME=elasticsearch"
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
- "discovery.zen.ping.unicast.hosts=[\"elasticsearch-master\"]"
depends_on:
- elasticsearch-master
networks:
- elastic
networks:
elastic:
driver: bridge
But nodes are never able to discover each other with messages like
elasticsearch | [2018-04-20T22:13:56,503][WARN ][o.e.d.z.ZenDiscovery ] [1ee60d4e-9387-47b7-bdcb-2a1ba408826f] not enough master nodes discovered during pinging (found [[]], but needed [1]), pinging again
elasticsearch-data1 | [2018-04-20T22:13:56,890][WARN ][o.e.d.z.ZenDiscovery ] [bf93ab01-324d-4624-9d25-58b6611dcead] not enough master nodes discovered during pinging (found [[]], but needed [1]), pinging again
What am I possibly missing here? Thank you!
With ES_VERSION 6.2.1 docker run fails with:
sh: error setting limit: Operation not permitted
mktemp: Invalid argument
With ES_VERSION 6.1.3 works
When reading through the documentation around adding a back-up location to the elastic config the documentation reads:
Then, set the REPO_LOCATIONS environment variable to ["/backup"] and create a backup repository
However, when REPO_LOCATIONS is substituted to the environment variable value it is already wrapped within an array. Therefore, the REPO_LOCATIONS env variable should just be initialized as a string e.g. /backup
.
Hi. I'm using your image, but am having trouble mounting the /data volume against a folder on my local machine.
The is the volume parameter I'm adding when I run docker run:
-v /Users/myuser/data:/data
This is the error I get when elasticsearch is started using your run.sh:
Exception in thread "main" java.lang.IllegalStateException: Failed to created node environment Likely root cause: java.nio.file.AccessDeniedException: /data/data at sun.nio.fs.UnixException.translateToIOException(UnixException.java:84) at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:102) at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:107) at sun.nio.fs.UnixFileSystemProvider.createDirectory(UnixFileSystemProvider.java:384) at java.nio.file.Files.createDirectory(Files.java:674) at java.nio.file.Files.createAndCheckIsDirectory(Files.java:781) at java.nio.file.Files.createDirectories(Files.java:767) at org.elasticsearch.env.NodeEnvironment.<init>(NodeEnvironment.java:168) at org.elasticsearch.node.Node.<init>(Node.java:153) at org.elasticsearch.node.Node.<init>(Node.java:128) at org.elasticsearch.node.NodeBuilder.build(NodeBuilder.java:145) at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:178) at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:285) at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:35)
It looks like the elasticsearch user doesn't have permission to do anything in those directories, even though they've been chown-d to it in the run.sh.
What am I doing wrong here? Thanks for your help!
@pires I believe your base image may not support memory locking. I wasn't able to see how to get busybox to recognize /etc/security/limits.conf. I'm seeing this in my logs
[2015-11-17 19:24:26,185][WARN ][bootstrap ] Unable to lock JVM Memory: error=12,reason=Cannot allocate memory
[2015-11-17 19:24:26,186][WARN ][bootstrap ] This can result in part of the JVM being swapped out.
[2015-11-17 19:24:26,186][WARN ][bootstrap ] Increase RLIMIT_MEMLOCK, soft limit: 65536, hard limit: 65536
[2015-11-17 19:24:26,186][WARN ][bootstrap ] These can be adjusted by modifying /etc/security/limits.conf, for example:
# allow user 'elasticsearch' mlockall
elasticsearch soft memlock unlimited
elasticsearch hard memlock unlimited
Also, I need to use ES 1.7. If i simply change the version on this image and deploy it as a stateful cluster using your scripts, will it work for a production environment or there are any "hidden" problems that will come from this change? Thank you very much!
Hi,
I'm trying to install the SearchGuard plugin. Unfortunately I get an error message during the installation of the plugin telling me it can not find the folder "x-pack-ml". This seems logical to me because x-pack-ml is not enabled but...does this mean I cannot use this plugin using this (alpine) base image?
Hi pires,
I noticed REPO_LOCATIONS
appears only in the doc, I cannot find any usage in run.sh
or config file. Could you please explain how to set this variable properly when running this image?
Thanks
FYI I'm hitting this error ocassionally when bringing up my pods on GKE:
/run.sh: line 28: /elasticsearch/bin/elasticsearch-plugin: Text file busy
/run.sh: line 28: /elasticsearch/bin/elasticsearch-plugin: Text file busy
From reading this thread possible workarounds might be running sync
or sleep 1
after chown
ing.
Related to #31
Happy to PR and test fixes pending your (or anyone else's) thoughts on this issue.
Hi
In my kubernetes deployment I specified:
- name: "ES_PLUGINS_INSTALL" value: "ingest-attachment"
It does not work and run without installed plugin.
As I with my limited know how can see is in run script:
if [ ! -z "${ES_PLUGINS_INSTALL}" ]; then OLDIFS=$IFS IFS=',' for plugin in ${ES_PLUGINS_INSTALL}; do if ! $BASE/bin/elasticsearch-plugin list | grep -qs ${plugin}; then yes | $BASE/bin/elasticsearch-plugin install --batch ${plugin} fi done IFS=$OLDIFS fi
There is no file '/elasticsearch/bin/elasticsearch-plugin' in the container.
Maybe this is a bug or how should i specify the plugin name?
@pires - Am a newbie in the docker world, appreciate your work and thanks in advance.
I have one VM which has docker installed, now am trying to setup three individual containers for elasticsearch, following your guide, - one each for master, client and data. I used the below docker cmds to run them, in the same order..When I try to test the cluster status, I get an error saying,
"Master Not Discovered Error"
[2016-01-06 09:09:31,393][WARN ][discovery.zen.ping.unicast] [Wysper] failed to send ping to [{#zen_unicast_6#}{::1}{[::1]:9300}]
SendRequestTransportException[[][[::1]:9300][internal:discovery/zen/unicast]]; nested: NodeNotConnectedException[[][[::1]:9300] Node not connected];
I believe it is an issue with the IP it defaults to, when the port 9300 is opened and other containers cannot talk to master on 9300..
Should I be linking the containers to get it working? Or is there something technically wrong in what am trying? Looking forward for your guidance here..
docker run --name es-master --detach --privileged -p 9300:9300 --volume /opt/es/data:/data -e CLUSTER_NAME=esclus-test -e NODE_DATA=false -e HTTP_ENABLE=false quay.io/pires/docker-elasticsearch:2.1.0
docker run --name es-client --detach --privileged -p 9200:9200 --volume /opt/es/data:/data -e CLUSTER_NAME=esclus-dpev304 -e NODE_MASTER=false -e NODE_DATA=false quay.io/pires/docker-elasticsearch:2.1.0
docker run --name es-data --detach --privileged --volume /opt/es/data:/data -e CLUSTER_NAME=esclus-dpev304 -e NODE_MASTER=false -e HTTP_ENABLE=false quay.io/pires/docker-elasticsearch:2.1.0
any timeline on 6.0 availability?
When upgrading to the 5.4.0 version from 5.3.2 x-pack plugin doesn't work anymore. Below the container logs for both the 5.4.0 and the 5.3.2 which is succesfull.
Exception
2017-05-19T11:59:35.924916014Z * javax.net.ssl.SSLPermission setHostnameVerifier
2017-05-19T11:59:35.924929657Z See http://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html
2017-05-19T11:59:35.924948518Z for descriptions of what these permissions allow and the associated risks.
2017-05-19T11:59:35.924955717Z @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
2017-05-19T11:59:35.924962117Z @ WARNING: plugin forks a native controller @
2017-05-19T11:59:35.925171974Z @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
2017-05-19T11:59:35.925185354Z This plugin launches a native controller that is not subject to the Java
2017-05-19T11:59:35.925191107Z security manager nor to system call filters.
2017-05-19T11:59:35.943223960Z -> Installed x-pack
2017-05-19T11:59:37.573425151Z [2017-05-19T11:59:37,563][WARN ][o.e.b.ElasticsearchUncaughtExceptionHandler] [es-master-2851743849-634nt] uncaught exception in thread [main]
2017-05-19T11:59:37.573479436Z org.elasticsearch.bootstrap.StartupException: org.elasticsearch.bootstrap.BootstrapException: java.io.IOException: Cannot run program "/elasticsearch/plugins/x-pack/platform/linux-x86_64/bin/controller": error=2, No such file or directory
2017-05-19T11:59:37.573497351Z at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:127) ~[elasticsearch-5.4.0.jar:5.4.0]
2017-05-19T11:59:37.573503551Z at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:114) ~[elasticsearch-5.4.0.jar:5.4.0]
2017-05-19T11:59:37.573509824Z at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:67) ~[elasticsearch-5.4.0.jar:5.4.0]
2017-05-19T11:59:37.573515230Z at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:122) ~[elasticsearch-5.4.0.jar:5.4.0]
2017-05-19T11:59:37.573521430Z at org.elasticsearch.cli.Command.main(Command.java:88) ~[elasticsearch-5.4.0.jar:5.4.0]
2017-05-19T11:59:37.573526640Z at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:91) ~[elasticsearch-5.4.0.jar:5.4.0]
2017-05-19T11:59:37.573532007Z at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:84) ~[elasticsearch-5.4.0.jar:5.4.0]
2017-05-19T11:59:37.573537797Z Caused by: org.elasticsearch.bootstrap.BootstrapException: java.io.IOException: Cannot run program "/elasticsearch/plugins/x-pack/platform/linux-x86_64/bin/controller": error=2, No such file or directory
2017-05-19T11:59:37.573544226Z at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:179) ~[elasticsearch-5.4.0.jar:5.4.0]
2017-05-19T11:59:37.573554021Z at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:360) ~[elasticsearch-5.4.0.jar:5.4.0]
2017-05-19T11:59:37.573563170Z at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:123) ~[elasticsearch-5.4.0.jar:5.4.0]
2017-05-19T11:59:37.573592370Z ... 6 more
2017-05-19T11:59:37.573599523Z Caused by: java.io.IOException: Cannot run program "/elasticsearch/plugins/x-pack/platform/linux-x86_64/bin/controller": error=2, No such file or directory
2017-05-19T11:59:37.573605194Z at java.lang.ProcessBuilder.start(ProcessBuilder.java:1048) ~[?:1.8.0_121]
2017-05-19T11:59:37.573610266Z at org.elasticsearch.bootstrap.Spawner.spawnNativePluginController(Spawner.java:120) ~[elasticsearch-5.4.0.jar:5.4.0]
2017-05-19T11:59:37.573615426Z at org.elasticsearch.bootstrap.Spawner.spawnNativePluginControllers(Spawner.java:99) ~[elasticsearch-5.4.0.jar:5.4.0]
2017-05-19T11:59:37.573620684Z at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:167) ~[elasticsearch-5.4.0.jar:5.4.0]
2017-05-19T11:59:37.573625906Z at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:360) ~[elasticsearch-5.4.0.jar:5.4.0]
2017-05-19T11:59:37.573630987Z at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:123) ~[elasticsearch-5.4.0.jar:5.4.0]
2017-05-19T11:59:37.573636186Z ... 6 more
2017-05-19T11:59:37.573640977Z Caused by: java.io.IOException: error=2, No such file or directory
2017-05-19T11:59:37.573645857Z at java.lang.UNIXProcess.forkAndExec(Native Method) ~[?:1.8.0_121]
2017-05-19T11:59:37.573650820Z at java.lang.UNIXProcess.<init>(UNIXProcess.java:247) ~[?:1.8.0_121]
2017-05-19T11:59:37.573656097Z at java.lang.ProcessImpl.start(ProcessImpl.java:134) ~[?:1.8.0_121]
2017-05-19T11:59:37.573661003Z at java.lang.ProcessBuilder.start(ProcessBuilder.java:1029) ~[?:1.8.0_121]
2017-05-19T11:59:37.573666033Z at org.elasticsearch.bootstrap.Spawner.spawnNativePluginController(Spawner.java:120) ~[elasticsearch-5.4.0.jar:5.4.0]
2017-05-19T11:59:37.573671116Z at org.elasticsearch.bootstrap.Spawner.spawnNativePluginControllers(Spawner.java:99) ~[elasticsearch-5.4.0.jar:5.4.0]
2017-05-19T11:59:37.573676273Z at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:167) ~[elasticsearch-5.4.0.jar:5.4.0]
2017-05-19T11:59:37.573681387Z at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:360) ~[elasticsearch-5.4.0.jar:5.4.0]
2017-05-19T11:59:37.573686453Z at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:123) ~[elasticsearch-5.4.0.jar:5.4.0]
2017-05-19T11:59:37.573691577Z ... 6 more
Successfull
2017-05-19T12:01:17.249213673Z -> Downloading x-pack from elastic
2017-05-19T12:01:19.341389597Z
[ ] 1%
[> ] 2%
[> ] 3%
[=> ] 4%
[=> ] 5%
[==> ] 6%
[==> ] 7%
[===> ] 8%
[===> ] 9%
[====> ] 10%
[====> ] 11%
[=====> ] 12%
[=====> ] 13%
[======> ] 14%
[======> ] 15%
[=======> ] 16%
[=======> ] 17%
[========> ] 18%
[========> ] 19%
[=========> ] 20%
[=========> ] 21%
[==========> ] 22%
[==========> ] 23%
[===========> ] 24%
[===========> ] 25%
[============> ] 26%
[============> ] 27%
[=============> ] 28%
[=============> ] 29%
[==============> ] 30%
[==============> ] 31%
[===============> ] 32%
[===============> ] 33%
[================> ] 34%
[================> ] 35%
[=================> ] 36%
[=================> ] 37%
[==================> ] 38%
[==================> ] 39%
[===================> ] 40%
[===================> ] 41%
[====================> ] 42%
[====================> ] 43%
[=====================> ] 44%
[=====================> ] 45%
[======================> ] 46%
[======================> ] 47%
[=======================> ] 48%
[=======================> ] 49%
[========================> ] 50%
[========================> ] 51%
[=========================> ] 52%
[=========================> ] 53%
[==========================> ] 54%
[==========================> ] 55%
[===========================> ] 56%
[===========================> ] 57%
[============================> ] 58%
[============================> ] 59%
[=============================> ] 60%
[=============================> ] 61%
[==============================> ] 62%
[==============================> ] 63%
[===============================> ] 64%
[===============================> ] 65%
[================================> ] 66%
[================================> ] 67%
[=================================> ] 68%
[=================================> ] 69%
[==================================> ] 70%
[==================================> ] 71%
[===================================> ] 72%
[===================================> ] 73%
[====================================> ] 74%
[====================================> ] 75%
[=====================================> ] 76%
[=====================================> ] 77%
[======================================> ] 78%
[======================================> ] 79%
[=======================================> ] 80%
[=======================================> ] 81%
[========================================> ] 82%
[========================================> ] 83%
[=========================================> ] 84%
[=========================================> ] 85%
[==========================================> ] 86%
[==========================================> ] 87%
[===========================================> ] 88%
[===========================================> ] 89%
[============================================> ] 90%
[============================================> ] 91%
[=============================================> ] 92%
[=============================================> ] 93%
[==============================================> ] 94%
[==============================================> ] 95%
[===============================================> ] 96%
[===============================================> ] 97%
[================================================>] 98%
[================================================>] 99%
[=================================================] 100%
2017-05-19T12:01:20.398423844Z @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
2017-05-19T12:01:20.398464953Z @ WARNING: plugin requires additional permissions @
2017-05-19T12:01:20.398472154Z @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
2017-05-19T12:01:20.398679407Z * java.lang.RuntimePermission accessClassInPackage.com.sun.activation.registries
2017-05-19T12:01:20.398696694Z * java.lang.RuntimePermission getClassLoader
2017-05-19T12:01:20.398703047Z * java.lang.RuntimePermission setContextClassLoader
2017-05-19T12:01:20.398708326Z * java.lang.RuntimePermission setFactory
2017-05-19T12:01:20.398713433Z * java.security.SecurityPermission createPolicy.JavaPolicy
2017-05-19T12:01:20.398718523Z * java.security.SecurityPermission getPolicy
2017-05-19T12:01:20.398723533Z * java.security.SecurityPermission putProviderProperty.BC
2017-05-19T12:01:20.398728687Z * java.security.SecurityPermission setPolicy
2017-05-19T12:01:20.398748202Z * java.util.PropertyPermission * read,write
2017-05-19T12:01:20.398755467Z * java.util.PropertyPermission sun.nio.ch.bugLevel write
2017-05-19T12:01:20.398760802Z * javax.net.ssl.SSLPermission setHostnameVerifier
2017-05-19T12:01:20.398765836Z See http://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html
2017-05-19T12:01:20.398771022Z for descriptions of what these permissions allow and the associated risks.
2017-05-19T12:01:20.413795254Z -> Installed x-pack
2017-05-19T12:01:23.891584149Z [2017-05-19T12:01:23,888][INFO ][o.e.n.Node ] [es-master-3058116714-8m2l4] initializing ...
2017-05-19T12:01:24.093776745Z [2017-05-19T12:01:24,093][INFO ][o.e.e.NodeEnvironment ] [es-master-3058116714-8m2l4] using [1] data paths, mounts [[/data (/dev/sda9)]], net usable_space [6.3gb], net total_space [28.6gb], spins? [possibly], types [ext4]
2017-05-19T12:01:24.094026693Z [2017-05-19T12:01:24,093][INFO ][o.e.e.NodeEnvironment ] [es-master-3058116714-8m2l4] heap size [494.9mb], compressed ordinary object pointers [true]
2017-05-19T12:01:24.096202089Z [2017-05-19T12:01:24,095][INFO ][o.e.n.Node ] [es-master-3058116714-8m2l4] node name [es-master-3058116714-8m2l4], node ID [mwtPKu2kTmOUfZrul5LLCA]
2017-05-19T12:01:24.096597408Z [2017-05-19T12:01:24,096][INFO ][o.e.n.Node ] [es-master-3058116714-8m2l4] version[5.3.2], pid[63], build[3068195/2017-04-24T16:15:59.481Z], OS[Linux/4.9.24-coreos/amd64], JVM[Oracle Corporation/OpenJDK 64-Bit Server VM/1.8.0_121/25.121-b13]
2017-05-19T12:01:32.983612944Z [2017-05-19T12:01:32,983][INFO ][o.e.p.PluginsService ] [es-master-3058116714-8m2l4] loaded module [aggs-matrix-stats]
2017-05-19T12:01:32.996462095Z [2017-05-19T12:01:32,996][INFO ][o.e.p.PluginsService ] [es-master-3058116714-8m2l4] loaded module [ingest-common]
2017-05-19T12:01:32.996505185Z [2017-05-19T12:01:32,996][INFO ][o.e.p.PluginsService ] [es-master-3058116714-8m2l4] loaded module [lang-expression]
2017-05-19T12:01:32.996526510Z [2017-05-19T12:01:32,996][INFO ][o.e.p.PluginsService ] [es-master-3058116714-8m2l4] loaded module [lang-groovy]
2017-05-19T12:01:32.996533090Z [2017-05-19T12:01:32,996][INFO ][o.e.p.PluginsService ] [es-master-3058116714-8m2l4] loaded module [lang-mustache]
2017-05-19T12:01:32.996775465Z [2017-05-19T12:01:32,996][INFO ][o.e.p.PluginsService ] [es-master-3058116714-8m2l4] loaded module [lang-painless]
2017-05-19T12:01:32.996794337Z [2017-05-19T12:01:32,996][INFO ][o.e.p.PluginsService ] [es-master-3058116714-8m2l4] loaded module [percolator]
2017-05-19T12:01:32.996810600Z [2017-05-19T12:01:32,996][INFO ][o.e.p.PluginsService ] [es-master-3058116714-8m2l4] loaded module [reindex]
2017-05-19T12:01:32.996816567Z [2017-05-19T12:01:32,996][INFO ][o.e.p.PluginsService ] [es-master-3058116714-8m2l4] loaded module [transport-netty3]
2017-05-19T12:01:32.997016753Z [2017-05-19T12:01:32,996][INFO ][o.e.p.PluginsService ] [es-master-3058116714-8m2l4] loaded module [transport-netty4]
2017-05-19T12:01:32.998728903Z [2017-05-19T12:01:32,998][INFO ][o.e.p.PluginsService ] [es-master-3058116714-8m2l4] loaded plugin [x-pack]
2017-05-19T12:01:43.318702831Z [2017-05-19T12:01:43,318][INFO ][o.e.n.Node ] [es-master-3058116714-8m2l4] initialized
2017-05-19T12:01:43.318759367Z [2017-05-19T12:01:43,318][INFO ][o.e.n.Node ] [es-master-3058116714-8m2l4] starting ...
2017-05-19T12:01:43.913696059Z [2017-05-19T12:01:43,750][WARN ][i.n.u.i.MacAddressUtil ] Failed to find a usable hardware address from the network interfaces; using random bytes: cb:0f:7d:a2:79:c9:4c:e2
2017-05-19T12:01:44.168576112Z [2017-05-19T12:01:44,168][INFO ][o.e.t.TransportService ] [es-master-3058116714-8m2l4] publish_address {69.2.28.9:9300}, bound_addresses {69.2.28.9:9300}
2017-05-19T12:01:44.176777407Z [2017-05-19T12:01:44,176][INFO ][o.e.b.BootstrapChecks ] [es-master-3058116714-8m2l4] bound or publishing to a non-loopback or non-link-local address, enforcing bootstrap checks
2017-05-19T12:01:47.257407842Z [2017-05-19T12:01:47,256][INFO ][o.e.c.s.ClusterService ] [es-master-3058116714-8m2l4] new_master {es-master-3058116714-8m2l4}{mwtPKu2kTmOUfZrul5LLCA}{nXaYVKvsQ1ehXxSIM561mA}{69.2.28.9}{69.2.28.9:9300}, added {{es-data-3552184860-k5hnz}{2ZPrceniRC-RD0PSZki4AQ}{iYGgHCU3SGqpCra8Ssiuhg}{69.2.31.16}{69.2.31.16:9300},{es-master-3058116714-cfdsz}{vgyvC5ufQqqRgtupPgXSHw}{HCVnh5soRDKrH3fa-mnNCw}{69.2.28.7}{69.2.28.7:9300},}, reason: zen-disco-elected-as-master ([2] nodes joined)[{es-data-3552184860-k5hnz}{2ZPrceniRC-RD0PSZki4AQ}{iYGgHCU3SGqpCra8Ssiuhg}{69.2.31.16}{69.2.31.16:9300}, {es-master-3058116714-cfdsz}{vgyvC5ufQqqRgtupPgXSHw}{HCVnh5soRDKrH3fa-mnNCw}{69.2.28.7}{69.2.28.7:9300}]
Does the Kubernetes discovery mode of the fabric8 discovery plugin avoid split brain syndrome if you have multiple master nodes in your cluster? If not, then I'm wondering if the discovery.zen.minimum_master_node
configuration field from a regular elasticsearch.yml file should be exposed in the Kubernetes Docker container elasticsearch.yml file.
When nothing is specified, and we try to run this Elastic Search image straight up, with an unprivileged user, it now fails (in both the Docker case, and the Kubernetes case).
$ mkdir data
$ sudo chown 1000 data
$ sudo chmod 777 data
$ docker run -it --rm -u 1000 quay.io/pires/docker-elasticsearch-kubernetes:6.2.3
[2018-04-16T22:35:12,953][WARN ][o.e.b.ElasticsearchUncaughtExceptionHandler] [2f0fa121-81e0-4056-8eb1-a0ffc52fbc48] uncaught exception in thread [main]
org.elasticsearch.bootstrap.StartupException: java.lang.IllegalStateException: Unable to access 'path.logs' (/data/log)
at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:125) ~[elasticsearch-6.2.3.jar:6.2.3]
at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:112) ~[elasticsearch-6.2.3.jar:6.2.3]
at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86) ~[elasticsearch-6.2.3.jar:6.2.3]
at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124) ~[elasticsearch-cli-6.2.3.jar:6.2.3]
at org.elasticsearch.cli.Command.main(Command.java:90) ~[elasticsearch-cli-6.2.3.jar:6.2.3]
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:92) ~[elasticsearch-6.2.3.jar:6.2.3]
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:85) ~[elasticsearch-6.2.3.jar:6.2.3]
Caused by: java.lang.IllegalStateException: Unable to access 'path.logs' (/data/log)
at org.elasticsearch.bootstrap.FilePermissionUtils.addDirectoryPath(FilePermissionUtils.java:70) ~[elasticsearch-6.2.3.jar:6.2.3]
at org.elasticsearch.bootstrap.Security.addFilePermissions(Security.java:300) ~[elasticsearch-6.2.3.jar:6.2.3]
at org.elasticsearch.bootstrap.Security.createPermissions(Security.java:262) ~[elasticsearch-6.2.3.jar:6.2.3]
at org.elasticsearch.bootstrap.Security.configure(Security.java:123) ~[elasticsearch-6.2.3.jar:6.2.3]
at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:208) ~[elasticsearch-6.2.3.jar:6.2.3]
at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:323) ~[elasticsearch-6.2.3.jar:6.2.3]
at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:121) ~[elasticsearch-6.2.3.jar:6.2.3]
... 6 more
Caused by: java.nio.file.AccessDeniedException: /data/log
at sun.nio.fs.UnixException.translateToIOException(UnixException.java:84) ~[?:1.8.0_151]
at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:102) ~[?:1.8.0_151]
at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:107) ~[?:1.8.0_151]
at sun.nio.fs.UnixFileSystemProvider.createDirectory(UnixFileSystemProvider.java:384) ~[?:1.8.0_151]
at java.nio.file.Files.createDirectory(Files.java:674) ~[?:1.8.0_151]
at java.nio.file.Files.createAndCheckIsDirectory(Files.java:781) ~[?:1.8.0_151]
at java.nio.file.Files.createDirectories(Files.java:767) ~[?:1.8.0_151]
at org.elasticsearch.bootstrap.Security.ensureDirectoryExists(Security.java:421) ~[elasticsearch-6.2.3.jar:6.2.3]
at org.elasticsearch.bootstrap.FilePermissionUtils.addDirectoryPath(FilePermissionUtils.java:68) ~[elasticsearch-6.2.3.jar:6.2.3]
at org.elasticsearch.bootstrap.Security.addFilePermissions(Security.java:300) ~[elasticsearch-6.2.3.jar:6.2.3]
at org.elasticsearch.bootstrap.Security.createPermissions(Security.java:262) ~[elasticsearch-6.2.3.jar:6.2.3]
at org.elasticsearch.bootstrap.Security.configure(Security.java:123) ~[elasticsearch-6.2.3.jar:6.2.3]
at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:208) ~[elasticsearch-6.2.3.jar:6.2.3]
at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:323) ~[elasticsearch-6.2.3.jar:6.2.3]
at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:121) ~[elasticsearch-6.2.3.jar:6.2.3]
... 6 more
From reading Elastic Search's code, I can see that for each of the defined repo.path
, Elastic Search will verify that the directory exists, and then add their respective policies. The exception thrown reveals that Elastic Search may be parsing []
as a literal repo.path
. Launching Elastic Search as root, indeed, reveals that Elastic Search creates /elasticsearch/[]
and will therefore dump backups there unexpectedly. When Elastic Search is ran as its unprivileged user, the run.sh
entrypoint does not chown
/elasticsearch
nor /data
, as /data
is expected to already be mounted properly, and as nothing should be written under /elasticsearch
- therefore, Elastic Search fails to create silently and then throw because it could not find /elasticsearch/[]
.
When the REPO_LOCATIONS
environment variable is replaced by an empty string, rather than its default []
, Elastic Search is able to start properly in both privileged and unprivileged cases.
Hi
env NUMBER_OF_SHARDS and ENV NUMBER_OF_REPLICAS are defined in Dockerfile, are they available? I'm asking because I didn't see them in elasticsearch.yml. Thanks.
Good day,
Do you plan to maintain 5.x releases? I see you have none since ES 6.0 is out. For us migration to ES 6.0 will be a long way, since we rely on types heavily. Therefore it will be great to have 5.x versions available here.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.