honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Clarify elasticsearch user uid:gid mapping in Docker docs 

Elasticsearch runs as user elasticsearch with uid:gid 1000:1000 inside
the Docker container. Clarify that bind mounted local directories need
to be accessible by this user.

Relates #24092
This commit is contained in:
Dimitrios Liappis 2017-04-19 15:12:46 +03:00 committed by GitHub
parent e11d892562
commit c0ac50eaa4
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
docs/reference/setup/install/docker.asciidoc
View File

@ -235,8 +235,7 @@ For example, bind-mounting a `custom_elasticsearch.yml` with `docker run` can be
--------------------------------------------
-v full_path_to/custom_elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml
--------------------------------------------
IMPORTANT: `custom_elasticsearch.yml` should be readable by uid:gid `1000:1000`
IMPORTANT: The container **runs Elasticsearch as user `elasticsearch` using uid:gid `1000:1000`**. Bind mounted host directories and files, such as `custom_elasticsearch.yml` above, **need to be accessible by this user**. For the https://www.elastic.co/guide/en/elasticsearch/reference/current/important-settings.html#path-settings[data and log dirs], such as `/usr/share/elasticsearch/data`, write access is required as well.
===== C. Customized image
In some environments, it may make more sense to prepare a custom image containing your configuration. A `Dockerfile` to achieve this may be as simple as:
@ -274,6 +273,8 @@ We have collected a number of best practices for production use.
NOTE: Any Docker parameters mentioned below assume the use of `docker run`.
. Elasticsearch inside the container runs as user `elasticsearch` using uid:gid `1000:1000`. If you are bind mounting a local directory or file, ensure it is readable by this user while the https://www.elastic.co/guide/en/elasticsearch/reference/current/important-settings.html#path-settings[data and log dirs] additionally require write access.
. It is important to correctly set capabilities and ulimits via the Docker CLI. As seen earlier in the example <<docker-prod-cluster-composefile,docker-compose.yml>>, the following options are required:
+
--cap-add=IPC_LOCK --ulimit memlock=-1:-1 --ulimit nofile=65536:65536