All geek questions in one place

How to mount a container directory for writing to a container?

I am trying to start the ELK stack using Docker. I found docker-elk that has already configured for me using docker-compose .

I would like to save elasticsearch data on the host machine instead of the container. According to docker-elk README, I added the volumes line to the elasticsearch of the docker-compose.yml :

 elasticsearch: image: elasticsearch:latest command: elasticsearch -Des.network.host=0.0.0.0 ports: - "9200" - "9300" volumes: - ../../env/elasticsearch:/usr/share/elasticsearch/data

However, when I run docker-compose up , I get:

 $ docker-compose up Starting dev_elasticsearch_1 Starting dev_logstash_1 Starting dev_kibana_1 Attaching to dev_elasticsearch_1, dev_logstash_1, dev_kibana_1 kibana_1 | Stalling for Elasticsearch elasticsearch_1 | [2016-03-09 00:23:35,193][WARN ][bootstrap ] unable to install syscall filter: seccomp unavailable: your kernel is buggy and you should upgrade elasticsearch_1 | Exception in thread "main" java.lang.IllegalStateException: Unable to access 'path.data' (/usr/share/elasticsearch/data/elasticsearch) elasticsearch_1 | Likely root cause: java.nio.file.AccessDeniedException: /usr/share/elasticsearch/data/elasticsearch elasticsearch_1 | at sun.nio.fs.UnixException.translateToIOException(UnixException.java:84) elasticsearch_1 | at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:102) elasticsearch_1 | at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:107) ... etc ...

In ../../env the elasticsearch directory was indeed created, but it was empty. If I create ../../env/elasticsearch/elasticsearch , then I get an access error for /usr/share/elasticsearch/data/elasticsearch/nodes . If I create /nodes , then I get an error message for /nodes/0 , etc.

In short, it looks like the container does not have write permissions in the directory.

How do I get write permissions? I tried chmod a+wx ../../env/elasticsearch and then he managed to create the following directory, but this directory has permission drwxr-xr-x and it gets stuck again.

I don't like the idea of โ€‹โ€‹running this as root.

+5
source share
1 answer

Docker does not seek to worry about these things in its base images because it expects you to use volumes or volume containers. Installation on the host gets second-class support. But while the UID that owns the directory is non-zero (and it doesn't seem to be based on our exchange of comments), you should walk away with elasticsearch as the user who already owns the directory. You can try to remove and re-add the elasticsearch user from the container by specifying its UID.

You will need to do this during login, so itโ€™s best to create a custom container. Create a file called my-entrypoint with this content:

 #!/bin/bash # Allow running arbitrary one-off commands [[ $1 && $1 != elasticsearch ]] && exec " $@ " # Otherwise, fix perms and then delegate the rest to vanilla target_uid=$(stat -c %u /usr/share/elasticsearch/data) userdel elasticsearch useradd -u "$target_uid" elasticsearch . /docker-entrypoint " $@ "

Make sure it is doable. Then create a Docker file with this content:

 FROM elasticsearch COPY my-entrypoint / ENTRYPOINT ["/my-entrypoint"]

And finally update the docker-compose.yml file:

 elasticsearch: build: . command: elasticsearch -Des.network.host=0.0.0.0 ports: - "9200" - "9300" volumes: - ../../env/elasticsearch:/usr/share/elasticsearch/data

Now, when you run docker-compose up , it should create an elasticsearch container with your changes.

(I had to do something like this with apache for Magento .)

+2
source

Source: https://habr.com/ru/post/1244700/

More articles:


All Articles