From bb4956674a3997860c0060e89d86eab3fe8c980c Mon Sep 17 00:00:00 2001 From: Dimitrios Liappis Date: Thu, 13 Apr 2017 19:43:56 +0300 Subject: [PATCH] Clarify elasticsearch user uid:gid mapping in Docker docs (#24058) Elasticsearch runs as user elasticsearch with uid:gid 1000:1000 inside the Docker container. Clarify that bind mounted local directories need to be accessible by this user. --- docs/reference/setup/install/docker.asciidoc | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/docs/reference/setup/install/docker.asciidoc b/docs/reference/setup/install/docker.asciidoc index 8d1b1282cfb3d..426b596171e28 100644 --- a/docs/reference/setup/install/docker.asciidoc +++ b/docs/reference/setup/install/docker.asciidoc @@ -237,8 +237,7 @@ For example, bind-mounting a `custom_elasticsearch.yml` with `docker run` can be -------------------------------------------- -v full_path_to/custom_elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml -------------------------------------------- - -IMPORTANT: `custom_elasticsearch.yml` should be readable by uid:gid `1000:1000` +IMPORTANT: The container **runs Elasticsearch as user `elasticsearch` using uid:gid `1000:1000`**. Bind mounted host directories and files, such as `custom_elasticsearch.yml` above, **need to be accessible by this user**. For the https://www.elastic.co/guide/en/elasticsearch/reference/current/important-settings.html#path-settings[data and log dirs], such as `/usr/share/elasticsearch/data`, write access is required as well. ===== C. Customized image In some environments, it may make more sense to prepare a custom image containing your configuration. A `Dockerfile` to achieve this may be as simple as: @@ -276,6 +275,8 @@ We have collected a number of best practices for production use. NOTE: Any Docker parameters mentioned below assume the use of `docker run`. +. Elasticsearch inside the container runs as user `elasticsearch` using uid:gid `1000:1000`. If you are bind mounting a local directory or file, ensure it is readable by this user while the https://www.elastic.co/guide/en/elasticsearch/reference/current/important-settings.html#path-settings[data and log dirs] additionally require write access. + . It is important to correctly set capabilities and ulimits via the Docker CLI. As seen earlier in the example <>, the following options are required: + --cap-add=IPC_LOCK --ulimit memlock=-1:-1 --ulimit nofile=65536:65536