3

Running Elasticsearch using the below docker-compose.yml is throwing an error

Java.nio.file.AccessDeniedException: /usr/share/elasticsearch/data/nodes

It appears that this is due to trying to mount /usr/share/elasticsearch/data in the Docker container to ./data/elasticsearch/data on the host.

Tried setting user: "1000:1000" after identifying the following info, but still getting the same error.

  1. the owner/group of /usr/share/elasticsearch/data/nodes to be elasticsearch:elasticsearch

  2. the owner/group of /usr/share/elasticsearch/data to be elasticsearch:root

  3. uid=1000(elasticsearch) gid=1000(elasticsearch) groups=1000(elasticsearch)

Question: Is it possible to mount it to the host volume ./data/elasticsearch/data, and not by using an anonymous or named volume?

Using docker-compose 1.24.0, docker 19.03.6-rc1, Ubuntu 18.04.3.

docker-compose.yml

version: '3'
services:

  elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch-oss:6.8.2
    user: "1000:1000"
    volumes:
      - ./data/elasticsearch:/usr/share/elasticsearch/data
    environment:
      - http.host=0.0.0.0
      - transport.host=localhost
      - network.host=0.0.0.0
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
    ulimits:
      memlock:
        soft: -1
        hard: -1
    deploy:
      resources:
        limits:
          memory: 1g
    networks:
      - graylog

networks:
  graylog:
    driver: bridge

Elasticsearch Full Error from docker logs

elasticsearch_1  | OpenJDK 64-Bit Server VM warning: Option UseConcMarkSweepGC was deprecated in version 9.0 and will likely be removed in a future release.
elasticsearch_1  | [2020-01-31T23:51:11,119][WARN ][o.e.b.ElasticsearchUncaughtExceptionHandler] [unknown] uncaught exception in thread [main]
elasticsearch_1  | org.elasticsearch.bootstrap.StartupException: java.lang.IllegalStateException: Failed to create node environment
elasticsearch_1  |  at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:163) ~[elasticsearch-6.8.2.jar:6.8.2]
elasticsearch_1  |  at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:150) ~[elasticsearch-6.8.2.jar:6.8.2]
elasticsearch_1  |  at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86) ~[elasticsearch-6.8.2.jar:6.8.2]
elasticsearch_1  |  at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124) ~[elasticsearch-cli-6.8.2.jar:6.8.2]
elasticsearch_1  |  at org.elasticsearch.cli.Command.main(Command.java:90) ~[elasticsearch-cli-6.8.2.jar:6.8.2]
elasticsearch_1  |  at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:116) ~[elasticsearch-6.8.2.jar:6.8.2]
elasticsearch_1  |  at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:93) ~[elasticsearch-6.8.2.jar:6.8.2]
elasticsearch_1  | Caused by: java.lang.IllegalStateException: Failed to create node environment
elasticsearch_1  |  at org.elasticsearch.node.Node.<init>(Node.java:299) ~[elasticsearch-6.8.2.jar:6.8.2]
elasticsearch_1  |  at org.elasticsearch.node.Node.<init>(Node.java:266) ~[elasticsearch-6.8.2.jar:6.8.2]
elasticsearch_1  |  at org.elasticsearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:212) ~[elasticsearch-6.8.2.jar:6.8.2]
elasticsearch_1  |  at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:212) ~[elasticsearch-6.8.2.jar:6.8.2]
elasticsearch_1  |  at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:333) ~[elasticsearch-6.8.2.jar:6.8.2]
elasticsearch_1  |  at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:159) ~[elasticsearch-6.8.2.jar:6.8.2]
elasticsearch_1  |  ... 6 more
elasticsearch_1  | Caused by: java.nio.file.AccessDeniedException: /usr/share/elasticsearch/data/nodes
elasticsearch_1  |  at sun.nio.fs.UnixException.translateToIOException(UnixException.java:90) ~[?:?]
elasticsearch_1  |  at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:111) ~[?:?]
elasticsearch_1  |  at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:116) ~[?:?]
elasticsearch_1  |  at sun.nio.fs.UnixFileSystemProvider.createDirectory(UnixFileSystemProvider.java:389) ~[?:?]
elasticsearch_1  |  at java.nio.file.Files.createDirectory(Files.java:692) ~[?:?]
elasticsearch_1  |  at java.nio.file.Files.createAndCheckIsDirectory(Files.java:799) ~[?:?]
elasticsearch_1  |  at java.nio.file.Files.createDirectories(Files.java:785) ~[?:?]
elasticsearch_1  |  at org.elasticsearch.env.NodeEnvironment.lambda$new$0(NodeEnvironment.java:273) ~[elasticsearch-6.8.2.jar:6.8.2]
elasticsearch_1  |  at org.elasticsearch.env.NodeEnvironment$NodeLock.<init>(NodeEnvironment.java:206) ~[elasticsearch-6.8.2.jar:6.8.2]
elasticsearch_1  |  at org.elasticsearch.env.NodeEnvironment.<init>(NodeEnvironment.java:270) ~[elasticsearch-6.8.2.jar:6.8.2]
elasticsearch_1  |  at org.elasticsearch.node.Node.<init>(Node.java:296) ~[elasticsearch-6.8.2.jar:6.8.2]
elasticsearch_1  |  at org.elasticsearch.node.Node.<init>(Node.java:266) ~[elasticsearch-6.8.2.jar:6.8.2]
elasticsearch_1  |  at org.elasticsearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:212) ~[elasticsearch-6.8.2.jar:6.8.2]
elasticsearch_1  |  at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:212) ~[elasticsearch-6.8.2.jar:6.8.2]
elasticsearch_1  |  at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:333) ~[elasticsearch-6.8.2.jar:6.8.2]
elasticsearch_1  |  at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:159) ~[elasticsearch-6.8.2.jar:6.8.2]
elasticsearch_1  |  ... 6 more
Improve this question

1 Answer 1

Reset to default
6

After launching the container on its own and inspecting it, I saw the data dir was owned by 1000:root. So I simply reproduced this on the directory to bind and elastic started without any problems:

$ cd /tmp
$ mkdir -p so_test_elastic/data
$ cd so_test_elastic
$ sudo chown 1000:root data
$ docker run -it --rm --name es -v $(pwd)/data:/usr/share/elasticsearch/data docker.elastic.co/elasticsearch/elasticsearch-oss:6.8.2
OpenJDK 64-Bit Server VM warning: Option UseConcMarkSweepGC was deprecated in version 9.0 and will likely be removed in a future release.
[2020-02-01T00:55:31,776][INFO ][o.e.e.NodeEnvironment    ] [C1_TRq-] using [1] data paths, mounts [[/usr/share/elasticsearch/data (/dev/sda2)]], net usable_space [253.6gb], net total_space [862gb], types [btrfs]
[2020-02-01T00:55:31,778][INFO ][o.e.e.NodeEnvironment    ] [C1_TRq-] heap size [989.8mb], compressed ordinary object pointers [true]
[2020-02-01T00:55:31,779][INFO ][o.e.n.Node               ] [C1_TRq-] node name derived from node ID [C1_TRq-6TruEDL9vDOdP9Q]; set [node.name] to override
[2020-02-01T00:55:31,779][INFO ][o.e.n.Node               ] [C1_TRq-] version[6.8.2], pid[1], build[oss/docker/b506955/2019-07-24T15:24:41.545295Z], OS[Linux/4.15.0-76-generic/amd64], JVM[Oracle Corporation/OpenJDK 64-Bit Server VM/12.0.1/12.0.1+12]
[2020-02-01T00:55:31,779][INFO ][o.e.n.Node               ] [C1_TRq-] JVM arguments [-Xms1g, -Xmx1g, -XX:+UseConcMarkSweepGC, -XX:CMSInitiatingOccupancyFraction=75, -XX:+UseCMSInitiatingOccupancyOnly, -Des.networkaddress.cache.ttl=60, -Des.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.io.tmpdir=/tmp/elasticsearch-6545090589525108799, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=data, -XX:ErrorFile=logs/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=logs/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Djava.locale.providers=COMPAT, -XX:UseAVX=2, -Des.cgroups.hierarchy.override=/, -Des.path.home=/usr/share/elasticsearch, -Des.path.conf=/usr/share/elasticsearch/config, -Des.distribution.flavor=oss, -Des.distribution.type=docker]
[2020-02-01T00:55:32,367][INFO ][o.e.p.PluginsService     ] [C1_TRq-] loaded module [aggs-matrix-stats]
[2020-02-01T00:55:32,367][INFO ][o.e.p.PluginsService     ] [C1_TRq-] loaded module [analysis-common]
[2020-02-01T00:55:32,367][INFO ][o.e.p.PluginsService     ] [C1_TRq-] loaded module [ingest-common]
[2020-02-01T00:55:32,367][INFO ][o.e.p.PluginsService     ] [C1_TRq-] loaded module [ingest-geoip]
[2020-02-01T00:55:32,367][INFO ][o.e.p.PluginsService     ] [C1_TRq-] loaded module [ingest-user-agent]
[2020-02-01T00:55:32,367][INFO ][o.e.p.PluginsService     ] [C1_TRq-] loaded module [lang-expression]
[2020-02-01T00:55:32,367][INFO ][o.e.p.PluginsService     ] [C1_TRq-] loaded module [lang-mustache]
[2020-02-01T00:55:32,367][INFO ][o.e.p.PluginsService     ] [C1_TRq-] loaded module [lang-painless]
[2020-02-01T00:55:32,368][INFO ][o.e.p.PluginsService     ] [C1_TRq-] loaded module [mapper-extras]
[2020-02-01T00:55:32,368][INFO ][o.e.p.PluginsService     ] [C1_TRq-] loaded module [parent-join]
[2020-02-01T00:55:32,368][INFO ][o.e.p.PluginsService     ] [C1_TRq-] loaded module [percolator]
[2020-02-01T00:55:32,368][INFO ][o.e.p.PluginsService     ] [C1_TRq-] loaded module [rank-eval]
[2020-02-01T00:55:32,368][INFO ][o.e.p.PluginsService     ] [C1_TRq-] loaded module [reindex]
[2020-02-01T00:55:32,368][INFO ][o.e.p.PluginsService     ] [C1_TRq-] loaded module [repository-url]
[2020-02-01T00:55:32,368][INFO ][o.e.p.PluginsService     ] [C1_TRq-] loaded module [transport-netty4]
[2020-02-01T00:55:32,368][INFO ][o.e.p.PluginsService     ] [C1_TRq-] loaded module [tribe]
[2020-02-01T00:55:32,369][INFO ][o.e.p.PluginsService     ] [C1_TRq-] no plugins loaded
[2020-02-01T00:55:34,347][INFO ][o.e.d.DiscoveryModule    ] [C1_TRq-] using discovery type [zen] and host providers [settings]
[2020-02-01T00:55:34,628][INFO ][o.e.n.Node               ] [C1_TRq-] initialized
[2020-02-01T00:55:34,628][INFO ][o.e.n.Node               ] [C1_TRq-] starting ...
[2020-02-01T00:55:34,718][INFO ][o.e.t.TransportService   ] [C1_TRq-] publish_address {172.17.0.2:9300}, bound_addresses {0.0.0.0:9300}
[2020-02-01T00:55:34,725][INFO ][o.e.b.BootstrapChecks    ] [C1_TRq-] bound or publishing to a non-loopback address, enforcing bootstrap checks
[2020-02-01T00:55:37,765][INFO ][o.e.c.s.MasterService    ] [C1_TRq-] zen-disco-elected-as-master ([0] nodes joined), reason: new_master {C1_TRq-}{C1_TRq-6TruEDL9vDOdP9Q}{qio5SYagRraILpZj5QfRiQ}{172.17.0.2}{172.17.0.2:9300}
[2020-02-01T00:55:37,767][INFO ][o.e.c.s.ClusterApplierService] [C1_TRq-] new_master {C1_TRq-}{C1_TRq-6TruEDL9vDOdP9Q}{qio5SYagRraILpZj5QfRiQ}{172.17.0.2}{172.17.0.2:9300}, reason: apply cluster state (from master [master {C1_TRq-}{C1_TRq-6TruEDL9vDOdP9Q}{qio5SYagRraILpZj5QfRiQ}{172.17.0.2}{172.17.0.2:9300} committed version [1] source [zen-disco-elected-as-master ([0] nodes joined)]])
[2020-02-01T00:55:37,786][INFO ][o.e.h.n.Netty4HttpServerTransport] [C1_TRq-] publish_address {172.17.0.2:9200}, bound_addresses {0.0.0.0:9200}
[2020-02-01T00:55:37,786][INFO ][o.e.n.Node               ] [C1_TRq-] started
[2020-02-01T00:55:37,828][INFO ][o.e.g.GatewayService     ] [C1_TRq-] recovered [0] indices into cluster_state
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Is it possible to have a solution where the user only run the command docker-compose up without having to execute other commands such as chmod or chown?
@Nyxynyx using a docker volume instead of a bind mounted directory should help.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.