-
Notifications
You must be signed in to change notification settings - Fork 24.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[DOCS] Fix keystore creation instructions for Docker #77155
Conversation
From feedback from ES Devs summarized in [^1], I believe this needs to reflect a directory mount rather than file mount to not error. Also adding in the two common mounting errors, but not sure if this is the right place for them. [^1] https://discuss.elastic.co/t/persist-elasticsearch-kibana-keystores-with-docker/283099
Pinging @elastic/es-docs (Team:Docs) |
From feedback from ES Devs summarized in [this Elastic Discuss](https://discuss.elastic.co/t/persist-elasticsearch-kibana-keystores-with-docker/283099), Adding to [this doc section](https://www.elastic.co/guide/en/kibana/7.14/docker.html#bind-mount-config) information on persisting keystores. [ES related PR](elastic/elasticsearch#77155)
docker run -it --rm -v /amex/elasticsearch/config:/usr/share/elasticsearch/config dockerproxy.aexp.com/elasticsearch:6.8.3 bin/elasticsearch-keystore create | ||
docker run -it --rm -v /amex/elasticsearch/config:/usr/share/elasticsearch/config dockerproxy.aexp.com/elasticsearch:6.8.3 bin/elasticsearch-keystore add xpack.ssl.key_passphrase |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think we want references to amex
here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Man, I'm so not cool. I'd thought I'd removed those. Let me update.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok, should be resolved, thanks for catching ❤️
-E KEYSTORE_PASSWORD=mypassword | ||
-------------------------------------------- | ||
|
||
If the keystore is mounted incorrectly, it will induce example Docker errors from attempting to |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@jrodewig I'm not sure about this sentence, can you take a look?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the ping @pugnascotia! I'll take a look and push some changes with edits.
Thanks for putting this together @stefnestor.
Pinging @elastic/es-delivery (Team:Delivery) |
Thanks again @stefnestor. I pushed d32eefd to reorganize these changes, make the snippets version-friendly, and create a separate troubleshooting section. I also updated some text around the snippets. @williamrandolph @pugnascotia Let me know if these changes looks okay to you. If so, I'll get this merged in. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is it work a note somewhere to say that you can safely bind-mount only the keystore, provided it already exists and you won't be changing it i.e. it's read-only?
Thanks for your review and catching my error, @pugnascotia.
Good point. I added a related docker compose example with 21708a4. |
Currently, our Docker install docs instruct users to directly bind-mount the `elasticsearch.keystore` file. This can lead to errors: * If the keystore file doesn't already exist, Docker's `-v` flag will create `elasticsearch.keystore` as a directory. This will block the creation of the keystore file. * To add or update secure settings, the container needs access to other files in the `config` directory, such as `keystore.tmp`. This updates the Docker install docs to instruct users to bind-mount the `config` directory rather than `elasticsearch.keystore`. It also adds troubleshooting tips for errors related to the keystore. Co-authored-by: James Rodewig <[email protected]> Co-authored-by: Stef Nestor <[email protected]>
Currently, our Docker install docs instruct users to directly bind-mount the `elasticsearch.keystore` file. This can lead to errors: * If the keystore file doesn't already exist, Docker's `-v` flag will create `elasticsearch.keystore` as a directory. This will block the creation of the keystore file. * To add or update secure settings, the container needs access to other files in the `config` directory, such as `keystore.tmp`. This updates the Docker install docs to instruct users to bind-mount the `config` directory rather than `elasticsearch.keystore`. It also adds troubleshooting tips for errors related to the keystore. Co-authored-by: James Rodewig <[email protected]> Co-authored-by: Stef Nestor <[email protected]>
Currently, our Docker install docs instruct users to directly bind-mount the `elasticsearch.keystore` file. This can lead to errors: * If the keystore file doesn't already exist, Docker's `-v` flag will create `elasticsearch.keystore` as a directory. This will block the creation of the keystore file. * To add or update secure settings, the container needs access to other files in the `config` directory, such as `keystore.tmp`. This updates the Docker install docs to instruct users to bind-mount the `config` directory rather than `elasticsearch.keystore`. It also adds troubleshooting tips for errors related to the keystore. Co-authored-by: James Rodewig <[email protected]> Co-authored-by: Stef Nestor <[email protected]>
) (#77591) PR #77155 updated the keystore instructions for Docker. However, it removed an example that included the `KEYSTORE_PASSWORD` env variable. This replaces a docker compose example with the original example from PR #51123. Co-authored-by: Elastic Machine <[email protected]>
) (#77590) PR #77155 updated the keystore instructions for Docker. However, it removed an example that included the `KEYSTORE_PASSWORD` env variable. This replaces a docker compose example with the original example from PR #51123. Co-authored-by: Elastic Machine <[email protected]>
From feedback from ES Devs summarized in [this Elastic Discuss](https://discuss.elastic.co/t/persist-elasticsearch-kibana-keystores-with-docker/283099), Adding to [this doc section](https://www.elastic.co/guide/en/kibana/7.14/docker.html#bind-mount-config) information on persisting keystores. [ES related PR](elastic/elasticsearch#77155) Co-authored-by: gchaps <[email protected]>
From feedback from ES Devs summarized in [this Elastic Discuss](https://discuss.elastic.co/t/persist-elasticsearch-kibana-keystores-with-docker/283099), Adding to [this doc section](https://www.elastic.co/guide/en/kibana/7.14/docker.html#bind-mount-config) information on persisting keystores. [ES related PR](elastic/elasticsearch#77155) Co-authored-by: gchaps <[email protected]>
From feedback from ES Devs summarized in [this Elastic Discuss](https://discuss.elastic.co/t/persist-elasticsearch-kibana-keystores-with-docker/283099), Adding to [this doc section](https://www.elastic.co/guide/en/kibana/7.14/docker.html#bind-mount-config) information on persisting keystores. [ES related PR](elastic/elasticsearch#77155) Co-authored-by: gchaps <[email protected]>
From feedback from ES Devs summarized in [this Elastic Discuss](https://discuss.elastic.co/t/persist-elasticsearch-kibana-keystores-with-docker/283099), Adding to [this doc section](https://www.elastic.co/guide/en/kibana/7.14/docker.html#bind-mount-config) information on persisting keystores. [ES related PR](elastic/elasticsearch#77155) Co-authored-by: gchaps <[email protected]>
From feedback from ES Devs summarized in [this Elastic Discuss](https://discuss.elastic.co/t/persist-elasticsearch-kibana-keystores-with-docker/283099), Adding to [this doc section](https://www.elastic.co/guide/en/kibana/7.14/docker.html#bind-mount-config) information on persisting keystores. [ES related PR](elastic/elasticsearch#77155) Co-authored-by: gchaps <[email protected]> Co-authored-by: Stef Nestor <[email protected]> Co-authored-by: gchaps <[email protected]>
From feedback from ES Devs summarized in [this Elastic Discuss](https://discuss.elastic.co/t/persist-elasticsearch-kibana-keystores-with-docker/283099), Adding to [this doc section](https://www.elastic.co/guide/en/kibana/7.14/docker.html#bind-mount-config) information on persisting keystores. [ES related PR](elastic/elasticsearch#77155) Co-authored-by: gchaps <[email protected]> Co-authored-by: Stef Nestor <[email protected]> Co-authored-by: gchaps <[email protected]>
From feedback from ES Devs summarized in [this Elastic Discuss](https://discuss.elastic.co/t/persist-elasticsearch-kibana-keystores-with-docker/283099), Adding to [this doc section](https://www.elastic.co/guide/en/kibana/7.14/docker.html#bind-mount-config) information on persisting keystores. [ES related PR](elastic/elasticsearch#77155) Co-authored-by: gchaps <[email protected]> Co-authored-by: Stef Nestor <[email protected]> Co-authored-by: gchaps <[email protected]>
Currently, our Docker install docs instruct users to directly bind-mount the
elasticsearch.keystore
file. This can lead to errors:-v
flag will createelasticsearch.keystore
as a directory. This will block the creation of the keystore file.config
directory, such askeystore.tmp
.This updates the Docker install docs to instruct users to bind-mount the
config
directory rather thanelasticsearch.keystore
. It also adds troubleshooting tips for errors related to the keystore.Relates to this Elastic Discuss.
Previews