Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[DOCS] Fix keystore creation instructions for Docker #77155

Merged
merged 7 commits into from
Sep 10, 2021

Conversation

stefnestor
Copy link
Contributor

@stefnestor stefnestor commented Sep 1, 2021

Currently, our Docker install docs instruct users to directly bind-mount the elasticsearch.keystore file. This can lead to errors:

  • If the keystore file doesn't already exist, Docker's -v flag will create elasticsearch.keystore as a directory. This will block the creation of the keystore file.
  • To add or update secure settings, the container needs access to other files in the config directory, such as keystore.tmp.

This updates the Docker install docs to instruct users to bind-mount the config directory rather than elasticsearch.keystore. It also adds troubleshooting tips for errors related to the keystore.

Relates to this Elastic Discuss.

Previews

From feedback from ES Devs summarized in [^1], I believe this needs to reflect a directory mount rather than file mount to not error. Also adding in the two common mounting errors, but not sure if this is the right place for them.

[^1] https://discuss.elastic.co/t/persist-elasticsearch-kibana-keystores-with-docker/283099
@stefnestor stefnestor added >docs General docs changes Team:Docs Meta label for docs team labels Sep 1, 2021
@elasticmachine
Copy link
Collaborator

Pinging @elastic/es-docs (Team:Docs)

@elasticsearchmachine elasticsearchmachine added v8.0.0 external-contributor Pull request authored by a developer outside the Elasticsearch team labels Sep 1, 2021
stefnestor added a commit to elastic/kibana that referenced this pull request Sep 1, 2021
From feedback from ES Devs summarized in [this Elastic Discuss](https://discuss.elastic.co/t/persist-elasticsearch-kibana-keystores-with-docker/283099), Adding to [this doc section](https://www.elastic.co/guide/en/kibana/7.14/docker.html#bind-mount-config) information on persisting keystores. [ES related PR](elastic/elasticsearch#77155)
Comment on lines 438 to 439
docker run -it --rm -v /amex/elasticsearch/config:/usr/share/elasticsearch/config dockerproxy.aexp.com/elasticsearch:6.8.3 bin/elasticsearch-keystore create
docker run -it --rm -v /amex/elasticsearch/config:/usr/share/elasticsearch/config dockerproxy.aexp.com/elasticsearch:6.8.3 bin/elasticsearch-keystore add xpack.ssl.key_passphrase
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think we want references to amex here.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Man, I'm so not cool. I'd thought I'd removed those. Let me update.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok, should be resolved, thanks for catching ❤️

-E KEYSTORE_PASSWORD=mypassword
--------------------------------------------

If the keystore is mounted incorrectly, it will induce example Docker errors from attempting to
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jrodewig I'm not sure about this sentence, can you take a look?

Copy link
Contributor

@jrodewig jrodewig Sep 8, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the ping @pugnascotia! I'll take a look and push some changes with edits.

Thanks for putting this together @stefnestor.

@jrodewig jrodewig added the :Delivery/Packaging RPM and deb packaging, tar and zip archives, shell and batch scripts label Sep 9, 2021
@elasticmachine elasticmachine added the Team:Delivery Meta label for Delivery team label Sep 9, 2021
@elasticmachine
Copy link
Collaborator

Pinging @elastic/es-delivery (Team:Delivery)

@jrodewig
Copy link
Contributor

jrodewig commented Sep 9, 2021

Thanks again @stefnestor. I pushed d32eefd to reorganize these changes, make the snippets version-friendly, and create a separate troubleshooting section. I also updated some text around the snippets.

@williamrandolph @pugnascotia Let me know if these changes looks okay to you. If so, I'll get this merged in.

@jrodewig jrodewig changed the title [DOC] Update Persist Keystore via Docker [DOC] Fix keystore creation instructions for Docker Sep 9, 2021
@jrodewig jrodewig requested a review from pugnascotia September 9, 2021 13:32
@jrodewig jrodewig self-assigned this Sep 9, 2021
@jrodewig jrodewig changed the title [DOC] Fix keystore creation instructions for Docker [DOCS] Fix keystore creation instructions for Docker Sep 9, 2021
Copy link
Contributor

@pugnascotia pugnascotia left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it work a note somewhere to say that you can safely bind-mount only the keystore, provided it already exists and you won't be changing it i.e. it's read-only?

@jrodewig
Copy link
Contributor

Thanks for your review and catching my error, @pugnascotia.

Is it work a note somewhere to say that you can safely bind-mount only the keystore, provided it already exists and you won't be changing it i.e. it's read-only?

Good point. I added a related docker compose example with 21708a4.

@jrodewig jrodewig added auto-backport-and-merge auto-merge-without-approval Automatically merge pull request when CI checks pass (NB doesn't wait for reviews!) labels Sep 10, 2021
@elasticsearchmachine elasticsearchmachine merged commit 5bc2917 into master Sep 10, 2021
@elasticsearchmachine elasticsearchmachine deleted the stefnestor-patch-1 branch September 10, 2021 14:42
jrodewig added a commit that referenced this pull request Sep 10, 2021
Currently, our Docker install docs instruct users to directly bind-mount the `elasticsearch.keystore` file. This can lead to errors:

* If the keystore file doesn't already exist, Docker's `-v` flag will create `elasticsearch.keystore` as a directory. This will block the creation of the keystore file.
* To add or update secure settings, the container needs access to other files in the `config` directory, such as `keystore.tmp`.

This updates the Docker install docs to instruct users to bind-mount the `config` directory rather than `elasticsearch.keystore`. It also adds troubleshooting tips for errors related to the keystore.

Co-authored-by: James Rodewig <[email protected]>

Co-authored-by: Stef Nestor <[email protected]>
jrodewig added a commit that referenced this pull request Sep 10, 2021
Currently, our Docker install docs instruct users to directly bind-mount the `elasticsearch.keystore` file. This can lead to errors:

* If the keystore file doesn't already exist, Docker's `-v` flag will create `elasticsearch.keystore` as a directory. This will block the creation of the keystore file.
* To add or update secure settings, the container needs access to other files in the `config` directory, such as `keystore.tmp`.

This updates the Docker install docs to instruct users to bind-mount the `config` directory rather than `elasticsearch.keystore`. It also adds troubleshooting tips for errors related to the keystore.

Co-authored-by: James Rodewig <[email protected]>

Co-authored-by: Stef Nestor <[email protected]>
jrodewig added a commit that referenced this pull request Sep 10, 2021
Currently, our Docker install docs instruct users to directly bind-mount the `elasticsearch.keystore` file. This can lead to errors:

* If the keystore file doesn't already exist, Docker's `-v` flag will create `elasticsearch.keystore` as a directory. This will block the creation of the keystore file.
* To add or update secure settings, the container needs access to other files in the `config` directory, such as `keystore.tmp`.

This updates the Docker install docs to instruct users to bind-mount the `config` directory rather than `elasticsearch.keystore`. It also adds troubleshooting tips for errors related to the keystore.

Co-authored-by: James Rodewig <[email protected]>

Co-authored-by: Stef Nestor <[email protected]>
elasticsearchmachine pushed a commit that referenced this pull request Sep 10, 2021
)

PR #77155 updated the keystore instructions for Docker. However, it removed an
example that included the `KEYSTORE_PASSWORD` env variable.

This replaces a docker compose example with the original example from PR #51123.
jrodewig added a commit that referenced this pull request Sep 10, 2021
) (#77592)

PR #77155 updated the keystore instructions for Docker. However, it removed an
example that included the `KEYSTORE_PASSWORD` env variable.

This replaces a docker compose example with the original example from PR #51123.
jrodewig added a commit that referenced this pull request Sep 10, 2021
) (#77591)

PR #77155 updated the keystore instructions for Docker. However, it removed an
example that included the `KEYSTORE_PASSWORD` env variable.

This replaces a docker compose example with the original example from PR #51123.

Co-authored-by: Elastic Machine <[email protected]>
jrodewig added a commit that referenced this pull request Sep 10, 2021
) (#77590)

PR #77155 updated the keystore instructions for Docker. However, it removed an
example that included the `KEYSTORE_PASSWORD` env variable.

This replaces a docker compose example with the original example from PR #51123.

Co-authored-by: Elastic Machine <[email protected]>
stefnestor added a commit to elastic/kibana that referenced this pull request Sep 13, 2021
From feedback from ES Devs summarized in [this Elastic Discuss](https://discuss.elastic.co/t/persist-elasticsearch-kibana-keystores-with-docker/283099), Adding to [this doc section](https://www.elastic.co/guide/en/kibana/7.14/docker.html#bind-mount-config) information on persisting keystores. [ES related PR](elastic/elasticsearch#77155)

Co-authored-by: gchaps <[email protected]>
KOTungseth pushed a commit to KOTungseth/kibana that referenced this pull request Sep 15, 2021
From feedback from ES Devs summarized in [this Elastic Discuss](https://discuss.elastic.co/t/persist-elasticsearch-kibana-keystores-with-docker/283099), Adding to [this doc section](https://www.elastic.co/guide/en/kibana/7.14/docker.html#bind-mount-config) information on persisting keystores. [ES related PR](elastic/elasticsearch#77155)

Co-authored-by: gchaps <[email protected]>
KOTungseth pushed a commit to KOTungseth/kibana that referenced this pull request Sep 15, 2021
From feedback from ES Devs summarized in [this Elastic Discuss](https://discuss.elastic.co/t/persist-elasticsearch-kibana-keystores-with-docker/283099), Adding to [this doc section](https://www.elastic.co/guide/en/kibana/7.14/docker.html#bind-mount-config) information on persisting keystores. [ES related PR](elastic/elasticsearch#77155)

Co-authored-by: gchaps <[email protected]>
KOTungseth pushed a commit to KOTungseth/kibana that referenced this pull request Sep 15, 2021
From feedback from ES Devs summarized in [this Elastic Discuss](https://discuss.elastic.co/t/persist-elasticsearch-kibana-keystores-with-docker/283099), Adding to [this doc section](https://www.elastic.co/guide/en/kibana/7.14/docker.html#bind-mount-config) information on persisting keystores. [ES related PR](elastic/elasticsearch#77155)

Co-authored-by: gchaps <[email protected]>
KOTungseth added a commit to elastic/kibana that referenced this pull request Sep 15, 2021
From feedback from ES Devs summarized in [this Elastic Discuss](https://discuss.elastic.co/t/persist-elasticsearch-kibana-keystores-with-docker/283099), Adding to [this doc section](https://www.elastic.co/guide/en/kibana/7.14/docker.html#bind-mount-config) information on persisting keystores. [ES related PR](elastic/elasticsearch#77155)

Co-authored-by: gchaps <[email protected]>

Co-authored-by: Stef Nestor <[email protected]>
Co-authored-by: gchaps <[email protected]>
KOTungseth added a commit to elastic/kibana that referenced this pull request Sep 15, 2021
From feedback from ES Devs summarized in [this Elastic Discuss](https://discuss.elastic.co/t/persist-elasticsearch-kibana-keystores-with-docker/283099), Adding to [this doc section](https://www.elastic.co/guide/en/kibana/7.14/docker.html#bind-mount-config) information on persisting keystores. [ES related PR](elastic/elasticsearch#77155)

Co-authored-by: gchaps <[email protected]>

Co-authored-by: Stef Nestor <[email protected]>
Co-authored-by: gchaps <[email protected]>
KOTungseth added a commit to elastic/kibana that referenced this pull request Sep 15, 2021
From feedback from ES Devs summarized in [this Elastic Discuss](https://discuss.elastic.co/t/persist-elasticsearch-kibana-keystores-with-docker/283099), Adding to [this doc section](https://www.elastic.co/guide/en/kibana/7.14/docker.html#bind-mount-config) information on persisting keystores. [ES related PR](elastic/elasticsearch#77155)

Co-authored-by: gchaps <[email protected]>

Co-authored-by: Stef Nestor <[email protected]>
Co-authored-by: gchaps <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
auto-merge-without-approval Automatically merge pull request when CI checks pass (NB doesn't wait for reviews!) :Delivery/Packaging RPM and deb packaging, tar and zip archives, shell and batch scripts >docs General docs changes external-contributor Pull request authored by a developer outside the Elasticsearch team Team:Delivery Meta label for Delivery team Team:Docs Meta label for docs team v7.14.2 v7.15.1 v7.16.0 v8.0.0-alpha2
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants