[DOCS] Fix keystore creation instructions for Docker#77155
Merged
elasticsearchmachine merged 7 commits intomasterfrom Sep 10, 2021
Merged
[DOCS] Fix keystore creation instructions for Docker#77155elasticsearchmachine merged 7 commits intomasterfrom
elasticsearchmachine merged 7 commits intomasterfrom
Conversation
From feedback from ES Devs summarized in [^1], I believe this needs to reflect a directory mount rather than file mount to not error. Also adding in the two common mounting errors, but not sure if this is the right place for them. [^1] https://discuss.elastic.co/t/persist-elasticsearch-kibana-keystores-with-docker/283099
Collaborator
|
Pinging @elastic/es-docs (Team:Docs) |
stefnestor
added a commit
to elastic/kibana
that referenced
this pull request
Sep 1, 2021
From feedback from ES Devs summarized in [this Elastic Discuss](https://discuss.elastic.co/t/persist-elasticsearch-kibana-keystores-with-docker/283099), Adding to [this doc section](https://www.elastic.co/guide/en/kibana/7.14/docker.html#bind-mount-config) information on persisting keystores. [ES related PR](elastic/elasticsearch#77155)
1 task
pugnascotia
reviewed
Sep 2, 2021
Comment on lines
+438
to
+439
| docker run -it --rm -v /amex/elasticsearch/config:/usr/share/elasticsearch/config dockerproxy.aexp.com/elasticsearch:6.8.3 bin/elasticsearch-keystore create | ||
| docker run -it --rm -v /amex/elasticsearch/config:/usr/share/elasticsearch/config dockerproxy.aexp.com/elasticsearch:6.8.3 bin/elasticsearch-keystore add xpack.ssl.key_passphrase |
Contributor
There was a problem hiding this comment.
I don't think we want references to amex here.
Contributor
Author
There was a problem hiding this comment.
Man, I'm so not cool. I'd thought I'd removed those. Let me update.
Contributor
Author
There was a problem hiding this comment.
Ok, should be resolved, thanks for catching ❤️
pugnascotia
reviewed
Sep 6, 2021
| -E KEYSTORE_PASSWORD=mypassword | ||
| -------------------------------------------- | ||
|
|
||
| If the keystore is mounted incorrectly, it will induce example Docker errors from attempting to |
Contributor
There was a problem hiding this comment.
@jrodewig I'm not sure about this sentence, can you take a look?
Contributor
There was a problem hiding this comment.
Thanks for the ping @pugnascotia! I'll take a look and push some changes with edits.
Thanks for putting this together @stefnestor.
Collaborator
|
Pinging @elastic/es-delivery (Team:Delivery) |
Contributor
|
Thanks again @stefnestor. I pushed d32eefd to reorganize these changes, make the snippets version-friendly, and create a separate troubleshooting section. I also updated some text around the snippets. @williamrandolph @pugnascotia Let me know if these changes looks okay to you. If so, I'll get this merged in. |
jrodewig
approved these changes
Sep 9, 2021
pugnascotia
reviewed
Sep 10, 2021
pugnascotia
reviewed
Sep 10, 2021
pugnascotia
approved these changes
Sep 10, 2021
Contributor
pugnascotia
left a comment
There was a problem hiding this comment.
Is it work a note somewhere to say that you can safely bind-mount only the keystore, provided it already exists and you won't be changing it i.e. it's read-only?
Contributor
|
Thanks for your review and catching my error, @pugnascotia.
Good point. I added a related docker compose example with 21708a4. |
This was referenced Sep 10, 2021
jrodewig
added a commit
that referenced
this pull request
Sep 10, 2021
Currently, our Docker install docs instruct users to directly bind-mount the `elasticsearch.keystore` file. This can lead to errors: * If the keystore file doesn't already exist, Docker's `-v` flag will create `elasticsearch.keystore` as a directory. This will block the creation of the keystore file. * To add or update secure settings, the container needs access to other files in the `config` directory, such as `keystore.tmp`. This updates the Docker install docs to instruct users to bind-mount the `config` directory rather than `elasticsearch.keystore`. It also adds troubleshooting tips for errors related to the keystore. Co-authored-by: James Rodewig <40268737+jrodewig@users.noreply.github.com> Co-authored-by: Stef Nestor <steffanie.nestor@gmail.com>
jrodewig
added a commit
that referenced
this pull request
Sep 10, 2021
Currently, our Docker install docs instruct users to directly bind-mount the `elasticsearch.keystore` file. This can lead to errors: * If the keystore file doesn't already exist, Docker's `-v` flag will create `elasticsearch.keystore` as a directory. This will block the creation of the keystore file. * To add or update secure settings, the container needs access to other files in the `config` directory, such as `keystore.tmp`. This updates the Docker install docs to instruct users to bind-mount the `config` directory rather than `elasticsearch.keystore`. It also adds troubleshooting tips for errors related to the keystore. Co-authored-by: James Rodewig <40268737+jrodewig@users.noreply.github.com> Co-authored-by: Stef Nestor <steffanie.nestor@gmail.com>
jrodewig
added a commit
that referenced
this pull request
Sep 10, 2021
Currently, our Docker install docs instruct users to directly bind-mount the `elasticsearch.keystore` file. This can lead to errors: * If the keystore file doesn't already exist, Docker's `-v` flag will create `elasticsearch.keystore` as a directory. This will block the creation of the keystore file. * To add or update secure settings, the container needs access to other files in the `config` directory, such as `keystore.tmp`. This updates the Docker install docs to instruct users to bind-mount the `config` directory rather than `elasticsearch.keystore`. It also adds troubleshooting tips for errors related to the keystore. Co-authored-by: James Rodewig <40268737+jrodewig@users.noreply.github.com> Co-authored-by: Stef Nestor <steffanie.nestor@gmail.com>
jrodewig
added a commit
that referenced
this pull request
Sep 10, 2021
) (#77591) PR #77155 updated the keystore instructions for Docker. However, it removed an example that included the `KEYSTORE_PASSWORD` env variable. This replaces a docker compose example with the original example from PR #51123. Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
jrodewig
added a commit
that referenced
this pull request
Sep 10, 2021
) (#77590) PR #77155 updated the keystore instructions for Docker. However, it removed an example that included the `KEYSTORE_PASSWORD` env variable. This replaces a docker compose example with the original example from PR #51123. Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
stefnestor
added a commit
to elastic/kibana
that referenced
this pull request
Sep 13, 2021
From feedback from ES Devs summarized in [this Elastic Discuss](https://discuss.elastic.co/t/persist-elasticsearch-kibana-keystores-with-docker/283099), Adding to [this doc section](https://www.elastic.co/guide/en/kibana/7.14/docker.html#bind-mount-config) information on persisting keystores. [ES related PR](elastic/elasticsearch#77155) Co-authored-by: gchaps <33642766+gchaps@users.noreply.github.com>
KOTungseth
pushed a commit
to KOTungseth/kibana
that referenced
this pull request
Sep 15, 2021
From feedback from ES Devs summarized in [this Elastic Discuss](https://discuss.elastic.co/t/persist-elasticsearch-kibana-keystores-with-docker/283099), Adding to [this doc section](https://www.elastic.co/guide/en/kibana/7.14/docker.html#bind-mount-config) information on persisting keystores. [ES related PR](elastic/elasticsearch#77155) Co-authored-by: gchaps <33642766+gchaps@users.noreply.github.com>
KOTungseth
pushed a commit
to KOTungseth/kibana
that referenced
this pull request
Sep 15, 2021
From feedback from ES Devs summarized in [this Elastic Discuss](https://discuss.elastic.co/t/persist-elasticsearch-kibana-keystores-with-docker/283099), Adding to [this doc section](https://www.elastic.co/guide/en/kibana/7.14/docker.html#bind-mount-config) information on persisting keystores. [ES related PR](elastic/elasticsearch#77155) Co-authored-by: gchaps <33642766+gchaps@users.noreply.github.com>
KOTungseth
pushed a commit
to KOTungseth/kibana
that referenced
this pull request
Sep 15, 2021
From feedback from ES Devs summarized in [this Elastic Discuss](https://discuss.elastic.co/t/persist-elasticsearch-kibana-keystores-with-docker/283099), Adding to [this doc section](https://www.elastic.co/guide/en/kibana/7.14/docker.html#bind-mount-config) information on persisting keystores. [ES related PR](elastic/elasticsearch#77155) Co-authored-by: gchaps <33642766+gchaps@users.noreply.github.com>
KOTungseth
added a commit
to elastic/kibana
that referenced
this pull request
Sep 15, 2021
From feedback from ES Devs summarized in [this Elastic Discuss](https://discuss.elastic.co/t/persist-elasticsearch-kibana-keystores-with-docker/283099), Adding to [this doc section](https://www.elastic.co/guide/en/kibana/7.14/docker.html#bind-mount-config) information on persisting keystores. [ES related PR](elastic/elasticsearch#77155) Co-authored-by: gchaps <33642766+gchaps@users.noreply.github.com> Co-authored-by: Stef Nestor <steffanie.nestor@gmail.com> Co-authored-by: gchaps <33642766+gchaps@users.noreply.github.com>
KOTungseth
added a commit
to elastic/kibana
that referenced
this pull request
Sep 15, 2021
From feedback from ES Devs summarized in [this Elastic Discuss](https://discuss.elastic.co/t/persist-elasticsearch-kibana-keystores-with-docker/283099), Adding to [this doc section](https://www.elastic.co/guide/en/kibana/7.14/docker.html#bind-mount-config) information on persisting keystores. [ES related PR](elastic/elasticsearch#77155) Co-authored-by: gchaps <33642766+gchaps@users.noreply.github.com> Co-authored-by: Stef Nestor <steffanie.nestor@gmail.com> Co-authored-by: gchaps <33642766+gchaps@users.noreply.github.com>
KOTungseth
added a commit
to elastic/kibana
that referenced
this pull request
Sep 15, 2021
From feedback from ES Devs summarized in [this Elastic Discuss](https://discuss.elastic.co/t/persist-elasticsearch-kibana-keystores-with-docker/283099), Adding to [this doc section](https://www.elastic.co/guide/en/kibana/7.14/docker.html#bind-mount-config) information on persisting keystores. [ES related PR](elastic/elasticsearch#77155) Co-authored-by: gchaps <33642766+gchaps@users.noreply.github.com> Co-authored-by: Stef Nestor <steffanie.nestor@gmail.com> Co-authored-by: gchaps <33642766+gchaps@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Currently, our Docker install docs instruct users to directly bind-mount the
elasticsearch.keystorefile. This can lead to errors:-vflag will createelasticsearch.keystoreas a directory. This will block the creation of the keystore file.configdirectory, such askeystore.tmp.This updates the Docker install docs to instruct users to bind-mount the
configdirectory rather thanelasticsearch.keystore. It also adds troubleshooting tips for errors related to the keystore.Relates to this Elastic Discuss.
Previews