Elasticsearch 5 won't start if data directory is owned by root, or not created #33
Description
The ES5 Docker images run Elasticsearch as a non-root user. This is a good thing, however it means it's difficult to ensure proper permissions for the data directory.
All our other containers (the importers) mount the data directory itself, and then create a subdirectory within it which ensures proper permissions as long as they can write to the data directory, which must already exist. However, the Elasticsearch container mounts $DATA_DIR/elasticsearch. If this directory doesn't exist, Docker will create it, but owned by root. This means Elasticsearch can't write to it, and will fail to start.
Some ideas for solutions:
- put a
mkdir -p $DATA_DIR/elasticsearchinside thepeliasscript as part ofpelias elastic start. This would help ensure non-root permissions are set on the elasticsearch data dir - Add
mkdir -p $DATA_DIR/elasticsearchto our setup documentation. - Mount the root data dir as other containers, modify our Elasticsearch Docker image to run a setup script that creates needed directories as a non-root user, and modify
elasticsearch.ymlto look for data in the right place
Of those, I prefer the first: it's pretty simple, and requires no action on the part of our users. However, adding more required functionality into the pelias script is not ideal, since we'd like to keep it as thin of a wrapper as possible.