解决elasticsearch-docker AccessDeniedException: /usr/share/elasticsearch/data/nodes

/ 默认分类 / 0 条评论 / 710浏览

elastasearch docker 或 docker-compose设置volums 配置时启动报错

运行报错如下:

java.nio.file.AccessDeniedException: /usr/share/elasticsearch/data/nodes

原因分析

es的docker镜像运行用户是elasticsearch,如果你映射的磁盘elasticsearch没有写入权限的话就会报错。 针对这个原因,有两个解决办法。

解决方案1

使用相对路径,让elasticsearch用户可以写入docker的路径

There shouldn't be a need to use a dedicated storage plugin to have persistence with the elasticsearch-docker image. You can use a docker named volume, as shown in the example in the docs.

The equivalent docker cli command is:

docker run -v esdata:/usr/share/elasticsearch/data docker.elastic.co/elasticsearch/elasticsearch:6.2.2

Following this you can verify the presence of a dedicated storage volume with docker volume ls (should be called esdata). This is uses the local volume driver and the data is stored locally (by default under /var/lib/docker/volumes/esdata). When using named or anonymous local volumes default permissions should work without issues.

解决方案2

自定义镜像,将elasticsearch加入到root用户组里,Dockerfile如下:

FROM docker.elastic.co/elasticsearch/elasticsearch:5.6.8
MAINTAINER      ray wang "bookast@qq.com"
USER root
RUN usermod -g root elasticsearch

USER elasticsearch
EXPOSE 9200 9300
# 生成镜像
docker build -t my-elasticsearch:5.6.8 .
# 启动镜像验证
docker run -v /tmp/esdata:/usr/share/elasticsearch/data -e ES_JAVA_OPTS="-Xms512m -Xmx512m" -e xpack.security.enabled=false -e discovery.type=single-node -e transport.host=0.0.0.0 -e network.host:0.0.0.0 -p 9200:9200 -p 9300:9300 --name my-elasticsearch my-elasticsearch:5.6.8
# 查看集群状态
curl 'http://localhost:9200/_cat/health?v'

curl -X PUT 'localhost:9200/accounts' -d '
{
  "mappings": {
    "person": {
      "properties": {
        "user": {
          "type": "text"
        },
        "title": {
          "type": "text"
        },
        "desc": {
          "type": "text"
        }
      }
    }
  }
}'

curl -X PUT 'localhost:9200/accounts/person/1' -d '
{
  "user": "张三",
  "title": "工程师",
  "desc": "数据库管理"
}' 

curl -X POST 'localhost:9200/accounts/person' -d '
{
  "user": "李四",
  "title": "工程师",
  "desc": "系统管理"
}'

curl 'localhost:9200/accounts/person/1?pretty=true'

# 使用 GET 方法,直接请求/Index/Type/_search,就会返回所有记录。
curl 'localhost:9200/accounts/person/_search'

经过一些了的操作,你就可以进行验证喽~

# 停止docker
docker stop my-elasticsearch
# 删除docker
docker rm my-elasticsearch
# 再创建docker
docker run -v /tmp/esdata:/usr/share/elasticsearch/data -e ES_JAVA_OPTS="-Xms512m -Xmx512m" -e xpack.security.enabled=false -e discovery.type=single-node -e transport.host=0.0.0.0 -e network.host:0.0.0.0 -p 9200:9200 -p 9300:9300 --name my-elasticsearch my-elasticsearch:5.6.8
# 验证刚才初始化的测试数据还不在,beego~
curl 'localhost:9200/accounts/person/_search'

解决方案3

参考这篇文章:install-efk-stack-on-k8s

写在最后

推荐使用 方案二,你就可以自定义任意路径了。

参考阅读:

Elastic/elasticsearch-docker not assigning permissions to data directory on run

全文搜索引擎 Elasticsearch 入门教程