New

The executive guide to generative AI

Read more
About usPartnersSupport|Login
IMPORTANT: No additional bug fixes or documentation updates will be released for this version. For the latest information, see the current release documentation.
« Install Elasticsearch with Windows MSI Installer Install Elasticsearch on macOS with Homebrew »
Elastic Docs Elasticsearch Guide [7.14] Set up Elasticsearch Installing Elasticsearch

Install Elasticsearch with Docker

edit

Install Elasticsearch with Docker

edit

Elasticsearch is also available as Docker images. The images use centos:8 as the base image.

A list of all published Docker images and tags is available at www.docker.elastic.co. The source files are in Github.

This package contains both free and subscription features. Start a 30-day trial to try out all of the features.

Pulling the image

edit

Obtaining Elasticsearch for Docker is as simple as issuing a docker pull command against the Elastic Docker registry.

docker pull docker.elastic.co/elasticsearch/elasticsearch:7.14.2

Starting a single node cluster with Docker

edit

To start a single-node Elasticsearch cluster for development or testing, specify single-node discovery to bypass the bootstrap checks:

docker run -p 127.0.0.1:9200:9200 -p 127.0.0.1:9300:9300 -e "discovery.type=single-node" docker.elastic.co/elasticsearch/elasticsearch:7.14.2

Starting a multi-node cluster with Docker Compose

edit

To get a three-node Elasticsearch cluster up and running in Docker, you can use Docker Compose:

  1. Create a docker-compose.yml file: 
version: '2.2'
services:
  es01:
    image: docker.elastic.co/elasticsearch/elasticsearch:7.14.2
    container_name: es01
    environment:
      - node.name=es01
      - cluster.name=es-docker-cluster
      - discovery.seed_hosts=es02,es03
      - cluster.initial_master_nodes=es01,es02,es03
      - bootstrap.memory_lock=true
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
    ulimits:
      memlock:
        soft: -1
        hard: -1
    volumes:
      - data01:/usr/share/elasticsearch/data
    ports:
      - 9200:9200
    networks:
      - elastic
  es02:
    image: docker.elastic.co/elasticsearch/elasticsearch:7.14.2
    container_name: es02
    environment:
      - node.name=es02
      - cluster.name=es-docker-cluster
      - discovery.seed_hosts=es01,es03
      - cluster.initial_master_nodes=es01,es02,es03
      - bootstrap.memory_lock=true
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
    ulimits:
      memlock:
        soft: -1
        hard: -1
    volumes:
      - data02:/usr/share/elasticsearch/data
    networks:
      - elastic
  es03:
    image: docker.elastic.co/elasticsearch/elasticsearch:7.14.2
    container_name: es03
    environment:
      - node.name=es03
      - cluster.name=es-docker-cluster
      - discovery.seed_hosts=es01,es02
      - cluster.initial_master_nodes=es01,es02,es03
      - bootstrap.memory_lock=true
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
    ulimits:
      memlock:
        soft: -1
        hard: -1
    volumes:
      - data03:/usr/share/elasticsearch/data
    networks:
      - elastic

volumes:
  data01:
    driver: local
  data02:
    driver: local
  data03:
    driver: local

networks:
  elastic:
    driver: bridge

This sample docker-compose.yml file uses the ES_JAVA_OPTS environment variable to manually set the heap size to 512MB. We do not recommend using ES_JAVA_OPTS in production. See Manually set the heap size.

This sample Docker Compose file brings up a three-node Elasticsearch cluster. Node es01 listens on localhost:9200 and es02 and es03 talk to es01 over a Docker network.

Please note that this configuration exposes port 9200 on all network interfaces, and given how Docker manipulates iptables on Linux, this means that your Elasticsearch cluster is publically accessible, potentially ignoring any firewall settings. If you don’t want to expose port 9200 and instead use a reverse proxy, replace 9200:9200 with 127.0.0.1:9200:9200 in the docker-compose.yml file. Elasticsearch will then only be accessible from the host machine itself.

The Docker named volumes data01, data02, and data03 store the node data directories so the data persists across restarts. If they don’t already exist, docker-compose creates them when you bring up the cluster.

  1. Make sure Docker Engine is allotted at least 4GiB of memory. In Docker Desktop, you configure resource usage on the Advanced tab in Preference (macOS) or Settings (Windows).

    Docker Compose is not pre-installed with Docker on Linux. See docs.docker.com for installation instructions: Install Compose on Linux

  2. Run docker-compose to bring up the cluster:

    docker-compose up

  3. Submit a _cat/nodes request to see that the nodes are up and running:

    curl -X GET "localhost:9200/_cat/nodes?v=true&pretty"

Log messages go to the console and are handled by the configured Docker logging driver. By default you can access logs with docker logs. If you would prefer the Elasticsearch container to write logs to disk, set the ES_LOG_STYLE environment variable to file. This causes Elasticsearch to use the same logging configuration as other Elasticsearch distribution formats.

To stop the cluster, run docker-compose down. The data in the Docker volumes is preserved and loaded when you restart the cluster with docker-compose up. To delete the data volumes when you bring down the cluster, specify the -v option: docker-compose down -v.

Start a multi-node cluster with TLS enabled

edit

See Encrypting communications in an Elasticsearch Docker Container and Run the Elastic Stack in Docker with TLS enabled.

Using the Docker images in production

edit

The following requirements and recommendations apply when running Elasticsearch in Docker in production.

Set vm.max_map_count to at least 262144

edit

The vm.max_map_count kernel setting must be set to at least 262144 for production use.

How you set vm.max_map_count depends on your platform:

  • Linux

    The vm.max_map_count setting should be set permanently in /etc/sysctl.conf:

    grep vm.max_map_count /etc/sysctl.conf
vm.max_map_count=262144

    To apply the setting on a live system, run:

    sysctl -w vm.max_map_count=262144

  • macOS with Docker for Mac

    The vm.max_map_count setting must be set within the xhyve virtual machine:

    1. From the command line, run:

      screen ~/Library/Containers/com.docker.docker/Data/vms/0/tty

    2. Press enter and use`sysctl` to configure vm.max_map_count:

      sysctl -w vm.max_map_count=262144
    3. To exit the screen session, type Ctrl a d.

  • Windows and macOS with Docker Desktop

    The vm.max_map_count setting must be set via docker-machine:

    docker-machine ssh
sudo sysctl -w vm.max_map_count=262144

  • Windows with Docker Desktop WSL 2 backend

    The vm.max_map_count setting must be set in the docker-desktop container:

    wsl -d docker-desktop
sysctl -w vm.max_map_count=262144

Configuration files must be readable by the elasticsearch user

edit

By default, Elasticsearch runs inside the container as user elasticsearch using uid:gid 1000:0.

One exception is Openshift, which runs containers using an arbitrarily assigned user ID. Openshift presents persistent volumes with the gid set to 0, which works without any adjustments.

If you are bind-mounting a local directory or file, it must be readable by the elasticsearch user. In addition, this user must have write access to the config, data and log dirs (Elasticsearch needs write access to the config directory so that it can generate a keystore). A good strategy is to grant group access to gid 0 for the local directory.

For example, to prepare a local directory for storing data through a bind-mount:

mkdir esdatadir
chmod g+rwx esdatadir
chgrp 0 esdatadir

You can also run an Elasticsearch container using both a custom UID and GID. Unless you bind-mount each of the config, data` and logs directories, you must pass the command line option --group-add 0 to docker run. This ensures that the user under which Elasticsearch is running is also a member of the root (GID 0) group inside the container.

As a last resort, you can force the container to mutate the ownership of any bind-mounts used for the data and log dirs through the environment variable TAKE_FILE_OWNERSHIP. When you do this, they will be owned by uid:gid 1000:0, which provides the required read/write access to the Elasticsearch process.

Increase ulimits for nofile and nproc

edit

Increased ulimits for nofile and nproc must be available for the Elasticsearch containers. Verify the init system for the Docker daemon sets them to acceptable values.

To check the Docker daemon defaults for ulimits, run:

docker run --rm centos:8 /bin/bash -c 'ulimit -Hn && ulimit -Sn && ulimit -Hu && ulimit -Su'

If needed, adjust them in the Daemon or override them per container. For example, when using docker run, set:

--ulimit nofile=65535:65535

Disable swapping

edit

Swapping needs to be disabled for performance and node stability. For information about ways to do this, see Disable swapping.

If you opt for the bootstrap.memory_lock: true approach, you also need to define the memlock: true ulimit in the Docker Daemon, or explicitly set for the container as shown in the sample compose file. When using docker run, you can specify:

-e "bootstrap.memory_lock=true" --ulimit memlock=-1:-1

Randomize published ports

edit

The image exposes TCP ports 9200 and 9300. For production clusters, randomizing the published ports with --publish-all is recommended, unless you are pinning one container per host.

Manually set the heap size

edit

By default, Elasticsearch automatically sizes JVM heap based on a nodes’s roles and the total memory available to the node’s container. We recommend this default sizing for most production environments. If needed, you can override default sizing by manually setting JVM heap size.

To manually set the heap size in production, bind mount a JVM options file under /usr/share/elasticsearch/config/jvm.options.d that includes your desired heap size settings.

For testing, you can also manually set the heap size using the ES_JAVA_OPTS environment variable. For example, to use 16GB, specify -e ES_JAVA_OPTS="-Xms16g -Xmx16g" with docker run. The ES_JAVA_OPTS variable overrides all other JVM options. The ES_JAVA_OPTS variable overrides all other JVM options. We do not recommend using ES_JAVA_OPTS in production. The docker-compose.yml file above sets the heap size to 512MB.

Pin deployments to a specific image version

edit

Pin your deployments to a specific version of the Elasticsearch Docker image. For example docker.elastic.co/elasticsearch/elasticsearch:7.14.2.

Always bind data volumes

edit

You should use a volume bound on /usr/share/elasticsearch/data for the following reasons:

  1. The data of your Elasticsearch node won’t be lost if the container is killed
  2. Elasticsearch is I/O sensitive and the Docker storage driver is not ideal for fast I/O
  3. It allows the use of advanced Docker volume plugins

Avoid using loop-lvm mode

edit

If you are using the devicemapper storage driver, do not use the default loop-lvm mode. Configure docker-engine to use direct-lvm.

Centralize your logs

edit

Consider centralizing your logs by using a different logging driver. Also note that the default json-file logging driver is not ideally suited for production use.

Configuring Elasticsearch with Docker

edit

When you run in Docker, the Elasticsearch configuration files are loaded from /usr/share/elasticsearch/config/.

To use custom configuration files, you bind-mount the files over the configuration files in the image.

You can set individual Elasticsearch configuration parameters using Docker environment variables. The sample compose file and the single-node example use this method.

To use the contents of a file to set an environment variable, suffix the environment variable name with _FILE. This is useful for passing secrets such as passwords to Elasticsearch without specifying them directly.

For example, to set the Elasticsearch bootstrap password from a file, you can bind mount the file and set the ELASTIC_PASSWORD_FILE environment variable to the mount location. If you mount the password file to /run/secrets/bootstrapPassword.txt, specify:

-e ELASTIC_PASSWORD_FILE=/run/secrets/bootstrapPassword.txt

You can also override the default command for the image to pass Elasticsearch configuration parameters as command line options. For example:

docker run <various parameters> bin/elasticsearch -Ecluster.name=mynewclustername

While bind-mounting your configuration files is usually the preferred method in production, you can also create a custom Docker image that contains your configuration.

Mounting Elasticsearch configuration files

edit

Create custom config files and bind-mount them over the corresponding files in the Docker image. For example, to bind-mount custom_elasticsearch.yml with docker run, specify:

-v full_path_to/custom_elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml

The container runs Elasticsearch as user elasticsearch using uid:gid 1000:0. Bind mounted host directories and files must be accessible by this user, and the data and log directories must be writable by this user.

Create an encrypted Elasticsearch keystore

edit

By default, Elasticsearch will auto-generate a keystore file for secure settings. This file is obfuscated but not encrypted.

To encrypt your secure settings with a password and have them persist outside the container, use a docker run command to manually create the keystore instead. The command must:

  • Bind-mount the config directory. The command will create an elasticsearch.keystore file in this directory. To avoid errors, do not directly bind-mount the elasticsearch.keystore file.
  • Use the elasticsearch-keystore tool with the create -p option. You’ll be prompted to enter a password for the keystore.

For example:

docker run -it --rm \
-v full_path_to/config:/usr/share/elasticsearch/config \
docker.elastic.co/elasticsearch/elasticsearch:7.14.2 \
bin/elasticsearch-keystore create -p

You can also use a docker run command to add or update secure settings in the keystore. You’ll be prompted to enter the setting values. If the keystore is encrypted, you’ll also be prompted to enter the keystore password.

docker run -it --rm \
-v full_path_to/config:/usr/share/elasticsearch/config \
docker.elastic.co/elasticsearch/elasticsearch:7.14.2 \
bin/elasticsearch-keystore \
add my.secure.setting \
my.other.secure.setting

If you’ve already created the keystore and don’t need to update it, you can bind-mount the elasticsearch.keystore file directly. You can use the KEYSTORE_PASSWORD environment variable to provide the keystore password to the container at startup. For example, a docker run command might have the following options:

-v full_path_to/config/elasticsearch.keystore:/usr/share/elasticsearch/config/elasticsearch.keystore
-e KEYSTORE_PASSWORD=mypassword

Using custom Docker images

edit

In some environments, it might make more sense to prepare a custom image that contains your configuration. A Dockerfile to achieve this might be as simple as:

FROM docker.elastic.co/elasticsearch/elasticsearch:7.14.2
COPY --chown=elasticsearch:elasticsearch elasticsearch.yml /usr/share/elasticsearch/config/

You could then build and run the image with:

docker build --tag=elasticsearch-custom .
docker run -ti -v /usr/share/elasticsearch/data elasticsearch-custom

Some plugins require additional security permissions. You must explicitly accept them either by:

  • Attaching a tty when you run the Docker image and allowing the permissions when prompted.
  • Inspecting the security permissions and accepting them (if appropriate) by adding the --batch flag to the plugin install command.

See Plugin management for more information.

Troubleshoot Docker errors for Elasticsearch

edit

Here’s how to resolve common errors when running Elasticsearch with Docker.

elasticsearch.keystore is a directory

edit
Exception in thread "main" org.elasticsearch.bootstrap.BootstrapException: java.io.IOException: Is a directory: SimpleFSIndexInput(path="/usr/share/elasticsearch/config/elasticsearch.keystore") Likely root cause: java.io.IOException: Is a directory

A keystore-related docker run command attempted to directly bind-mount an elasticsearch.keystore file that doesn’t exist. If you use the -v or --volume flag to mount a file that doesn’t exist, Docker instead creates a directory with the same name.

To resolve this error:

  1. Delete the elasticsearch.keystore directory in the config directory.
  2. Update the -v or --volume flag to point to the config directory path rather than the keystore file’s path. For an example, see Create an encrypted Elasticsearch keystore.
  3. Retry the command.

elasticsearch.keystore: Device or resource busy

edit
Exception in thread "main" java.nio.file.FileSystemException: /usr/share/elasticsearch/config/elasticsearch.keystore.tmp -> /usr/share/elasticsearch/config/elasticsearch.keystore: Device or resource busy

A docker run command attempted to update the keystore while directly bind-mounting the elasticsearch.keystore file. To update the keystore, the container requires access to other files in the config directory, such as keystore.tmp.

To resolve this error:

  1. Update the -v or --volume flag to point to the config directory path rather than the keystore file’s path. For an example, see Create an encrypted Elasticsearch keystore.
  2. Retry the command.

Next steps

edit

You now have a test Elasticsearch environment set up. Before you start serious development or go into production with Elasticsearch, you must do some additional setup:

« Install Elasticsearch with Windows MSI Installer Install Elasticsearch on macOS with Homebrew »