Home Explore Help
Sign In
lqb
/
elasticsearch
mirror of https://gitee.com/mirrors/elasticsearch.git
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

Docs: Update production notes for Docker

Add info about the base image used and the github repo of
elasticsearch-docker.

Clarify that setting `memlock=-1:-1` is only a requirement when
`bootstrap_memory_lock=true` and the alternatives we document
elsewhere in docs for disabling swap are valid for Docker as well.

Additionally, with latest versions of docker-ce shipping with
unlimited (or high enough) defaults for `nofile` and `nproc`, clarify
that explicitly setting those per ES container is not required, unless
they are not defined in the Docker daemon.

Finally simplify production `docker-compose.yml` example by removing
unneeded options.

Relates #24389
Dimitrios Liappis 8 years ago
parent
070963658b
commit
79857357bf
2 changed files with 13 additions and 18 deletions
Split View Show Diff Stats
  1. 1 0
      docs/reference/setup/bootstrap-checks.asciidoc
  2. 12 18
      docs/reference/setup/install/docker.asciidoc

+ 1 - 0
docs/reference/setup/bootstrap-checks.asciidoc
View File 

@@ -99,6 +99,7 @@ that *if* the `bootstrap.memory_lock` setting is enabled, that the JVM
 
 was successfully able to lock the heap. To pass the memory lock check,
 
 you might have to configure <<mlockall,`mlockall`>>.
 
 
+[[max-number-threads-check]]
 
 === Maximum number of threads check
 
 
 Elasticsearch executes requests by breaking the request down into stages

+ 12 - 18
docs/reference/setup/install/docker.asciidoc
View File 

@@ -2,7 +2,8 @@
 
 === Install Elasticsearch with Docker
 
 
 Elasticsearch is also available as a Docker image.
 
-The image is built with {xpack}/index.html[X-Pack].
 
+The image is built with {xpack}/index.html[X-Pack] and uses https://hub.docker.com/_/centos/[centos:7] as the base image.
 
+The source code can be found on https://github.com/elastic/elasticsearch-docker/tree/{branch}[GitHub].
 
 
 ==== Security note
 
 
@@ -153,12 +154,7 @@ services:
 
       memlock:
 
         soft: -1
 
         hard: -1
 
-      nofile:
 
-        soft: 65536
 
-        hard: 65536
 
     mem_limit: 1g
 
-    cap_add:
 
-      - IPC_LOCK
 
     volumes:
 
       - esdata1:/usr/share/elasticsearch/data
 
     ports:
 
@@ -176,12 +172,7 @@ services:
 
       memlock:
 
         soft: -1
 
         hard: -1
 
-      nofile:
 
-        soft: 65536
 
-        hard: 65536
 
     mem_limit: 1g
 
-    cap_add:
 
-      - IPC_LOCK
 
     volumes:
 
       - esdata2:/usr/share/elasticsearch/data
 
     networks:
 
@@ -195,7 +186,6 @@ volumes:
 
 
 networks:
 
   esnet:
 
-    driver: bridge
 
 --------------------------------------------
 
 endif::[]
 
 
@@ -273,15 +263,19 @@ We have collected a number of best practices for production use.
 
 
 NOTE: Any Docker parameters mentioned below assume the use of `docker run`.
 
 
-. Elasticsearch inside the container runs as user `elasticsearch` using uid:gid `1000:1000`. If you are bind mounting a local directory or file, ensure it is readable by this user while the https://www.elastic.co/guide/en/elasticsearch/reference/current/important-settings.html#path-settings[data and log dirs] additionally require write access.
 
-
 
-. It is important to correctly set capabilities and ulimits via the Docker CLI. As seen earlier in the example <<docker-prod-cluster-composefile,docker-compose.yml>>, the following options are required:
 
+. Elasticsearch runs inside the container as user `elasticsearch` using uid:gid `1000:1000`. If you are bind-mounting a local directory or file, ensure it is readable by this user, while the <<path-settings,data and log dirs>> additionally require write access.
 
++
 
+. It is important to ensure increased ulimits for <<setting-system-settings,nofile>> and <<max-number-threads-check,nproc>> are available for the Elasticsearch containers. Verify the https://github.com/moby/moby/tree/ea4d1243953e6b652082305a9c3cda8656edab26/contrib/init[init system] for the Docker daemon is already setting those to acceptable values and, if needed, adjust them in the Daemon, or override them per container, for example using `docker run`:
 
++
 
+  --ulimit nofile=65536:65536
 
++
 
+NOTE: One way of checking the Docker daemon defaults for the aforementioned ulimits is by running:
 
 +
 
-  --cap-add=IPC_LOCK --ulimit memlock=-1:-1 --ulimit nofile=65536:65536
 
+  docker run --rm centos:7 /bin/bash -c 'ulimit -Hn && ulimit -Sn && ulimit -Hu && ulimit -Su'
 
 +
 
-. Ensure `bootstrap.memory_lock` is set to `true` as explained in "<<setup-configuration-memory,Disable swapping>>".
 
+. Swapping needs to be disabled for performance and node stability. This can be achieved through any of the methods mentioned in the <<setup-configuration-memory,Elasticsearch docs>>. If you opt for the `boostrap.memory_lock: true` approach, apart from defining it through any of the <<docker-configuration-methods,configuration methods>>, you will additionally need the `memlock: true` ulimit, either defined in the https://docs.docker.com/engine/reference/commandline/dockerd/#default-ulimits[Docker Daemon] or specifically set for the container. This has been demonstrated earlier in the <<docker-prod-cluster-composefile,docker-compose.yml>>, or using `docker run`:
 
 +
 
-This can be achieved through any of the <<docker-configuration-methods,configuration methods>>, e.g. by setting the appropriate environments variable with `-e "bootstrap.memory_lock=true"`.
 
+  -e "bootstrap_memory_lock=true" --ulimit memlock=-1:-1
 
 +
 
 . The image https://docs.docker.com/engine/reference/builder/#/expose[exposes] TCP ports 9200 and 9300. For clusters it is recommended to randomize the published ports with `--publish-all`, unless you are pinning one container per host.
 
 +