作者:sdfsadfwforever | 来源:互联网 | 2023-02-07 14:45
我们正在尝试在Docker容器中运行Elasticsearch节点.我们使用Search Guard插件来确保安全性.但是,在安装过程中,插件要求我们运行脚本.此脚本要求ElasticSearch在运行时可在端口9300上访问.延迟脚本是否有最佳实践?我们在执行之前尝试过睡眠以及RUN和CMD Dockerfile命令.
这是输出:
elasticsearch | Search Guard Admin v5
elasticsearch | Will connect to localhost:9300
elasticsearch | ERR: Seems there is no elasticsearch running on
localhost:9300 - Will exit
Dockerfile:
FROM docker.elastic.co/elasticsearch/elasticsearch:5.3.0
USER root
RUN apk update \
&& apk upgrade \
&& apk add nano
USER root
# Add the ElasticSeach config
ADD elasticsearch.yml /usr/share/elasticsearch/config/
RUN chown elasticsearch:elasticsearch /usr/share/elasticsearch/config/elasticsearch.yml
# Add the truststore
ADD keys/truststore.jks /usr/share/elasticsearch/config/
RUN chown elasticsearch:elasticsearch /usr/share/elasticsearch/config/truststore.jks
# Create the node certs
ADD gen-cert/ /usr/share/elasticsearch/gen-cert/
WORKDIR /usr/share/elasticsearch/gen-cert
RUN ./gen_node_cert.sh 0 ######### #########
RUN cp node-keystore.jks /usr/share/elasticsearch/config/
# Prep for boot!
WORKDIR /usr/share/elasticsearch/
USER elasticsearch
RUN /usr/share/elasticsearch/bin/elasticsearch-plugin install -b com.floragunn:search-guard-5:5.3.0-11
RUN chmod +x -R /usr/share/elasticsearch/plugins/search-guard-5/tools/
# Run the security script on start
CMD sleep 10 && /usr/share/elasticsearch/plugins/search-guard-5/tools/sgadmin.sh \
-cd /usr/share/elasticsearch/plugins/search-guard-5/sgconfig/ \
-cn SHU \
-ks /usr/share/elasticsearch/config/node-keystore.jks \
-kspass Chupacabra \
-ts /usr/share/elasticsearch/config/truststore.jks \
-tspass Chupacabra \
-nhnv
nbrink..
5
我们能够让这个工作.我们只需将脚本添加到Dockerfile末尾的CMD命令中,以便在ElasticSearch启动脚本之后运行.
看起来每个文件只能有一个命令,因此我们必须查看基本弹性图像(ElasticSearch Docker GitHub)并添加到它.
CMD ["/ bin/bash","bin/es-docker","search-guard/run-sgadmin.sh"]
1> nbrink..:
我们能够让这个工作.我们只需将脚本添加到Dockerfile末尾的CMD命令中,以便在ElasticSearch启动脚本之后运行.
看起来每个文件只能有一个命令,因此我们必须查看基本弹性图像(ElasticSearch Docker GitHub)并添加到它.
CMD ["/ bin/bash","bin/es-docker","search-guard/run-sgadmin.sh"]