Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):
Opensearch2.11.1, Opensearch-dashboards:2.11.1
System: Macos 13.6.4 (22G513)
VSCode: 1.89.1
Dev Container: v0.369.0
Describe the issue:
I know that opensearch need to run without root, so my former Dockerfile is
FROM opensearchproject/opensearch:2.11.1
COPY app/ requirements.txt /app/
# Install dependencies
USER root
RUN dnf install -y python3.11 python3-pip && \
python3.11 -m ensurepip --upgrade && \
python3.11 -m pip install --upgrade pip setuptools &&\
pip install -r /app/requirements.txt
USER opensearch
Recently I want to use dev container to attach my opensearch node1, and debug, modify some code in it. But this operation needs root permission. So it’s contradictory, if I run opensearch without root, I can’t even create launch.json. How could I run opensearch by docker compose and get permission to modify files?
Configuration:
FYI, here’s my docker compose:
opensearch-node1: # This is also the hostname of the container within the Docker network (i.e. https://opensearch-node1/)
build:
context: .
dockerfile: Dockerfile_opensearch
container_name: opensearch-node1
environment:
- cluster.name=opensearch-cluster # Name the cluster
- node.name=opensearch-node1 # Name the node that will run in this container
- discovery.seed_hosts=opensearch-node1,opensearch-node2 # Nodes to look for when discovering the cluster
- cluster.initial_cluster_manager_nodes=opensearch-node1,opensearch-node2 # Nodes eligibile to serve as cluster manager
- bootstrap.memory_lock=true # Disable JVM heap memory swapping
- "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m" # Set min and max JVM heap sizes to at least 50% of system RAM
- OPENSEARCH_INITIAL_ADMIN_PASSWORD=${OPENSEARCH_INITIAL_ADMIN_PASSWORD} # Sets the demo admin user password when using demo configuration (for OpenSearch 2.12 and later)
ulimits:
memlock:
soft: -1 # Set memlock to unlimited (no soft or hard limit)
hard: -1
nofile:
soft: 65536 # Maximum number of open files for the opensearch user - set to at least 65536
hard: 65536
volumes:
- opensearch-data1:/usr/share/opensearch/data # Creates volume called opensearch-data1 and mounts it to the container
ports:
- 9200:9200 # REST API
- 9600:9600 # Performance Analyzer
networks:
- opensearch-net # All of the containers will join the same Docker bridge network
opensearch-node2:
build:
context: .
dockerfile: Dockerfile_opensearch
container_name: opensearch-node2
environment:
- cluster.name=opensearch-cluster
- node.name=opensearch-node2
- discovery.seed_hosts=opensearch-node1,opensearch-node2
- cluster.initial_cluster_manager_nodes=opensearch-node1,opensearch-node2
- bootstrap.memory_lock=true
- "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m"
- OPENSEARCH_INITIAL_ADMIN_PASSWORD=${OPENSEARCH_INITIAL_ADMIN_PASSWORD}
ulimits:
memlock:
soft: -1
hard: -1
nofile:
soft: 65536
hard: 65536
volumes:
- opensearch-data2:/usr/share/opensearch/data
networks:
- opensearch-net
opensearch-dashboards:
image: opensearchproject/opensearch-dashboards:2.11.1 # Make sure the version of opensearch-dashboards matches the version of opensearch installed on other nodes
container_name: opensearch-dashboards
ports:
- 5601:5601 # Map host port 5601 to container port 5601
expose:
- "5601" # Expose port 5601 for web access to OpenSearch Dashboards
environment:
OPENSEARCH_HOSTS: '["https://opensearch-node1:9200","https://opensearch-node2:9200"]' # Define the OpenSearch nodes that OpenSearch Dashboards will query
networks:
- opensearch-net
volumes:
opensearch-data1:
opensearch-data2:
networks:
opensearch-net:
Relevant Logs or Screenshots: