Vamshi Krishna
Reputation: 99
Localstack docker opensearch setup : Permission denied error
Im setting up an opensearch cluster using Localstack on a kubernetes pod, which is exposed via a Kubernetes service. Im setting this up using awslocal cli, and I get a Permission Error when the open search plugins are being installed. This is the error message
2025-03-05T06:39:21.683 INFO --- [-functhread8] l.s.opensearch.packages : Installing OpenSearch plugin ingest-attachment
2025-03-05T06:39:27.686 WARN --- [-functhread8] l.s.opensearch.packages : Unable to download OpenSearch plugin 'ingest-attachment' after 3 attempts
2025-03-05T06:39:27.688 INFO --- [-functhread8] localstack.utils.threads : Thread run method <function Server.do_start_thread.<locals>._run at 0x7f3bdb24f920>(None) failed: Installation of opensearch OpenSearch_2.11 failed. Traceback (most recent call last):
File "/opt/code/localstack/localstack-core/localstack/packages/api.py", line 91, in install
self._install(target)
File "/opt/code/localstack/localstack-core/localstack/services/opensearch/packages.py", line 121, in _install
retry(try_install, retries=download_attempts - 1, sleep=2)
File "/opt/code/localstack/localstack-core/localstack/utils/sync.py", line 63, in retry
raise raise_error
File "/opt/code/localstack/localstack-core/localstack/utils/sync.py", line 59, in retry
return function(**kwargs)
^^^^^^^^^^^^^^^^^^
File "/opt/code/localstack/localstack-core/localstack/services/opensearch/packages.py", line 112, in try_install
output = run(
^^^^
File "/opt/code/localstack/localstack-core/localstack/utils/run.py", line 69, in run
output = subprocess.check_output(cmd, shell=shell, stderr=stderr, env=env_dict, cwd=cwd)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.11/subprocess.py", line 466, in check_output
return run(*popenargs, stdout=PIPE, timeout=timeout, check=True,
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.11/subprocess.py", line 548, in run
with Popen(*popenargs, **kwargs) as process:
^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.11/subprocess.py", line 1026, in __init__
self._execute_child(args, executable, preexec_fn, close_fds,
File "/usr/local/lib/python3.11/subprocess.py", line 1955, in _execute_child
raise child_exception_type(errno_num, err_msg, err_filename)
PermissionError: [Errno 13] Permission denied: '/var/lib/localstack/lib/opensearch/OpenSearch_2.11/bin/opensearch-plugin'
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
File "/opt/code/localstack/localstack-core/localstack/utils/threads.py", line 60, in run
result = self.func(self.params, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/code/localstack/localstack-core/localstack/utils/serving.py", line 168, in _run
return self.do_run()
^^^^^^^^^^^^^
File "/opt/code/localstack/localstack-core/localstack/services/opensearch/cluster.py", line 623, in do_run
self.cluster.start()
File "/opt/code/localstack/localstack-core/localstack/utils/serving.py", line 128, in start
self._thread = self.do_start_thread()
^^^^^^^^^^^^^^^^^^^^^^
File "/opt/code/localstack/localstack-core/localstack/services/opensearch/cluster.py", line 345, in do_start_thread
self._ensure_installed()
File "/opt/code/localstack/localstack-core/localstack/services/opensearch/cluster.py", line 415, in _ensure_installed
opensearch_package.install(self.version)
File "/opt/code/localstack/localstack-core/localstack/packages/api.py", line 214, in install
self.get_installer(version).install(target)
File "/opt/code/localstack/localstack-core/localstack/packages/api.py", line 106, in install
raise PackageException(f"Installation of {self.name} {self.version} failed.") from e
localstack.packages.api.PackageException: Installation of opensearch OpenSearch_2.11 failed.
This is the aws local command setting up the opensearch cluster
# Create OpenSearch domain
awslocal opensearch create-domain \
--domain-name api-transactions \
--cluster-config InstanceType=m6g.large.search,InstanceCount=3,ZoneAwarenessEnabled=true,ZoneAwarenessConfig={AvailabilityZoneCount=3} \
--ebs-options EBSEnabled=true,VolumeType=gp3,VolumeSize=100,Iops=3000,Throughput=125 \
--endpoint-url http://localhost:4566 \
--access-policies '{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "es:*",
"Resource": "arn:aws:es:us-east-1:000000000000:domain/api-transactions/*"
}
]
}'
And this is the dockerfile for the localstack container which the kubernetes helm deployment uses. Im also trying to set write permissions for the /var/lib/localstack/lib/opensearch/ directory. Setting permissions also did not solve this issue.
FROM localstack/localstack:latest
# Set environment variables for test AWS credentials
..... test aws access key values
# Copying the table creation script to LocalStack's init directory
RUN ls -la
COPY /localstack-service/scripts/ /etc/localstack/init/ready.d/
# Adjust permissions for the OpenSearch directory for the installation to run properly
USER root
RUN mkdir -p /var/lib/localstack/lib/opensearch/ && \
chmod -R 755 /var/lib/localstack/lib/opensearch/
RUN chmod +x /etc/localstack/init/ready.d/createAWSResources.sh #This runs the above awslocal command to create the open search cluster
CMD ["DYNAMODB_SHARE_DB=1", "localstack", "start"]
Can I get some help on fixing this issue. Thanks!
Upvotes: 0
Views: 44
Answers (0)
Related Questions
- How do I fix Localstack SIGILL Error on Apple Silicon
- docker push error: denied: requested access to the resource is denied
- How to fix Docker: Got permission denied issue
- Docker: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock
- Permission denied on accessing host directory in Docker
- Kubernetes - Jupyter PySpark notebook - OSError: [Errno 30] Read-only file system: '/home/jovyan/.jupyter/migrated'
- face This error file building docker image dlib