Docker: Keystore resets on restart

[RobinGoussey]

Hi,

I am trying to use s3 backups in opensearch (Docker compose, plain compose, no swarm), for that I need to store properties in the keystore. That all works, but whenever you restart the container the opensearch.keystore is reset, which means the snapshot credentials are gone.

I could mount /usr/share/opensearch/config, although this would mean you have to put all necessary files ready in that mount, eg. jvm.options.

These are my compose volumes

    volumes:
      - /var/opensearch/data:/usr/share/opensearch/data
      - ./certs/root-ca.pem:/usr/share/opensearch/config/root-ca.pem
      - ./certs/node.pem:/usr/share/opensearch/config/node.pem
      - ./certs/node-key.pem:/usr/share/opensearch/config/node-key.pem
      - ./certs/admin.pem:/usr/share/opensearch/config/admin.pem
      - ./certs/admin-key.pem:/usr/share/opensearch/config/admin-key.pem
      - ./config/opensearch.yml:/usr/share/opensearch/config/opensearch.yml:rw
      - ./security:/usr/share/opensearch/plugins/opensearch-security/securityconfig

Is there a way to mount the keystore to make it permanent? Or a good template to mount (with all files needed to boot up). Or am I missing some best practice or some elaborate way to store these credentials in docker?

Thanks in advance.

[setiah]

You are likely setting the keystore on a running container, which causes it to lose those settings when stopped.

Try mounting the host's keystore (with specific settings you need) to the container in docker-compose.yml.