A 101 primer on deploying Elasticsearch with a docker-based orchestration service

Unless you are living under a rock, you have probably heard about docker and are perhaps thinking about using it for your next project. In this post, we show how to deploy a production grade Elasticsearch cluster using Docker Cloud, an orchestration service from Docker in 10 simple steps and zero lines of code.

1. We will begin by linking AWS to Docker Cloud. First, login to your AWS account.

Go to IAM Panel and create a new user.

Be sure to store the Access Key ID and Secret Access Key in a safe place, we will use these from Docker Cloud’s interface in the following steps..

Now create a new custom inline policy as shown below.

We create a new “inline policy” for our newly created IAM user

{

"Version": "2012-10-17",

"Statement": [

{

"Action": [

"ec2:*",

"iam:ListInstanceProfiles"

],

"Effect": "Allow",

"Resource": "*"

}

]

}

Copy and paste the above snippet in the policy document. These permissions allows the user to perform any operation in EC2 and list IAM instance profiles for assigning to the compute instances.

Once you apply the policy, you’re all set with the IAM panel.

2. Create an account with Docker Cloud and login.

Docker Cloud’s welcome page

3. Go to “Add your first cloud provider” and enter the AWS access and secret key credentials of the docker cloud user here.

4. Next, go to the “Nodes” tab or alternatively select “Deploy a node” from the welcome page to start spinning EC2 instances.

5. Once in nodes tab, launch a new node cluster (Docker Cloud will ask for a credit card info at this point, don’t worry — we will remind you about it once this tutorial ends).

Docker Cloud will create a new AWS VPC called “dc-vpc” which will be used for all future deployments. If this is your first time using Docker Cloud, deploying the nodes may take some time as new subnets are provisioned in the VPC and a “dc-vpc-default” security group is created.

The deploy tags, elasticsearch, dockercloud, and appbase in this case, are used for associating nodes to services (we will come to them in the following steps).

6. Hop back to the AWS console and you should see the dc-vpc-default security group inside EC2 service dashboard. Consider adding the following rules for your inbound network.

Set your Inbound rules as shown in the image.

The second rule is a self referencing rule which allows all traffic between nodes of this security group.

The 6783, 5601, 48001 and 2375 ports are required to be open for Docker Cloud’s purposes.

7. Now that we are all set with the nodes, we will create a new stack file. For the unfamiliar — a stack file is a Docker Cloud specific implementation of a docker-compose file in a YAML format.

Use the stack file snippet below as is to create your stack.

L1: “elasticsearch” is the name of the Elasticsearch service in stack with name “my-application”.

L2: We use the official Elasticsearch 2.2 docker image here.

L3: We specify the Elasticsearch command to be executed (with options) for a successful deployment.

minimum_master_nodes is set to 2 for a 3 node cluster to reduce the risk of a split brain.

is set to 2 for a 3 node cluster to reduce the risk of a split brain. We set the cluster name to my_app_es_1 (can be anything you like).

A set of Elasticsearch nodes which form the cluster is given. As Docker Cloud uses the weave overlay network and service discovery by default, the hostnames of all nodes are going to be assigned by weave. For instance, if deploying a 5 node cluster, hosts elasticsearch-4 and elasticsearch-5 should be present and so on. You can find more here.

The ip address to publish is set to the ip address of the weave virtual adapter using publish_host=_ethwe:ipv4_ and all interfaces are bound to by giving bind_host=0.

L4: A deployment strategy of “every_node” is selected which means that each node with matching tags will have exactly one Elasticsearch instance running.

L5–6: An environment variable ES_HEAP_SIZE=4g allocates 4GB of our selected 8GB RAM (a m4.large instance has 8GB RAM) nodes to heap.

L7–8: Port 9200 is mapped to the host so that application outside the weave network can access it.

L9–12: Here we use the same deploy tags as in step 5. where we created the node cluster.

L13–14: The Elasticsearch data volume is mapped to a folder on the host inside “/var/lib/docker” where the 150GB volume we specified while deploying the nodes is mounted.

8. Click the “Create and deploy” stack button to deploy the Elasticsearch docker image on our just created 3-node cluster.

9. You should be seeing this interface if the deployment happens successfully. If you wish to access the Elasticsearch cluster from outside of the current security group, you can open the 9200 port to other security groups or IPs.

Opening up port 9200 to your IP

Head to the endpoint URL shown by docker cloud

You can get the URL of the cluster from Endpoints section that is visible in the screenshot in step 8. Once you open the 9200 port to external IPs, you should see a 200 OK response from the Elasticsearch cluster. (Notice the my_app_es_1 cluster name that we set in the stack file)

10. That’s it folks! We don’t recommend keeping the Elasticsearch port open to other IPs in production. You should always use the AWS security groups or alternatively, set up an authentication layer before opening up the port publicly.

If all you wanted is play along with the tutorial, you can now power down the service and terminate the nodes.