ElasticSearch on Docker / Podman on Apple Silicon Mac (M1, M2) (improving official documentation)

Photo by Markus Winkler on Unsplash

You might arrive to this post because you are getting either this error when following the official documentation:

ERROR: Elasticsearch exited unexpectedly, with exit code 78

or this other one:

{“@timestamp”:”2023–09–15T07:24:11.045Z”, “log.level”:”ERROR”, “message”:”node validation exception\n[1] bootstrap checks failed. You must address the points described in the following [1] lines before starting Elasticsearch.\nbootstrap check failure [1] of [1]: max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]”, “ecs.version”: “1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”main”,”log.logger”:”org.elasticsearch.bootstrap.Elasticsearch”,”elasticsearch.node.name”:”99cd894680e3",”elasticsearch.cluster.name”:”docker-cluster”}

which states:

max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]

The solution

consist of:

• Increasing the Java heap memory (by environment)
• Removing the container’s memory limit (don’t forget to give the podman machine / docker vm enough memory)
• Speeding up the bootstrap step and reducing the required memory by indicating that ES will run in expected single node mode.

podman run --name elasticsearch8 --net elastic -p 9200:9200 -p 9300:9300 -e "discovery.type=single-node" -e ES_JAVA_OPTS="-Xms2g -Xmx2g" -v elastic:/usr/share/elasticsearch/data docker.elastic.co/elasticsearch/elasticsearch:8.10.0

I use a volume by the way to persist things.

Feel free to remove the option if you don’t need it.

Bonus: Changing the elasticsearch user’s password and check if ES is up and running

The instructions on the official website work, but they are not unattended (you need to type stuff in the terminal).
So I do it this way:

Change the password and export credentials for curl:

export ES_USER="elastic"
export ES_PASSWORD=$(podman exec -ti elasticsearch8 /usr/share/elasticsearch/bin/elasticsearch-reset-password -s -b -u $ES_USER | tr -d '[:space:]')
export ES_CRED="${ES_USER}:${ES_PASSWORD}"

Test that ES is running properly with curl:

curl -u "$ES_CRED" localhost:9200 | jq '.'
* Connection #0 to host localhost left intact
{
  "name": "6cb187618827",
  "cluster_name": "docker-cluster",
  "cluster_uuid": "YkH_Hh2MTAeMsXwZBuMuNg",
  "version": {
    "number": "8.10.0",
    "build_flavor": "default",
    "build_type": "docker",
    "build_hash": "e338da74c79465dfdc204971e600342b0aa87b6b",
    "build_date": "2023-09-07T08:16:21.960703010Z",
    "build_snapshot": false,
    "lucene_version": "9.7.0",
    "minimum_wire_compatibility_version": "7.17.0",
    "minimum_index_compatibility_version": "7.0.0"
  },
  "tagline": "You Know, for Search"
}

Note that modern ElasticSearch images require the use of username / password or tokens even to query the status page.

Enjoy!