Docker install elastic search vm.max_map_count

Running SonarQube on docker, getting error on startup (docker run -d --name sonarqube -p 9000:9000 -m 4gb -e (+environment variables). The docker host is Windows Server 2019 DataCenter running on SQL Server back end:

[2] bootstrap checks failed
[1]: max file descriptors [4096] for elasticsearch process is too low, increase to at least [65535]
[2]: max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]

I can see that there is an issue in the setup of elastic search but that seems to be part of the docker container, I can’t see that it is something I have control over.

Looking here, there are instructions for this but these are Linux focussed. There doesn’t seem to be anything to tell me how to configure this for docker containers on windows. Environment Variables | SonarQube Docs

Also, I can see mention here again about Linux. sonarqube - Docker Hub
but nothing in terms of instructions for Windows. Install Elasticsearch with Docker | Elasticsearch Reference [7.10] | Elastic

docker-machine ssh gives me the error ‘docker-machine’ is not recognised as an internal or external command. When I installed docker-machine, I got error:
error no machine name(s) specified and no default machine exists

I can see there is something I need to do but no clear instructions on what that something is!

docker run -d --name sonarqube -p 9000:9000 -m 4gb -e SONAR_JDBC_URL=jdbc:sqlserver://xx.xxx.xx.xx;databaseName=DBName -e SONAR_JDBC_USERNAME=username -e SONAR_JDBC_PASSWORD=password -v sonarqube_data:/opt/sonarqube/data -v sonarqube_extensions:/opt/sonarqube/extensions -v sonarqube_logs:/opt/sonarqube/logs sonarqube

2021.01.15 21:40:27 INFO  es[][o.e.n.Node] version[7.9.3], pid[36], build[oss/tar/c4138e51121ef06a6404866cddc601906fe5c868/2020-10-16T10:36:16.141335Z], OS[Linux/4.14.35-linuxkit/amd64], JVM[AdoptOpenJDK/OpenJDK 64-Bit Server VM/11.0.8/11.0.8+10]
2021.01.15 21:40:27 INFO  es[][o.e.n.Node] JVM home [/opt/java/openjdk]
2021.01.15 21:40:27 INFO  es[][o.e.n.Node] JVM arguments [-XX:+UseConcMarkSweepGC, -XX:CMSInitiatingOccupancyFraction=75, -XX:+UseCMSInitiatingOccupancyOnly, -Djava.io.tmpdir=/opt/sonarqube/temp, -XX:ErrorFile=../logs/es_hs_err_pid%p.log, -Des.networkaddress.cache.ttl=60, -Des.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.locale.providers=COMPAT, -Des.enforce.bootstrap.checks=true, -Xmx512m, -Xms512m, -XX:MaxDirectMemorySize=256m, -XX:+HeapDumpOnOutOfMemoryError, -Des.path.home=/opt/sonarqube/elasticsearch, -Des.path.conf=/opt/sonarqube/temp/conf/es, -Des.distribution.flavor=oss, -Des.distribution.type=tar, -Des.bundled_jdk=false]
2021.01.15 21:40:28 INFO  es[][o.e.p.PluginsService] loaded module [analysis-common]
2021.01.15 21:40:28 INFO  es[][o.e.p.PluginsService] loaded module [lang-painless]
2021.01.15 21:40:28 INFO  es[][o.e.p.PluginsService] loaded module [parent-join]
2021.01.15 21:40:28 INFO  es[][o.e.p.PluginsService] loaded module [percolator]
2021.01.15 21:40:28 INFO  es[][o.e.p.PluginsService] loaded module [transport-netty4]
2021.01.15 21:40:28 INFO  es[][o.e.p.PluginsService] no plugins loaded
2021.01.15 21:40:28 INFO  es[][o.e.e.NodeEnvironment] using [1] data paths, mounts [[/opt/sonarqube/data (/tmp/gcs/d6818d699de0fe3f30f56f61e5a626dc3eac1c4019a3d316f80dce65ca9d56bc/binds/opt/sonarqube/data)]], net usable_space [29.7gb], net total_space [59.3gb], types [9p]
2021.01.15 21:40:28 INFO  es[][o.e.e.NodeEnvironment] heap size [495.3mb], compressed ordinary object pointers [true]
2021.01.15 21:40:28 WARN  es[][o.e.d.c.s.Settings] [node.master] setting was deprecated in Elasticsearch and will be removed in a future release! See the breaking changes documentation for the next major version.
2021.01.15 21:40:28 WARN  es[][o.e.d.c.s.Settings] [node.data] setting was deprecated in Elasticsearch and will be removed in a future release! See the breaking changes documentation for the next major version.
2021.01.15 21:40:28 INFO  es[][o.e.n.Node] node name [sonarqube], node ID [0E5vCAXjQauLGZuXX3byqg], cluster name [sonarqube]
2021.01.15 21:40:30 WARN  es[][o.e.d.c.r.OperationRouting] searches will not be routed based on awareness attributes starting in version 8.0.0; to opt into this behaviour now please set the system property [es.search.ignore_awareness_attributes] to [true]
2021.01.15 21:40:31 INFO  es[][o.e.t.NettyAllocator] creating NettyAllocator with the following configs: [name=unpooled, factors={es.unsafe.use_unpooled_allocator=false, g1gc_enabled=false, g1gc_region_size=0b, heap_size=495.3mb}]
2021.01.15 21:40:32 INFO  es[][o.e.d.DiscoveryModule] using discovery type [zen] and seed hosts providers [settings]
2021.01.15 21:40:32 WARN  es[][o.e.g.DanglingIndicesState] gateway.auto_import_dangling_indices is disabled, dangling indices will not be automatically detected or imported and must be managed manually
2021.01.15 21:40:32 INFO  es[][o.e.n.Node] initialized
2021.01.15 21:40:32 INFO  es[][o.e.n.Node] starting ...
2021.01.15 21:40:44 INFO  es[][o.e.t.TransportService] publish_address {127.0.0.1:40741}, bound_addresses {127.0.0.1:40741}
2021.01.15 21:40:45 INFO  es[][o.e.b.BootstrapChecks] explicitly enforcing bootstrap checks
2021.01.15 21:40:45 ERROR es[][o.e.b.Bootstrap] node validation exception
[2] bootstrap checks failed
[1]: max file descriptors [4096] for elasticsearch process is too low, increase to at least [65535]
[2]: max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]
2021.01.15 21:40:45 INFO  es[][o.e.n.Node] stopping ...
2021.01.15 21:40:45 INFO  es[][o.e.n.Node] stopped
2021.01.15 21:40:45 INFO  es[][o.e.n.Node] closing ...
2021.01.15 21:40:45 INFO  es[][o.e.n.Node] closed

Hi @andrew.currie ,

are you running docker with nested virtualization on hyper-v? if yes you might need to adjust the settings inside your vm. one approach to this would be to use docker compose to create a kind of init container:

version: "3"

services:
  sonarqube:
    image: sonarqube:7.9.5-community
    depends_on:
      - init
    environment:
      SONARQUBE_JDBC_URL: jdbc:sqlserver://xx.xxx.xx.xx;databaseName=DBName
      SONARQUBE_JDBC_USERNAME: username
      SONARQUBE_JDBC_PASSWORD: password
    volumes:
      - sonarqube_data:/opt/sonarqube/data
      - sonarqube_extensions:/opt/sonarqube/extensions
      - sonarqube_logs:/opt/sonarqube/logs
      - sonarqube_temp:/opt/sonarqube/temp
    ulimits:
      nproc: 131072
      nofile:
        soft: 8192
        hard: 131072
    ports:
      - "9000:9000"
  init:
    image: bash
    privileged: true
    user: root
    volumes:
      - $(pwd)/init.sh:/mnt/init.sh <---- replace the path
    command: ["sh", "-e", "/mnt/init.sh"]
volumes:
  sonarqube_data:
  sonarqube_extensions:
  sonarqube_logs:
  sonarqube_temp:

with init.sh being the commands from the docs:

sysctl -w vm.max_map_count=524288
sysctl -w fs.file-max=131072

the other option (THAT I WOULD NOT RECOMMAND!) would be to disable the elasticsearch startup check using a command like this:

docker run -d --name sonarqube -p 9000:9000 -m 4gb -e SONAR_JDBC_URL=jdbc:sqlserver://xx.xxx.xx.xx;databaseName=DBName -e SONAR_JDBC_USERNAME=username -e SONAR_JDBC_PASSWORD=password -v sonarqube_data:/opt/sonarqube/data -v sonarqube_extensions:/opt/sonarqube/extensions -v sonarqube_logs:/opt/sonarqube/logs sonarqube:7.9.5-community -Dsonar.es.bootstrap.checks.disable=true

hope that helps

4 Likes

Hi,

Thanks for the help. I’ve been coming to similar conclusions since posting.

Yes I wanted to avoid disabling the startup checks.

I’m new to docker also so sorry if I’m asking a newbie question here. I totally don’t understand this syntax:

volumes:
  - $(pwd)/init.sh:/mnt/init.sh <---- replace the path
command: ["sh", "-e", "/mnt/init.sh"]

The comment - replace the path - what path is this? These lines mean nothing to me.

Where do I put the init.sh file? I’ve tried putting it in the same location as the docker-compose.yml file. I guess the file should be part of a volume but which one? Should /mnt/ be referenced as a volume somewhere? I’m afraid this whole section just means nothing to me.

I tried running it exactly as is and got an error (which wasn’t a surprise as I think there are things I need to do).

Hi @andrew.currie ,

yeah you need to change the $(pwd) to the path where your init.sh is located on the host system and remove the <---- replace the path comment in the compose file. this will result in a bind mount to the init.sh from your local file system to /mnt/init.sh in the container.
when you are more familiar with the docker run cli notation it would translate to something like:

docker run -d --name init -u root --privileged -v /path/in/your/host/system//init.sh:/mnt/init.sh bash sh -e /mnt/init.sh

hope that make the section in question a bit more clear :slight_smile:

Thanks for your help on this. I’ve made progress based on your reply so thanks. However, I’m just hitting the next issue (in what I suspect will be a train of them!). I think these containers are just not intended to run on windows and trying to do so will just be overcoming one error at a time until I eventually get there. I have no idea how many issues I might hit. I think this is the wrong approach. I think the best way from here is perhaps a native install.

Thanks again for your assistance all the same.

2021-01-21 09_03_30-Window

2021-01-21 09_03_30-Window

Hi @andrew.currie ,

yeah it looks like you could either switch to docker desktop with WSL2 (not sure about the status for windows server) or use a native installation. i would recommend you the native installation as you will not be blocked by artificial abstraction layers (a linux container running on docker for windows with the wsl abstraction layer to make the NT kernel POSIX compliant… there is a lot of complexity in here).

We cover the native installation in our docs in two sections:

hi there, as i was just playing around with sonar in docker on windows (wsl2 backend) i also touched this “challenge” … for me the following snippet from the elasticsearch documentation was helpful. (half way down in the page)

please correct me if i am wrong (and you are able to find some more insights here :slight_smile: ), dear @Tobias_Trabelsi … if i understand it correctly, this vm.max_map_count is something that concerns the “docker host” … not a docker container, right?

my knowledge of docker is also rather bland … e.g. i do not know how / whereon the concept of this init-container applies. until some minutes ago i assumed it was a “basic container” for the sq-container … but now i think it might be serving a different purpose?

leaving this here as it might (also) help my future self some day :innocent:

1 Like

Hi @daniel ,

you are right. The vm.max_map_count concerns the docker host. The idea behind the init container was to access the underlying docker host with a privileged container to set the required boundaries before the sonarqube container starts. privileged container can interact with the docker host.

init container sets vm.max_map_count and ulimits → sq container can start on a pre provisioned docker host.

1 Like

It work for me on aws ec2 linux, thanks