Exercise: Run Liferay and Elasticsearch Using Docker
7.3+
Here you can walk through a minimal Liferay-Elasticsearch setup on your local machine to see how a secure REST Client connection between Elasticsearch and Liferay is configured. The example uses two Docker containers: one Elasticsearch container and one Liferay container. For more conceptual and production-like information see Installing Elasticsearch.
Create Local Folders for Bind Mounting to the Docker Containers
Create local folders that can be bind mounted to the Elasticsearch and Liferay containers’ system folders for providing plugins and configuration files. Since Elasticsearch must write to the mounted folder, the -m a+w
modifier is given to the following mkdir
command. You must understand and apply the proper permissions applicable to your system:
mkdir -p test-es-install/dxp/files/osgi/configs && mkdir -p test-es-install/elasticsearch -m a+w && cd test-es-install
The cd test-es-install
command at the end puts you in the test-es-install
folder. Make sure you run the remaining commands for both Elasticsearch and Liferay from this folder.
Install Elasticsearch
-
Configure and start an Elasticsearch container named
elasticsearch
:docker run -it --name elasticsearch -m 1g -p 9200:9200 -e "discovery.type=single-node" -e "node.name=es-node1" -v $(pwd)/elasticsearch:/usr/share/elasticsearch/data docker.elastic.co/elasticsearch/elasticsearch:8.11.4
Once started, log messages with important security information are printed:
-
Copy the password for the elastic user locally.
-
Obtain the keystore password. Open a new terminal window, then open an interactive shell on the new container:
docker exec -it elasticsearch /bin/bash
-
Use
./bin/elasticsearch-keystore
to print the password to the command line:./bin/elasticsearch-keystore show xpack.security.http.ssl.keystore.secure_password
Copy the keystore password locally.
-
Install the required Elasticsearch plugins:
./bin/elasticsearch-plugin install analysis-icu && /usr/share/elasticsearch/bin/elasticsearch-plugin install analysis-kuromoji && /usr/share/elasticsearch/bin/elasticsearch-plugin install analysis-smartcn && /usr/share/elasticsearch/bin/elasticsearch-plugin install analysis-stempel
-
When the plugins are installed, exit the shell by typing
exit
. -
Restart the Elasticsearch container to register the plugins. CTRL+C stops the container. Start it again by running
docker start -i elasticsearch
-
On first startup, Elasticsearch created a security certificate you need for encrypting the HTTP connection with Liferay. Copy the
certs
folder from the running container to thetest-es-install/dxp/files/
folder:docker cp elasticsearch:/usr/share/elasticsearch/config/certs/ dxp/files/
-
Docker must copy these into the Liferay container, and Liferay must read from these files, so make sure the file permissions are appropriate:
chmod -R a+rwx dxp/files/certs/
This is for local testing only. You must understand and ensure the permissions are appropriate for your system.
-
Get the
elasticsearch
container’s IPv4 address so it can be added to Liferay’sdocker run
command:docker network inspect bridge
Copy the IPv4 address locally.
Install Liferay
Specify the properties Liferay needs to connect with Elasticsearch; then run the Liferay container.
-
First populate the Elasticsearch 7 configuration file. Create the file
com.liferay.portal.search.elasticsearch7.configuration.ElasticsearchConfiguration.config
:touch dxp/files/osgi/configs/com.liferay.portal.search.elasticsearch7.configuration.ElasticsearchConfiguration.config
-
Open the file and give it these contents, replacing the
password
andtruststorePassword
with those you copied from Elasticsearch, and inserting the IPv4 of theelasticsearch
container in thenetworkHostAddresses
property if it’s different:password="[ELASTIC_PASS]" truststorePassword="[KEYSTORE_PASS]" networkHostAddresses="https://172.17.0.2:9200" authenticationEnabled=B"true" httpSSLEnabled=B"true" logExceptionsOnly="false" productionModeEnabled=B"true" truststorePath="/opt/liferay/certs/http.p12" truststoreType="pkcs12" username="elastic"
Save and exit the file.
-
Now the security certificate files and the configuration file are in place. They’ve been added to folders on the host system that the Liferay Docker container can read from (
test-es-install/dxp/files
). Start the Liferay container:docker run -it --memory 9g --name liferay --publish 8080:8080 --volume $(pwd)/dxp:/mnt/liferay liferay/portal:7.4.3.120-ga120
If you’re using Liferay 7.3, replace the version in the command above.
-
Checkpoint: Verify that the Elasticsearch connection is active in Control Panel → Configuration → Search.
Reindex your search and spell check indexes. Both reindex actions are carried out from the Index Actions tab of Control Panel → Configuration → Search.
Cleaning Up Exercise Files
To clean up all the items created for this exercise, first stop the containers, then
-
Remove the docker containers:
docker container rm elasticsearch liferay
-
Remove the folder structure. First make sure you’re in the parent of the test installation folder (i.e.,
../test-es-install
)., then runrm -fr test-es-install
This leaves you with just the Docker images you used to create the containers. If desired, you can remove those with the docker image rm [image-name]
command.