docker.sock access error #10050
Comments
|
Same as #10031 ? |
|
Hi, We recently made a change to our Telegraf container images to run the telegraf process as the The docker user directive can accomplish this by adding: We have a full post on why we made this change and the impact to users. Thanks! |
Of course if telegraf is used with docker-compose you either need to set the group statically by executing telegraf:
...
# "1000" is the group id of the docker daemon, run: $(stat -c '%g' /var/run/docker.sock)
# see: https://www.influxdata.com/blog/docker-run-telegraf-as-non-root/
user: telegraf:1000
...Or you can play around with docker/compose#1532 (comment) to get an env variable with the group id into the |
|
Run this command then restart telegraf container: docker exec -it TELEGRAF_CONTAINER_NAME /bin/bash chmod 666 /var/run/docker.sockPS: am running telegraf:1.21 docker image. |
Issue with this is if you update telegraf (though at this point i'm keeping it at the same version for the forseeable future). |
|
sigh I'm running telegraf as an edge stack through Portainer on all docker hosts in my home (-lab). And the docker GID is different on every host. Is there any option to get the old behavior back? Otherwise, it literally breaks my whole home host monitoring. |
I'm on the same boat. @sgofferj did you find a workaround? |
|
If you're using Besides my #!/bin/bash
SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
DOCKER_GID=`stat -c '%g' /var/run/docker.sock`
REPORT_HOSTNAME=`hostname`
echo "DOCKER_GID=${DOCKER_GID}" > ${SCRIPT_DIR}/.env
echo "REPORT_HOSTNAME=${REPORT_HOSTNAME}" >> ${SCRIPT_DIR}/.envIt creates DOCKER_GID=998
REPORT_HOSTNAME=haloThen, in your hostname: ${REPORT_HOSTNAME}
user: "telegraf:${DOCKER_GID}"You may also want to add |
|
@kykc |
|
I just ran into this issue. my solution for docker-compose services:
telegraf:
image: telegraf
container_name: telegraf
entrypoint: /bin/bash -c "chmod 666 /var/run/docker.sock && /entrypoint.sh telegraf"
volumes:
- './telegraf/telegraf.conf:/etc/telegraf/telegraf.conf'
- '/var/run/docker.sock:/var/run/docker.sock' |
I had to replace bash with sh: |
That worked for me! Thanks |
What he said does work on Portainer if you do the following: Open your terminal (for me, I'm on UnRaid). Get the results to the following commands: 'stat -c '%g' /var/run/docker.sock' (will give you your DOCKER_GID) Then edit your stack in Portainer. Add two new environmental values: name: DOCKER_GID value: output from the first command. Then in your compose for Telegraf make sure you include the following: user: 'telegraf:${DOCKER_GID}' (In Portainer it is called stack.env) I'm late to this topic because I have run into this issue myself tonight, and those instructions fixed it. |
Relevent telegraf.conf
System info
Telegraf 1.20.3, Debian 11
Docker
telegraf:
image: telegraf:latest
container_name: telegraf
depends_on:
- influxdb
volumes:
- /var/run/docker.sock:/var/run/docker.sock
Steps to reproduce
...
Expected behavior
no errors expected.
Actual behavior
2021-11-03T12:40:00Z E! [inputs.docker] Error in plugin: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get "http://%2Fvar%2Frun%2Fdocker.sock/v1.21/info": dial unix /var/run/docker.sock: connect: permission denied,
2021-11-03T12:40:00Z E! [inputs.docker] Error in plugin: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get "http://%2Fvar%2Frun%2Fdocker.sock/v1.21/containers/json?filters=%7B%22status%22%3A%5B%22running%22%5D%7D&limit=0": dial unix /var/run/docker.sock: connect: permission denied
Additional info
My setup worked perfectly till the update form 29. Oktober.
All other services (portainer, traefik, watchtower) have no issue with accessing docker.sock.
I don't have a root user. I use sudo. Telegraf is started by docker-compose up -d in "sudo su" mode.
The text was updated successfully, but these errors were encountered: