-
Notifications
You must be signed in to change notification settings - Fork 5.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
docker.sock access error #10050
Comments
Same as #10031 ? |
Hi, We recently made a change to our Telegraf container images to run the telegraf process as the The docker user directive can accomplish this by adding:
We have a full post on why we made this change and the impact to users. Thanks! |
Of course if telegraf is used with docker-compose you either need to set the group statically by executing telegraf:
...
# "1000" is the group id of the docker daemon, run: $(stat -c '%g' /var/run/docker.sock)
# see: https://www.influxdata.com/blog/docker-run-telegraf-as-non-root/
user: telegraf:1000
... Or you can play around with docker/compose#1532 (comment) to get an env variable with the group id into the |
Run this command then restart telegraf container: docker exec -it TELEGRAF_CONTAINER_NAME /bin/bash chmod 666 /var/run/docker.sock PS: am running telegraf:1.21 docker image. |
Issue with this is if you update telegraf (though at this point i'm keeping it at the same version for the forseeable future). |
sigh I'm running telegraf as an edge stack through Portainer on all docker hosts in my home (-lab). And the docker GID is different on every host. Is there any option to get the old behavior back? Otherwise, it literally breaks my whole home host monitoring. |
I'm on the same boat. @sgofferj did you find a workaround? |
If you're using Besides my #!/bin/bash
SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
DOCKER_GID=`stat -c '%g' /var/run/docker.sock`
REPORT_HOSTNAME=`hostname`
echo "DOCKER_GID=${DOCKER_GID}" > ${SCRIPT_DIR}/.env
echo "REPORT_HOSTNAME=${REPORT_HOSTNAME}" >> ${SCRIPT_DIR}/.env It creates DOCKER_GID=998
REPORT_HOSTNAME=halo Then, in your hostname: ${REPORT_HOSTNAME}
user: "telegraf:${DOCKER_GID}" You may also want to add |
@kykc |
I just ran into this issue. my solution for docker-compose services:
telegraf:
image: telegraf
container_name: telegraf
entrypoint: /bin/bash -c "chmod 666 /var/run/docker.sock && /entrypoint.sh telegraf"
volumes:
- './telegraf/telegraf.conf:/etc/telegraf/telegraf.conf'
- '/var/run/docker.sock:/var/run/docker.sock' |
I had to replace bash with sh: |
That worked for me! Thanks |
What he said does work on Portainer if you do the following: Open your terminal (for me, I'm on UnRaid). Get the results to the following commands: 'stat -c '%g' /var/run/docker.sock' (will give you your DOCKER_GID) Then edit your stack in Portainer. Add two new environmental values: name: DOCKER_GID value: output from the first command. Then in your compose for Telegraf make sure you include the following: user: 'telegraf:${DOCKER_GID}' (In Portainer it is called stack.env) I'm late to this topic because I have run into this issue myself tonight, and those instructions fixed it. |
Relevent telegraf.conf
System info
Telegraf 1.20.3, Debian 11
Docker
telegraf:
image: telegraf:latest
container_name: telegraf
depends_on:
- influxdb
volumes:
- /var/run/docker.sock:/var/run/docker.sock
Steps to reproduce
...
Expected behavior
no errors expected.
Actual behavior
2021-11-03T12:40:00Z E! [inputs.docker] Error in plugin: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get "http://%2Fvar%2Frun%2Fdocker.sock/v1.21/info": dial unix /var/run/docker.sock: connect: permission denied,
2021-11-03T12:40:00Z E! [inputs.docker] Error in plugin: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get "http://%2Fvar%2Frun%2Fdocker.sock/v1.21/containers/json?filters=%7B%22status%22%3A%5B%22running%22%5D%7D&limit=0": dial unix /var/run/docker.sock: connect: permission denied
Additional info
My setup worked perfectly till the update form 29. Oktober.
All other services (portainer, traefik, watchtower) have no issue with accessing docker.sock.
I don't have a root user. I use sudo. Telegraf is started by docker-compose up -d in "sudo su" mode.
The text was updated successfully, but these errors were encountered: