Filebeat Docker Container can't read host log files due to permissions

Elastic Stack Beats
1

Trying to setup an ELK:6.0.1 stack and *beat:6.0.1 via CentOS 7, Docker 17.09, & Rancher 1.6.12 for a presentation I'm giving this week at a DevOps MeetUp. Am trying to set everything up without having to create custom images or mounting custom config files like I usually have to.

Using the following guides:


https://www.elastic.co/guide/en/beats/filebeat/6.0/running-on-docker.html
https://www.elastic.co/guide/en/beats/filebeat/6.0/configuration-filebeat-modules.html

My docker-compose section:
filebeat:
image: docker.elastic.co/beats/filebeat:6.0.1
environment:
output.logstash.hosts: '["logstash:5044"]'
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/log:/mnt/log:ro
command:
- -e
- --modules
- system
labels:
io.rancher.container.hostname_override: container_name
io.rancher.container.pull_image: always
io.rancher.scheduler.global: 'true'

From the containers default prospector file:

  • input_type: log
    paths:
    • /mnt/log/*.log

When I look at the container logs I'm seeing:
12/9/2017 6:33:19 PM2017/12/10 00:33:19.608840 prospector.go:426: ERR Harvester could not be started on new file: /mnt/log/boot.log, Err: Error setting up harvester: Harvester setup failed. Unexpected file opening error: Failed opening /mnt/log/boot.log: open /mnt/log/boot.log: permission denied
12/9/2017 6:33:19 PM2017/12/10 00:33:19.608958 prospector.go:426: ERR Harvester could not be started on new file: /mnt/log/yum.log, Err: Error setting up harvester: Harvester setup failed. Unexpected file opening error: Failed opening /mnt/log/yum.log: open /mnt/log/yum.log: permission denied
12/9/2017 6:33:29 PM2017/12/10 00:33:29.609752 prospector.go:426: ERR Harvester could not be started on new file: /mnt/log/boot.log, Err: Error setting up harvester: Harvester setup failed. Unexpected file opening error: Failed opening /mnt/log/boot.log: open /mnt/log/boot.log: permission denied
12/9/2017 6:33:29 PM2017/12/10 00:33:29.609887 prospector.go:426: ERR Harvester could not be started on new file: /mnt/log/yum.log, Err: Error setting up harvester: Harvester setup failed. Unexpected file opening error: Failed opening /mnt/log/yum.log: open /mnt/log/yum.log: permission denied

Without rebuilding the filebeat image and setting the user to root how can I give the container access to the log files owned by root? I've already set the container to privileged mode in Rancher and that didn't help.

2

That's a good approach :slight_smile:

So far I've been setting user to root, when using plain Docker you can use --user flag. How are you launching it with Rancher?, probably it has a similar parameter you can pass.

Best regards

3

Sorry, I just saw you are using docker-compose, just pass the user: root field

1 Like
4

Ok, thanks...i'll try adding that.

5

That worked...thanks again.

6

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.