Filebeat in docker, permission denied when trying to place registry on the host

Elastic Stack Beats
,
1

I would like to move the registry outside the filebeat folder, to be able to easy kill it.
I have this config file:

  filebeat_for_dmarc:
    image: docker.elastic.co/beats/filebeat:${STACK_VERSION}
    container_name: filebeat_for_dmarc
    mem_limit: 1073741824
    depends_on:
      logstash
    volumes:
      - ./dmarc/dmarclogs:/dmarclogs
      - ./dmarc/filebeat.docker.yml:/usr/share/filebeat/filebeat.yml:ro
      - ./dmarc/registry:/usr/share/filebeat/data/registry/filebeat
    depends_on:
      - logstash

The ./dmarc/dmarclogs folder works, but the ./dmarc/registry does not? I get this error

ERROR   instance/beat.go:1014   Exiting: failed to open store 'filebeat': open /usr/share/filebeat/data/registry/filebeat/meta.json: no such file or directory
filebeat_for_dmarc    | Exiting: failed to open store 'filebeat': open /usr/share/filebeat/data/registry/filebeat/meta.json: no such file or directory

I have the folder registry under the dmarc folder.
It has the same rights as the dmarclogs
I've temporarily disabled SELinux

Why can't I get this to work?

2

Hey @fribse,

I think that by seeing the registry directory Filebeat believes that there is an existing registry, and it fails when trying to load it.

Instead of mounting only the registry directory, try mounting the whole data directory.

Something like this:

  filebeat_for_dmarc:
    image: docker.elastic.co/beats/filebeat:${STACK_VERSION}
    container_name: filebeat_for_dmarc
    mem_limit: 1073741824
    depends_on:
      logstash
    volumes:
      - ./dmarc/dmarclogs:/dmarclogs
      - ./dmarc/filebeat.docker.yml:/usr/share/filebeat/filebeat.yml:ro
      - ./dmarc/filebeat-data:/usr/share/filebeat/data
    depends_on:
      - logstash
3

Yeah, I had that idea as well, but I still get an error:

filebeat_for_dmarc    | 2023-08-01T07:33:28.207Z        INFO    instance/beat.go:685    Home path: [/usr/share/filebeat] Config path: [/usr/share/filebeat] Data path: [/usr/share/filebeat/data] Logs path: [/usr/share/filebeat/logs] Hostfs Path: [/]
filebeat_for_dmarc    | 2023-08-01T07:33:28.208Z        ERROR   instance/beat.go:1014   Exiting: Failed to create Beat meta file: open /usr/share/filebeat/data/meta.json.new: permission denied
filebeat_for_dmarc    | Exiting: Failed to create Beat meta file: open /usr/share/filebeat/data/meta.json.new: permission denied
filebeat_for_dmarc exited with code 1

I just did an experiment, just to check for filerights. I deleted the 'registry' folder on the host, and docker created it without problems.
So at least now I know it's not a host rights issue.

4

Could it be there is a limit in filebeat for the registry that it will not allow it to be outside the container on the host?

5

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.