Logstash docker java port <1024 issue


(marchal) #1

Hello,

Contexte:
CentOS7
docker-CE
Logstash official image: docker.elastic.co/logstash/logstash:5.5.0
SE Linux disabled

When Starting Logstash container with input TCP port < 1024, I have the following error:

[2017-07-21T14:57:25,371][INFO ][logstash.inputs.tcp ] Starting tcp input listener {:address=>"0.0.0.0:514"}

[2017-07-21T14:57:25,377][ERROR][logstash.pipeline ] Error registering plugin {:plugin=>"<LogStash::Inputs::Tcp port=>514, add_field=>{"techno"=>"default"}, id=>"c7244feabb69f19ed5f6051d5fe01ba599eb5490-1", enable_metric=>true, codec=><LogStash::Codecs::Line id=>"line_4993336d-a5ed-40dd-81f3-0584fc95228a", enable_metric=>true, charset=>"UTF-8", delimiter=>"\n">, host=>"0.0.0.0", data_timeout=>-1, mode=>"server", proxy_protocol=>false, ssl_enable=>false, ssl_verify=>true, ssl_key_passphrase=>>", :error=>"Permission denied - bind(2)"}

[2017-07-21T14:57:25,401][ERROR][logstash.agent ] Pipeline aborted due to error {:exception=>#<Errno::EACCES: Permission denied - bind(2)>, :backtrace=>["org/jruby/ext/socket/RubyTCPServer.java:124:in initialize'", "org/jruby/RubyIO.java:871:innew'", "/usr/share/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-tcp-4.1.2/lib/logstash/inputs/tcp.rb:321:in new_server_socket'", "/usr/share/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-tcp-4.1.2/lib/logstash/inputs/tcp.rb:131:inregister'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:281:in register_plugin'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:292:inregister_plugins'", "org/jruby/RubyArray.java:1613:in each'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:292:inregister_plugins'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:442:in start_inputs'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:336:instart_workers'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:226:in run'", "/usr/share/logstash/logstash-core/lib/logstash/agent.rb:398:instart_pipeline'"]}

I have already fix this issue on other server (without docker) with setcap:
setcap 'cap_net_bind_service=+ep' /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.131-3.b12.el7_3.x86_64/jre/bin/java

But with logstash docker previous command doesn't solve this issue.

When I start an tcp input port > 1024, logstash works.

docker run --rm -it -v ~/settings/logstash.yml:/usr/share/logstash/config/logstash.yml -v ~/pipeline/:/usr/share/logstash/pipeline -p 5514 docker.elastic.co/logstash/logstash:5.5.0

[2017-07-21T15:08:43,885][INFO ][logstash.pipeline ] Starting pipeline {"id"=>"main", "pipeline.workers"=>2, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>5, "pipeline.max_inflight"=>250}
[2017-07-21T15:08:43,897][INFO ][logstash.inputs.tcp ] Starting tcp input listener {:address=>"0.0.0.0:5514"}
[2017-07-21T15:08:43,907][INFO ][logstash.pipeline ] Pipeline main started
[2017-07-21T15:08:43,950][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}

Could you help me please ?
Everyone already solve this issue ?

Thanks in advance,

Adrien


(marchal) #2

--> any solution?

When I start container with root user (--user root) , it works, but i would like to find a proper solution...

Adrien


(pts0) #3

Hi,
Is nothing related to docker or logstash. Is just the way that linux work. All port < 1024 can be allocated only by root.

pts0


(system) #4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.