Running Logstash in a Docker container: data directory permissions

espogian · June 7, 2018, 4:02pm

Hello, I'm trying to run a Docker container with this setup:

docker run --name logstash6 -d -v /srv/logstash6/pipeline/:/usr/share/logstash/pipeline/ -v /srv/logstash6/data/:/usr/share/logstash/data/ docker.elastic.co/logstash/logstash-oss:6.2.4

My problem is that Logstash is exiting with the following error:

[FATAL][logstash.runner          ] An unexpected error occurred! {:error=>#<ArgumentError: Path "/usr/share/logstash/data" must be a writable directory. It is not writable.>

I have already set 644/755 permissions on /srv/logstash6/data directory

What am I doing wrong?

magnusbaeck · June 10, 2018, 8:21pm

Who's the owner of /srv/logstash6/data? What user is Logstash running as inside the container?

espogian · June 11, 2018, 5:29am

Hi @magnusbaeck,

usually for Elasticsearch Docker container, i set a data directory to achieve persistency and the owner is root with file/folder permissions set to 755/644, and the thing works. Somehow Docker manages to automatically change the ownership of the folder.
For Logstash, I set 755/644 as well, but the container seems to be unable to write in the folder. The ownership remains for root.

I managed to make the whole thing work using a folder inside the home of the user who launches the docker run command (e.g. ~/logstash/data/), but I'm still confused how the whole thing works.

For the moment, my best practice seems to be to put all ELK containers folders inside ~/
But I would like to understand how you need to set file/folder ownership and permissions for another system folder, like /srv/* in order to make the think working always

Thank you!

magnusbaeck · June 11, 2018, 5:53am

I repeat: What user is Logstash running as inside the container?

espogian · June 11, 2018, 6:27am

The user Logstash is running inside the container is logstash
Currently, the container is able to write files to the host folder /home/user/logstash/data/ which has the following permissions:

drwxr-xr-x 5 user user 4096 Jun  8 11:34 data/

But the container would not work with a host folder owned by root, e.g. /srv/logstash/data/

drwxr-xr-x 2 root root 4096 Jun  7 14:01 data/

Thank you

magnusbaeck · June 11, 2018, 7:01am

What's the uid of "user"? What's the uid of "logstash" in the Logstash container?

espogian · June 11, 2018, 8:05pm

Both logstash and user have the same uid, 1000.
I would like to understand how to set file and folder permissions when user has a uid different than logstash.
Thank you

magnusbaeck · June 12, 2018, 6:04am

Both logstash and user have the same uid, 1000.

As I suspected. That's why it happens to work when you mount directories from your home directory.

I would like to understand how to set file and folder permissions when user has a uid different than logstash.

The directory you mount needs to be writable to the logstash user with uid 1000. So, a chown operation on /srv/logstash/data/ or whatever directory you want to use should solve the problem.

espogian · June 12, 2018, 12:25pm

Do you think another option would be changing uid of the logstash user inside the container with the docker run --user 1001 option?

Thank you

magnusbaeck · June 12, 2018, 12:58pm

Yeah, that probably works.

espogian · June 12, 2018, 1:56pm

Thank you for your time, this discussion has been really helpful to me (and I hope for others as well).

system · July 10, 2018, 1:56pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.