Hello I am currently unable of properly starting my filebeat process from its container.
My probelm is that when I try to run it filebeat will imidietly exit and give me this error response:
Exiting: error loading config file: config file ("filebeat.yml") must be owned by the user identifier (uid=0) or root
The problem seem to be that when using the volume command
The file in question is assigned some weird permission and locks me out from accessing it even though I have set the user in the container to root.
When checking the permission through the command
ls -l filebeat.yml on the host computer I get:
-rwxrwxrwx 1 zebul zebul 464 Feb 24 13:29 filebeat.yml so everyone should be allowed access to it. Even when I go into the container it says that everyone should have access to it
-rwxrwxrwx 1 filebeat filebeat 464 Feb 24 13:17 filebeat.yml
And before it is suggested I have tried to use chmod, and chown commands to try and change the permission of the file within the filebeat.yml container but I am denied the ability to do it.
I have managed to found a work around to this problem by removing the command
- ./filebeat.yml:/usr/share/filebeat/filebeat.yml" from the docker-compose file then go into the docker container for filebeat, at this point I have full access to the base filebeat.yml, which when using the
ls -l filebeat.yml command give me this response
-rw-r----- 1 root filebeat 315 Feb 5 23:09 filebeat.yml,
This filebeat.yml file comes with the container and be modified it but then I run into another problem, which is that when i try to execute filebeat I get the response
Exiting: data path already locked by another beat.
To my knowledge I am only running a single instance of beat which is the filebeat instance, I can only assume that I get this because I use the docker-compose to create the container from the image, but because I can't give it the correct filebeat.yml file right away I have to then use the command
docker exec -it filebeat bash to get access to bash within the filebeat container. My assumption is thus that when using the
docker exec command I am creating another instance of the filebeat container.
This is the docker-compose file I am using for starting the ELK-stack.
version: '3' services: elasticsearch: image: docker.elastic.co/elasticsearch/elasticsearch:7.6.0 container_name: elasticsearch environment: #- cluster.name=elastic-cluster #- bootstrap.memory_lock=true # along with the memlock settings below, disables swapping #- "ES_JAVA_OPTS=-Xms512m -Xmx512m" # minimum and maximum Java heap size, recommend setting both to 50% of system RAM - "discovery.type=single-node" ulimits: nofile: soft: 65536 hard: 65536 memlock: soft: -1 hard: -1 volumes: - elastic-data:/usr/share/elasticsearch/data ports: - 9200:9200 - 9600:9600 # required for Performance Analyzer expose: - "9200" networks: - elastic-net kibana: depends_on: - "elasticsearch" image: docker.elastic.co/kibana/kibana:7.6.0 container_name: kibana ports: - 5601:5601 expose: - "5601" environment: ELASTICSEARCH_URL: http://elasticsearch:9200 networks: - elastic-net filebeat: depends_on: - "elasticsearch" image: docker.elastic.co/beats/filebeat:7.6.0 container_name: filebeat user: root volumes: - "./filebeat.yml:/usr/share/filebeat/filebeat.yml" - "./test.json:/usr/share/filebeat/sample.json" - "/var/lib/docker/containers:/usr/share/filebeat/dockerlogs:ro" - "/var/run/docker.sock:/var/run/docker.sock" environment: - filebeat networks: - elastic-net volumes: elastic-data: networks: elastic-net: driver: bridge
For the entirety of the ELK-stack I am using the docker images version 7.6.0