-
Notifications
You must be signed in to change notification settings - Fork 934
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
prometheus: Unable to create mmap-ed active query log #21
Comments
component=activeQueryTracker msg="Error opening query log file" file=data/queries.active err="open data/queries.active: permission denied" I installed prometheus using helm last week and the problem still exists. How to resolve this issue? |
Can you post here the init container logs?
|
I am running into the same problem: level=info ts=2019-12-02T13:07:43.871Z caller=main.go:296 msg="no time or size retention was set so using the default time retention" duration=15d goroutine 1 [running]: |
@thomaslange24 can you post the helm chart version and the init container logs. The command to print the logs is posted above |
i did not use helm for this |
i install prometheus with helm 3 - and it not work `kubectl logs prometheus-1575844324-server-6899f6b7fd-wk2r4 prometheus-server goroutine 1 [running]: |
The same problem, level=info ts=2019-12-16T23:26:38.040Z caller=main.go:332 msg="Starting Prometheus" version="(version=2.13.1, branch=HEAD, revision=6f92ce56053866194ae5937012c1bec40f1dd1d9)" goroutine 1 [running]: |
I have installed prometheus with helm 3 and faced with the same permission issue
|
Hi, I came across the same issue today and I got a solution to it. The error : The Solution :
Thanks to this Medium article which I used to solve the permission issue : https://medium.com/faun/digitalocean-kubernetes-and-volume-permissions-820f46598965 |
Today I tried your solution @vijay-jindal on my EKS (v1.15) and Prometheus server and it did not work. I am using aws-efs-csi-driver and I still have the message |
Hi @khdevel , The above solution worked for me. Please make sure you have made the right volume mounts and also the names of the volume mounts are mapped properly. |
I believe you @vijay-jindal but in my case I even tried to use very trivial example from aws-efs-csi-driver/examples/kubernetes/multiple_pods/specs. I have changed the
I think I am sure that everything seems to be fine... I did not set any special permissions at my AWS EFS. Could you take a look on my case... just briefly. Thank you! |
@khdevel , I went through your pod2.yaml file. You only have 2 busybox containers. Where is the Prometheus container which has the data directory. The error message that you put in the first comment is about "chmod : /data: operation not permitted" , which means, you are not able to run chmod itself. |
Thank you @vijay-jindal for your time. Regarding the Where is the Prometheus container... in my example - there is no, because that was only an example how I try to force the permission change via some busybox. But the idea is the same as in my Prometheus Chart. I found the problem and indeed your code works but... in my case does not, because for my Prometheus Pods, I have a securityContext as follow
and it sets this for all the Pods, even for the initContainer - Set the security context for a Pod
The AWS EFS resource by default has the permission 0755 root:root for their mounts, so any noonRoot user (like 65534) cannot change it. To handle it I added the securityContext with uid and guid equal 0 for my
|
@khdevel glad to know you solved it. I too had certain doubts with security context, but didn't think that itself could be the whole issue. |
### Motivation As seen below, there is a fix for one of the Grafana dashboards that are currently broken in this project (available since version 0.0.5): - [The Pulsar-topics metrics can't load in Grafana](streamnative/charts#49) Additionally, upgrading Prometheus to the latest version improves performance as seen here: https://prometheus.io/blog/2017/11/08/announcing-prometheus-2-0 ### Modifications Bring Docker images to their most up-to-date version (streamnative/apache-pulsar-grafana-dashboard-k8s:0.0.6, prom/prometheus:v2.17.2) to fix the following issues: - streamnative/charts#49 <- fixes Pulsar-topics metrics failure to load - prometheus/prometheus#2859 <- prevent escalation vulnerabilities by defaulting to the ```nobody``` user **Note**: upgrading to the latest version of Prometheus (currently v2.17.2) caused the pod to fail with the following error: ```open /prometheus/queries.active: permission denied```. In order to fix this issue I followed the instructions from these 2 comments: - [Permission denied UID/GID solution](prometheus/prometheus#5976 (comment)) - [Unable to create mmap-ed active query log securityContext fix](aws/eks-charts#21 (comment)) ### Verifying this change - [x] Make sure that the change passes the CI checks.
I had to |
for stable/prometheus-operator replace in values.yaml initConatiners: [] by the following initContainers:
- name: set-data-dir-ownership
image: alpine:3
command:
- chown
- -R
- 65534:655b34
- /mnt
volumeMounts:
- name: prometheus-promethus-prometheus-opera-prometheus-db
mountPath: /mnt
subPath: /prometheus
|
If using kube-prometheus helm chart, one needs to adapt the securityContext in values.yaml like this and create a PV:
|
Just change the securityContext,
|
level=info ts=2021-08-10T08:38:15.183Z caller=main.go:389 msg="No time or size retention was set so using the default time retention" duration=15d I am using wmi exporter. How can I fix this error? |
I solved it by creating the volume assigned in the file. |
For <ReleaseSet>{name: "prometheus.prometheusSpec.securityContext.runAsUser", value: "65534"},
<ReleaseSet>{name: "prometheus.prometheusSpec.securityContext.runAsGroup", value: "65534"},
<ReleaseSet>{name: "prometheus.prometheusSpec.securityContext.fsGroup", value: "65534"},
<ReleaseSet>{name: "prometheus.prometheusSpec.securityContext.runAsNonRoot", value: "true"},
<ReleaseSet>{name: "prometheus.prometheusSpec.initContainers[0].name", value: "fix-volume-permissions"},
<ReleaseSet>{name: "prometheus.prometheusSpec.initContainers[0].image", value: "busybox"},
<ReleaseSet>{name: "prometheus.prometheusSpec.initContainers[0].command[0]", value: "/bin/chown"},
<ReleaseSet>{name: "prometheus.prometheusSpec.initContainers[0].command[1]", value: "-R"},
<ReleaseSet>{name: "prometheus.prometheusSpec.initContainers[0].command[2]", value: "65534:65534"},
<ReleaseSet>{name: "prometheus.prometheusSpec.initContainers[0].command[3]", value: "/volume"},
<ReleaseSet>{name: "prometheus.prometheusSpec.initContainers[0].volumeMounts[0].name", value: "prometheus-kube-prometheus-stack-prometheus-db"},
<ReleaseSet>{name: "prometheus.prometheusSpec.initContainers[0].volumeMounts[0].mountPath", value: "/volume"},
<ReleaseSet>{name: "prometheus.prometheusSpec.initContainers[0].securityContext.runAsGroup", value: "0"},
<ReleaseSet>{name: "prometheus.prometheusSpec.initContainers[0].securityContext.runAsNonRoot", value: "false"},
<ReleaseSet>{name: "prometheus.prometheusSpec.initContainers[0].securityContext.runAsUser", value: "0"}, |
ts=2024-03-04T09:02:26.024Z caller=main.go:509 level=warn deprecation_notice="'storage.tsdb.retention' flag is deprecated use 'storage.tsdb.retention.time' instead." goroutine 1 [running]: What are the possible reasons for this situation? |
hello,
I'm experiencing this issue while trying to run
eks/appmesh-prometheus
prometheus/prometheus#5976
I've installed with:
The text was updated successfully, but these errors were encountered: