Skip to content
This repository has been archived by the owner on Apr 24, 2023. It is now read-only.

fluent-bit can't run as a different user #33

Open
rayjlinden opened this issue Jun 12, 2020 · 2 comments
Open

fluent-bit can't run as a different user #33

rayjlinden opened this issue Jun 12, 2020 · 2 comments

Comments

@rayjlinden
Copy link

When I try to run the docker image as a different user I get the following error:

[2020/06/12 08:24:17] [error] [storage] [chunkio] cannot initialize root path /var/log/flb-storage

I want to do this because my output is to a file. I then mount a dir I'd like the file to be written to.
However, because the container runs as root the log files get written as root.

I'd like the log files to be written as my UID and GID.

I've been able to do this with other packages. How can I do this with fluent-bit?
@rayjlinden
Copy link
Author

I figured out a solution to this:

fluentbit:
  image: docker.io/fluent/fluent-bit:1.4-debug
  user: ${UID}:${GID}
  ports:
    - 24224:24224
  volumes:
    - ./configs/fluent/fluent-bit.conf:/fluent-bit/etc/fluent-bit.conf:ro
    - ./logs:/app/logs
    - ./configs/fluent/fluent-store:/var/log/flb-storage

By mounting a directory already created with the right UID and mount it at /var/log/flb-storage then fluent-bit will launch with the given user and appears to work correctly.

A reasonable solution in this case might be if you just chmod the directory flb-storage to 777. That way things would work no matter what user the container was run with. (I wanted to do that myself with an entry point script until I discovered there was no shell!!!)

BTW, this is the first time I ran across a DISTROLESS built container. Kind of cool - but a major pain in the ass for debugging. Could you guys maybe build a normal ubuntu based docker image as well? Small is nice and all but most of us would rather work with containers that are USEFUL.

@NicolaiLolansen
Copy link

I figured out a solution to this:

fluentbit:
  image: docker.io/fluent/fluent-bit:1.4-debug
  user: ${UID}:${GID}
  ports:
    - 24224:24224
  volumes:
    - ./configs/fluent/fluent-bit.conf:/fluent-bit/etc/fluent-bit.conf:ro
    - ./logs:/app/logs
    - ./configs/fluent/fluent-store:/var/log/flb-storage

By mounting a directory already created with the right UID and mount it at /var/log/flb-storage then fluent-bit will launch with the given user and appears to work correctly.

A reasonable solution in this case might be if you just chmod the directory flb-storage to 777. That way things would work no matter what user the container was run with. (I wanted to do that myself with an entry point script until I discovered there was no shell!!!)

BTW, this is the first time I ran across a DISTROLESS built container. Kind of cool - but a major pain in the ass for debugging. Could you guys maybe build a normal ubuntu based docker image as well? Small is nice and all but most of us would rather work with containers that are USEFUL.

For anyone reading this, you can use the builds marked with "-debug". Example: fluent/fluent-bit:2.0.6-debug these images will have a shell you can exec into

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@NicolaiLolansen @rayjlinden