sorry .. also tried changing the permissions which changed nothing... ``` # chmod +r /var/run/docker.sock # ls -la /var/run/docker.sock srw-rw-r--. 1 root docker 0 Nov 15 20:12 /var/run/docker.sock # docker service update --force monitor_private ```
On Sunday, November 15, 2020 at 9:20:07 PM UTC+1 Carlos Colaço wrote: > Hi all .. Having the same issue... > > https://github.com/prometheus/prometheus/issues/8185 > > > Also don't think changing permissions on docker sock is a good option .. > that way you are giving permissions to anyone to access it and that is > something not desirable ... > > What i also tried to do instead ... since prometheus runs as Nobody ( uid: > 65534 ) ... i added it to the Docker group which changed nothing =/ > > Any hints or solutions for this? driving me crazy trying different > approaches and solutions.. nothing seems to work ... > > On Tuesday, August 11, 2020 at 7:03:12 AM UTC+2 [email protected] wrote: > >> Thanks Julien and Tom, >> >> I got the problem which i was facing, actually when we change the >> permissions to read-write for docker.sock, permissions are only changed >> till the docker daemon or docker service is restarted. Once the >> docker/daemon is restarted then the permissions for docker sock changes >> back to the original one. >> >> Is there any way using which we can make permanent changes for the >> permission of docker.sock or do we need to file a issue for the same, as >> docker/daemon might be restarted for various reasons >> >> >> ? >> >> On Monday, 10 August 2020 12:40:17 UTC+5:30, Umang Goel wrote: >>> >>> Hello Julien, >>> >>> group_add is not allowed in docker swarm. Do you have any other >>> workaround for this? >>> >>> -- >>> Umang >>> >>> On Monday, 10 August 2020 12:20:51 UTC+5:30, Julien Pivotto wrote: >>>> >>>> >>>> Can you use: >>>> >>>> --group-add docker? >>>> >>>> or in compose v2 file: >>>> >>>> version: "2.4" >>>> services: >>>> prometheus: >>>> group_add: >>>> - docker >>>> >>>> >>>> On 09 Aug 22:48, Umang Goel wrote: >>>> > ls -l /var/run/docker.sock >>>> > >>>> > - srwxrw-rw- 1 root docker 0 Aug 7 11:31 /var/run/docker.sock >>>> after >>>> > making changes as per Tom, >>>> > >>>> > On Sunday, 9 August 2020 02:16:28 UTC+5:30, Julien Pivotto wrote: >>>> > > >>>> > > On 07 Aug 04:36, Umang Goel wrote: >>>> > > > Hello Tom, >>>> > > > >>>> > > > Even this is not working, I am still facing the same issue. Can >>>> you help >>>> > > me >>>> > > > how did you implement it. >>>> > > >>>> > > >>>> > > What are you current permissions on the /var/run/docker.sock ? >>>> > > >>>> > > ls -l /var/run/docker.sock >>>> > > >>>> > > > >>>> > > > On Friday, 7 August 2020 16:47:23 UTC+5:30, Tom Kun wrote: >>>> > > > > >>>> > > > > Hello Umang, >>>> > > > > >>>> > > > > What are you current permissions on the /var/run/docker.sock ? >>>> > > > > >>>> > > > > I faced the same issue, and to start and no rebuild the >>>> Prometheus >>>> > > image >>>> > > > > with the appropriate user. >>>> > > > > I put the rights to read and write the docker.socket. >>>> > > > > >>>> > > > > sudo chmod 766 /var/run/docker.sock >>>> > > > > >>>> > > > > I hope this gonna help you. >>>> > > > > >>>> > > > > >>>> > > > > On Friday, 7 August 2020 11:59:32 UTC+2, Umang Goel wrote: >>>> > > > >> >>>> > > > >> Hello Community, >>>> > > > >> >>>> > > > >> I tired using Docker Swarm Service Discovery in prometheus, >>>> but >>>> > > facing >>>> > > > >> problems using it. I followed the docker swarm support >>>> documentation >>>> > > > >> <https://prometheus.io/docs/guides/dockerswarm/>. Created a >>>> > > daemon.json >>>> > > > >> file and mounted /var/run/docker.sock in prometheus container. >>>> > > Container is >>>> > > > >> giving permission denied error as prometheus is running as >>>> nobody and >>>> > > > >> doesn't have access to mounted /var/run/docker.sock. Below is >>>> my >>>> > > > >> prometheus.yml. >>>> > > > >> Prometheus Version : v2.20.1 >>>> > > > >> >>>> > > > >> prometheus: >>>> > > > >> image: prom/prometheus >>>> > > > >> networks: >>>> > > > >> - monitor >>>> > > > >> ports: >>>> > > > >> - "9090:9090" >>>> > > > >> command: >>>> > > > >> - '--config.file=/etc/prometheus/prometheus.yml' >>>> > > > >> - '--storage.tsdb.path=/prometheus' >>>> > > > >> - >>>> '--storage.tsdb.retention=${PROMETHEUS_RETENTION:-24h}' >>>> > > > >> volumes: >>>> > > > >> - prometheus:/prometheus >>>> > > > >> - /home/efs/devops/dsm:/etc/prometheus:ro >>>> > > > >> - /var/run/docker.sock:/var/run/docker.sock:ro >>>> > > > >> deploy: >>>> > > > >> mode: replicated >>>> > > > >> replicas: 1 >>>> > > > >> resources: >>>> > > > >> limits: >>>> > > > >> memory: 1024M >>>> > > > >> reservations: >>>> > > > >> memory: 128M >>>> > > > >> >>>> > > > >> Prometheus.yml >>>> > > > >> >>>> > > > >> scrape_configs: >>>> > > > >> - job_name: 'docker' >>>> > > > >> dockerswarm_sd_configs: >>>> > > > >> - host: unix:///var/run/docker.sock >>>> > > > >> role: nodes >>>> > > > >> >>>> > > > >> Error: >>>> > > > >> [email protected] >>>> <javascript:> | >>>> > > level=error >>>> > > > >> ts=2020-08-06T07:21:19.106Z caller=refresh.go:98 >>>> component="discovery >>>> > > > >> manager scrape" discovery=dockerswarm msg="Unable to refresh >>>> target >>>> > > groups" >>>> > > > >> err="error while listing swarm nodes: Got permission denied >>>> while >>>> > > trying to >>>> > > > >> connect to the Docker daemon socket at >>>> unix:///var/run/docker.sock: >>>> > > Get >>>> > > > >> \"http://%2Fvar%2Frun%2Fdocker.sock/v1.24/nodes\": dial unix >>>> > > > >> /var/run/docker.sock: connect: permission denied >>>> > > > >> >>>> > > > > >>>> > > > >>>> > > > -- >>>> > > > You received this message because you are subscribed to the >>>> Google >>>> > > Groups "Prometheus Users" group. >>>> > > > To unsubscribe from this group and stop receiving emails from it, >>>> send >>>> > > an email to [email protected] <javascript:>. >>>> > > > To view this discussion on the web visit >>>> > > >>>> https://groups.google.com/d/msgid/prometheus-users/e5e55a73-7cc1-4c0c-99e3-0a09270df62bo%40googlegroups.com. >>>> >>>> >>>> > > >>>> > > >>>> > > >>>> > > -- >>>> > > Julien Pivotto >>>> > > @roidelapluie >>>> > > >>>> > >>>> > -- >>>> > You received this message because you are subscribed to the Google >>>> Groups "Prometheus Users" group. >>>> > To unsubscribe from this group and stop receiving emails from it, >>>> send an email to [email protected]. >>>> > To view this discussion on the web visit >>>> https://groups.google.com/d/msgid/prometheus-users/e5614621-f57a-466e-befd-269bf77d69c8o%40googlegroups.com. >>>> >>>> >>>> >>>> >>>> -- >>>> Julien Pivotto >>>> @roidelapluie >>>> >>> -- You received this message because you are subscribed to the Google Groups "Prometheus Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/prometheus-users/e058c64f-3db4-45c2-9550-c8db557d2a2cn%40googlegroups.com.
