search

grafana / alloy

OpenTelemetry Collector distribution with programmable pipelines
https://grafana.com/oss/alloy
Apache License 2.0
1.33k stars 182 forks source link

Docs feedback: Document proper permissions for running cAdvisor #990

Open jmgilman opened 4 months ago

jmgilman commented 4 months ago

URL

https://grafana.com/docs/alloy/latest/reference/components/prometheus.exporter.cadvisor/

Feedback

The documentation fails to mention that the default installation of Alloy is unlikely to have the proper permissions to run cAdvisor correctly. After configuring the cAdvisor component on a fresh Ubuntu 22.04 system with Docker CE installed, the following error is generated:

Jun 06 01:25:35 dbsync alloy[17021]: ts=2024-06-05T23:25:35.921854424Z level=error msg="Failed to create existing container: /system.slice/docker-f9cf9c3bf054a2b0e16b26271ba1b8b7b4df829f5584dcdfbee20df0304e7e9b.scope: failed to identify the read-write layer ID for container \"f9cf9c3bf054a2b0e16b26271ba1b8b7b4df829f5584dcdfbee20df0304e7e9b\". - open /var/lib/docker/image/overlay2/layerdb/mounts/f9cf9c3bf054a2b0e16b26271ba1b8b7b4df829f5584dcdfbee20df0304e7e9b/mount-id: permission denied" component_path=/ component_id=prometheus.exporter.cadvisor.integrations_cadvisor func=Errorf

I tried adding the default alloy user to the docker group but the error persists. At this point, I am unsure of what additional permissions are needed beyond running the service as root. Can I please get clarification on how to run this component?

github-actions[bot] commented 3 months ago

This issue has not had any activity in the past 30 days, so the needs-attention label has been added to it. If the opened issue is a bug, check to see if a newer release fixed your issue. If it is no longer relevant, please feel free to close this issue. The needs-attention label signals to maintainers that something has fallen through the cracks. No action is needed by you; your issue will be kept open and you do not have to respond to this comment. The label will be removed the next time this job runs if there is new activity. Thank you for your contributions!

SerheoReutty commented 2 months ago

Hello! Please, tell me! Did you solve the problem? I just ran into the same problem and can't find a solution.

k4nzdroid commented 2 months ago

I got the same problem with Docker 24.0.2 and Grafana Alloy v1.3.0 on Ubuntu 18.04.4 LTS.

After modifying the User=, the problem was soleved.

# systemctl edit alloy.service
[Service]
User=root

Before that, I tried to adduser alloy root, but it doesn't work.

The docker folder is not allowed to be read by non-owners:

# ls -l /var/lib/ | grep -E 'docker|snapd'
drwx--x--- 12 root               root          4096 Jul 18 16:41 docker
drwxr-xr-x 23 root               root          4096 Aug  6 22:46 snapd

# sudo -u alloy ls /var/lib/snapd/
apparmor    auto-import  cgroup  dbus-1   device       features   hostfs   lib    seccomp   snaps  state.json  system-key
assertions  cache        cookie  desktop  environment  firstboot  inhibit  mount  sequence  ssl    state.lock  void

# sudo -u alloy ls /var/lib/docker/
ls: cannot open directory '/var/lib/docker/': Permission denied