fluentd-docker-image icon indicating copy to clipboard operation
fluentd-docker-image copied to clipboard

Published 20 hours ago verified publisher icon fluent

No more access to mounted /fluentd/logs folder

Open alexandersm opened this issue 6 years ago • 10 comments

It seems that in the latest fluentd version there is now issue with mount of the host folder to /fluentd/logs

The issue happens on dynamically created EC2 instances in AWS. Docker deployment task definition has the mount point , like /var/log/fluentd/data to /fluentd/logs

During container deployment folder /var/log/fluentd/data is created on the host EC2, but after that there is no enough permissions to write into this folder:

2019-02-10 17:41:55 +0000 [error]: config error file="/fluentd/etc/fluent.conf" error_class=Fluent::ConfigError error="out_file: `/fluentd/log/docker-20190210.log` is not writable"

To fix that we need manually execute something like chmod a+w /var/log/fluentd/data on the host then fluentd starts fine.

It seems that it is due to the latest changes in entrypoint.sh file.

Is it possible to fix it somehow?

alexandersm avatar Feb 10 '19 17:02 alexandersm

To fix that we need manually execute something like chmod a+w /var/log/fluentd/data on the host then fluentd starts fine. Is it possible to fix it somehow?

What the approach do other images take for such cases? Recently, we changed docker image to follow docker way and it removed several terrible approach from docker image. Maybe it causes this problem. We want to know how other images resolve this problem and how ECS handle user mapping.

repeatedly avatar Feb 11 '19 16:02 repeatedly

For all other images we deploy there is no such issue Path created on the host has write permissions for container process.. Another option which exists in ECS tasks is to define user (e.g. roo) but fluentd entrypoint ignores it

alexandersm avatar Feb 13 '19 10:02 alexandersm

Hmm... so ECS doesn't use -u option to change running user?

https://github.com/fluent/fluentd-docker-image#change-running-user

repeatedly avatar Feb 14 '19 01:02 repeatedly

Do you use FLUENTD_UID to set uid?

repeatedly avatar Feb 14 '19 02:02 repeatedly

FLUENTD_UID does not help ( I've tried to set
FLUENTD_UID=0)

But I've tried to specify root user inside ECS container definition, this helps and write operations is allowed to the newly created logs folder. Tested on latest v1.4 version , not sure that it works on earlier versions.

alexandersm avatar Mar 01 '19 16:03 alexandersm

-u option to change user does not work. FLUENTD_UID does not work. Is there no other way than to give 777 permission on folder or adding fluent user on host and chown or building custom image?

cpxPratik avatar May 09 '19 08:05 cpxPratik

" Is there no other way than to give 777 permission on folder or adding fluent user on host and chown or building custom image?"

-u option to change user does not work. FLUENTD_UID does not work. Is there no other way than to give 777 permission on folder or adding fluent user on host and chown or building custom image?

The reply is good for me. But I still want to know if it would change in the official docker image. Have any update on this? many thanks

chesterlai avatar Jan 17 '20 02:01 chesterlai

Are there any updates on this? Or workarounds or alternatives? I'm having the same issue.

chidiwilliams avatar May 28 '20 08:05 chidiwilliams

Are there any updates on this? Or workarounds or alternatives? I'm having the same issue.

I run my fluentd as 'root' inside docker. If you need workaround, you can consider about this. But I don't think it is good.

chesterlai avatar Jun 01 '20 02:06 chesterlai