How to limit ACL permissions for the scraping user

[jaisharma639]

Describe the problem I understand that while creating the user via ACL SETUSER command, we're free to choose the permissions the user should have. But when I do so, I get errors of the following sort:

Apr 02 14:08:05 <hostname> grafana-agent[xxxx]: time="2024-04-02T14:08:05Z" level=error msg="Couldn't set client name, err: NOPERM this user has no permissions to run the 'client' command or its subcommand"

I can just ignore the errors but they'd end up in the log backend. Is there a way I can just selectively choose few permissions and still not get any errors? Possible to toggle few configs/metrics off which I don't need?

What version of redis_exporter are you running? Please run redis_exporter --version if you're not sure what version you're running.

• [ ] 0.3x.x
• [x] 1.x.x

Running the exporter Running it via grafana agent flow component

Screenshots NA

Additional context na

[oliver006]

I personally have not used ACLs with the exporter so unfortunately I won't be of much use here.

Leaving this open in case anyone else sees this and has advice for you.

[joostdebruijn]

Hi @jaisharma639,

I'm running it with the following permissions without problems:

-@all +@connection +memory -readonly +strlen +config|get +xinfo +pfcount -quit +zcard +type +xlen -readwrite -command +client -wait +scard +llen +hlen +get +eval +slowlog +cluster|info -hello -echo +info +latency +scan -reset -auth -asking

For monitoring Sentinels, you need a different set of permissions. See: #918.

[oliver006]

Thanks @joostdebruijn - that's super helpful. Any chance you could add that to the README and I'll review/merge the PR? If not no worries and I'll try to get to it at some point.