fluent-bit-docker-image icon indicating copy to clipboard operation
fluent-bit-docker-image copied to clipboard
verified publisher icon fluent

fluent-bit can't run as a different user

Open rayjlinden opened this issue 5 years ago • 2 comments

When I try to run the docker image as a different user I get the following error:

[2020/06/12 08:24:17] [error] [storage] [chunkio] cannot initialize root path /var/log/flb-storage

I want to do this because my output is to a file. I then mount a dir I'd like the file to be written to. However, because the container runs as root the log files get written as root.

I'd like the log files to be written as my UID and GID.

I've been able to do this with other packages. How can I do this with fluent-bit?

rayjlinden avatar Jun 12 '20 08:06 rayjlinden

I figured out a solution to this:

fluentbit:
  image: docker.io/fluent/fluent-bit:1.4-debug
  user: ${UID}:${GID}
  ports:
    - 24224:24224
  volumes:
    - ./configs/fluent/fluent-bit.conf:/fluent-bit/etc/fluent-bit.conf:ro
    - ./logs:/app/logs
    - ./configs/fluent/fluent-store:/var/log/flb-storage

By mounting a directory already created with the right UID and mount it at /var/log/flb-storage then fluent-bit will launch with the given user and appears to work correctly.

A reasonable solution in this case might be if you just chmod the directory flb-storage to 777. That way things would work no matter what user the container was run with. (I wanted to do that myself with an entry point script until I discovered there was no shell!!!)

BTW, this is the first time I ran across a DISTROLESS built container. Kind of cool - but a major pain in the ass for debugging. Could you guys maybe build a normal ubuntu based docker image as well? Small is nice and all but most of us would rather work with containers that are USEFUL.

rayjlinden avatar Jun 13 '20 06:06 rayjlinden

I figured out a solution to this:

fluentbit:
  image: docker.io/fluent/fluent-bit:1.4-debug
  user: ${UID}:${GID}
  ports:
    - 24224:24224
  volumes:
    - ./configs/fluent/fluent-bit.conf:/fluent-bit/etc/fluent-bit.conf:ro
    - ./logs:/app/logs
    - ./configs/fluent/fluent-store:/var/log/flb-storage

By mounting a directory already created with the right UID and mount it at /var/log/flb-storage then fluent-bit will launch with the given user and appears to work correctly.

A reasonable solution in this case might be if you just chmod the directory flb-storage to 777. That way things would work no matter what user the container was run with. (I wanted to do that myself with an entry point script until I discovered there was no shell!!!)

BTW, this is the first time I ran across a DISTROLESS built container. Kind of cool - but a major pain in the ass for debugging. Could you guys maybe build a normal ubuntu based docker image as well? Small is nice and all but most of us would rather work with containers that are USEFUL.

For anyone reading this, you can use the builds marked with "-debug". Example: fluent/fluent-bit:2.0.6-debug these images will have a shell you can exec into

NicolaiLolansen avatar Dec 19 '22 10:12 NicolaiLolansen