1. Describe your incident:
I am trying to configure a docker-compose file to run graylog as a specific user in linux mint as I have changed the storage directory for /usr/share/graylog/data
in order to persist the files in the host OS it is /opt/config/graylog_data
Unfortunately nothing I have tried has worked the graylog container doesn’t seem to have privileges to write to its own docker volume stored files however I do have permission for my configured /usr/share/graylog/data
directory (For some reason it successfully created all the required folders in /usr/share/graylog/data
but fails to create ‘config/graylog.conf’ I had to manually create this file then it started throwing the exception trying to create /etc/graylog/server folder)
The docker container logs are currently erroring on creating the following folder
Caused by: IOException: Directory '/etc/graylog/server' could not be created
at FileUtils.openOutputStream(FileUtils.java:361)
at FileUtils.writeStringToFile(FileUtils.java:2015)
at FileUtils.writeStringToFile(FileUtils.java:1983)
at NodeId.persist(NodeId.java:85)
at NodeId.generate(NodeId.java:75)
2. Describe your environment:
-
OS Information:
Linux Mint 20.03
Docker version 20.10.12, build e91ed57 -
Package Version:
graylog:4.2.5
mongo:4.2
docker.elastic.co/elasticsearch/elasticsearch-oss:7.10.2 -
Service logs, configurations, and environment variables:
.env file
GRAYLOG_PASSWORD_SECRET="hash"
GRAYLOG_ROOT_PASSWORD_SHA2="otherhash"
GRAYLOG_HTTP_EXTERNAL_URI="192.168.2.11:9002"
# The directory where data and configuration will be stored.
CONFIGROOT=/opt/config/
#User Group IDs and User ID's
LOGPUID=1000
LOGPGID=1000
# Your timezone, https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
TZ=Australia/Sydney
GRAYLOG_GID=1100
GRAYLOG_UID=1100
docker-compose.yml
version: "3.8"
services:
mongodb:
image: "mongo:4.2"
environment:
- PUID=${LOGPUID} # default user id, defined in .env
- PGID=${LOGPGID} # default group id, defined in .env
- TZ=${TZ} # timezone, defined in .env
volumes:
- /etc/localtime:/etc/localtime:ro
- ${CONFIGROOT}/mongodb_data:/data/db
restart: unless-stopped
networks:
- graylog
elasticsearch:
image: "docker.elastic.co/elasticsearch/elasticsearch-oss:7.10.2"
environment:
- PUID=${LOGPUID} # default user id, defined in .env
- PGID=${LOGPGID} # default group id, defined in .env
- TZ=${TZ} # timezone, defined in .env
- http.host=0.0.0.0
- transport.host=localhost
- network.host=0.0.0.0
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
ulimits:
memlock:
hard: -1
soft: -1
mem_limit: 1g
volumes:
- /etc/localtime:/etc/localtime:ro
- ${CONFIGROOT}/es_data:/usr/share/elasticsearch/data
restart: unless-stopped
networks:
- graylog
graylog:
image: "graylog/graylog:4.2.5"
entrypoint: "/usr/bin/tini -- wait-for-it elasticsearch:9200 -- /docker-entrypoint.sh"
user: ${GRAYLOG_UID}:${GRAYLOG_GID}
group_add:
- 0
- 1000
environment:
- GRAYLOG_PUID=${GRAYLOG_UID} # default user id, defined in .env
- GRAYLOG_PGID=${GRAYLOG_GID} # default group id, defined in .env
- TZ=${TZ} # timezone, defined in .env
- GRAYLOG_PASSWORD_SECRET=${GRAYLOG_PASSWORD_SECRET}
- GRAYLOG_ROOT_PASSWORD_SHA2=${GRAYLOG_ROOT_PASSWORD_SHA2}
- GRAYLOG_HTTP_EXTERNAL_URI=http://${GRAYLOG_HTTP_EXTERNAL_URI}/
- GRAYLOG_MONGODB_URI=mongodb://mongodb:27017/graylog
- GRAYLOG_ELASTICSEARCH_HOSTS=http://elasticsearch:9200
links:
- mongodb
- elasticsearch
depends_on:
- mongodb
- elasticsearch
ports:
- "5044:5044/tcp" # Beats
- "5140:5140/udp" # Syslog
- "5140:5140/tcp" # Syslog
- "5555:5555/tcp" # RAW TCP
- "5555:5555/udp" # RAW UDP
- "9002:9002/tcp" # Server API
- "12201:12201/tcp" # GELF TCP
- "12201:12201/udp" # GELF UDP
- "13301:13301/tcp" # Forwarder data
- "13302:13302/tcp" # Forwarder config
volumes:
- /etc/localtime:/etc/localtime:ro
- ${CONFIGROOT}/graylog_data:/usr/share/graylog/data
restart: unless-stopped
networks:
- graylog
networks:
graylog:
driver: bridge
3. What steps have you already taken to try and solve the problem?
I’ve created a non login enabled new user for graylog with uid and gid as 1100 in the host os
uid=1100(graylog) gid=1100(graylog) groups=1100(graylog)
I’ve given that account ownership of /opt/config/graylog_data
recursively
drwxr-xr-x 8 graylog graylog 4096 Jan 18 22:36 graylog_data
I’ve tried adding
user: ${GRAYLOG_UID}:${GRAYLOG_GID}
environment:
- GRAYLOG_PUID=${GRAYLOG_UID} # default user id, defined in .env
- GRAYLOG_PGID=${GRAYLOG_GID} # default group id, defined in .env
- GRAYLOG_UID=${GRAYLOG_UID} # default user id, defined in .env
- GRAYLOG_GID=${GRAYLOG_GID} # default group id, defined in .env
- PUID=${LOGPUID} # default user id, defined in .env
- PGID=${LOGPGID} # default group id, defined in .env
group_add:- 0
- 1000
- 1100
I’ve added each of these items above incrementally when the previous one did not resolve it
I’ve tried coping over the example config from within the container
cp graylog.conf.example /usr/share/graylog/data/config/graylog.conf
Nothing seems to help I have entered the console in the container and I don’t have write permission as graylog to /etc folder which the install is trying to create a graylog folder in
The id properties look correct in the container, but i don’t seem to have root access in the docker container though it looks like the group_add has successfully added the graylog to the root group
graylog@5bbbf358d857:/etc$ id
uid=1100(graylog) gid=1100(graylog) groups=1100(graylog),0(root)
graylog@5bbbf358d857:/etc$ mkdir test
mkdir: cannot create directory ‘test’: Permission denied
graylog@5bbbf358d857:/etc$
As far as I understand this is in a default docker volume somewhere and the user should have full permissions to it?
4. How can the community help?
Please tell me how to run graylog as a specific user or what to do to rectify the issue
Helpful Posting Tips: Tips for Posting Questions that Get Answers [Hold down CTRL and link on link to open tips documents in a separate tab]