尝试使用非root用户运行prometheus并尝试了许多建议后https://github.com/prometheus/prometheus/issues/5976 https://github.com/prometheus/prometheus/issues/5976,它对我不起作用,我得到:
level=error ts=xxxxxxxx caller=query_logger.go:87 component=activeQueryTracker msg="Error opening query log file" file=/prometheus/queries.active err="open /prometheus/queries.active: permission denied"
level=error ts=xxxxxxx caller=query_logger.go:87 component=activeQueryTracker msg="Error opening query log file" file=/prometheus/queries.active err="open /prometheus/queries.active: permission denied"
panic: Unable to create mmap-ed active query log
panic: Unable to create mmap-ed active query log
下面是我的 Dockerfile:
FROM <xxxx>
ARG PROMETHEUS_VERSION=2.17.2
# Dependencies
RUN apk add --update --no-cache \
ruby=~2 \
curl=~7
# Download prometheus
RUN curl -k -LSs --output /tmp/prometheus.tar.gz \
https://github.com/prometheus/prometheus/releases/download/v${PROMETHEUS_VERSION}/prometheus-${PROMETHEUS_VERSION}.linux-amd64.tar.gz && \
tar -C /tmp --strip-components=1 -zoxf /tmp/prometheus.tar.gz && \
rm -f /tmp/prometheus.tar.gz && \
mkdir -p /usr/share/prometheus && \
mv /tmp/prometheus /bin/ && \
mv /tmp/promtool /bin/ && \
mv /tmp/consoles /usr/share/prometheus/consoles && \
mv /tmp/console_libraries /usr/share/prometheus/console_libraries
# Adding config file
COPY config/ /etc/prometheus/config
# Adding Alert rule config file
COPY rules/ /etc/prometheus/rules
# Giving access to unpriviliged user to access prometheus configs
RUN ln -s /usr/share/prometheus/consoles /usr/share/prometheus/console_libraries /etc/prometheus/ && \
mkdir -p /prometheus && \
chown -R user:user /etc/prometheus && \
chmod -R a+rwx /prometheus
# Adding custom entrypoint
COPY entrypoint.rb /entrypoint.rb
# Using unprivileged user
USER user
# Expose prometheus port
EXPOSE 9090
# Data volume
VOLUME [ "/prometheus" ]
# Working from data dir
WORKDIR /prometheus
# Set custom entrypoint
ENTRYPOINT [ "/entrypoint.rb" ]
# Override default CMD
CMD [ \
"--storage.tsdb.path=/prometheus", \
"--web.console.libraries=/usr/share/prometheus/console_libraries", \
"--web.console.templates=/usr/share/prometheus/consoles" \
]
有人以前遇到过这个问题或者可以发现潜在问题可能出在哪里吗?
在 Dockerfile 末尾添加USER root为了获得许可。
ARG PROMETHEUS_VERSION=2.17.2
# Dependencies
RUN apk add --update --no-cache \
ruby=~2 \
curl=~7
# Download prometheus
RUN curl -k -LSs --output /tmp/prometheus.tar.gz \
https://github.com/prometheus/prometheus/releases/download/v${PROMETHEUS_VERSION}/prometheus-${PROMETHEUS_VERSION}.linux-amd64.tar.gz && \
tar -C /tmp --strip-components=1 -zoxf /tmp/prometheus.tar.gz && \
rm -f /tmp/prometheus.tar.gz && \
mkdir -p /usr/share/prometheus && \
mv /tmp/prometheus /bin/ && \
mv /tmp/promtool /bin/ && \
mv /tmp/consoles /usr/share/prometheus/consoles && \
mv /tmp/console_libraries /usr/share/prometheus/console_libraries
# Adding config file
COPY config/ /etc/prometheus/config
# Adding Alert rule config file
COPY rules/ /etc/prometheus/rules
# Giving access to unpriviliged user to access prometheus configs
RUN ln -s /usr/share/prometheus/consoles /usr/share/prometheus/console_libraries /etc/prometheus/ && \
mkdir -p /prometheus && \
chown -R user:user /etc/prometheus && \
chmod -R a+rwx /prometheus
# Adding custom entrypoint
COPY entrypoint.rb /entrypoint.rb
# Using unprivileged user
USER user
# Expose prometheus port
EXPOSE 9090
# Data volume
VOLUME [ "/prometheus" ]
# Working from data dir
WORKDIR /prometheus
# Set custom entrypoint
ENTRYPOINT [ "/entrypoint.rb" ]
USER root # <-------- add this line --------
# Override default CMD
CMD [ \
"--storage.tsdb.path=/prometheus", \
"--web.console.libraries=/usr/share/prometheus/console_libraries", \
"--web.console.templates=/usr/share/prometheus/consoles" \
]
或者如果您正在使用docker compose将此行添加到普罗米修斯服务:
services:
prometheus:
...
user: root # <-------- add this line --------
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系:hwhale#tublm.com(使用前将#替换为@)
