Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

docker images for APM Server failing with permission issues #18858

Closed
simitt opened this issue May 29, 2020 · 6 comments · Fixed by #18872
Closed

docker images for APM Server failing with permission issues #18858

simitt opened this issue May 29, 2020 · 6 comments · Fixed by #18872
Assignees
@jsoriano
Labels
bug :Packaging Team:Integrations Label for the Integrations team v7.9.0 v8.0.0

Comments

@simitt
Copy link
Contributor

simitt commented May 29, 2020

It seems that with introducing changes in #12905 config file permissions were changed from 0640 to 0660.

When running the APM Server docker images without setting BEAT_STRICT_PERMS=false the check OwnerHasExclusiveWritePerms now fails with the error config file ("apm-server.yml") can only be writable by the owner but the permissions are "-rw-rw----". Our integration test environment fails since pulling in these changes into APM Server.

It seems to be the same issue for other beats, e.g. running docker run -e docker.elastic.co/beats/metricbeat:8.0.0-SNAPSHOT results in the mentioned error and prevents the beat from starting, whereas docker run -e BEAT_STRICT_PERMS=false docker.elastic.co/beats/metricbeat:8.0.0-SNAPSHOT works fine.

@barkbay @jsoriano could you please take a look at this, from what I understand the intention was not to switch to BEATS_STRICT_PERMS=false.
@botelastic botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label May 29, 2020
@simitt simitt added the Team:Integrations Label for the Integrations team label May 29, 2020
@elasticmachine
Copy link
Collaborator

Pinging @elastic/integrations (Team:Integrations)

@botelastic botelastic bot removed the needs_team Indicates that the issue/PR needs a Team:* label label May 29, 2020
@jsoriano
Copy link
Member

@barkbay @jsoriano could you please take a look at this, from what I understand the intention was not to switch to BEATS_STRICT_PERMS=false.

That's right, BEATS_STRICT_PERMS=false shouldn't be neccesary. We will have to find a middle ground so this file can keep these permissions.

v1v added a commit to v1v/apm-integration-testing that referenced this issue May 29, 2020
@v1v
fix: apm-server running issues
fb84ad8 
See elastic/beats#18858
@v1v v1v mentioned this issue May 29, 2020
Merged
@v1v
Copy link
Member

v1v commented May 29, 2020

IIUC, BEATS_STRICT_PERMS=false should be enough to bypass this issue, but I'm afraid I've got the same error though:

For instance the docker container apm-server failed with logs

You can reproduce it locally if you run the below docker-compose:

@jsoriano
Copy link
Member

It is BEAT_STRICT_PERMS, sorry (without the S in BEAT).

kuisathaverat added a commit to kuisathaverat/apm-agent-js-base that referenced this issue May 29, 2020
@kuisathaverat
fix: workarount for elastic/beats#18858
4ed19f9
@kuisathaverat kuisathaverat mentioned this issue May 29, 2020
Merged
@jsoriano
Copy link
Member

Thinking about this, we would have to discuss what to do. Maybe the best idea is to revert #12905 till we find a good solution, so we avoid having to add workarounds in many places. @barkbay wdyt?

This was referenced May 31, 2020
Merged
Closed
Merged
@jsoriano jsoriano self-assigned this May 31, 2020
@jsoriano
Copy link
Member

jsoriano commented May 31, 2020
edited
Loading

I have opened two PRs with possible options to fix this:

kuisathaverat added a commit to elastic/apm-agent-rum-js that referenced this issue Jun 1, 2020
@kuisathaverat
fix: workarount for elastic/beats#18858 (#807)
96fa2bb
@jsoriano jsoriano mentioned this issue Jun 2, 2020
Merged
@sebgl sebgl mentioned this issue Jun 30, 2020
Closed
@jsoriano jsoriano mentioned this issue Jul 1, 2020
Merged
v1v added a commit to v1v/apm-agent-rum-js that referenced this issue Jul 3, 2020
@v1v
Merge remote-tracking branch 'upstream/master' into feature/ci-cdn
6ed7471 
* upstream/master: (23 commits)
  feat(rum-core): capture XHR/Fetch spans using resource timing (elastic#825)
  docs: update set-up.asciidoc (elastic#814)
  chore: remove compressed size gh workflow (elastic#828)
  feat: use page visibilityState for browser responsiveness check (elastic#813)
  ci(jenkins): report bundlesize as a GitHub comment (elastic#826)
  docs: release notes for 5.2.1 (elastic#824)
  chore(release): publish
  fix(rum-core): protect aganist buggy navigation timing data (elastic#819)
  fix(rum-core): protect aganist buggy navigation timing data (elastic#819)
  chore(rum-core): use startTime for LCP marks (elastic#815)
  fix(rum-core): capture tbt after all task entries are observed (elastic#803)
  feat(rum-react): use correct path when route is path array (elastic#800)
  ci: enable benchmark on a PR basis (elastic#812)
  ci: use dockerLogs step (elastic#810)
  fix: env var invalid type (elastic#809)
  fix: workarount for elastic/beats#18858 (elastic#807)
  docs: add release notes for 5.2.0 (elastic#801)
  chore(release): publish
  fix(rum-core): consider user defined type of high precedence (elastic#798)
  fix(rum): use single instance of apm across all packages (elastic#796)
  ...
David-Development pushed a commit to David-Development/apm-agent-rum-js that referenced this issue Oct 20, 2021
@kuisathaverat
fix: workarount for elastic/beats#18858 (elastic#807)
e2b188d
SuperButterfly pushed a commit to SuperButterfly/apm-agent-rum-js that referenced this issue Sep 18, 2022
@kuisathaverat
fix: workarount for elastic/beats#18858 (#807)
d8061e1
@dama-de dama-de mentioned this issue Nov 26, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jsoriano jsoriano

Labels
bug :Packaging Team:Integrations Label for the Integrations team v7.9.0 v8.0.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Revert "Allow the Docker image to be run with a random user id (#12905)" jsoriano/beats
5 participants
@jsoriano @andresrc @v1v @simitt @elasticmachine