New Docker Install with persistent storage, Permission problem

I am starting a new Grafana docker instance (no migration) with the latest 5.2.4 version on ubuntu 16 and ubuntu 17 and when I add volumes I get this error

docker-compose.yml

version: '3'

services:
  grafana:
    image: grafana/grafana:5.2.4
    volumes:
      - ..grafana-storage:/var/lib/grafana

Error

docker-compose up
Starting grafana_grafana_1 ... done
Attaching to grafana_grafana_1
grafana_1  | GF_PATHS_DATA='/var/lib/grafana' is not writable.
grafana_1  | You may have issues with file permissions, more information here: http://docs.grafana.org/installation/docker/#migration-from-a-previous-version-of-the-docker-container-to-5-1-or-later
grafana_1  | mkdir: cannot create directory '/var/lib/grafana/plugins': Permission denied
grafana_grafana_1 exited with code 1

tried setting user 472 104 and all but nothing worked ref.

reinstall docker ce didn’t work too ref,


if you are running docker with root rights then follow the accepted answer but use the id as 0 (sudo id -u instead of id -u)

It looks like you’re trying to map a folder from your local hard drive into the Grafana container on /var/lib/grafana, is that correct? In that case you either have to start the container using the same userid as you have locally or chown the local folder to match Grafanas userid (472).

You can find out what your user id is by running id -u.

1 Like

Basically now every time I start grafana from docker compose, it deletes all my data. So I wanted a persistent storage to save my data and hence the volume to local system. Is there any other way to save the data?

I planned to do this based on doc at http://docs.grafana.org/installation/docker/#grafana-container-with-persistent-storage-recommended

I tried this

ls -l
drwxr-xr-x 2   472   472       4096 Oct  2 09:18 grafana-storage

With that too it did not work.

also added this in docker compose user: "472"

also changed chown to id obtained from id -u that too did not work

2 Likes

volume from docker terminal command does not seem to crash, but from docker-compose it does throw that error

Option 1, docker volumes

With persistent storage you have a few different options. You can create a docker volume and in vanilla docker that will work with the file permissions for the Grafana docker container (id = 472, group = 472).

version: '3'

services:
  grafana:
    image: grafana/grafana:5.2.4
    volumes:
      - grafana-storage:/var/lib/grafana
    ports:
      - 3000:3000

volumes:
  grafana-storage:

Option 2, using a folder on your local filesystem

When using a local folder you need to do a little bit of extra work to make it so that the docker container can read the contents of the folder as well as write to it. In the example below we will modify the user that Grafana runs as within the container so that it runs as the same user id as you do in your local file system, this will guarantee that it has access if you do.

  1. mkdir gfdata

  2. id -u (this will give you your user id, which you will enter into the docker-compose file. In my case it is 1001, replace 1001 in the docker-compose file with your id)

  3. docker-compose.yml

version: '3'

services:
  grafana:
    image: grafana/grafana:5.2.4
    user: "1001"
    volumes:
      - ./gfdata:/var/lib/grafana
    ports:
      - 3000:3000

I hope this helps clearing up some of the confusion.

3 Likes

thanks i’ll try it out

Thanks

Works:
volumes: grafana-storage:

Does not work:
user: "id"

Glad to hear it worked out for you. Not sure why setting the id didn’t work out though. I presume you didn’t set id but the actual numeric id that id -u returned?

I set the same id, I’ll verify it from another system. thanks for the help

it seems when you are running docker with root rights eg. sudo usermod -a -G docker $USER
then the user id to set will be 0 (sudo id -u v/s id -u)

When you run a command with sudo your user id will always be 0. sudo means running a command as the root user (who has id 0)

1 Like

Just to share my experience with the same permissions errors:

Specifying the user:"$UID", initially didn’t work. It was throwing an error - that is until I first did “docker rm grafana” (where grafana is my container name) to clear out the failed container.
Now it is running great.

3 Likes

Hi

I’kind of having the same issue. The user: "1001" option didn’t work although id -u said 1001.

When I start grafana with changed permissions as given on this page (at the very bottom where it says Modifying permissions everything runs smoothly (for "<your volume mapping here>" I set two volumes to my local filesystem to make the data persistent).

I thought once started with the given commands, permissions would persist. I was wrong. Yet when I tried to start the whole thing with docker-compose everything reverts “not working”.

So my question(s) is: How do I have to write docker-compose.yml to change the permissions on startup OR how to make the permission changes permanent (with a bit of work up-front).

The reason I want to have it setup like this is, that I want to regularly update (reinstall) my hostsystem. All data that need to be persistant are on an external diskstation. --> When I install new hostsystem I would like to docker-compose up and have everything I need running…

Thank you for your help!

To save everyone some headaches. You need to add both UID (user ID) and GID (group ID).

version: '3'

services:

  stats-app:
    image: grafana/grafana
    user: "$UID:$GID"
    network_mode: host
    ports:
      - 3000:3000
    volumes:
      - ./data/grafana:/var/lib/grafana
10 Likes

For me run exec with root admin :

$ docker exec -ti --user root id_grafana /bin/ash
/usr/share/grafana $ ls -la /var/lib/grafana/
total 5684
drwxr-xr-x    5 104      107           4096 Dec  8 16:35 .
drwxr-xr-x    1 root     root          4096 Oct  5 16:28 ..
-rw-r--r--    1 104      107        5795840 Dec  8 16:35 grafana.db
drwxr-xr-x    2 104      107           4096 Jun 23  2020 plugins
drwx------    2 root     root          4096 Dec  9  2020 png
drwx------   18 104      107           4096 Jun 29  2020 sessions
/usr/share/grafana # chown  -R 104:107 /var/lib/grafana/png/

I literally have no idea why this worked for me, but I think I have a solution.

TL;DR: user: ":" worked for me

What didn’t work for me:

  • Setting data folder ownership to 472:472
  • Setting “user:” to something meaningful, like my UID or UID:GID, or some IDs that correspond to the ownership of the host data directory

What did work:

  • Setting host folder permissions to 777, but I didn’t like it. I noticed though that with 777 permissions the files created by grafana were owned by some random user IDs, that might or might not depend on the “user:” setting provided in the docker-compose.yml

So I tried setting “user:” to “$UID:$GID”, but got a warning saying

WARN[0000] The "UID" variable is not set. Defaulting to a blank string. 
WARN[0000] The "GID" variable is not set. Defaulting to a blank string. 

But in this case, the files created by the docker container were owned by my host user, not by a random UID (which was the case with all the other options, regardless of the user setting). Then I decided to get rid of warning and just set it to a blank string. And it worked, now all the files created by grafana are owned by my host user and everything works fine.

For some reason though user: "" doesn’t work, but user: ":" does.

It would be great if some docker guru explained this behaviour though.

Or doing it even more easier way:

on your docker-machine write the command on terminal

[root@docker ~]# id
uid=0(root) gid=0(root) groups=0(root)

since I am logged in as root so in my docker-compose.yml file add this line under your grafana service blueprint e.g.

  grafana-app:
    image: 'grafana/grafana-oss'
    ## output based on the command line
    user: "0:0"
    restart: unless-stopped
    container_name: grafana
    ports:
      - '3000:3000'
    volumes:
      - ./grafana:/var/lib/grafana

then run the docker-compose up command and should work fine. No need to manually give permission for the /var/lib/grafana folder.