Docker snmpd Cannot statfs

Hello,

I know this is a bit out of subject here, but I’m sure there is some expert arround.
My rancher node are running Debian, I installed docker on it.

I’m monitoring my server with nagios via snmp, but this cause trouble to snmpd it logs tones of logs into /var/log/daemon.log

8370 Oct 18 13:44:15 docker1 snmpd[4630]: Cannot statfs /run/docker/netns/eb861319377d#012: Permission denied
8371 Oct 18 13:44:15 docker1 snmpd[4630]: Cannot statfs /run/docker/netns/default#012: Permission denied
8372 Oct 18 13:44:15 docker1 snmpd[4630]: Cannot statfs /run/docker/netns/3aeeaa9f90d2#012: Permission denied
8373 Oct 18 13:44:15 docker1 snmpd[4630]: Cannot statfs /run/docker/netns/bba1c10b75b3#012: Permission denied
8374 Oct 18 13:44:15 docker1 snmpd[4630]: Cannot statfs /run/docker/netns/818d06fb3d00#012: Permission denied
8375 Oct 18 13:44:15 docker1 snmpd[4630]: Cannot statfs /run/docker/netns/2f00087cc36d#012: Permission denied
8376 Oct 18 13:44:15 docker1 snmpd[4630]: Cannot statfs /run/docker/netns/6bf0298d8863#012: Permission denied

I assume snmpd daemon can’t get information from the volume mounted by docker and so log this message every time.

does anyone have this issue ?

Hello,

I am the only one monitoring my server with snmp ? :blush:

Hello,

please any helps ?

Same issue :frowning: @romgo did you manage to solve this issue?

Hello @pizu
Sadly no. Never found how to deal with that.

;( thanks for your reply.

Hi @romgo ,

I managed to solve the issue by doing a workaround…

on ubuntu:

service snmpd status << notice the line under: CGroup: /system.slice/snmpd.service

Edit: /lib/systemd/system/snmpd.service

Replace:
ExecStart=/usr/sbin/snmpd -LOw -u Debian-snmp -g Debian-snmp -I -smux,mteTrigger,mteTriggerConf -f -p /run/snmpd.pid

With:

ExecStart=/usr/sbin/snmpd -LOw -u root -g root -I -smux,mteTrigger,mteTriggerConf -f -p /run/snmpd.pid

Than do:
systemctl daemon-reload
service snmpd restart
service snmpd status << notice the line under: CGroup: /system.slice/snmpd.service

Also remember, for statfs you need gocryptfs installed on your machine.

apt install gocryptfs

Thanks :slight_smile: hope this solves the problem for you too :slight_smile:

1 Like

This solution will allow the files to be read and stop the errors messages.

But, you are running the snmpd process as root. I think that’s worth pointing out in case someone just copy-pastes the config without checking. Some places might have policies in place to prevent any services being run as root.

I achieved the same by changing permissions on /run/docker and /var/lib/docker to drwxr-xr-x:

$> sudo chmod 755 /run/docker
$> sudo chmod 755 /var/lib/docker
$> sudo chmod 755 /var/lib/docker/overlay2
$> sudo chmod 755 /var/lib/docker/containers
$> sudo service snmpd restart
$> sudo service snmpd status
● snmpd.service - Simple Network Management Protocol (SNMP) Daemon.
     Loaded: loaded (/lib/systemd/system/snmpd.service; enabled; vendor preset: enabled)
     Active: active (running) since Tue 2024-05-07 19:14:06 EDT; 1s ago
    Process: 3120722 ExecStartPre=/bin/mkdir -p /var/run/agentx (code=exited, status=0/SUCCESS)
   Main PID: 3120723 (snmpd)
      Tasks: 1 (limit: 77013)
     Memory: 6.3M
     CGroup: /system.slice/snmpd.service
             └─3120723 /usr/sbin/snmpd -LOw -u Debian-snmp -g Debian-snmp -I -smux mteTrigger mteTriggerConf -f -p /run/snmp>

May 07 19:14:06 terra systemd[1]: Starting Simple Network Management Protocol (SNMP) Daemon....
May 07 19:14:06 terra systemd[1]: Started Simple Network Management Protocol (SNMP) Daemon..