hipages/php-fpm_exporter

User specifications for socket configuration

Opened this issue · 2 comments

garretcoffman commented

I was trying to run the exporter as a systemd process which runs the binary as root unless otherwise specified and found that it needed to be running as www-data in order to connect to the socket.

Here is the .service file I created for the process:

[Unit]
Description=Prometheus exporter for PHP-FPM metrics
Documentation=https://github.com/hipages/php-fpm_exporter
[Service]
User=www-data
Restart=always
ExecStart=/usr/bin/php-fpm_exporter server --phpfpm.fix-process-count --phpfpm.scrape-uri unix:///run/php/php7.2-fpm.sock;/status
ExecReload=/bin/kill -HUP $MAINPID
TimeoutStopSec=20s
SendSIGKILL=no
[Install]
WantedBy=multi-user.target

You may want to note this in the documentation. You also may want to include the need to uncomment or add pm.status_path = /status to /etc/php/7.X/fpm/pool.d/www.conf for those unfamiliar with php-fpm monitoring.

itcsoft54 commented

User that run php-fpm process and/or own php-fpm depend of various parameters. All are already documented in php documentation.
The socket is own by user and that run process, www-data in debian or ubuntu by default. But can be set to another user.

Listen parameters (listen.* flag or value) define acl or classic Unix perm on socket unix or network socket (with no user or group on network socket), they are local to pool.

In a nutshell, it's depend on the way you configure you php-fpm. So, you need to refert your distribution if you are using default configuration. If not, you known what you are doing and specific parameters you set.

Exemple : package of prometheus exporter on ubuntu are run with "prometheus" user. (Package create a systemd service for each exporter).

If you use an exporter that use a socket unix to collect metrics, you need to add prometheus user to the socket group or set a acl to socket to permit prometheus user to read/write socket.

Hope that help you.

stale commented

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.