How to limit ACL permissions for the scraping user
jaisharma639 opened this issue · 3 comments
Describe the problem
I understand that while creating the user via ACL SETUSER command, we're free to choose the permissions the user should have. But when I do so, I get errors of the following sort:
Apr 02 14:08:05 <hostname> grafana-agent[xxxx]: time="2024-04-02T14:08:05Z" level=error msg="Couldn't set client name, err: NOPERM this user has no permissions to run the 'client' command or its subcommand"
I can just ignore the errors but they'd end up in the log backend. Is there a way I can just selectively choose few permissions and still not get any errors? Possible to toggle few configs/metrics off which I don't need?
What version of redis_exporter are you running?
Please run redis_exporter --version if you're not sure what version you're running.
- 0.3x.x
- 1.x.x
Running the exporter
Running it via grafana agent flow component
Screenshots
NA
Additional context
na
I personally have not used ACLs with the exporter so unfortunately I won't be of much use here.
Leaving this open in case anyone else sees this and has advice for you.
Hi @jaisharma639,
I'm running it with the following permissions without problems:
-@all +@connection +memory -readonly +strlen +config|get +xinfo +pfcount -quit +zcard +type +xlen -readwrite -command +client -wait +scard +llen +hlen +get +eval +slowlog +cluster|info -hello -echo +info +latency +scan -reset -auth -asking
For monitoring Sentinels, you need a different set of permissions. See: #918.
Thanks @joostdebruijn - that's super helpful.
Any chance you could add that to the README and I'll review/merge the PR? If not no worries and I'll try to get to it at some point.