From b07715c5df4b6acfce804202995b04a0b0ce5bdd Mon Sep 17 00:00:00 2001 From: TJ Hoplock Date: Sat, 25 Jan 2025 12:38:33 -0500 Subject: [PATCH 1/2] docs(quickstart): remove extra arg from docker instructions for agent This isn't the location of the binary anyway, but the entrypoint is already set to the binary in the Dockerfile for the agent: https://github.com/parca-dev/parca-agent/blob/68dcb27ca4292ca7e7ff38a80ec22d1b0fa3fecb/Dockerfile#L6 Having the extra arg in there causes the container agent (and thus container) to bail: ``` ~ -> podman run --rm -it --privileged --pid host -p 7071:7071 -v /run:/run -v /boot:/boot -v /lib/modules:/lib/modules -v /sys/kernel/debug:/sys/kernel/debug -v /sys/fs/cgroup:/sys/fs/cgroup -v /sys/fs/bpf:/sys/fs/bpf -v /var/run/dbus/system_bus_socket:/var/run/dbus/system_bus_socket ghcr.io/parca-dev/parca-agent:v0.35.3 /bin/parca-agent --remote-store-address=127.0.0.1:7070 --remote-store-insecure 2025/01/25 17:32:33 INFO memory is not limited, skipping package=github.com/KimMachineGun/automemlimit/memlimit parca-agent: error: unexpected argument /bin/parca-agent ``` Signed-off-by: TJ Hoplock --- docs/quickstart.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/quickstart.mdx b/docs/quickstart.mdx index a688be9..83e2afd 100644 --- a/docs/quickstart.mdx +++ b/docs/quickstart.mdx @@ -78,7 +78,7 @@ Run Parca Agent (requires privileged mode) and access the Web UI on port 7071 (a { versions => - docker run --rm -it --privileged --pid host -p 7071:7071 -v /run:/run -v /boot:/boot -v /lib/modules:/lib/modules -v /sys/kernel/debug:/sys/kernel/debug -v /sys/fs/cgroup:/sys/fs/cgroup -v /sys/fs/bpf:/sys/fs/bpf -v /var/run/dbus/system_bus_socket:/var/run/dbus/system_bus_socket ghcr.io/parca-dev/parca-agent:{versions.agent} /bin/parca-agent --remote-store-address=parca-container-ip:7070 --remote-store-insecure + docker run --rm -it --privileged --pid host -p 7071:7071 -v /run:/run -v /boot:/boot -v /lib/modules:/lib/modules -v /sys/kernel/debug:/sys/kernel/debug -v /sys/fs/cgroup:/sys/fs/cgroup -v /sys/fs/bpf:/sys/fs/bpf -v /var/run/dbus/system_bus_socket:/var/run/dbus/system_bus_socket ghcr.io/parca-dev/parca-agent:{versions.agent} --remote-store-address=parca-container-ip:7070 --remote-store-insecure } From b0c68bf3e8543985b0b37f64b80edbd8dc05a205 Mon Sep 17 00:00:00 2001 From: TJ Hoplock Date: Sat, 25 Jan 2025 12:43:07 -0500 Subject: [PATCH 2/2] docs(quickstart): add note for podman users that agent needs root As of the last release or two of the agent, the container no longer crashes on podman when run as a non-root user due to permission failure accessing `/proc/kallsyms`, but root usage should be recommended for parity with the docker equivalent's access/suggested usage. Prevents: ``` time="2025-01-25T17:30:41Z" level=error msg="Failed to load eBPF tracer: failed to read kernel symbols: all addresses from kallsyms are zero - check process permissions" ``` Signed-off-by: TJ Hoplock --- docs/quickstart.mdx | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/quickstart.mdx b/docs/quickstart.mdx index 83e2afd..5c581b5 100644 --- a/docs/quickstart.mdx +++ b/docs/quickstart.mdx @@ -75,6 +75,8 @@ Run Parca and access the Web UI on port 7070 **Agent** Run Parca Agent (requires privileged mode) and access the Web UI on port 7071 (assumes Parca is running as a container on the same host. Replace IP for "--remote-store-address") + +__NOTE:__ If using `podman` to manage containers as a non-root user, you may need to use `sudo` and run the container as the root user to properly access `/proc/kallsyms`. { versions =>