From 85122f138bd89a07b6c095c91ee6adde6cad7ffe Mon Sep 17 00:00:00 2001
From: Michele Cereda <cereda.michele@gmail.com>
Date: Sun, 12 May 2024 13:44:22 +0200
Subject: [PATCH] fix(containers/monitoring): set up permissions correctly

---
 containers/monitoring/Makefile  | 18 ++++++++++++++++--
 containers/monitoring/README.md | 22 +++++++++++++++++++++-
 knowledge base/docker.md        |  7 +++++++
 3 files changed, 44 insertions(+), 3 deletions(-)

diff --git a/containers/monitoring/Makefile b/containers/monitoring/Makefile
index be243a3..0c51c76 100644
--- a/containers/monitoring/Makefile
+++ b/containers/monitoring/Makefile
@@ -1,5 +1,8 @@
 #!/usr/bin/env make
 
+composition-go-brrr: ${shell which 'docker-compose'}
+	@docker-compose up -d
+
 firewalld-open-node-exporter: override service_name ?= prometheus-node-exporter
 firewalld-open-node-exporter: override port ?= 9100
 firewalld-open-node-exporter: ${shell which 'firewall-cmd'}
@@ -20,5 +23,16 @@ firewalld-open-grafana: ${shell which 'firewall-cmd'}
 
 firewalld-open: firewalld-open-node-exporter firewalld-open-prometheus firewalld-open-grafana
 
-composition-go-brrr: ${shell which 'docker-compose'}
-	@docker-compose up -d
+grafana-fix-files-permissions: ${shell which 'docker-compose'}
+	@docker compose run --rm --user 'root' --entrypoint chown 'grafana' -Rv 'grafana' '/etc/grafana' '/var/lib/grafana'
+
+prometheus-fix-files-permissions: ${shell which 'docker-compose'}
+	@docker compose run --rm --user 'root' --entrypoint chown 'prometheus' -Rv 'nobody:nobody' '/etc/prometheus'
+
+me-fix-grafana-files-permissions:
+	@sudo chown -R '472:0' 'grafana'
+
+me-fix-prometheus-files-permissions:
+	@sudo chown -R '65534:65534' 'prometheus'
+
+pre-flight: grafana-fix-files-permissions prometheus-fix-files-permissions
diff --git a/containers/monitoring/README.md b/containers/monitoring/README.md
index ad08aa2..7c0e810 100644
--- a/containers/monitoring/README.md
+++ b/containers/monitoring/README.md
@@ -3,12 +3,32 @@
 Leverages Prometheus and Grafana.
 
 1. [Pre-flight operations](#pre-flight-operations)
+1. [Runtime operations](#runtime-operations)
 1. [Further readings](#further-readings)
 
 ## Pre-flight operations
 
 For example purposes, the host running them will also run the Node Exporter to provide data.<br/>
-Since the Node Exporter container runs in host mode, the host's IP or FQDN must be set in [Prometheus' configuration file] for this to work.
+Since the Node Exporter container runs in host mode, the host's IP or FQDN must be set in
+[Prometheus' configuration file] for this to work.
+
+The configuration provided needs to be readable from the processes using it.<br/>
+Fix files' permissions:
+
+```sh
+# From the containers.
+docker compose run --rm --user 'root' --entrypoint chown 'grafana' -Rv 'grafana' '/etc/grafana' '/var/lib/grafana'
+docker compose run --rm --user 'root' --entrypoint chown 'prometheus' -Rv 'nobody:nobody' '/etc/prometheus'
+
+# Locally.
+sudo chown -R '472:0' 'grafana'
+sudo chown -R '65534:65534' 'prometheus'
+```
+
+## Runtime operations
+
+Default credentials for Grafana: `admin` - `admin`.<br/>
+Will be requested to change them upon first login.
 
 ## Further readings
 
diff --git a/knowledge base/docker.md b/knowledge base/docker.md
index f971c26..3716825 100644
--- a/knowledge base/docker.md	
+++ b/knowledge base/docker.md	
@@ -124,6 +124,13 @@ docker image prune -a
 docker system prune -a
 
 
+# List networks.
+docker network ls
+
+# Inspect networks.
+docker network inspect 'monitoring_default'
+
+
 # Display a summary of the vulnerabilities in images.
 # If not given any input, it targets the most recently built image.
 docker scout qv