Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Metricbeat host network monitor over docker swarm #8685

Open
gianpietro1 opened this issue Oct 22, 2018 · 13 comments
Open

Metricbeat host network monitor over docker swarm #8685

gianpietro1 opened this issue Oct 22, 2018 · 13 comments
Labels
enhancement Metricbeat Metricbeat module Team:Integrations Label for the Integrations team

Comments

@gianpietro1
Copy link

Hello,

A containerized Metricbeat requires to use network_mode: host to be able to detect and monitor the host's interfaces, however, if deploying a stack in swarm mode with a version 3 compose file, this mode is not available (see: https://docs.docker.com/compose/compose-file/#network_mode)

Would like to request the Elastic team to, if possible, implement an enhancement to overcome this limitation.

Thanks,
Gianpietro
@jsoriano
Copy link
Member

Hi @gianpietro1,

I think this is more a limitation on docker swarm than on metricbeat, and indeed there is an open discussion in this project about that. Other container orchestrators as Kubernetes support host network mode.

This mode is required to access the same network namespace as the host, what is needed to monitor its network interfaces, so I don't think it is possible to overcome this limitation on our side, this would be breaking namespaces boundaries.

One thing you can do if you want to monitor host network interfaces in your docker swarm cluster is to deploy metricbeat directly on all your nodes using some other configuration management solution instead of deploying them on swarm.

I am going to close this issue as I don't think we can do much here, if you have more doubts about metricbeat configuration or deployment options, please use the discuss forum.

@jsoriano
Copy link
Member

Hi @gianpietro1 again,

I replied too fast 🙂, after talking with @exekias offline about this issue he pointed that we could indeed obtain the information we use mounting the host proc filesystem into the container. We already do something like that to collect process information from the host. Here it'd be a bit different because we use a different library, but it'd be definitely possible. I'm reopening this.

@jsoriano jsoriano reopened this Oct 23, 2018
@ruflin ruflin added the Team:Integrations Label for the Integrations team label Nov 21, 2018
@OlivierCuyp
Copy link

OlivierCuyp commented Jan 21, 2019
edited

@gianpietro1 Did you try something like this ?

version: '3.3'

services:
  web:
    image: "nginx:alpine"
    networks:
      - outside

networks:
  outside:
    external:
      name: "host"

From: moby/moby#25873 (comment)

@OlivierCuyp
Copy link

@jsoriano we tested the solution I proposed it works like a charm.
So I believe you might close this issue.

@jsoriano
Copy link
Member

Great, thanks for trying it and letting us know!

@aldencolerain
Copy link

aldencolerain commented May 29, 2019
edited

@jsoriano @exekias Would you please consider re-opening this feature request? In docker swarm its possible to join a container to the host network, like @OlivierCuyp mentioned, but it makes practical deployment very difficult for a number of reasons. Most critically the container is unable to join any overlay networks, so deploying in this manner means your elastic search instance is not discoverable by metricbeat on the swarm if it is secured behind a standard swarm overlay network.

@jsoriano
Copy link
Member

jsoriano commented Jun 4, 2019

Ok, let's reopen it to get the host network information from procfs even when metricbeat is not running from the host network.

@jsoriano jsoriano reopened this Jun 4, 2019
@OlivierCuyp
Copy link

@aldencolerain I don't know your infra but in our case our nodes have a private & a public interface.
For Elasticsearch we mapped the port 9200 & 9300 on the private ips, which is only accessible through our VPN and for other nodes of the cluster.

We put an "elasticsearch" label on the nodes dedicated for Elasticsearch & a service constraint on the elasticsearch service like this:

...
    placement:
        mode: global
        constraints:
          - node.labels.elasticsearch == true

We also mapped the private ips in our DNS (for the sake of flexibility) like this:

...
elastic1.my-company.com.  A  10.0.0.1
elastic2.my-company.com.  A  10.0.0.2
elastic3.my-company.com.  A  10.0.0.3

Then in the metricbeat configuration you can just add it like this:

...
output.elasticsearch:
  hosts: ["elastic1.my-company.com:9200", "elastic3.my-company.com:9200", "elastic3.my-company.com:9200"]

This is not perfect but it works.
Your main issue, comes from Docker because you can't be part of the host network and an overlay network at the same time.
I don't really see how you could mix both network interfaces.
And I don't how you collect metrics from host network not being part of it.

I hope, it helped.

@botelastic
Copy link

botelastic bot commented Dec 27, 2020

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@botelastic botelastic bot added the Stalled label Dec 27, 2020
@jsoriano jsoriano removed the Stalled label Dec 28, 2020
@botelastic
Copy link

botelastic bot commented Nov 28, 2021

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@botelastic botelastic bot added the Stalled label Nov 28, 2021
@jsoriano jsoriano removed the Stalled label Nov 29, 2021
@botelastic
Copy link

botelastic bot commented Nov 29, 2022

Hi!
We just realized that we haven't looked into this issue in a while. We're sorry!

We're labeling this issue as Stale to make it hit our filters and make sure we get back to it as soon as possible. In the meantime, it'd be extremely helpful if you could take a look at it as well and confirm its relevance. A simple comment with a nice emoji will be enough :+1.
Thank you for your contribution!

@botelastic botelastic bot added the Stalled label Nov 29, 2022
@botelastic botelastic bot closed this as completed May 28, 2023
@jsoriano
Copy link
Member

jsoriano commented Aug 1, 2023
edited

This issue has reappeared in discuss, reopening.

https://discuss.elastic.co/t/metricbeat-docker-network-summary-does-not-work-from-within-a-container/339226

@jsoriano jsoriano reopened this Aug 1, 2023
@zube zube bot reopened this Aug 1, 2023
@zube zube bot closed this as completed Aug 1, 2023
@zube zube bot reopened this Aug 1, 2023
@zube zube bot closed this as completed Aug 1, 2023
@zube zube bot reopened this Aug 1, 2023
@zube zube bot closed this as completed Aug 1, 2023
@jsoriano jsoriano reopened this Aug 1, 2023
@jerrac
Copy link

jerrac commented Aug 7, 2023

For the record, if possible, I'd like the docker module to support pulling info from a bind mounted host directory. Something like what the system module does.

Thanks for reopening this. :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement Metricbeat Metricbeat module Team:Integrations Label for the Integrations team
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@jsoriano @ruflin @andresrc @OlivierCuyp @jerrac @gianpietro1 @aldencolerain