-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Does not work so great inside a docker container #66
Comments
Does it work to bind-mount /proc and /sys into the container?
|
same
sort of works but has a bunch of junk like below that I would probably not like to have
|
I'm afraid that is just the reality of Docker (lots of mounts).
In general, trying to get information about the actual machine from inside
a container will be quite awkward regardless; I would treat it as part of
the platform and run it bare. At most you could limit its CPU and memory
usage, but if you namespace it off it just won't be able to tell you much.
|
cAdvisor does not have this problem :/ |
But, but... cAdvisor only exports cgroup container stats, not fileystem stats, right? The cAdvisor Docker launch instructions say:
The |
Ah ok, it also does FS stats, but only for filesystems mounted into each container? |
Or maybe the |
(I saw this in email but the comment is gone?) Mounting the host's /proc into a different path in the container would definitely be a good way. Currently, many of the collectors hardcode |
All the procfs code should be moved to our procfs lib anyway, which supports changing the mounting point already. |
Agreed, we should switch to procfs lib and make it possible to specify a alternative root directory ( |
Volunteers? :) |
We have flags now for setting the procfs and sysfs locations, so as long as you get those two mounted into your Docker container somehow, you should be able to run it on Docker: https://github.com/prometheus/node_exporter/blob/master/collector/paths.go |
Do you necessarily need to mount to some path in the container that is not /sys and /proc? |
No, those two should be sufficient. |
I meant: is there a problem with |
|
I'm afraid I won't be able to help here since I don't do much with Docker. As long as you can somehow mount both FSes into your container and point the node exporter flags there, you should be fine though (i.e. I don't think mounting ro is strictly needed, though it might not hurt). |
@superdump Yes, I guess mounting to /proc doesn't work. Just use some other directory. That being said, we should consider to support some filtering/rewriting of the mountpoints for this case. Basically just strip the path to the container root. |
The below got me the info I needed for the most part. I built my dashboard showing disk space available by using 'node_filesystem_avail{mountpoint="/rootfs"}' as the query. It seems to work pretty well.
It's kind of annoying that root point shows up as /rootfs and that's definitely not standard, but it works as far as I can tell for CPU and Disk stats! My only suggestion is that node_explorer may need to rethink it's docker strategy a bit to maybe include some of the above commands by default and require certain volumes are mounted. Info isn't going to be in the standard places and parsing may need to be different as well for docker images to keep things consistent in a docker and non-docker world. |
@mbrooks PRs welcome :) I agree that it makes sense to:
|
I really think this is highly inconvenient. Having a "disk free" item should be the most basic form of monitoring, and node-exporter fails in doing so. IMHO is a major issue because it kinda renders disk stats unusable (I really don't want to find out what filesystem "/etc/resolv.conf" actually is, and everyone looking at any graphs is bound to wonder) I am trying now to run this as standalone go application to fix it, luckily it's Go so it doesnt have dependencies. Let's see how that goes. |
The node exporter does provide disk free stats, your problem is that you're trying to run it inside a system designed to prevent the node exporter getting to things like disk stats - and which also uses a fair amount of bind mounts (which is what /etc/resov.conf is here, we should see if we can exclude bind mounts as they don't make sense to export). |
Agreeing with @brian-brazil here. In general I would advise against running the node_exporter as Docker container. In my infrastructures I usually bake the node-exporter in the host/OS image. PS: If you need this but can't fix it on your own, I'm sure we can find someone you can pay to do so ;) |
then my pull request would be to remove that paragraph "you can use docker 2016-03-16 11:12 GMT+01:00 discordianfish notifications@github.com:
|
I run it in a docker container without any significant problems. If you have infrastructure for managing docker containers and you try to deploy everything using docker containers then it can make sense to run it there anyway for consistency with the rest of your system. |
Btw., https://www.digitalocean.com/community/tutorials/how-to-install-prometheus-using-docker-on-ubuntu-14-04 also has some instructions on how to set up the Node Exporter in Docker. It's the closest I could make it compared to running it directly on the host system (which is still recommended). Basically: docker run -d -p 9100:9100 -v "/proc:/host/proc" -v "/sys:/host/sys" -v "/:/rootfs" --net="host" prom/node-exporter -collector.procfs /host/proc -collector.sysfs /host/proc -collector.filesystem.ignored-mount-points "^/(sys|proc|dev|host|etc)($|/)" |
I'll just run it natively, I'm still using "normal" Linux installations 2016-03-16 13:39 GMT+01:00 Julius Volz notifications@github.com:
|
* accepts a regex pattern to be removed from the mountpoints exported by the filesystem collector. * addresses issue prometheus#66
- relates to prometheus#66 Signed-off-by: Ivan Mikheykin <ivan.mikheykin@flant.com>
- relates to prometheus#66 Signed-off-by: Ivan Mikheykin <ivan.mikheykin@flant.com>
While we still recommend running the node-exporter on the host and not in a container runtime, many people (including myself) do so. So I think it's time we revisit this issue and use it to track other related things like:
|
- relates to prometheus#66 Signed-off-by: Ivan Mikheykin <ivan.mikheykin@flant.com>
I think there are other issues beside the names to address, like the issue linked above. I know Red Hat is working on some solutions to that which involve running the node-exporter in the host namespace, that might solve all these issues. |
@s-urbaniak Still waiting for you guys take on it btw :) |
still not working:
Solution: use quay.io/prometheus/node-exporter:v0.15.0 Definetly not perfect - but I have no idea why the newer versions outputs fewer data... |
@dash042 That is already documented in the README |
The issue is, docker is used precisely because it makes it possible to design and run your infrastructure in such a way that you don't have to have control of (and you may not have control of) of the base image to the point you can decide to "bake in" a binary like the node exporter. Docker creates "containers" for process trees using cgroups and namespaces. It is not necessarily meant in all cases and above all to block access, if desired, to the host. It's to be expected that in the modern world, people will deploy this service in a containerized manner. I think the solution this thread hit upon is fine enough; Bind-mounting is a well-established part of docker practices. |
There is only one thing I would add for future reference of anybody finding this thread, or perhaps this might even warrant inclusion in the README: If the
instead of:
|
... This is particularly troublesome if you want to run systemd in your container (via an entrypoint which runs
|
@dt-rush The readme also tells people to use pid=host. If you have a suggestion how to solve this without using host pid namespace, I'm all ears. |
Currently docker swarm does not support using host pid(see docker/docs#5624 (comment)). Are there any workarounds to monitor nodes with node-exporter started as swarm service in global mode? |
Use Ansible to deploy the node_exporter instead of using Docker. |
I think we've documented enough of the Docker issues in the README at this point. For normal Docker use, the node_exporter works well enough. Additional issues need to be filed with Docker, as they are not node_exporter bugs. |
Currently it reports /etc/hostname and /etc/hosts and /etc/resolv.conf as mount points inside the docker container, and then reports / as just the filesystem that the docker container is mounted on.
It would be nice to be able to report the mounts from the host machine, or at least have some configuration option where you can do that similar to cAdvisor.
The text was updated successfully, but these errors were encountered: