Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Does not work so great inside a docker container #66

Closed
camerondavison opened this issue Apr 23, 2015 · 47 comments
Closed

Does not work so great inside a docker container #66

camerondavison opened this issue Apr 23, 2015 · 47 comments

Comments

@camerondavison
Copy link

Currently it reports /etc/hostname and /etc/hosts and /etc/resolv.conf as mount points inside the docker container, and then reports / as just the filesystem that the docker container is mounted on.

It would be nice to be able to report the mounts from the host machine, or at least have some configuration option where you can do that similar to cAdvisor.

@matthiasr
Copy link
Contributor

matthiasr commented Apr 23, 2015 via email

@camerondavison
Copy link
Author

docker run --rm -ti -p 9100:9100 prom/node-exporter
$ curl -s localhost:9100/metrics | egrep '^node_filesystem_free'
node_filesystem_free{filesystem="/"} 1.0477051904e+10
node_filesystem_free{filesystem="/etc/hostname"} 1.0477051904e+10
node_filesystem_free{filesystem="/etc/hosts"} 1.0477051904e+10
node_filesystem_free{filesystem="/etc/resolv.conf"} 1.0477051904e+10
docker run --rm -ti -p 9100:9100 --volume=/sys:/sys:ro --volume=/proc:/proc:ro prom/node-exporter

same

docker run --rm -ti -p 9100:9100 --volume=/sys:/sys:ro --volume=/proc:/proc:ro --volume=/:/rootfs:ro prom/node-exporter

sort of works but has a bunch of junk like below that I would probably not like to have

$ curl -s localhost:9100/metrics | egrep '^node_filesystem_free'
node_filesystem_free{filesystem="/rootfs/var/lib/docker/overlay/12750f959cc8ead2298a7f8684a6e8d2b2ac1fb88853945a055debeb150d5484/merged"} 1.047703552e+10
node_filesystem_free{filesystem="/rootfs/var/lib/docker/overlay/1cf04940027f49751de0b4152cb5ddcae75a9377ea1ba3e27b081110a43afb99/merged"} 1.047703552e+10
node_filesystem_free{filesystem="/rootfs/var/lib/docker/overlay/25fe6dd3e7aa9344c5150dabc931da7090c91d063780e7b0806e013c22fab847/merged"} 1.047703552e+10
node_filesystem_free{filesystem="/rootfs/var/lib/docker/overlay/2ca45cb64bd8a03f508f01f3a328336a8403948190a5966864f00375c2061128/merged"} 1.047703552e+10
node_filesystem_free{filesystem="/rootfs/var/lib/docker/overlay/517e01efdc1d013d45085fac163fe65415a3d3a5e6037442a2de1b1aeebfbb3b/merged"} 1.047703552e+10
node_filesystem_free{filesystem="/rootfs/var/lib/docker/overlay/6a23736beed6e76bed99f4d73bfecf007c62427a1d882ee52cdccb9fadc1568f/merged"} 1.047703552e+10
node_filesystem_free{filesystem="/rootfs/var/lib/docker/overlay/72047aa2084de6e64d904b4ec223d5e11586290fb6a2a32f02f6a079d65bf248/merged"} 1.047703552e+10
node_filesystem_free{filesystem="/rootfs/var/lib/docker/overlay/84827b2dba0e0383d767f6a79db7086a219b1736bd3494273d9ac8b120b9d7b3/merged"} 1.047703552e+10

@matthiasr
Copy link
Contributor

matthiasr commented Apr 23, 2015 via email

@camerondavison
Copy link
Author

cAdvisor does not have this problem :/

@juliusv
Copy link
Member

juliusv commented Apr 23, 2015

But, but... cAdvisor only exports cgroup container stats, not fileystem stats, right? The cAdvisor Docker launch instructions say:

sudo docker run \
  --volume=/:/rootfs:ro \
  --volume=/var/run:/var/run:rw \
  --volume=/sys:/sys:ro \
  --volume=/var/lib/docker/:/var/lib/docker:ro \
  --publish=8080:8080 \
  --detach=true \
  --name=cadvisor \
  google/cadvisor:latest

The --volume=/sys:/sys:ro flag mounts the host's sysfs (containing cgroup information under /sys/fs/cgroup) into the cAdvisor container, making all the cgroup information accessible to cAdvisor. Perhaps a similar thing can be done by mounting all the filesystems you are interested in into the container, but it's not going to be as easy as with the cgroup information, as that only needs to mount in one FS with all the cgroup info.

@juliusv
Copy link
Member

juliusv commented Apr 23, 2015

Ah ok, it also does FS stats, but only for filesystems mounted into each container?

@juliusv
Copy link
Member

juliusv commented Apr 23, 2015

Or maybe the --volume=/:/rootfs:ro also allows it to export host filesystem stats, not sure.

@matthiasr
Copy link
Contributor

(I saw this in email but the comment is gone?)

Mounting the host's /proc into a different path in the container would definitely be a good way.

Currently, many of the collectors hardcode /proc, they should instead read this from a (one global) flag. This would also make e.g. testing much more consistent.

@grobie
Copy link
Member

grobie commented Jun 24, 2015

All the procfs code should be moved to our procfs lib anyway, which supports changing the mounting point already.

@discordianfish
Copy link
Member

Agreed, we should switch to procfs lib and make it possible to specify a alternative root directory (--fs.root /rootfs or similar) and only expose metrics for filesystems mounted in that directory. To make things nice, we can strip the rootfs path from the filesystem path.

@juliusv
Copy link
Member

juliusv commented Jun 24, 2015

Volunteers? :)

@juliusv
Copy link
Member

juliusv commented Oct 9, 2015

We have flags now for setting the procfs and sysfs locations, so as long as you get those two mounted into your Docker container somehow, you should be able to run it on Docker: https://github.com/prometheus/node_exporter/blob/master/collector/paths.go

@superdump
Copy link

Do you necessarily need to mount to some path in the container that is not /sys and /proc?

@juliusv
Copy link
Member

juliusv commented Oct 13, 2015

No, those two should be sufficient.

@superdump
Copy link

I meant: is there a problem with -v /sys:/sys -v /proc:/proc? Or does one have to mount to different paths in the container? Is :ro needed for any security reasons?

@superdump
Copy link

-v /proc:/proc is disliked:

Cannot start container b2cdc636e8be690293659044cfae954e198a581d65b9e9131897c7be716504bd: [8] System error: "/var/lib/docker/aufs/mnt/b2cdc636e8be690293659044cfae954e198a581d65b9e9131897c7be716504bd/proc" cannot be mounted because it is located inside "/proc"

@juliusv
Copy link
Member

juliusv commented Oct 15, 2015

I'm afraid I won't be able to help here since I don't do much with Docker. As long as you can somehow mount both FSes into your container and point the node exporter flags there, you should be fine though (i.e. I don't think mounting ro is strictly needed, though it might not hurt).

@discordianfish
Copy link
Member

@superdump Yes, I guess mounting to /proc doesn't work. Just use some other directory. That being said, we should consider to support some filtering/rewriting of the mountpoints for this case. Basically just strip the path to the container root.

@mbrooks
Copy link

mbrooks commented Oct 29, 2015

The below got me the info I needed for the most part. I built my dashboard showing disk space available by using 'node_filesystem_avail{mountpoint="/rootfs"}' as the query. It seems to work pretty well.

docker run -d -p 9100:9100 -v "/proc:/host/proc" -v "/sys:/host/sys" -v "/:/rootfs" --net="host" prom/node-exporter -collector.procfs /host/proc -collector.sysfs /host/proc -collector.filesystem.ignored-mount-points "^/(sys|proc|dev|host|etc)($|/)"

It's kind of annoying that root point shows up as /rootfs and that's definitely not standard, but it works as far as I can tell for CPU and Disk stats!

My only suggestion is that node_explorer may need to rethink it's docker strategy a bit to maybe include some of the above commands by default and require certain volumes are mounted. Info isn't going to be in the standard places and parsing may need to be different as well for docker images to keep things consistent in a docker and non-docker world.

@discordianfish
Copy link
Member

@mbrooks PRs welcome :) I agree that it makes sense to:

  • add a option to strip a prefix from mountpoints
  • require and check that things are bind-mounted
  • update the README to explain all this a bit more

@flypenguin
Copy link

I really think this is highly inconvenient. Having a "disk free" item should be the most basic form of monitoring, and node-exporter fails in doing so. IMHO is a major issue because it kinda renders disk stats unusable (I really don't want to find out what filesystem "/etc/resolv.conf" actually is, and everyone looking at any graphs is bound to wonder)

I am trying now to run this as standalone go application to fix it, luckily it's Go so it doesnt have dependencies. Let's see how that goes.

@brian-brazil
Copy link
Contributor

The node exporter does provide disk free stats, your problem is that you're trying to run it inside a system designed to prevent the node exporter getting to things like disk stats - and which also uses a fair amount of bind mounts (which is what /etc/resov.conf is here, we should see if we can exclude bind mounts as they don't make sense to export).

@discordianfish
Copy link
Member

Agreeing with @brian-brazil here. In general I would advise against running the node_exporter as Docker container. In my infrastructures I usually bake the node-exporter in the host/OS image.
That being said, I think it's reasonable to support some 'rewriting' and filtering of mountpoints given how many people want to run it in Docker. So @flypenguin feel free to submit a PR adding such functionality.

PS: If you need this but can't fix it on your own, I'm sure we can find someone you can pay to do so ;)

@flypenguin
Copy link

then my pull request would be to remove that paragraph "you can use docker
to get started" replacing it with "you can use docker, but it is
discouraged because of weird metric labels". ;)

2016-03-16 11:12 GMT+01:00 discordianfish notifications@github.com:

Agreeing with @brian-brazil https://github.com/brian-brazil here. In
general I would advise against running the node_exporter as Docker
container. In my infrastructures I usually bake the node-exporter in the
host/OS image.
That being said, I think it's reasonable to support some 'rewriting' and
filtering of mountpoints given how many people want to run it in Docker. So
@flypenguin https://github.com/flypenguin feel free to submit a PR
adding such functionality.

PS: If you need this but can't fix it on your own, I'm sure we can find
someone you can pay to do so ;)


You are receiving this because you were mentioned.
Reply to this email directly or view it on GitHub
#66 (comment)

@superdump
Copy link

I run it in a docker container without any significant problems. If you have infrastructure for managing docker containers and you try to deploy everything using docker containers then it can make sense to run it there anyway for consistency with the rest of your system.

@juliusv
Copy link
Member

juliusv commented Mar 16, 2016

Btw., https://www.digitalocean.com/community/tutorials/how-to-install-prometheus-using-docker-on-ubuntu-14-04 also has some instructions on how to set up the Node Exporter in Docker. It's the closest I could make it compared to running it directly on the host system (which is still recommended). Basically:

docker run -d -p 9100:9100 -v "/proc:/host/proc" -v "/sys:/host/sys" -v "/:/rootfs" --net="host" prom/node-exporter -collector.procfs /host/proc -collector.sysfs /host/proc -collector.filesystem.ignored-mount-points "^/(sys|proc|dev|host|etc)($|/)"

@flypenguin
Copy link

I'll just run it natively, I'm still using "normal" Linux installations
(not something super-stripped-down where I potentially can't do this ;).
Still, thanks for your effort, I'll bookmark this in case I'll hit this
again somewhere else :)

2016-03-16 13:39 GMT+01:00 Julius Volz notifications@github.com:

Btw.,
https://www.digitalocean.com/community/tutorials/how-to-install-prometheus-using-docker-on-ubuntu-14-04
also has some instructions on how to set up the Node Exporter in Docker.
It's the closest I could make it compared to running it directly on the
host system (which is still recommended). Basically:

docker run -d -p 9100:9100 -v "/proc:/host/proc" -v "/sys:/host/sys" -v "/:/rootfs" --net="host" prom/node-exporter -collector.procfs /host/proc -collector.sysfs /host/proc -collector.filesystem.ignored-mount-points "^/(sys|proc|dev|host|etc)($|/)"


You are receiving this because you were mentioned.
Reply to this email directly or view it on GitHub
#66 (comment)

dan-cleinmark added a commit to dan-cleinmark/node_exporter that referenced this issue Mar 21, 2016
* accepts a regex pattern to be removed from the mountpoints
exported by the filesystem collector.
* addresses issue prometheus#66
diafour added a commit to flant/node_exporter that referenced this issue Apr 18, 2018
- relates to prometheus#66

Signed-off-by: Ivan Mikheykin <ivan.mikheykin@flant.com>
marcbachmann pushed a commit to marcbachmann/node_exporter that referenced this issue Jul 9, 2018
- relates to prometheus#66

Signed-off-by: Ivan Mikheykin <ivan.mikheykin@flant.com>
@discordianfish
Copy link
Member

While we still recommend running the node-exporter on the host and not in a container runtime, many people (including myself) do so. So I think it's time we revisit this issue and use it to track other related things like:

cofyc pushed a commit to cofyc/node_exporter that referenced this issue Sep 3, 2018
- relates to prometheus#66

Signed-off-by: Ivan Mikheykin <ivan.mikheykin@flant.com>
@discordianfish discordianfish mentioned this issue Sep 4, 2018
3 tasks
@SuperQ SuperQ closed this as completed in 0f9842f Oct 4, 2018
@discordianfish discordianfish reopened this Oct 4, 2018
@discordianfish
Copy link
Member

I think there are other issues beside the names to address, like the issue linked above. I know Red Hat is working on some solutions to that which involve running the node-exporter in the host namespace, that might solve all these issues.

@discordianfish
Copy link
Member

@s-urbaniak Still waiting for you guys take on it btw :)

@dash042
Copy link

dash042 commented May 3, 2019

still not working:
node-exporter in Docker container (k8s) with variable node_filesystem_size_bytes will only show 10GB - so the docker mapped volume - not the total disk size of the NODE:

/dev/mapper/docker-253:0-201434461-e80c535ec0ec3840bef82cac01ae9d4ca47550036ee8a8cc222aa722aaf919a2
                         10.0G     55.5M      9.9G   1% /

Solution: use quay.io/prometheus/node-exporter:v0.15.0
and node_filesystem_size after mounting / to /rootfs... and filtering on this mountpoint

Definetly not perfect - but I have no idea why the newer versions outputs fewer data...

@discordianfish
Copy link
Member

@dash042 That is already documented in the README

@dt-rush
Copy link
Contributor

dt-rush commented Jun 25, 2019

Agreeing with @brian-brazil here. In general I would advise against running the node_exporter as Docker container. In my infrastructures I usually bake the node-exporter in the host/OS image.

The issue is, docker is used precisely because it makes it possible to design and run your infrastructure in such a way that you don't have to have control of (and you may not have control of) of the base image to the point you can decide to "bake in" a binary like the node exporter.

Docker creates "containers" for process trees using cgroups and namespaces. It is not necessarily meant in all cases and above all to block access, if desired, to the host. It's to be expected that in the modern world, people will deploy this service in a containerized manner. I think the solution this thread hit upon is fine enough; Bind-mounting is a well-established part of docker practices.

@dt-rush
Copy link
Contributor

dt-rush commented Jun 25, 2019

There is only one thing I would add for future reference of anybody finding this thread, or perhaps this might even warrant inclusion in the README:

If the --pid="host" param is not provided, the metrics for avail_bytes will not be labelled properly. You will see:

node_filesystem_avail_bytes{device="/dev/nvme0n1p2",fstype="ext4",mountpoint="/etc/hostname"} 1.3968082944e+11
node_filesystem_avail_bytes{device="/dev/nvme0n1p2",fstype="ext4",mountpoint="/etc/hosts"} 1.3968082944e+11

instead of:

node_filesystem_avail_bytes{device="/dev/nvme0n1p2",fstype="ext4",mountpoint="/"} 1.3967706112e+11

@dt-rush
Copy link
Contributor

dt-rush commented Jun 25, 2019

... This is particularly troublesome if you want to run systemd in your container (via an entrypoint which runs /sbin/init) (see for example this base image that we use for our services), and want to have the node-exporter be run as a systemd unit inside that container, since --pid="host" will cause the container to fail to start with the logs showing:

Systemd init system enabled.
Couldn't find an alternative telinit implementation to spawn.

@discordianfish
Copy link
Member

@dt-rush The readme also tells people to use pid=host. If you have a suggestion how to solve this without using host pid namespace, I'm all ears.

@n0nvme
Copy link

n0nvme commented Feb 13, 2021

Currently docker swarm does not support using host pid(see docker/docs#5624 (comment)). Are there any workarounds to monitor nodes with node-exporter started as swarm service in global mode?

@SuperQ
Copy link
Member

SuperQ commented Feb 13, 2021

Use Ansible to deploy the node_exporter instead of using Docker.

@SuperQ
Copy link
Member

SuperQ commented Feb 13, 2021

I think we've documented enough of the Docker issues in the README at this point. For normal Docker use, the node_exporter works well enough. Additional issues need to be filed with Docker, as they are not node_exporter bugs.

@SuperQ SuperQ closed this as completed Feb 13, 2021
@prometheus prometheus locked as resolved and limited conversation to collaborators Feb 13, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests