[lxc-users] monitoring containers using lxc-info (without being root)

Fiedler Roman Roman.Fiedler at ait.ac.at
Wed May 13 07:41:19 UTC 2015


Hi,

> Von: lxc-users [mailto:lxc-users-bounces at lists.linuxcontainers.org] Im Auftrag
> 
> On 05/11/15 20:35, Stéphane Graber wrote:
> >
> > lxc-info -c doesn't read the container configuration, instead it
> > connects to the container's command socket and asks the container what's
> > the running configuration.
> >
> > That means that you need to run lxc-info as the same user which started
> > the container for it to be able to contact the command socket.
> >
> 
> Understood, but I cannot run all my containers as "zabbix" or "nagios"
> user just for monitoring. sudo would be an option, but I wonder if the
> socket could be created with a "lxc" group permission and to add the
> monitoring account to this group? Maybe a second "read-only" socket to
> obtain information from the container (without the "control" part) could
> do the trick?
> 
> Just a suggestion, of course. Keep on your good work.

I have similar problem with following solution: minimal monitoring components running in container, writing messages to container-internal spool. Those messages are forwarded via pipe (lxc-attach) to host and then to Zabbix instance via TLS and are injected to Zabbix using trapper. All the spooling/forwarding components are identical, so there is only need for 1 type of spooling component (~25k) and the minimal tests (~30kb).

Another advantage: Full history of measurements event with network connectivity loss between central monitoring point and LXC-hosts/guest.

Roman.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6344 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20150513/6d8e68a4/attachment.bin>


More information about the lxc-users mailing list