I have a script I am running to monitor memory across docker containers and report it back to statsd.
It all boils down to being able to run: docker ps and docker exec container ps aux and parsing results.
The parsing logic is involved so I coded it in Ruby.
If I am to go with the “traditional” approach here I would just deploy the script and Ruby on all the machines and ensure an appropriate upstart job is about.
However, I would prefer to use docker for the packaging which would make updating stuff easier.
If I start up Docker in privileged mode will I be able to run nsenter on other running containers on the box?
If that is too tricky, how do I set up a container to perform this via the API without punching open gaping security holes?
I dont think you need dind ( docker in docker ) to do this. One approach i used is to mount the docker’s unix socket inside the targeted container. For example:
docker run -d -v /var/run/docker.sock:/var/run/docker.sock monitor-image
The docker client inside monitor-image will then be able to talk to the host /var/run/docker.sock
Its been pretty solid over the weekend, I deployed this:
Launch the container and allow it to talk to the docker socket with restart always and now data is flowing in beautifully and I have pretty pictures to show. Don’t have to worry about machines rebooting and so on.