Any issues with including NetData on the root server and as an app add-on?
-
Using the install script is not even necessary, as netdata can just as well be run as a container itself. So a simple
docker-compose.yamlwith the following is enough:version: '3' services: netdata: image: netdata/netdata container_name: netdata pid: host network_mode: host restart: unless-stopped cap_add: - SYS_PTRACE - SYS_ADMIN security_opt: - apparmor:unconfined volumes: - ./netdataconfig/netdata:/etc/netdata - netdatalib:/var/lib/netdata - netdatacache:/var/cache/netdata - /etc/passwd:/host/etc/passwd:ro - /etc/group:/host/etc/group:ro - /proc:/host/proc:ro - /sys:/host/sys:ro - /etc/os-release:/host/etc/os-release:ro #- /var/run/docker.sock:/var/run/docker.sock:ro environment: - DOCKER_HOST=127.0.0.1:2375 cetusguard: image: hectorm/cetusguard:v1 network_mode: host read_only: true volumes: - /var/run/docker.sock:/var/run/docker.sock:ro environment: CETUSGUARD_BACKEND_ADDR: unix:///var/run/docker.sock CETUSGUARD_FRONTEND_ADDR: tcp://:2375 CETUSGUARD_RULES: | ! Inspect a container GET %API_PREFIX_CONTAINERS%/%CONTAINER_ID_OR_NAME%/json volumes: netdatalib: netdatacache:Afterwards one can just create an app proxy to
http://127.0.0.1:19999and netdata can be "publicly" reached.The above
docker-compose.yamlactually comes from the netdata documentation.@fbartels said in Any issues with including NetData on the root server and as an app add-on?:
Afterwards one can just create an app proxy to http://127.0.0.1:19999 and netdata can be "publicly" reached.
I just installed Netdata (stable) on another Cloudron production server. Installation went well, connection to Netdata cloud dashboard went well and indeed as @fbartels wrote, the "app proxy" works also to have a local only view!
Perfect!
-
@fbartels said in Any issues with including NetData on the root server and as an app add-on?:
Afterwards one can just create an app proxy to http://127.0.0.1:19999 and netdata can be "publicly" reached.
I just installed Netdata (stable) on another Cloudron production server. Installation went well, connection to Netdata cloud dashboard went well and indeed as @fbartels wrote, the "app proxy" works also to have a local only view!
Perfect!
-
@imc67 I understood, that installing netdata via the Kickstart command is not a bad thing to do?
https://learn.netdata.cloud/docs/installing/one-line-installer-for-all-linux-systems
ofc, taking into account, that messing with the system like that deviates from what is suggested for obvious reasons by Cloudron and is in my responsibility.
-
@imc67 I understood, that installing netdata via the Kickstart command is not a bad thing to do?
https://learn.netdata.cloud/docs/installing/one-line-installer-for-all-linux-systems
ofc, taking into account, that messing with the system like that deviates from what is suggested for obvious reasons by Cloudron and is in my responsibility.
-
Looks like we got our first support ticket related to installing netdata. I have not verified this but it seems that installing netdata installs the nodejs package which ends up downgrading nodejs to v12 . This in turn prevents Cloudron from starting up.
It's better to install netdata via Docker, atleast it would prevent the above issue.
-
Uhoh how do we check the version? And how to install it via Docker?
Netdata is extremely useful and needed like having a live dashboard in your car. Without its hard to drive
@imc67 said in Any issues with including NetData on the root server and as an app add-on?:
Uhoh how do we check the version?
I just found out: node -v on the command line.
On my 3 Cloudron's it says v18.16.0
Is that OK @girish ?
-
BTW nice to know:
Netdata is the most energy-efficient monitoring tool for Docker-based systems Dec 11, 2023: University of Amsterdam published a study related to the impact of monitoring tools for Docker based systems, aiming to answer 2 questions:
What is the impact of monitoring tools on the energy efficiency of Docker-based systems?
What is the impact of monitoring tools on the performance of Docker-based systems?
They tested ELK, Prometheus, Netdata and Zipkin, under 9 different configurations (Low, Mid, High Frequency vs. Low, Mid, High Workload, 3x3).This is how Netdata stands:
Netdata excels in energy efficiency: "... Netdata being the most energy-efficient tool ...", as the study says.
Netdata excels in CPU Usage, RAM Usage and Execution Time, and has a similar impact in Network Traffic as Prometheus.
The study did not normalize the results based on the number of metrics collected. Given that Netdata usually collects singificantly more metrics than the other tools, Netdata managed to outperform the other tools, while ingesting a much higher number of metrics. Read the full study here: https://www.ivanomalavolta.com/files/papers/ICSOC_2023.pdf -
@imc67 said in Any issues with including NetData on the root server and as an app add-on?:
Uhoh how do we check the version?
I just found out: node -v on the command line.
On my 3 Cloudron's it says v18.16.0
Is that OK @girish ?
@imc67 said in Any issues with including NetData on the root server and as an app add-on?:
On my 3 Cloudron's it says v18.16.0
Is that OK @girish ?
It is correct version right now. If netdata has a nodejs dep, then it might conflict with Cloudron's. We update Cloudron's nodejs without thinking about other software.
-
Still no single problem with 3 Cloudrons, I guess and am pretty sure itβs not NetData whatβs causing your issue.
-
Hello,
I'm currently looking at this topic at the moment and maybe it would be possible to split this issue in two different subject.
I understood that the main issue to add netdata to cloudron as an app is the capabilities required from the docker image to be able to collect all the metrics of the host. Which I understand is a problem as it challenge the whole security design actually implemented.
But would it be conceivable to deploy netdata as a cloudron app with limited monitoring capabilities as a known limitation. I know that it can seems counter-productive but I have a specific purpose for which it could be useful : Using this netdata instance as a parent node to centralize all the metrics from different children and use the ldap/proxyauth addon of cloudron to add authentication to the WebUI
That would be a really great use case for me.And concerning the other subject of actually collecting the data of the cloudron host using netdata. IMHO a tutorial on how to deploy it with docker and /or docker-compose, and the firewall configuration needed would be enough for most admin I think.
-
Hello,
I'm currently looking at this topic at the moment and maybe it would be possible to split this issue in two different subject.
I understood that the main issue to add netdata to cloudron as an app is the capabilities required from the docker image to be able to collect all the metrics of the host. Which I understand is a problem as it challenge the whole security design actually implemented.
But would it be conceivable to deploy netdata as a cloudron app with limited monitoring capabilities as a known limitation. I know that it can seems counter-productive but I have a specific purpose for which it could be useful : Using this netdata instance as a parent node to centralize all the metrics from different children and use the ldap/proxyauth addon of cloudron to add authentication to the WebUI
That would be a really great use case for me.And concerning the other subject of actually collecting the data of the cloudron host using netdata. IMHO a tutorial on how to deploy it with docker and /or docker-compose, and the firewall configuration needed would be enough for most admin I think.
@cvachery I believe it makes most sense to install in the root host.
I assume being installed there would give it a view of all Docker Containers, anyway.
Perhaps it should just be an optional install on the root host, with disclaimers that issues might not be supported.
-
@cvachery I believe it makes most sense to install in the root host.
I assume being installed there would give it a view of all Docker Containers, anyway.
Perhaps it should just be an optional install on the root host, with disclaimers that issues might not be supported.
@marcusquinn I do agree that for a monitoring point of view it indeed makes more sense to deploy on the root host (that was my second point) but as a cloudron app I do believe the not privileged app has an utility.
And using this architecture of a netdata parent node as a cloudron app and a child node being deployed on the root host streaming its data to the parent would be then transparent and we would have the best of the two world if the installation on the root host is at least well documented on the cloudron side or even as you suggest made an optionnal part of the install process
-
@marcusquinn I do agree that for a monitoring point of view it indeed makes more sense to deploy on the root host (that was my second point) but as a cloudron app I do believe the not privileged app has an utility.
And using this architecture of a netdata parent node as a cloudron app and a child node being deployed on the root host streaming its data to the parent would be then transparent and we would have the best of the two world if the installation on the root host is at least well documented on the cloudron side or even as you suggest made an optionnal part of the install process
-
I've had some time this week to work on this topic. So here is where I am at the moment.
I packaged an app for cloudron, it does seem to be working properly. (I let you guys have a look/test as it is my first try at packaging for cloudron)The only thing I can't get to work is the streaming part. (eg a child node stream to my cloudron node which is a parent), my best guess is that the reverse proxy used by cloudron doesn't send the tcp stream to the container but only http. But I don't know how to configure/fix that.
The netdata configuration file is in
/app/data/etcso to set up streaming you can add a filestream.confusing the file explorer and restart the appInfos I can give :
Command used to install :cloudron install --image cvachery/netdata-app:v1.44.1
Github : https://github.com/aylham/cloudron-netdata
Docker image :docker pull cvachery/netdata-app:v1.44.1
Netdata doc on how to setup streaming : https://learn.netdata.cloud/docs/streaming/understanding-how-streaming-works#enable-streaming-between-nodes -
I've had some time this week to work on this topic. So here is where I am at the moment.
I packaged an app for cloudron, it does seem to be working properly. (I let you guys have a look/test as it is my first try at packaging for cloudron)The only thing I can't get to work is the streaming part. (eg a child node stream to my cloudron node which is a parent), my best guess is that the reverse proxy used by cloudron doesn't send the tcp stream to the container but only http. But I don't know how to configure/fix that.
The netdata configuration file is in
/app/data/etcso to set up streaming you can add a filestream.confusing the file explorer and restart the appInfos I can give :
Command used to install :cloudron install --image cvachery/netdata-app:v1.44.1
Github : https://github.com/aylham/cloudron-netdata
Docker image :docker pull cvachery/netdata-app:v1.44.1
Netdata doc on how to setup streaming : https://learn.netdata.cloud/docs/streaming/understanding-how-streaming-works#enable-streaming-between-nodes@cvachery said in Any issues with including NetData on the root server and as an app add-on?:
The only thing I can't get to work is the streaming part. (eg a child node stream to my cloudron node which is a parent), my best guess is that the reverse proxy used by cloudron doesn't send the tcp stream to the container but only http. But I don't know how to configure/fix that.
Not sure if this helps but if the data is sent in separate tcp port, you have to define it using tcpPort in manifest - https://docs.cloudron.io/packaging/manifest/#tcpports
