Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: Docker: ndsudo cannot find fail2ban executables on host from within container #18079

Closed
vipergts450 opened this issue Jul 7, 2024 · 4 comments · Fixed by #18081
Closed

[Bug]: Docker: ndsudo cannot find fail2ban executables on host from within container #18079

vipergts450 opened this issue Jul 7, 2024 · 4 comments · Fixed by #18081
Labels
area/collectors Everything related to data collection bug collectors/go.d feature request New features

Comments

@vipergts450
Copy link

Bug description

Hello all, thank you for this amazing project.

I noticed that using the suggested Docker configuration leads to a scenario where the fail2ban integration is unable to start due to no access to the host's PATH to find the executable.

Expected behavior

Expected netdata to parse fail2ban logs for display on the dashboard.

Steps to reproduce

  1. Use a recommended Docker configuration, including host binds and volume mounts.
  2. Start the container.
  3. Fail2Ban collector is status "Failed" in the Configurations page:
    image
  4. Logs report:
# docker logs netdata 2>&1 | grep fail2ban
time=2024-07-07T13:59:56.382-04:00 level=error msg="error on '/usr/libexec/netdata/plugins.d/ndsudo fail2ban-client-status': exit status 4" plugin=go.d collector=fail2ban job=fail2ban
time=2024-07-07T13:59:56.382-04:00 level=error msg="check failed" plugin=go.d collector=fail2ban job=fail2ban
  1. exit status 4 is vague
  2. Enter container with # docker exec -it netdata bash
  3. Run ndsudo manually with:
# cd /usr/libexec/netdata/plugins.d/
# ./ndsudo fail2ban-client-status
fail2ban-client : not available in PATH.

PATH as per netdata.conf is

[environment variables]
	# PATH = /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/sbin:/usr/sbin:/usr/local/bin:/usr/local/sbin

Installation method

docker

System info

Linux 698pi 6.6.31 rpt-rpi-v8 #1 SMP PREEMPT Debian 1:6.6.31-1 rpt1 (2024-05-29) aarch64 GNU/Linux
/etc/os-release:PRETTY_NAME="Debian GNU/Linux 12 (bookworm)"
/etc/os-release:NAME="Debian GNU/Linux"
/etc/os-release:VERSION_ID="12"
/etc/os-release:VERSION="12 (bookworm)"
/etc/os-release:VERSION_CODENAME=bookworm
/etc/os-release:ID=debian

Netdata build info

Packaging:
    Netdata Version ____________________________________________ : v1.46.0-99-nightly
    Installation Type __________________________________________ : oci
    Package Architecture _______________________________________ : aarch64
    Package Distro _____________________________________________ : unknown
    Configure Options __________________________________________ : dummy-configure-command
Default Directories:
    User Configurations ________________________________________ : /etc/netdata
    Stock Configurations _______________________________________ : /usr/lib/netdata/conf.d
    Ephemeral Databases (metrics data, metadata) _______________ : /var/cache/netdata
    Permanent Databases ________________________________________ : /var/lib/netdata
    Plugins ____________________________________________________ : /usr/libexec/netdata/plugins.d
    Static Web Files ___________________________________________ : /usr/share/netdata/web
    Log Files __________________________________________________ : /var/log/netdata
    Lock Files _________________________________________________ : /var/lib/netdata/lock
    Home _______________________________________________________ : /var/lib/netdata
Operating System:
    Kernel _____________________________________________________ : Linux
    Kernel Version _____________________________________________ : 6.6.31 rpt-rpi-v8
    Operating System ___________________________________________ : Debian GNU/Linux
    Operating System ID ________________________________________ : debian
    Operating System ID Like ___________________________________ : unknown
    Operating System Version ___________________________________ : 12 (bookworm)
    Operating System Version ID ________________________________ : 12
    Detection __________________________________________________ : /host/etc/os-release
Hardware:
    CPU Cores __________________________________________________ : 4
    CPU Frequency ______________________________________________ : 2700000000
    RAM Bytes __________________________________________________ : 8326922240
    Disk Capacity ______________________________________________ : 1000204886016
    CPU Architecture ___________________________________________ : aarch64
    Virtualization Technology __________________________________ : unknown
    Virtualization Detection ___________________________________ : none
Container:
    Container __________________________________________________ : docker
    Container Detection ________________________________________ : dockerenv
    Container Orchestrator _____________________________________ : none
    Container Operating System _________________________________ : Debian GNU/Linux
    Container Operating System ID ______________________________ : debian
    Container Operating System ID Like _________________________ : unknown
    Container Operating System Version _________________________ : 12 (bookworm)
    Container Operating System Version ID ______________________ : 12
    Container Operating System Detection _______________________ : /etc/os-release
Features:
    Built For __________________________________________________ : Linux
    Netdata Cloud ______________________________________________ : YES
    Health (trigger alerts and send notifications) _____________ : YES
    Streaming (stream metrics to parent Netdata servers) _______ : YES
    Back-filling (of higher database tiers) ____________________ : YES
    Replication (fill the gaps of parent Netdata servers) ______ : YES
    Streaming and Replication Compression ______________________ : YES (zstd lz4 gzip)
    Contexts (index all active and archived metrics) ___________ : YES
    Tiering (multiple dbs with different metrics resolution) ___ : YES (5)
    Machine Learning ___________________________________________ : YES
Database Engines:
    dbengine (compression) _____________________________________ : YES (zstd lz4)
    alloc ______________________________________________________ : YES
    ram ________________________________________________________ : YES
    none _______________________________________________________ : YES
Connectivity Capabilities:
    ACLK (Agent-Cloud Link: MQTT over WebSockets over TLS) _____ : YES
    static (Netdata internal web server) _______________________ : YES
    h2o (web server) ___________________________________________ : YES
    WebRTC (experimental) ______________________________________ : NO
    Native HTTPS (TLS Support) _________________________________ : YES
    TLS Host Verification ______________________________________ : YES
Libraries:
    LZ4 (extremely fast lossless compression algorithm) ________ : YES
    ZSTD (fast, lossless compression algorithm) ________________ : YES
    zlib (lossless data-compression library) ___________________ : YES
    Brotli (generic-purpose lossless compression algorithm) ____ : NO
    protobuf (platform-neutral data serialization protocol) ____ : YES (system)
    OpenSSL (cryptography) _____________________________________ : YES
    libdatachannel (stand-alone WebRTC data channels) __________ : NO
    JSON-C (lightweight JSON manipulation) _____________________ : YES
    libcap (Linux capabilities system operations) ______________ : NO
    libcrypto (cryptographic functions) ________________________ : YES
    libyaml (library for parsing and emitting YAML) ____________ : YES
Plugins:
    apps (monitor processes) ___________________________________ : YES
    cgroups (monitor containers and VMs) _______________________ : YES
    cgroup-network (associate interfaces to CGROUPS) ___________ : YES
    proc (monitor Linux systems) _______________________________ : YES
    tc (monitor Linux network QoS) _____________________________ : YES
    diskspace (monitor Linux mount points) _____________________ : YES
    freebsd (monitor FreeBSD systems) __________________________ : NO
    macos (monitor MacOS systems) ______________________________ : NO
    statsd (collect custom application metrics) ________________ : YES
    timex (check system clock synchronization) _________________ : YES
    idlejitter (check system latency and jitter) _______________ : YES
    bash (support shell data collection jobs - charts.d) _______ : YES
    debugfs (kernel debugging metrics) _________________________ : YES
    cups (monitor printers and print jobs) _____________________ : NO
    ebpf (monitor system calls) ________________________________ : NO
    freeipmi (monitor enterprise server H/W) ___________________ : YES
    nfacct (gather netfilter accounting) _______________________ : NO
    perf (collect kernel performance events) ___________________ : YES
    slabinfo (monitor kernel object caching) ___________________ : YES
    Xen ________________________________________________________ : NO
    Xen VBD Error Tracking _____________________________________ : NO
    Logs Management ____________________________________________ : YES
Exporters:
    AWS Kinesis ________________________________________________ : NO
    GCP PubSub _________________________________________________ : NO
    MongoDB ____________________________________________________ : YES
    Prometheus (OpenMetrics) Exporter __________________________ : YES
    Prometheus Remote Write ____________________________________ : YES
    Graphite ___________________________________________________ : YES
    Graphite HTTP / HTTPS ______________________________________ : YES
    JSON _______________________________________________________ : YES
    JSON HTTP / HTTPS __________________________________________ : YES
    OpenTSDB ___________________________________________________ : YES
    OpenTSDB HTTP / HTTPS ______________________________________ : YES
    All Metrics API ____________________________________________ : YES
    Shell (use metrics in shell scripts) _______________________ : YES
Debug/Developer Features:
    Trace All Netdata Allocations (with charts) ________________ : NO
    Developer Mode (more runtime checks, slower) _______________ : NO

Additional info

Do some plugins require bind mounts from the host's /usr/bin/ and related paths into the container's /usr/local/bin to function? If this is an acceptable workaround, it should be documented in the Docker configuration.
@vipergts450 vipergts450 added bug needs triage Issues which need to be manually labelled labels Jul 7, 2024
@ilyam8 ilyam8 mentioned this issue Jul 8, 2024
Merged
@ilyam8
Copy link
Member

ilyam8 commented Jul 8, 2024

Hi, @vipergts450.

Expected netdata to parse fail2ban logs for display on the dashboard.

Netdata doesn't parse logs but executes the fail2ban-client binary (which communicates with fail2ban-server via UNIX socket) to collect metrics.

This issue is not a bug, but a feature request - Fail2ban support in Docker. It is implemented in #18081. It will not work by default, you will need to install fail2ban-client in the container and provide Netdata access to the Fail2ban socket file. I have added instructions on how to do this in the collector's readme.

@ilyam8 ilyam8 added area/collectors Everything related to data collection collectors/go.d feature request New features and removed needs triage Issues which need to be manually labelled labels Jul 8, 2024
@vipergts450
Copy link
Author

Hi @ilyam8, thanks for the feedback. I'll wait to try your method once it is merged.

@vipergts450
Copy link
Author

Working great on the latest docker image! I did notice some verbiage on the page though that seems to disagree with your explanation above that fail2ban.log is not read by netdata. Netdata keeps track of the current jail status by reading the Fail2ban log file.

image

@ilyam8
Copy link
Member

ilyam8 commented Jul 9, 2024

Ah, that is the wrong info in the UI. Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/collectors Everything related to data collection bug collectors/go.d feature request New features
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

go.d fail2ban: add docker support ilyam8/netdata
2 participants
@ilyam8 @vipergts450