15.3.12 Configuring JP1/IM - Agent for container environments

(a) Supported configurations

JP1/IM - Agent supports the following configurations:

■Configuring JP1/IM - Agent to run on containers and monitor users' applications running on different containers

Typical uses

• This is a configuration where the user-application cannot add JP1/IM - Agent to the containers that run.

Feature

• You can use Blackbox exporter to monitor the outline of your application.

• You can use Fluentd to monitor the logging of your application.

Restrictions

• The command cannot be executed on a container where the user application is running.

■Configuring JP1/IM - Agent to run on containers and monitor hosts

Typical uses

• This configuration is used to monitor the host.

Feature

• You can use Node exporter to monitor the performance of your hosting.

• You can use Fluentd to monitor the logging of hosts.

• You can use it at the same time as "Configure JP1/IM - Agent to run on a container and monitor user applications running on a separate container" or "Configure JP1/IM-Agent to co-exist in a container where user applications are running".

Restrictions

• The command cannot be executed on the host.

Notes

For this configuration, you must make the host visible to the container. Accessing the host's resources from the container can cause security issues. Therefore, this configuration is not recommended.

If you are monitoring the host, we recommend that you install JP1/IM - Agent on the host.

■Configuration that allows JP1/IM - Agent to coexist with containers running user applications

Typical uses

• Configuration where JP1/IM - Agent can be added to containers where the user application runs.

• This is the configuration when the user application wants to execute commands on a running container.

• This is the configuration when you want to combine containers into one.

Feature

• You can use Blackbox exporter to monitor the outline of your application.

• You can use Fluentd to monitor the logging of your application.

• You can run commands on the container where the user is running.

(b) Container image prerequisites

The underlying container image must meet the following prerequisites and functionality must work:

• bash

• dnf or yum command

• uname command

• sed command

• Serviced management tools, such as supervisor

• Environments that meet the prerequisites for servicing management tools, such as supervisor

(c) Supporting Docker images

You can install JP1/IM - Agent on containers and create Docker images. You can also generate new containers from Docker image of JP1/IM - Agent you created.

(d) Unfixed IP addressing

It supports container environments in which IP address is changed each time the container is launched.

(e) About privileged permissions

You can grant privileged permissions to containers. For security-related reasons, granting privileged permissions is not recommended.

When running JP1/IM - Agent on a container, both granting and not granting privileged permissions to the container are supported. However, if you do not grant privileged permissions to JP1/IM - Agent containers, the following limitations apply:

• JP1/IM agent control base

  If you execute an OS command that requires privileged permissions during command execution, an error may occur.

• Exporter used by IM Exporter

  See " 12.7.2 privileged permissions".

(f) rootful mode and rootless mode

Containers created by root users are called containers in rootful mode, and containers created by ordinary users other than root are called containers in rootless mode.

JP1/IM - Agent supports only rootful of Docker. Rootless is not supported.

(g) About SELinux

You can build a system with SELinux enabled. However, if you want to change SELinux whether to enable or disable after building, you must uninstall JP1/IM - Agent, change SELinux settings, and then reinstall JP1/IM - Agent.

(h) About container host names

JP1/IM - Agent uses the hostname of the host on which it runs in the following ways:

• The hostname that is set as scrape destination for Prometheus included in JP1/IM-Agent (ultimately set to target tags in the performance-data)

• Hostname set for the jp1_pc_prome_hostname tagging of performance data

• Hostname set for the jp1_pc_remote_monitor_instance tagging of performance data

• Host name of the _HOST_host name in the configuration SID

• Viewing integrated operation viewer tree

• Hostname set in JP1 event-specific JPC_PROMETHEUS

If JP1/IM - Agent is installed on the container, set the hostname set for the container as the above hostname.

You can specify the host name of the container the first time you launch the container. We recommend that you specify an appropriate hostname for the containers on which JP1/IM-Agent will run. Note that if not specified, Docker automatically sets the hostname and displays that hostname, for example, in integrated operation viewer tree.

Because JP1/IM - Agent definition file contains the local host name of the host on which JP1/IM - Agent runs, you can use initial setting command to set the local host name in the definition file. For details about initial setting command, see " 9.5.6 Initial setting command".

You can collect Docker host info on Node exporter on the container in "Configuring JP1/IM - Agent to run on containers and monitor mosts". By making the hostname of the container the same as the hostname of Docker host, you can refer to integrated operation viewer as the performance information of Docker host.

(i) How to launch JP1/IM - Agent on Containers

The service of JP1/IM - Agent on the containers is controlled by the service management tools. For this reason, if you are operating JP1/IM - Agent on a container, you must deploy the serviced management tools in the same container.

(j) Monitoring the performance of Docker hosts from Node exporter on containers

Shows how to monitor "JP1/IM - Agent in a configuration that runs on containers and monitors hosts".

Node exporter retrieves data from "/" (route), "/sys", and "/proc". Therefore, you can collect the performance of Docker host from Node exporter on the container by mounting the "/" (root) of Docker host when JP1/IM - Agent container starts and specifying the mount point in Node exporter command-line option --path.rootfs, --path.procfs, --path.sysfs.

However, this configuration is not recommended because you must mount the host's root file system from the container. To monitor the performance of Docker host, we recommend that you install JP1/IM - Agent on Docker host.

(k) Log monitoring from Fluentd on Containers

Shows how to monitor "JP1/IM - Agent in a configuration that runs on containers and monitors hosts".

You can monitor the logs of Docker hosts and other containers from Fluentd on the container by mounting the log destinations of Docker hosts and other containers from the container where JP1/IM - Agent is installed.

(a) Supported configurations

JP1/IM - Agent supports the following configurations:

■Configuring JP1/IM - Agent to run on containers and monitor users' applications running on different containers

Typical uses

• This is a configuration where the user-application cannot add JP1/IM - Agent to the containers that run.

Feature

• You can use Blackbox exporter to monitor the outline of user application.

• You can use Fluentd to monitor the logging of user application.

Restrictions

• The command cannot be executed on a container where the user application is running.

■Configuring JP1/IM - Agent to run on containers and monitor hosts

Typical uses

• This configuration is used to monitor the host.

Feature

• You can use Node exporter to monitor the performance of your hosting.

• You can use Fluentd to monitor the logging of hosts.

• You can use it at the same time as "Configure JP1/IM - Agent to run on a container and monitor user applications running on a separate container" or "Configure JP1/IM - Agent to co-exist in a container where user applications are running".

Restrictions

• The command cannot be executed on the host.

Notes

For this configuration, you must make the host visible to the container. Therefore, this configuration is not recommended.

If you are monitoring the host, we recommend that you install JP1/IM - Agent on the host.

■Configuration that allows JP1/IM - Agent to coexist with containers running user applications

Typical uses

• Configuration where JP1/IM - Agent can be added to containers where the user-application runs.

• This is the configuration when the user application wants to execute commands on a running container.

• This is the configuration when you want to combine containers into one.

Feature

• You can use Blackbox exporter to monitor the outline of user application.

• You can use Fluentd to monitor the logging of user application.

• You can run commands on the container where the user is running.

(b) Container image prerequisites

The underlying container image must meet the following prerequisites and functionality must work:

• bash

• dnf or yum command

• uname command

• sed command

• Service management tools such as supervisor and prerequisite packages for service management tools

(c) Supporting Podman images

You can install JP1/IM - Agent on containers and create Podman images. You can also generate new containers from Podman image of JP1/IM - Agent you created.

(d) Unfixed IP addressing

It supports container environments in which IP address is changed each time the container is launched.

(e) About privileged permissions

Podman supports both granting and not granting privileged permissions when running JP1/IM - Agent on containers. However, if you do not grant privileged permissions to containers, the following limitations apply:

• JP1/IM agent control base

  If you execute an OS command that requires privileged permissions during command execution, an error may occur.

• Node exporter

  Unable to get the file system information of Podman host.

• Exporter used by IM Exporter

  See " 12.7.2 privileged permissions".

(f) rootful mode and rootless mode

Containers created by root users are called containers in rootful mode, and containers created by ordinary users other than root are called containers in rootless mode. JP1/IM - Agent supports rootful and rootless modes of Podman. However, in rootless mode, the following limitations apply:

• Node exporter

  • Unable to get the file system information of Podman host.

  • Unable to get network interface infomation for Podman host.

• Exporter used by IM Exporter

  See " 12.7.3 rootful mode and rootless mode".

(g) About SELinux

You can build a system with SELinux enabled. However, if you want to change SELinux validity after building, you must uninstall JP1/IM - Agent, change SELinux settings, and then reinstall JP1/IM - Agent.

(h) About container host names

JP1/IM - Agent uses the hostname of the host on which it runs in the following ways:

• The hostname that is set as scrape destination for Prometheus included in JP1/IM - Agent (ultimately set to target tags in the performance-data)

• Hostname set for the jp1_pc_prome_hostname tagging of performance data

• Hostname set for the jp1_pc_remote_monitor_instance tagging of performance data

• Host name of the _HOST_host name in the configuration SID

• Viewing integrated operation viewer tree

• Hostname set in JP1 event-specific JPC_PROMETHEUS

If JP1/IM - Agent is installed on the container, set the hostname that is set for the container as the hostname above.

You can specify the host name of the container the first time you launch the container. We recommend that you specify an appropriate hostname for the containers on which JP1/IM - Agent will run. Note that if not specified, Podman automatically sets the hostname and displays that hostname, for example, in integrated operation viewer tree.

Because JP1/IM - Agent definition file contains the local host name of the host on which JP1/IM - Agent runs, you can use initial setting command to set the local host name in the definition file. For details about initial setting command, see " 9.5.6 Initial setting command".

You can collect Podman host info on Node exporter on the container in "Configuring JP1/IM - Agent to run on containers and monitor hosts". By making the hostname of the container the same as the hostname of Podman host, you can refer to integrated operation viewer as the performance information of Podman host.

(i) How to launch JP1/IM - Agent on containers

The service of JP1/IM - Agent on the containers is controlled by the service management tools. For this reason, if you are operating JP1/IM - Agent on a container, you must deploy the serviced management tools in the same container.

(j) Monitoring the performance of Podman hosts from Node exporter on containers

Shows how to monitor "JP1/IM - Agent in a configuration that runs on containers and monitors hosts".

Node exporter retrieves data from "/" (route), "/sys", and "/proc". Therefore, you can collect the performance of Podman host from Node exporter on the container by mounting the "/" (root) of Podman host when JP1/IM - Agent container starts and specifying the mount point in Node exporter command-line option --path.rootfs, --path.procfs, --path.sysfs.

However, this configuration is not recommended because you must mount the host's root file system from the container. To monitor the performance of Podman host, we recommend that you install JP1/IM - Agent on Podman host.

(k) Log monitoring from Fluentd on Containers

Shows how to monitor "JP1/IM - Agent in a configuration that runs on containers and monitors hosts".

By mounting the log destinations of Podman host and other containers from the container where JP1/IM - Agent is installed, you can monitor the log of Podman host and other containers from Fluentd on the container.