Adapt docker run command dor BalenaOS

lpierrat · November 28, 2019, 8:04pm

Hi,

I have a docker container that I run with the following command:

docker run -d \
  --name=metricbeat \
  --user=root \
  --volume="$(pwd)/metricbeat.docker.yml:/usr/share/metricbeat/metricbeat.yml:ro" \
  --volume="/var/run/docker.sock:/var/run/docker.sock:ro" \
  --volume="/sys/fs/cgroup:/hostfs/sys/fs/cgroup:ro" \
  --volume="/proc:/hostfs/proc:ro" \
  --volume="/:/hostfs:ro" \
  docker.elastic.co/beats/metricbeat:6.8.5 metricbeat

From https://www.elastic.co/guide/en/beats/metricbeat/6.8/running-on-docker.html#_volume_mounted_configuration

It works fine on a “classic” linux distribution (like Ubuntu), but how can I achieve the same on BalenaOS ? Especially the volume mount, as BalenaOS doesn’t allow bind mounts.

I had a look at this project:

it seems to be the kind of thing I would like to do, but I don’t see any mount in this project.

Could you please help me to make this docker container work on BalenaOS ?

Thanks

CameronDiver · November 28, 2019, 8:13pm

Hey @lpierrat

I believe the /sys/fs/cgroup and /proc mounts can be achieved with privileged: true in the docker-compose.

The docker socket can be achieved with the io.balena.features.balena-socket label, described here: https://www.balena.io/docs/reference/supervisor/docker-compose/#labels

The host fs cannot be mounted into the container when using balena unfortunately.

For the configuration, the easiest way would be to create a dockerfile which looks similar to:

FROM docker.elastic.co/beats/metricbeat:6.8.5

COPY metricbeat.docker.yml /usr/share/metricbeat/metricbeat.yml

It should work with these changes, let me know how it goes!

lpierrat · November 28, 2019, 8:33pm

Thanks for the quick answer!

Indeed, I forgot to mentien that I alreadw have this Dockerfile:

FROM docker.elastic.co/beats/metricbeat:6.8.5
COPY metricbeat.yml /usr/share/metricbeat/metricbeat.yml
USER root
RUN chown root:metricbeat /usr/share/metricbeat/metricbeat.yml

So the docker-compose should be something like this?

  
version: '2'
services:
  metricbeat:
    build: ./metricbeat
    privileged: true
    labels:
      io.balena.features.balena-socket: '1'

Just adding privileged: true allow the container to have access to /proc without mounting volumes ?

CameronDiver · November 28, 2019, 8:35pm

Yes I believe the following docker-compose file should behave as expected. Let me know if you have any further questions!

lpierrat · November 28, 2019, 8:51pm

Perfect thanks.
I’ll do some tests tomorrow since I don’t have access to the devices at the moment.