Hi,

We would like to gather device resource metrics from our devices.
The customer uses PRTG which contains a docker sensor/plugin to integrate with the docker API which is described here: https://kb.paessler.com/en/topic/67250-how-can-i-create-private-key-and-certificate-for-the-docker-sensor

In here we would need to change the command line arguments of the balena daemon:
dockerd -H tcp://0.0.0.0:2376 -H fd:// --tlsverify=true --tlscacert=ca.pem --tlscert=cert.pem --tlskey=key.pem

How would we achieve this? If possible?

We are aware of the existence of telegraf, datadog, netdata, etc… which send data from the device towards a central cloud. However this is not how PRTG works, it instead collects metrics data from the devices (starting from the central cloud).

All help is much appreciated, thanks!

Hello,
I don’t think you can change the balenad command line.
If I understand correctly, PRTG is running somewhere else (not on the balena device).

I can suggest this workaround:

Step 1: generate a certificate and a key:

• openssl genrsa -out xxx.key 2048
• openssl req -new -key xxx.key -x509 -days 3653 -out xxx.crt
• cat xxx.key xxx.crt > xxx.pem

Step 2: create a container that will forward the unix socket to a tcp socket

• create a container with the io.balena.features.balena-socket label, this will make the balenad socket available in the container at /var/run/balena.sock;
• expose the tcp port 2376 in this container;
• install socat in that container;
• run socat like socat openssl-listen:2376,reuseaddr,fork,cert=xxx.pem,cafile=xxx.crt UNIX-CONNECT:/var/run/balena.sock (use the xxx.pem and xxx.crt files created in step1)
• check you can connect to the tcp socket from another computer with: docker -H <balena device ip>:2376 --tlscert path/to/xxx.crt --tlskey path/to/xxx.key --tls info (use the xxx.crt and xxx.key files created in step1)