Docker container for infrastructure monitoring

The infrastructure agent for Linux supports Docker environments by default. If you're running a container OS or have restrictions that require deploying the agent as a container, you can run a containerized version of our infrastructure agent, which can monitor metrics for the container itself, as well as the underlying host.

Using the custom (recommended) or basic setup allows the infrastructure agent to run inside a container environment. A host can only be running one instance of the agent at a time, whether that's the containerized agent or the non-containerized version.

What you need

The containerized version of the infrastructure agent requires Docker 1.12 or higher. The container must run any of the Linux distributions and versions supported by our agent.

Custom setup (recommended)

The following are basic instructions for creating a custom Docker Image on Linux, which allows you to deploy the infrastructure agent as a container that can monitor its underlying host.

We recommend extending the newrelic/infrastructure image and using your own newrelic-infra.yml agent config file. Once your image is built, you can easily spin up a container without having to provide more launch time configurations.

Providing secrets via environment variables with Docker is discouraged.

  1. Create your newrelic-infra.yml agent config file:

    license_key: YOUR_LICENSE_KEY
    
  2. Create your Dockerfile extending the newrelic/infrastructure image and add your config to /etc/newrelic-infra.yml:

    FROM newrelic/infrastructure:latest
    ADD newrelic-infra.yml /etc/newrelic-infra.yml
    
  3. Build and tag your image:

    docker build -t YOUR_IMAGE_NAME .
    
  4. Run the container from the image you built with the required required run flags:

    docker run \
        -d \
        --name newrelic-infra \
        --network=host \
        --cap-add=SYS_PTRACE \
        -v "/:/host:ro" \
        -v "/var/run/docker.sock:/var/run/docker.sock" \
        YOUR_IMAGE_NAME
    

Basic setup

To use the basic setup with a base New Relic infrastructure image:

  1. Run the container with the required run flags:

    docker run \
       -d \
       --name newrelic-infra \
       --network=host \
       --cap-add=SYS_PTRACE \
       -v "/:/host:ro" \
       -v "/var/run/docker.sock:/var/run/docker.sock" \
       -e NRIA_LICENSE_KEY=YOUR_LICENSE_KEY \
       newrelic/infrastructure:latest
    

Required container privileges

Due to resource isolation from the host and other containers via Linux namespaces, a container has a very restricted view and control of its underlying host's resources by default. Without these extra privileges, the infrastructure agent cannot monitor the host and its containers.

The infrastructure agent collects data about its host using system files and system calls. For more information about how the infrastructure agent collects data, see Infrastructure and security. Required privileges include:

Privilege Description
--network=host

Sets the container's network namespace to the host's network namespace. This allows the agent to collect the network metrics about the host.

-v "/:/host:ro"

Bind mounts the host's root volume to the container. This read-only access to the host's root allows the agent to collect process and storage metrics as well as Inventory data from the host.

--cap-add=SYS_PTRACE

Adds the Linux capability to trace system processes. This allows the agent to gather data about processes running on the host. Read more here.

-v "/var/run/docker.sock:/var/run/docker.sock"

Bind mounts the host's Docker daemon socket to the container. This allows the agent to connect to the Engine API via the Docker daemon socket to collect the host's container data.

Inventory collected

Inventory is collected from the infrastructure agent's built-in data collectors. The infrastructure agent collects this data for Linux systems running with containers.

Category Source Data collected using
metadata agent_config Agent's complete config file
system uptime -s, /etc/redhat-release, /proc/cpuinfo, /etc/os-release, /proc/sys/kernel/random/boot_id, /proc/sys/kernel/osrelease, /sys/class/dmi/id/product_uuid, /sys/devices/virtual/dmi/id/sys_vendor, /sys/devices/virtual/dmi/id/product_name

Container data

Once the infrastructure agent is running in a Docker container, it can collect the same host compute data and event data that the infrastructure agent is capable of collecting when running natively on a host.

For container data, see Find your Docker data.

Containerized agent image

The containerized agent image is built from an Alpine base image, but a CentOS based image is also available.

Alpine is used as the base image since version 0.0.55 . This is the one pointed by latest tag.

Prior versions used CentOS 7 as base image. In order to keep using that legacy image some backports might be included there, you can point to latest-centos tag to fetch latest CentOS 7 based image.

Check the source code

This integration is open source software. That means you can browse its source code and send improvements, or create your own fork and build it.

For more help

If you need more help, check out these support and learning resources: