search

cooperlees / jool-exporter

jool SIIT-DC + NAT64 stats prometheus exporter
BSD 2-Clause "Simplified" License
5 stars 1 forks source link

Support stats retrieval from a network namespace #3

Open zajdee opened 2 years ago

zajdee commented 2 years ago

This change enables the exporter to run in the default network namespace and retrieve the statistics from Jool running in an isolated namespace.

Introduces a new argument, -n (--namespace), followed by the name of the namespace.

zajdee commented 2 years ago

Let's put this on hold. I have verified it works as expected when run as root, however when run as nobody the ip netns exec <namespace> fails with jool failed: setting the network namespace "<name-of-the-namespace>" failed: Operation not permitted, as the nobody user doesn't have the rights to access the namespace.

Another alternative is to add NetworkNamespacePath=/var/run/netns/<name-of-the-namespace> to jool-exporter.service (working since systemd ~242) and collect the metrics using the IP within the namespace.

cooperlees commented 2 years ago

Strange, I would have thought the NET_ADMIN capability would have helped here for the service trying to jump into a different netns. Might be a different capability?

You're running:

AmbientCapabilities=CAP_NET_ADMIN

in your unit file yes?

But probably the NetworkNamespacePath keeps the code simpler and works without any capability, so is probable the better way to go.