we are currently working on rollout of standalone agent in unprivileged mode. While the "system" integration is flagged as "requires root" it still works pretty good if you adjust some things.
One of the problems we encountered is the following. (But I'm not sure if this an integration thing, or a metricbeat thing.)
The default description in Kibana for the "System filesystem metrics" says:
The filesystem datastream will ignore any filesystems with a matching type as specified here. By default, this will exclude any filesystems marked as "nodev" in /proc/filesystems on linux.
Problem is: when having a host with Docker you most likely have also some entry like this in your mounts:
nsfs on /run/docker/netns/b9cbd528b78b type nsfs (rw)
Unfortunately nsfs is not listed in /proc/filesystems so it's not ignored by default. Did some googling on the reasons for this and found this - this basically says it's not included to prevent any mounting of this filesystem type.
Since we are running in unprivileged mode, this will trigger alot of
error getting filesystem usage for /run/docker/netns/7c9eaf0281fb: error in Statfs syscall: permission denied
errors.
What we had to do to fix this, is to add nsfs to the ignore_types list (and while doing so adding all the other nodev filesystem types, since adding one entry seems to override (and not add it to) the defaults (which make sense with some specific point of view).
I think it's reasonable to add it to the list of defaults.
This issue is related to #11189 but I think it's worth to be handled independently.
Heya,
we are currently working on rollout of standalone agent in unprivileged mode. While the "system" integration is flagged as "requires root" it still works pretty good if you adjust some things.
One of the problems we encountered is the following. (But I'm not sure if this an integration thing, or a metricbeat thing.)
The default description in Kibana for the "System filesystem metrics" says:
Problem is: when having a host with Docker you most likely have also some entry like this in your mounts:
Unfortunately
nsfsis not listed in/proc/filesystemsso it's not ignored by default. Did some googling on the reasons for this and found this - this basically says it's not included to prevent any mounting of this filesystem type.Since we are running in unprivileged mode, this will trigger alot of
errors.
What we had to do to fix this, is to add
nsfsto theignore_typeslist (and while doing so adding all the othernodevfilesystem types, since adding one entry seems to override (and not add it to) the defaults (which make sense with some specific point of view).I think it's reasonable to add it to the list of defaults.
This issue is related to #11189 but I think it's worth to be handled independently.
Thank you for your feedback.