search

ualex73 / monitor_docker

Monitor Docker containers from Home Assistant
Apache License 2.0
268 stars 34 forks source link

Does this work with remote Docker hosts? #6

Closed meichthys closed 4 years ago

meichthys commented 4 years ago

From what I've read, this integration is meant to report the stats from containers running on the same machine as home-assistant.

Is it possible to use this integration with a remote docker host? Something like:

# Example configuration.yaml entry
monitor_docker:
  - host: 192.168.0.11
    name: Docker
    containers:
      - appdaemon
      - db-dsmr
    rename:
      appdaemon: AppDaemon
      db-dsmr: "Database DSMR-Reader"
    monitored_conditions:
      - version
      - containers_running
      - containers_total
      - status
      - memory
ualex73 commented 4 years ago

Yes, it should work (only I have tested it myself yet). The underlying aiodocker library supports it.

You can modify your configuration as follows with the url:

monitor_docker:
  - url: tcp://192.168.0.11:2376/
    name: Docker
    containers:
...

Needs to be tcp, not http.

meichthys commented 4 years ago

@ualex73 Great news! I tried adding the 'url' parameter like you suggested:

# configuration.yaml entry
monitor_docker:
  - url: tcp://10.0.7.12:2376/
    name: Docker
    containers:
      - container_name

but i get the following: aiodocker.exceptions.DockerError: DockerError(900, "Cannot connect to Docker Engine via tcp://10.0.7.12:2376/ [Connect call failed ('10.0.7.12', 2376)]")

I think i would need some kind of authentication to pass along with the url(?)

ualex73 commented 4 years ago

I will try to build a docker server with a remote tcp connection this tomorrow/weekend and test it.

Does the following work? docker -H tcp://10.0.7.12:2376 ps

If that doesn't work, then you need to investigate that. You're sure your docker is listening on port 2376? it could be something else too.

meichthys commented 4 years ago

@ualex73 Indeed, the docker -H tcp://10.0.7.12:2376 ps command is not working on my machine. I'll need to look into that if i get a chance and report back.

IAmTheDude commented 4 years ago

I ran into this issue using Sanderhuisman version of this, I found a workaround using another docker container to espose the tcp ports (both securely and unsecurely) which I am still using.

https://github.com/Sanderhuisman/docker_monitor/issues/19#issuecomment-525962793

I used it on my Proxmox version of HAOS (Whiskey script) to get the conatiner running using Portainer as for the life of me could not get it to access the underlying docker on the install without some messing with the Supervisor and homeassistant containers.

I don't know if this is still the best way to do this but it works and saves messing with editing files etc and has worked on every docker instance I have with no problem.

ualex73 commented 4 years ago

@meichthys I tested it on my setup with a TCP connection, and it works 👍 Ofcourse, the "docker -H ... ps" need to work first.

ualex73 commented 4 years ago

@IAmTheDude Thanks for the comments, I will investigate TLS (SSL), then I can implement that open too.

ualex73 commented 4 years ago

@IAmTheDude I don't have a test Docker with TLS, but if you change the url to: https://ip:2376

Then it should connect via TLS, according to the underlying code of aiodocker.

elRadix commented 4 years ago

how to get it working tls? 

[custom_components.monitor_docker.helpers]
Can not connect to Docker API (Missing protocol scheme in docker_host.)

monitor_docker 
  - name: RemoteDocker
    url: https://docker.lan:2376

I have setup the certs according to this guide on the docker vm (proxmox) https://docs.docker.com/engine/security/https/

imported the certs on the client machine below and execute the command : IMG_20200621_125921_147

edit:

cat /etc/docker/daemon.json                     
{                                                                         
"hosts": ["fd://", "tcp://0.0.0.0:2376"],                               
"data-root": "/mnt/dietpi_userdata/docker-data",                            
"tlscacert": "/etc/docker/certs/ca.pem", 
"tlscert": "/etc/docker/certs/server-cert.pem", 
"tlskey": "/etc/docker/certs/server-key.pem",
"tlsverify": true
}
ualex73 commented 4 years ago

Looked into the TLS code again, and https is set afterwards (oeps). I don't have TLS set, so it is difficult for me to test it.

I think the following should work: (1) set url to tcp://docker.lan:2376 (http:// is also allowed)

(2) set the following environment variables in Docker/your environment: DOCKER_TLS_VERIFY=1 DOCKER_CERT_PATH= (should be "/etc/docker/certs/" in your example, but needs to be mounted properly, if you run it inside a container)

meichthys commented 4 years ago

I’ll take another look at this this afternoon, but I’m still working on getting a response when running the ‘docker tls-verify’ command.

elRadix commented 4 years ago

Looked into the TLS code again, and https is set afterwards (oeps). I don't have TLS set, so it is difficult for me to test it.

I think the following should work: (1) set url to tcp://docker.lan:2376 (http:// is also allowed)

(2) set the following environment variables in Docker/your environment: DOCKER_TLS_VERIFY=1 DOCKER_CERT_PATH= (should be "/etc/docker/certs/" in your example, but needs to be mounted properly, if you run it inside a container)

made the necessary export on the client and adjusted the docker url but still an error 

monitor_docker:
  - name: RemoteDocker
    url: tcp://docker.lan:2376

home/homeassistant/.homeassistant/custom_components/monitor_docker/__init__.py", line 74, in RunDocker
    hass.data[DOMAIN][entry[CONF_NAME]][API] = DockerAPI(hass, entry)
  File "/home/homeassistant/.homeassistant/custom_components/monitor_docker/helpers.py", line 102, in __init__
  File "/srv/homeassistant/lib/python3.7/site-packages/aiodocker/docker.py", line 166, in version
  File "/srv/homeassistant/lib/python3.7/site-packages/aiodocker/docker.py", line 297, in _query_json
  File "/srv/homeassistant/lib/python3.7/site-packages/aiodocker/utils.py", line 309, in __aenter__
  File "/srv/homeassistant/lib/python3.7/site-packages/aiodocker/docker.py", line 229, in _do_query
  File "/srv/homeassistant/lib/python3.7/site-packages/aiodocker/docker.py", line 181, in _check_version
  File "/srv/homeassistant/lib/python3.7/site-packages/aiodocker/docker.py", line 297, in _query_json
  File "/srv/homeassistant/lib/python3.7/site-packages/aiodocker/utils.py", line 309, in __aenter__
  File "/srv/homeassistant/lib/python3.7/site-packages/aiodocker/docker.py", line 266, in _do_query
    raise DockerError(response.status, {"message": what.decode("utf8")})
aiodocker.exceptions.DockerError: DockerError(400, 'Client sent an HTTP request to an HTTPS server.\n')

SmartSelect_20200621-160257_JuiceSSH

ualex73 commented 4 years ago

Strange, if you set the environment values correctly (that is what I tested), it tries to connect with HTTPS/TLS. Not sure where this error comes from. I am not sure what wrong here, it almost looks like the Home Assistant instance doesn't have the environment variables set properly. I will add this type of information to the debug logging, makes troubleshooting easier.

ualex73 commented 4 years ago

Can you replace the "helpers.py" with the one in the repository? You can do this like:

cd ~/custom_components/monitor_docker
rm helpers.py
wget https://raw.githubusercontent.com/ualex73/monitor_docker/master/custom_components/monitor_docker/helpers.py

Also add the following your logging section of HA:

logger:
  logs:
    custom_components.monitor_docker: debug

And then restart your HA.

Then you need to see something like:

2020-06-21 18:16:24 DEBUG (Thread-2) [custom_components.monitor_docker.helpers] Docker URL is 'tcp://192.168.1.1:2376'
2020-06-21 18:16:24 DEBUG (Thread-2) [custom_components.monitor_docker.helpers] Docker environment set for 'DOCKER_TLS_VERIFY=1'
2020-06-21 18:16:24 DEBUG (Thread-2) [custom_components.monitor_docker.helpers] Docker environment set for 'DOCKER_CERT_PATH=/var/tmp/cert'

If you don't see those 2 last lines, there is an issue with your environment variables.

elRadix commented 4 years ago

Really strange my environment variables are correct as per screenshot below. I am running home assistant as venv setup.

Screenshot_20200621-194453_JuiceSSH

It still thinks the environment are not set IMG_20200621_195036_833

Screenshot_20200621-200149_JuiceSSH

ualex73 commented 4 years ago

This confirms the environment variables aren't passed to HA. I added some code to the master branch (const.py/init.py/helpers.py you need to download) to workaround your environment issues (it is possible your venv doesn't pick it up correctly out of /etc).

I added a 'certpath' parameter, this will explicitly set the docker environment variables for you.

monitor_docker:
  - name: Docker
    url: tcp://192.168.1.1:2376
    certpath: /etc/certpath
    containers:
      - appdaemon
...
...
elRadix commented 4 years ago

@ualex73 just tested, it now works thank you very much for your patience and follow up.

I prefer to securely expose my Docker API this way.

ualex73 commented 4 years ago

@elRadix Thanks for the confirmation and testing it (I couldn't test the TLS option myself). This "certpath" option will be also included in the next official release in HACS (currently it is only in the main repository).

Yes, i agree the TLS is only option to go when using TCP (there doesn't seem to be any other authentication option?).

ualex73 commented 4 years ago

I believe all is fixed in the latest 1.0/1.1 releases. Please open a new issue if the problem persist, with 'fresh' logging/information.