Please provide mechanism to use Docker stats module via TLS

[mjbrowns]

Description

The docker config documentation at http://glances.readthedocs.io/en/latest/aoa/docker.html seems to indicate that there are many variables available in the docker plugin; but I can not find a list of these variables to determine if it is possible to configure TLS mode.

Skimming through the docker plugin code, it seems that the use of the local docker socket is hardcoded. As anyone in any kind of a production environment needs to be running docker in secured mode, TLS support is pretty important, and should be very easy to import. If, for example, DOCKER_TLS_VERIFY=1 and ~/.docker/*.pem files exist, the plugin could easily use the docker_py tls support. Enancing this with ini file variables would be even better.

Versions

Glances v2.11 with psutil v5.3.0
Distributor ID: Ubuntu
Description: Ubuntu 16.04.3 LTS
Release: 16.04
Codename: xenial

Logs

N/A

[nicolargo]

Hi @mjbrowns ,

Glances uses the docker.from_env() method (from the Docker Python lib: https://docker-py.readthedocs.io/en/stable/client.html#docker.client.from_env), so Glances should be compatible with your TLS configuration.

Just be sure that you have installed the Docker Python lib with the TLS support:

pip install docker[tls]

Let me know...

[mjbrowns]

ok, so. I had most of the docker environment varialbles already set up. I did not have DOCKER_CERT_PATH as I rely on the default being $HOME/.docker. I do have the docker[tls] module installed.

My docker variables are set as follows:
DOCKER_CERT_PATH=/root/.docker/
DOCKER_HOST=tcp://127.0.0.1:2376
DOCKER_TLS_VERIFY=1

running glances -d generates a log file with the following:

2017-09-10 17:27:11,980 -- DEBUG -- Trying paths: ['/root/.docker/config.json', '/root/.dockercfg']
2017-09-10 17:27:11,980 -- DEBUG -- Found file at path: /root/.docker/config.json
2017-09-10 17:27:11,980 -- DEBUG -- Found 'auths' section
2017-09-10 17:27:11,980 -- DEBUG -- Found entry (registry='https://index.docker.io/v1/', username='mbrown')
2017-09-10 17:27:14,944 -- DEBUG -- cloud plugin - Cannot connect to the AWS EC2 API http://169.254.169.254/latest/meta-data/placement/availability-zone: HTTPConnectionPool(host='169.254.169.254', port=80): Max retries exceeded with url: /latest/meta-data/placement/availability-zone (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7f4d742980b8>: Failed to establish a new connection: [Errno 113] No route to host',))
2017-09-10 17:28:12,041 -- ERROR -- docker plugin - Can't connect to the Docker server (UnixHTTPConnectionPool(host='localhost', port=None): Read timed out. (read timeout=60))
2017-09-10 17:28:12,042 -- DEBUG -- docker plugin - Docker plugin is disable because an error has been detected
2017-09-10 17:28:12,042 -- DEBUG -- Plugin docker update return {}

I'm not quite sure you are actually using docker from_env properly. Having set my environment variables properly, I can do the following:

>python3
>>> import docker
>>> client=docker.from_env()
>>> client.containers.list()
[<Container: 599282ff9a>, <Container: 1956812aed>, <Container: bdfb2f28f3>, <Container: 3e80885abb>, <Container: 467d8cc6b0>, <Container: 5ab0175463>, <Container: 87d7578bb0>, <Container: a2302d5f90>, <Container: 191807b222>, <Container: 5e4af45ca9>]

So, I know that the python library is working in my context.

[nicolargo]

Hi @mjbrowns , can you try with the Glances DEVELOP branch ?

==> https://github.com/nicolargo/glances/wiki/Install-and-test-Glances-DEVELOP-version

[mjbrowns]

Well, the develop branch has different issues. Now i'm getting:

ERROR -- docker plugin - Cannot get containers list ('function' object has no attribute 'list')

glances-log.tar.gz

[nicolargo]

What is your Docker Python lib version ?

Can you try to update it:

pip install --upgrade docker[tls]

[mjbrowns]

Ok, so in setting this up I followed your instructions on the virtualenv (which I hadn't been using before). Turns out that doesn't fully install docker[tls] when installing docker-py.

Now I'm not seeing the errors, but neither do I actually get anything showing on the screen. Instead of using virtualenv I fully upgraded my components on the system using pip and am using the command line:

LANGUAGE=en_US.utf8 python -m glances -C ~/tmp/glances-develop/conf/glances.conf -d -w -p 61200

glances-log.tar.gz

After turning off files (f) disk (d) net (n) here's what my screen shows:

[nicolargo]

Same result in console mode ?

LANGUAGE=en_US.utf8 python -m glances -C ~/tmp/glances-develop/conf/glances.conf -d

[mjbrowns]

That's borked.

clears screen, then I get this:

glances-log.tar.gz

Docker error via grep:
2017-10-13 15:19:17,540 -- ERROR -- docker plugin - Cannot get containers list ('function' object has no attribute 'list')
2017-10-13 15:19:19,188 -- ERROR -- docker plugin - Cannot get containers list ('function' object has no attribute 'list')

[mjbrowns]

Thanks for looking at this by the way, I love glances and with docker support working it will simplify my managment of these systems a LOT!

[nicolargo]

@mjbrowns Sorry for the delay.

What is your Docker version ?

Here is my version where Glances works fine:

$ docker version
Client:
 Version:      17.05.0-ce
 API version:  1.29
 Go version:   go1.7.5
 Git commit:   89658be
 Built:        Thu May  4 22:10:54 2017
 OS/Arch:      linux/amd64

Server:
 Version:      17.05.0-ce
 API version:  1.29 (minimum version 1.12)
 Go version:   go1.7.5
 Git commit:   89658be
 Built:        Thu May  4 22:10:54 2017
 OS/Arch:      linux/amd64
 Experimental: false

Be aware that the Glances 3.0 DEVELOP branch breaks the compatibility with API < 1.12.

[nicolargo]

Any heads-up ?