Configuring Docker Observer jobs
Using the Docker Observer, you can discover Docker network resources, including Docker Swarm clusters, and then visualize (or model) this data as a topology view.
Before you begin
Important: The Docker Observer supports Docker 3.1.0.
Note: Docker UCP 3.1.0 supports only TLS 1.2 for SSL negotiation and no longer supports TLS 1 and TLS 1.1.
Ensure you have the details for your Docker job to hand, specifically your Docker system's Unix socket, and or host and port number.
Enabling access to the URL routes
To access the URL routes for the topology Swagger documentation, see the Enabling access to URL routes topic.
About this task
Using the Observer Configuration UI you configure observer jobs that query the Docker REST API to retrieve data and display it as a topology in the Topology Viewer. The Docker Observer can model external Docker systems, and it can also provide a System health view of the Docker system on which IBM Cloud Pak® for Watson AIOps runs.
The job parameters connect to a remote Docker using the host and port parameters.
The 'host' and 'port' parameters of the job can be used to identify the TCP port that Docker can be reached on. The unix_socket parameter must not be supplied.
Docker is not accessible through TCP by default. To enable it, edit the 'docker.service' file. On Red Hat® OpenShift® Container Platform, this is available in
/usr/lib/systemd/system. Amend the ExecStart option
under the Service section to include a
-H option. For example, to make it available externally on port 2375, you might add
Note: If you want to continue to be able to access Docker through the default socket, for example if the Docker Observer container needs access, or if you want to be able to perform
docker ps -a rather than
docker -H tcp://0.0.0.0:2375 ps -a,
then you need to also list it in the same line, as on the following example:
-H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sockCopy
You must reload the configuration:
sudo systemctl daemon-reload sudo systemctl restart docker
Tip: If this fails to start Docker, and a Unix socket (or no socket at all) was specified, check that no directory with that name exists. If you start Docker with just a TCP socket and no Unix socket, this creates a
/var/run/docker.sock directory, which you must delete after Docker is stopped, so that you can restart with access through that Unix socket.
Define or edit the following parameters, then click Run job to save and run the job.
Encryption requirement: See the Configuring observer jobs security topic for more information.
|Unique ID||Enter a unique name for the job||Required|
|Host||Use this to identify the TCP host socket (HTTP or HTTPS) on which to access the remote Docker system||Required for remote Docker access only|
|Username||Specify the username of the remote Docker environment with HTTPS||Required for remote Docker with HTTPS access only|
|Password||Specify the password of the remote Docker environment with HTTPS||Required for remote Docker with HTTPS access only.|
|Docker SSL Certificate||Specify the certificate file name||Optional|
|Docker SSL truststore File||Specify the truststore file name||Required for remote Docker with HTTPs access only.|
|SSL truststore File Password||Specify the truststore password||Required for remote Docker with HTTPs access only.|
|Port||Use this to identify the TCP port (HTTP or HTTPS) on which to access the remote Docker system||Required for remote Docker access only|
|Unix Socket||Use this to access local docker environments using the complete path||Required for local Docker access only. Host and port parameters must be empty.|
|View||Use this to select which resources are modeled in the topology view||Optional. The Default displays running resources only. Options are Container (all running containers), Image (images used by running containers), and Task (running tasks only)|
|Containers to exclude||List container you want to exclude||Optional|
|Generate debug support file||Set this parameter to 'True' in order to capture the output of the next scheduled job run as a file. This file will be stored with an observer's log files and can be used to debug observer issues, for example at the request of your designated Support team, or while using a test environment. For one-off jobs (that is, Load jobs), this parameter reverts to 'False' after the next completed run. To examine the output produced, you can load the generated debug file using the File Observer.||Optional|
|Job schedule||Specify when the job runs||Optional. Load jobs only.|
|Observer job description||Enter additional information to describe the job||Optional|