Fix Pack 4

Docker Swarm Cluster sensor

Docker Swarm Cluster sensor

The Docker Swarm Cluster Sensor (DSHS) discovers Docker Swarm, attributes, swarm nodes, swarm network and swarm services related information.

Sensor name that is used in the GUI and logs

DockerSwarmClusterSensor

Elements discovered by the sensor

The sensor discovers the following elements:
  • Docker Swarm
  • Docker Nodes (referred as Docker Host)
  • Docker Services
  • Docker Network

In the Discovery Management Console and Data Management Portal, a Docker Swarm cluster is represented by a blue-colored Docker whale design icon.

The Docker Swarm cluster sensor uses REST APIs to retrieve the discovery related information from the Docker host ‘Manager’ node running the 'dockerd' daemon process/application in ‘Manager’ role. The retrieved data primarily comprises of attribute data that is required to match naming rules and create valid model objects.

Prerequisites

  • The Docker daemon/application is running on a target Linux machine.
  • For successful discovery of Docker Swarm, REST support must be enabled on the target Docker host machine.
  • To trigger DSCS, at-least ONE Docker Host in 'Manager' role must be included in the discovery scope.
  • At any given time, a given Docker Host may belong to a single swarm cluster ONLY, i.e. it cannot be part of multiple Docker swarm clusters simultaneously.
  • Docker swarm cluster sensor is in turn dependent on the discovery performed by Docker Host sensor. Vis-a-vis, configuration for Docker Swarm Cluster sensor is implicitly derived from Docker Host sensor. For details, see 'Docker Host Sensor'Docker Host sensor.
  • Single set of TLS certificate is applicable for TADDMs communication to all the Docker Host.
  • Enable or Disable of TLS for discovery will have a uniform behavior across ALL Docker hosts defined within the scope.

    o Either applicable to ALL, or, NONE Docker Hosts.

Security issues

  • No specific access-list entry is required. For TLS based security details, see “Connection to Docker Swarm” below:

Connection to Docker Swarm

The Docker Swarm Cluster Sensor discovers data from Docker Host (working in ‘Manager’ role) through 2 modes: non-TLS mode, and, TLS mode.

Non-TLS mode

The non-TLS mode is the default mode. It retrieves data via web services and doesn’t require authentication. This mode is recommended in private network, or, private cloud deployments in customer premises.

TLS mode

The TLS mode is secure mode of communicating with the Docker Host. It verifies the TLS certificates installed in TADDM and target Docker Host. To use this mode, you must set the enableTLS property to true, along with configuring the certificate paths defined in discovery profile. For details, see “Docker Host Sensor: Configuring the discovery profile” . For manually generating the TLS certificates for TADDM and Docker host, see Docker Host sensor 'Configuring the discovery profile'. For manually generating the TLS certificates for TADDM and Docker host, see Docker Host sensor ': Manual TLS certificate generation'.

Model objects with associated attributes

The Docker Swarm Cluster Sensor creates model objects with associated attributes. The attributes indicate the type of information that the sensor collects about Docker Swarm resources in your IT environment.

The sensor creates the following model objects. The attributes that are associated with each model object are shown below the model object name.

app.docker.dockerswarm.DockerSwarm

  • app.docker.dockerswarm.DockerSwarm
  • Servers
  • SwarmServices
  • IP
  • Port
  • DockerNetwork

app.docker.dockerswarm.SwarmService

  • Name
  • DockerSwarm

app.docker.dockerhost.DockerContainer

  • Task
  • SwarmService

app.docker.dockerhost.DockerNetwork

  • Name
  • SubnetAddress
  • DockerHost
  • DockerContainer
Note: All the Docker Host Sensor model objects are also applicable here, since Docker Swarm is a cluster of Docker Host nodes.

Configuring the sensor

Before using the Docker Swarm Cluster Sensor, you must configure it.

Configuring the discovery profile:

Docker swarm cluster sensor is in turn dependent on the discovery performed by Docker Host sensor. Vis-a-vis, configuration for Docker Swarm Cluster sensor is implicitly derived from Docker Host sensor. For details, see Docker Host sensor :'Configuring the Sensor Profile'.

Troubleshooting the sensor

This topic describes common problems that occur with the Docker Swarm Cluster sensor and presents solutions for those problems.

Docker Swarm Cluster Sensor is not invoked on a Docker Host node

Problem : Docker Swarm cluster sensor may not be invoked on a Docker host node, in case that node is not currently not having the ‘manager’ role for that cluster.

Solution : Validate via logfile (DiscoverManager.log) that we are seeing the following traces:

“Either swarm mode is not enabled, or, the Docker host is not currently having manager role”.

To trigger DSCS, at-least ONE Docker Host in “Manager” role must be included in the discovery scope.