[ixpmanager] Docker and IXP Manager

Marco d'Itri md at Linux.IT
Mon Jan 29 21:51:33 GMT 2018 

On Jan 29, Barry O'Donovan <barry.odonovan at inex.ie> wrote:

> Especially for emulating switches, route servers, graphing and tools
> such as Bird's Eye. Docker is ideally suited to solving these issues as
> well as providing the perfect environment for IXP Manager workshops.
I started moving the not tightly coupled pieces to containers, so maybe 
somebody will find design this useful.

mrtg.service is just a plain MRTG service unit, running in a dedicated 
container:

[Unit]
Description=Multi-router Traffic Grapher
After=syslog.target

[Service]
User=mrtg
#Environment=RRDCACHED_ADDRESS=unix:/run/rrdcached/rrdcached.sock
PermissionsStartOnly=yes
ExecStartPre=/bin/mkdir -p /var/lock/mrtg/
ExecStartPre=/bin/chown mrtg: /var/lock/mrtg/
ExecStart=/usr/bin/mrtg --daemon /var/lib/mrtg/ixpmanager.cfg --pid-file=/run/mrtg/mrtg.pid --lock-file /var/lock/mrtg/mrtg_l --confcache-file /var/lib/mrtg/mrtg.ok
Type=forking
SuccessExitStatus=0 1
RuntimeDirectory=mrtg
PIDFile=/run/mrtg/mrtg.pid
StandardOutput=syslog

[Install]
WantedBy=multi-user.target

(rrdcached is disabled because in my tests the journaled data was not 
being flushed automatically (fast enough?) to the RRD, I had no time to 
investigate this yet.)


mrtg-cfg.service is a simple unit used to restart mrtg:

[Unit]
After=network.target

[Service]
Type=oneshot
ExecStart=/bin/systemctl restart mrtg.service


And mrtg-cfg.path will trigger mrtg-cfg.path every time the 
configuration file is modified:

[Path]
PathChanged=/var/lib/mrtg/ixpmanager.cfg

[Install]
WantedBy=multi-user.target


The trick is that /var/lib/mrtg/ is shared between the two containers:

# /etc/systemd/nspawn/manager.nspawn 
[Files]
Bind=/var/lib/mrtg/

I use plain systemd-nspawn containers which are much simpler than full 
Docker, but I know that Docker has a similar function too.

For extra security the RRD directory could be different from the 
configuration directory, and bind-mounted read only.

I will apply the same principle to RS.

-- 
ciao,
Marco
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <https://www.inex.ie/pipermail/ixpmanager/attachments/20180129/971abb17/attachment-0001.bin>

More information about the ixpmanager mailing list