다음을 통해 공유


Docker Swarm and Secret support with OMS Insight and Analytics - container monitoring solution

Hello all, this is Keiko, Program Manager from the OMS team.

The container monitoring solution, available as part of OMS Insight and Analytics, helps you get visibility into the inventory of containers in hosts, including images running in them and detailed audit of commands executed. It provides a centralized view of CPU, memory, storage, and network usage and performance information for multiple different types of containers, including Docker and Windows, in your environment. It helps you troubleshoot by viewing and searching centralized logs without having to remotely view container hosts. Based on your requests, we are extending this solution to support Docker Swarm mode and Secret. With this support, you have a unified container monitoring solution for containers on Mesosphere DC/OS, Kubernetes, and Docker Swarm, on-premises or in any public cloud.

For more information, see the Container Solution documentation.

Graphic showing DC/OS and OMS container solution

OMS Agent for Linux can be run as a global service on Docker Swarm by running the commands below.

keiko@swarmm-master-13957614-0:~# sudo docker service create --name omsagent --mode global --mount type=bind,source=/var/run/docker.sock,destination=/var/run/docker.sock -e WSID="" -e KEY="" -p 25225:25225 -p 25224:25224/udp --restart-condition=on-failure microsoft/oms keiko@swarmm-master-13957614-0:~# sudo docker service ls ID           NAME     MODE   REPLICAS IMAGE qiq3y13rwoyn omsagent global 2/2      microsoft/oms

Secrets with Docker Swarm and Kubernetes for OMS Workspace ID and Primary Key

For those who want to make their OMS Workspace ID and Primary Key information more secure, Kubernetes and Docker Swarm secrets are available.

For Kubernetes, we created a script to generate the secrets yaml file for Workspace ID and Primary Key. This can be used with the omsagent yaml file for secrets.

keiko@ubuntu16-13db:~# sudo kubectl describe secrets omsagent-secret Name: omsagent-secret Namespace: default Labels: Annotations: Type: Opaque Data ==== WSID: 36 bytes KEY: 88 bytes

For more information, see the Kubernetes Readme file.

For Docker Swarm, once the secret for Workspace ID and Primary Key is created, you can create the Docker service for omsagent.

keiko@swarmm-master-13957614-0:# sudo docker secret ls ID                        NAME CREATED        UPDATED j2fj153zxy91j8zbcitnjxjiv WSID 43 minutes ago 43 minutes ago l9rh3n987g9c45zffuxdxetd9 KEY  38 minutes ago  38 minutes ago

keiko@swarmm-master-13957614-0:# docker service create --name omsagent --mode global --mount type=bind,source=/var/run/docker.sock,destination=/var/run/docker.sock --secret source=WSID,target=WSID --secret source=KEY,target=KEY -p 25225:25225 -p 25224:25224/udp --restart-condition=on-failure microsoft/oms

For more information, see the Docker Swarm Agent Secrets Readme file.

How do I try this?

Get a free Microsoft Operations Management + Security (#MSOMS) account so that you can test the Container Monitoring Solution features. You can also get a free subscription for Microsoft Azure.

How can I give you feedback?

There are a few different routes to give feedback:

We will be enhancing more monitoring capabilities for containers. If you have feedback or questions, please feel free to contact us.

Keiko Harada, Program Manager

Microsoft Operations Management Team