github.com/google/cadvisor@v0.49.1/docs/running.md (about) 1 # Running cAdvisor 2 3 ## With Docker 4 5 We have a Docker image that includes everything you need to get started. Simply run: 6 7 ``` 8 VERSION=v0.35.0 # use the latest release version from https://github.com/google/cadvisor/releases 9 sudo docker run \ 10 --volume=/:/rootfs:ro \ 11 --volume=/var/run:/var/run:rw \ 12 --volume=/sys:/sys:ro \ 13 --volume=/var/lib/docker/:/var/lib/docker:ro \ 14 --publish=8080:8080 \ 15 --detach=true \ 16 --name=cadvisor \ 17 gcr.io/cadvisor/cadvisor:$VERSION 18 ``` 19 20 cAdvisor is now running (in the background) on `http://localhost:8080/`. The setup includes directories with Docker state cAdvisor needs to observe. 21 22 **Note**: 23 - If docker daemon is running with [user namespace enabled](https://docs.docker.com/engine/reference/commandline/dockerd/#starting-the-daemon-with-user-namespaces-enabled), 24 you need to add `--userns=host` option in order for cAdvisor to monitor Docker containers, 25 otherwise cAdvisor can not connect to docker daemon. 26 - If cadvisor scrapes `process` metrics due to `--disable_metrics` or `--enable_metrics` options, you need to add `--pid=host` and `--privileged` for `docker run` to get `/proc/pid/fd` path in host. 27 - If cAdvisor needs to be run in Docker container without `--privileged` option it is possible to add host devices to container using `--dev` and 28 specify security options using `--security-opt` with secure computing mode (seccomp). 29 For details related to seccomp please [see](https://docs.docker.com/engine/security/seccomp/), the default Docker profile can be found [here](https://github.com/moby/moby/blob/master/profiles/seccomp/default.json). 30 31 For example to run cAdvisor with perf support in Docker container without `--privileged` option it is required to: 32 - Set perf_event_paranoid using `sudo sysctl kernel.perf_event_paranoid=-1`, see [documentation](https://www.kernel.org/doc/Documentation/sysctl/kernel.txt) 33 - Add "perf_event_open" syscall into syscalls array with the action: "SCMP_ACT_ALLOW" in [default Docker profile](https://github.com/moby/moby/blob/master/profiles/seccomp/default.json) 34 - Run Docker container with following options: 35 ``` 36 docker run \ 37 --volume=/:/rootfs:ro \ 38 --volume=/var/run:/var/run:ro \ 39 --volume=/sys:/sys:ro \ 40 --volume=/var/lib/docker/:/var/lib/docker:ro \ 41 --volume=/dev/disk/:/dev/disk:ro \ 42 --volume=$GOPATH/src/github.com/google/cadvisor/perf/testing:/etc/configs/perf \ 43 --publish=8080:8080 \ 44 --device=/dev/kmsg \ 45 --security-opt seccomp=default.json \ 46 --name=cadvisor \ 47 gcr.io/cadvisor/cadvisor:<tag> -perf_events_config=/etc/configs/perf/perf.json 48 ``` 49 50 ## With Boot2Docker 51 52 After booting up a boot2docker instance, run cAdvisor image with the same docker command mentioned above. cAdvisor can now be accessed at port 8080 of your boot2docker instance. The host IP can be found through DOCKER_HOST environment variable setup by boot2docker: 53 54 ``` 55 $ echo $DOCKER_HOST 56 tcp://192.168.59.103:2376 57 ``` 58 59 In this case, cAdvisor UI should be accessible on `http://192.168.59.103:8080` 60 61 ## Other Configurations 62 63 ### CentOS, Fedora, and RHEL 64 65 You may need to run the container with `--privileged=true` and `--volume=/cgroup:/cgroup:ro \` in order for cAdvisor to monitor Docker containers. 66 67 RHEL and CentOS lock down their containers a bit more. cAdvisor needs access to the Docker daemon through its socket. This requires `--privileged=true` in RHEL and CentOS. 68 69 On some versions of RHEL and CentOS the cgroup hierarchies are mounted in `/cgroup` so run cAdvisor with an additional Docker option of `--volume=/cgroup:/cgroup:ro \`. 70 71 **Note**: For a RedHat 7 docker host the default run commands from above throw oci errors. Please use the command below if the host is RedHat 7: 72 ``` 73 docker run 74 --volume=/:/rootfs:ro 75 --volume=/var/run:/var/run:rw 76 --volume=/sys/fs/cgroup/cpu,cpuacct:/sys/fs/cgroup/cpuacct,cpu 77 --volume=/var/lib/docker/:/var/lib/docker:ro 78 --publish=8080:8080 79 --detach=true 80 --name=cadvisor 81 --privileged=true 82 google/cadvisor:latest 83 ``` 84 85 86 ### Debian 87 88 By default, Debian disables the memory cgroup which does not allow cAdvisor to gather memory stats. To enable the memory cgroup take a look at [these instructions](https://github.com/google/cadvisor/issues/432). 89 90 ### LXC Docker exec driver 91 92 If you are using Docker with the LXC exec driver, then you need to manually specify all cgroup mounts by adding the: 93 94 ``` 95 --volume=/cgroup/cpu:/cgroup/cpu \ 96 --volume=/cgroup/cpuacct:/cgroup/cpuacct \ 97 --volume=/cgroup/cpuset:/cgroup/cpuset \ 98 --volume=/cgroup/memory:/cgroup/memory \ 99 --volume=/cgroup/blkio:/cgroup/blkio \ 100 ``` 101 102 ### Invalid Bindmount `/` 103 104 This is a problem seen in older versions of Docker. To fix, start cAdvisor without the `--volume=/:/rootfs:ro` mount. cAdvisor will degrade gracefully by dropping stats that depend on access to the machine root. 105 106 ## Standalone 107 108 cAdvisor is a static Go binary with no external dependencies. To run it standalone all you should need to do is run it! Note that some data sources may require root privileges. cAdvisor will gracefully degrade its features to those it can expose with the access given. 109 110 ``` 111 $ sudo cadvisor 112 ``` 113 114 cAdvisor is now running (in the foreground) on `http://localhost:8080/`. 115 116 ## Runtime Options 117 118 cAdvisor has a series of flags that can be used to configure its runtime behavior. More details can be found in runtime [options](runtime_options.md).