In the previous chapter, we had a look at the open source version of Sysdig. We saw that there is a great ncurses interface called cSysdig and it allows us to navigate through all the data that Sysdig is collecting about our host.
The sheer amount of metrics and data collected by Sysdig means that you have to try to stay on top of it either by shipping your files off the server, maybe to Amazon Simple Storage Service (S3), or to some local shared storage. In addition, you can query the data in the command line on the host itself or on your local machine using an installation of the command-line tools.
This is where Sysdig Cloud comes into play; it offers a web-based interface to the metrics that Sysdig captures along with the options to ship the Sysdig captures off your host machine either to Sysdig's own storage or to your S3 bucket.
Sysdig cloud offers the following functionality:
As well as, the option to trigger a capture on any of your hosts and at any time.
Sysdig describes ContainerVision as:
"Sysdig Cloud's patent-pending core technology, ContainerVision, is the only monitoring technology on the market designed specifically to respect the unique characteristics of containers. ContainerVision offers you deep and comprehensive visibility into all aspects of your containerized environment - applications, infrastructures, servers, and networks - all without the need to pollute your containers with any extra instrumentation. In other words, ContainerVision gives you 100% visibility into the activity inside your containers, from the outside."
Before we delve into Sysdig Cloud any further, I should point out that this is a commercial server and at the time of writing, it costs $25 per host per month. There is also a 14-day fully featured trial available. If you wish to work through the agent installation and follow the example in this chapter, you will need an active account that runs either on the 14-day trial or a paid subscription.
- Sign up for a 14-day free trial: https://sysdig.com/
- Details on pricing: https://sysdig.com/pricing/
- Introduction to the company: https://sysdig.com/company/
The agent installation is similar to installing the open source version; you need to ensure that your cloud host is running an up-to-date kernel and that you are also booted into the kernel.
Some cloud providers keep a tight control on the kernels you can boot into (for example, Digital Ocean), and they do not allow you to manage your kernel on the host itself. Instead, you need to choose the correct version through their control panel.
Once you have the correct kernel installed, you should be able to run the following command to install the agent. Ensure that you replace the access key at the end of the command with your own access key, which can be found on your User Profile page or on the agent installation pages; you can find these at:
- User Profile: https://app.sysdigcloud.com/#/settings/user
- Agent Installation: https://app.sysdigcloud.com/#/settings/agentInstallation
The command to run is:
curl -s https://s3.amazonaws.com/download.draios.com/stable/install-agent | sudo bash -s -- --access_key wn5AYlhjRhgn3shcjW14y3yOT09WsF7d
The shell output should look like the following screen:
Once the agent has been installed, it will immediately start to report the data back to Sysdig Cloud. If you click on Explore, you will see your host machine and the running containers:
As you can see here, I have my host machine and four containers running a WordPress installation similar to the one we used in the previous chapter. From here, we can start to drill down into our metrics.
To launch the WordPress installation on your cloud-based machine, run the following commands as the root user:
sudo su - mkdir ~/wordpress curl -L https://raw.githubusercontent.com/russmckendrick/monitoring-docker/master/chapter05/wordpress/docker-compose.yml > ~/wordpress/docker-compose.yml cd ~/wordpress docker-compose up -d
The Sysdig Cloud web interface will feel instantly familiar, as it shares a similar design and overall feeling with cSysdig:
Once you start to drill down, you can see that a bottom pane opens up and this is where you can view the statistics. One of the things I liked about Sysdig Cloud is that it opens up a wealth of metrics and there should be very little that you need to configure from here.
For example, if you want to know what processes have been consuming the most CPU time in the last 2 hours, click on 2H in the secondary menu and then from the Views tab in the bottom-left click on System: Top Processes; this will give you a table of the processes, ordered by the ones that have used the most time.
To apply this view to a container, click on a container in the top-section and the bottom-section will be instantly updated to reflect the top CPU utilization for just that container; as most containers will only run one or two processes, this may not be that interesting. So, let's have a deep look at the processes themselves. Let's say, we clicked on our database container and we wanted information on what is happening within MySQL.
Sysdig Cloud comes with application overlays, these when selected give you more granular information on the processes within the container. Selecting the App: MySQL/PostgreSQL view gives you an insight into what your MySQL processes are currently doing:
Here, you can see that view in the bottom section has instantly updated to give a wealth of information on what has been happening in the last 5 minutes within MySQL.
Sysdig Cloud supports a number of application views, including:
- Apache
- HAProxy
- NGINX
- RabbitMQ
- Redis
- Tomcat
Each one gives you immediate access to metrics, which even the most experienced SysAdmins will find valuable.
You may have noticed that at the top of the second panel there are also a few icons, these allow you to:
- Add Alert: Creates an alert based on the view you have open; it lets you tweak the threshold and also choose how you are notified.
- Sysdig Capture: Pressing this brings up a dialog, which lets you record a Sysdig session. Once recorded, the session is transferred to Sysdig Cloud or your own S3 bucket. Once the session is available, you download it or explore it within the web interface.
- SSH Connect: Gets a remote shell on the server from the Sysdig Cloud web interface; it is useful if you do not have immediate access to your laptop or desktop machine and you want to do some troubleshooting.
- Pin to dashboard: Adds the current view to a custom dashboard.
Out these options icons, the "Add Alert" and "Sysdig Capture" options are probably the ones that you will end up using the most. One final view that I found interesting, is the topology one. It gives you a bird's eye view of your host and containers, this is useful too see the interaction between containers and hosts:
Here, you can see me request a page from the WordPress site (it's in the box on the left), this request hits my host machine (the box on the right). Once it's on the host machine, it is routed to the HAProxy container, which then passes the page request to the Wordpress2 container. From here, the Wordpress2 container interacts with the database that is running on the MySQL container.
Although Sysdig Cloud is quite a new service, it feels instantly familiar and fully featured as it is built on top of an already established and respected open source technology. If you like, the level of detail you get from the open source version of Sysdig, then Sysdig Cloud is a natural progression for you to start storing your metrics offsite and also to configure alerts. Some good starting points for learning more about Sysdig Cloud are:
- Video Introduction: https://www.youtube.com/watch?v=p8UVbpw8n24
- Sysdig Cloud Best Practices: http://support.sysdigcloud.com/hc/en-us/articles/204872795-Best-Practices
- Dashboards: http://support.sysdigcloud.com/hc/en-us/articles/204863385-Dashboards
- Sysdig blog: https://sysdig.com/blog/