Community discussions

MikroTik App
 
PappaB
just joined
Topic Author
Posts: 14
Joined: Thu Nov 16, 2023 1:55 pm

Containerized SNMP monitoring (short term) - a step above built-in graphs

Thu Nov 16, 2023 3:32 pm

Advice / help / guidance needed to build / install on-device basic bandwidth monitoring tool (inside a container), with a bit more detail for the non-technical users.
Nothing as fancy as Grafana / Prometheus for instance required, but a bit more advanced than built-in graphs functionality.
Apologies in advance for a lengthy post.

I'm a self-proclaimed member of Tinkerers Anonymous (7 years and have not been able to kick the addicition) and I am super excited with the potential containers bring to ROS.
However, my skill level on Mikrotik is still relatively low, and I have only been looking at containers / dockers for a week now (Quite a bit of learning ahead for me).
I have been able to get Pihole and Uptime Kuma set up as containers as part of my journey this week.
I understand that the routerboards have grown a lot in power, but they are still limited in terms of both CPU, RAM and storage compared to for instance an External Pi, or x86 based homelab server.
I have read through numerous posts where members advise to keep the device to its core function (good router), and leave the monitoring etc. for other devices.

Here is my home setup, and I will follow it with what I would like to accomplish. (All running the latest 7.12 Router OS)
Main Core Router - 1 x RB5009. Connected to the internet via 1) Primary - Fibre link, and 2) Auto failover to LTE router (connected via eth). This is working and reporting as expected. Attached to this is a 512 Gb SSD, connected via USB. Working as expected and currently the home for PiHole (disk1) and Uptime Kuma (disk2). I have split this disk into 5 partitions.
Passive Backup - 1 x RB4011. This is providing both the main area of the house with WiFi, and is powerful enough to handle traffic / failover / Natting / Firewalling / VPNs should the Rb5009 fail (Murphy is always lurking in a corner)
1 x HAP AX3 - Installed in another section of the house. This is part of the project to get the whole property on WiFi 6, and also to test capabilities of the unit. (Bought after the RB5009 and RB4011)
1 x HAP AX2 - Installed in workshop area, also part of the WiFi 6 project, and also test-bench (more info later). (Bought after the RB5009 and RB4011)
3 x HAP AC2 units. Part of the legacy installation and will in the next 12 months be replaced with WiFi 6 capable units.

What I would like to accomplish in a docker/container on the Mikrotik:
1) Basic SNMP Monitoring with a Web front-end to show 1) Overall usage (inbound / outbound / total traffic) 2) Traffic per additional router/ap in my home network.
In short, I should be able to see if my link is saturating, and how much each of the Mikrotik devices (SNMP monitored) is contributing to the total usage.
All Mikrotiks have SNMP enabled and can currently be monitored in theory by a Grafana + Prometheus setup running on a Pi or VM.
.... However, the Grafana + Prometheus is an overkill for this, and way too resource intensive to host on the Mikrotik itself (this seems to be clear).
Smaller solutions (eg. Bitmeter OS, Netdata, [feel free to suggest alternatives]), can potentially give me the graphs and detail I would like.
The reason I would like this to be working from a container on the router is that I have some friends / family that come to me for advice on IT matters (one-eyed idiot leading the blind), and I have all of them on Mikrotik devices by now. Most of them would like to have a web-page they can access from the PC / phone browser, that gives them a bit of info (and history) on the internet connection. I have tried to get them to use the built-in graphs, but a number of them ask questions like: What was my total usage in Gb for the a) last hour or b) last day? or Who is using all the data? or similar.
A lot of this info can be gleamed from super-lightweight packages like Bitmeter OS or Netdata, but most of them do not have extra computers / Pi's lying aound for this purpose.

So, after all of that, how would I go about (if actually possible / feasible) installing a lightweight SNMP monitoring app with a web front-end on a container on the Mikrotik.
Ideally, it should be lightweight enough to work on a HAP AX2 with a small USB drive for storage.
Data does not need to be retained for extended periods (for instance, 24-72 hours should be OK)

Wishlist (over and above the aforementioned tool), but not critical for the project:
1) Alerting - sending an alert in case of certain events (eg. link saturation for longer than x time, or link failing over to backup [capped solution, so cost performance implications])
2) Login capability - a bit of security is never a bad thing

Dreamlist (Flights of fancy that is likely unrealistic give the processing power / other limitations):
1) Very (yes very) basic protocol breakdown - so they can see if it is YouTube or Facebook or e-mails consuming the bandwidth. No need for too much detail.
2) Integration into the Mikrotik API, allowing be to block an IP / MAC / etc from a web frontend. Most of my friends / family find Winbox and the Mikrotik menus etc inundating when I try to teach them,

So, after all of the above, please give some thoughts, ideas, how-to's etc. I am sure there might be quite a number of relatively basic users that can benefit from somehting like this.
 
elbob2002
Member Candidate
Member Candidate
Posts: 252
Joined: Tue May 15, 2018 8:15 pm
Location: Ireland

Re: Containerized SNMP monitoring (short term) - a step above built-in graphs

Fri Nov 17, 2023 10:44 am

LibreNMS might fit your bill.

I use it extensively. There is a docker container for it.
 
PappaB
just joined
Topic Author
Posts: 14
Joined: Thu Nov 16, 2023 1:55 pm

Re: Containerized SNMP monitoring (short term) - a step above built-in graphs

Fri Nov 17, 2023 3:41 pm

Thank you elbob2002.

I will check it out...

From a YouTube video it seems on the surface to be lightweight enough, and from the first bit of research it seems it will do what I need.
Screenshot 2023-11-17 at 15.17.59.png
In the YouTube video, the LibrenNMS is running on a Prox environment, but if you consider the HAP AX2 has 1 Gb of RAM and a quad-core 64 bit CPU, it should be able to handle it, provided the external disk can handle the required reads/writes (throughput/speed/reliability).

Any specific instructions or hints on setting up the environment variables and mountpoints will be greatly appreciated, as I am shining new to the docker / containers environment.

From the yml file I see there are quite a number of variables, but I have no idea how to translate that to Mikrotik environment.
If anyone can point me to a write-up, or help me figure it out, it will be great.

https://github.com/librenms/docker#envi ... -variables
You do not have the required permissions to view the files attached to this post.
Last edited by PappaB on Fri Nov 17, 2023 3:42 pm, edited 1 time in total.
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3040
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: Containerized SNMP monitoring (short term) - a step above built-in graphs

Fri Nov 17, 2023 4:50 pm

Well, there is also Dude which is built-in... while old, it is extreme lightweight... since it just's writing to a sqlite db.
Webfig will show a network map so there is some web GUI...
 
PappaB
just joined
Topic Author
Posts: 14
Joined: Thu Nov 16, 2023 1:55 pm

Re: Containerized SNMP monitoring (short term) - a step above built-in graphs

Fri Nov 17, 2023 5:01 pm

Thanks Amm0

A blast from the past.... I have not used the Dude since about v2 or 3 I think.
It used to be good at diplaying a network map and some info on the map, but not really bandwidth graphs as far as I can recall.

I should have looked at it as well in my quest, but perhaps I was just to focussed on containers etc.
Also, since in my mind it held a spot of a network mapping tool, I might have overlooked it.
It there a way to just display the info on a url without having to go trough webfig?

Also, os there a way to have the Dude run / store info on the external storage instead of constant reading / writing to the NAND?
For some reason I have this irrational worry about prematurely wearing out my NAND storage... Haha.
If you can point me to right post / link it might save me some time in my research.
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3040
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: Containerized SNMP monitoring (short term) - a step above built-in graphs

Fri Nov 17, 2023 5:13 pm

It used to be good at diplaying a network map and some info on the map, but not really bandwidth graphs as far as I can recall.
You use a "link" object in a map to specify the a RouterOS (or SNMP) interface to track bandwidth, and those will show a traffic graph. Custom probes that are assigned to device can also monitor a SNMP variable, which you can also graph.

If you used firewall/queues to mark traffic (eg QoS), you be able to monitor the queue traffic using a custom probe to "see" different kinds of traffic (indirectly via a queue's stats and custom probe in Dude).
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3040
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: Containerized SNMP monitoring (short term) - a step above built-in graphs

Fri Nov 17, 2023 5:16 pm

Also, os there a way to have the Dude run / store info on the external storage instead of constant reading / writing to the NAND?
Look at ROSE in help. You can mount a NAS/share/etc and then specify the Dude directory to the mounted volume.
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3040
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: Containerized SNMP monitoring (short term) - a step above built-in graphs

Fri Nov 17, 2023 5:20 pm

It there a way to just display the info on a url without having to go trough webfig?
No, but you can use a "read" account so that someone monitoring can't change anything.
 
tangent
Forum Guru
Forum Guru
Posts: 1230
Joined: Thu Jul 01, 2021 3:15 pm
Contact:

Re: Containerized SNMP monitoring (short term) - a step above built-in graphs

Fri Nov 17, 2023 6:15 pm

you can use a "read" account so that someone monitoring can't change anything.

Assuming you're referring to the RouterOS user group policy of that name and not a LibreNMS feature, alas, it doesn't currently work that way. If your container has a "/bin/sh" inside and your read-only RouterOS user can get access to the RouterOS CLI somehow (WebFig Terminal, SSH, etc.) it has permission to execute "/container/shell 0", which then drops that user into a full root shell inside the container!

Read-only RouterOS users also have the ability to start and stop containers, something else I don't think of as "read-only".

A safer option may be to expose access via LibreNMS's own "global read" user level, though that's speculation, since I've never run LibreNMS.
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3040
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: Containerized SNMP monitoring (short term) - a step above built-in graphs

Fri Nov 17, 2023 6:20 pm

you can use a "read" account so that someone monitoring can't change anything.
Read-only RouterOS users also have the ability to start and stop containers, something else I don't think of as "read-only".
I was answering re the Dude alternative. e.g. if no container to start/stop...

But yeah with a container, you can expose a webpage & avoid needing any RouterOS login. So totally fair point that the policy system leaves some gaps. ;)
 
PappaB
just joined
Topic Author
Posts: 14
Joined: Thu Nov 16, 2023 1:55 pm

Re: Containerized SNMP monitoring (short term) - a step above built-in graphs

Sat Nov 18, 2023 9:30 am

Thanks All.

I am trying to get LibreNMS going, but running into a few noob issues. Like I said, I am brand new to containers / dockers and not someone that work with routers on a regular basis.

1. Do I load a lightweight Ubuntu or Debian Docker, and then add LibreNMS via their installation script? (This seems like a bit of overkill and might expose more "features" that are not required.

Or

2. Do I just try to load the LibreNMS Docker image? In this case I need assistance please with setting environment variables and mountpoints. I am prepared to put in the learning, but a pointer in the right direction will be appreciated. I am not sure to pass through variables typically set up in a yml file to the design used by ROS. Also, a bit of guidance on how the mount points translate to expected folders for the "OS" sitting below LibreNMS.

Thanks
 
tangent
Forum Guru
Forum Guru
Posts: 1230
Joined: Thu Jul 01, 2021 3:15 pm
Contact:

Re: Containerized SNMP monitoring (short term) - a step above built-in graphs

Sat Nov 18, 2023 3:42 pm

I am brand new to containers / dockers

The term is "container" regardless of whether you're working with Docker Engine or MikroTik's lightweight reimplementation of the technology in RouterOS. Docker neither originated the concept nor created the base technologies in Linux that made it possible. Their implementation is distinguished by being the one that first popularized the Linux container concept by making it easy to apply in practice.

In the past, the ROS docs on their container feature misused the term "docker" to refer to the technology generally, and you will find echoes of that misuse here on the forum. Furthermore, there are others who continue to make this confusion for the same reason other brand names have become genericized. I believe it is important to make the distinction because the Docker implementation of containers is different in many ways from the one in RouterOS. Conflating these two unrelated implementations will lead you into misapprehensions, delaying your enlightenment.

The first key thing you must understand is that there isn't any proprietary Docker, Inc technology in RouterOS, that I'm aware of. As far as I can tell from my position here as an outsider to their development organization, MikroTik started with nothing more than comes with the generic Linux kernel, then reimplemented everything else you need to have a container engine atop that. That isn't even close to the second time it's been done before; more like the two-dozenth.

Occasionally the use of the term "Docker" indicates that the one using it either didn't bother ensuring that their container is portable to other engines, or that they have made purposeful use of some Docker-specific feature, making it non-portable by design. I've never run LibreNMS, so I can't tell you which of these two is the case, if either is.

Do I load a lightweight Ubuntu or Debian Docker, and then add LibreNMS via their installation script?

Definitely not. Containers are not VMs.

I need assistance please with setting environment variables and mountpoints

That's documented in the RouterOS manual. What's your difficulty in applying it?

This high-level overview of Docker storage tech may help. RouterOS's container engine supports bind mounts only, pointing at directories you create on the USB SSD you spoke of in your original post. RouterOS doesn't have a volume manager as in more featureful container engines, but this lack is inessential from the internal viewpoint of the containerized service.

I am not sure to pass through variables typically set up in a yml file to the design used by ROS

YAML files are used for several things in the container world, but although none of them apply to RouterOS's indepdendent implementation, there are two standouts in this context, being admin-focused, thus worth a slice of your attention at this early stage in your education, if only so that you can recognize them and adjust as necessary for RouterOS.

One is for "compose" files, named after a Docker feature that lets you define multiple containerized services in a single unit so that you can bring them all up and down together. It's since been cloned in a few other engines — and even reimplemented once by Docker, Inc! — but it has yet to appear in RouterOS, and frankly, I doubt it ever will. It's an administration affordance, not an essential backbone feature of containers; while it may be nice to have, only a spoiled snob would consider it a deal-breaker when absent. 😛

Every instance of "yml" on the top-level LibreNMS Docker page is of this type, but the thing is, they're all talking about "sidecar" containers to get additional services you can hook into LibreNMS. As far as I can tell, having never deployed LibreNMS myself, these are not necessary to make LibreNMS itself run. If you need these other services, you can simply add them one at a time as independent containers under RouterOS until you've built up what you need. It isn't as convenient as saying "docker compose up", but them's the downsides of using a bare-bones container engine like the one in RouterOS instead of something full-featured like Docker Engine.

The second major admin-facing use of YAML in the container world is for defining Kubernetes clusters, a much higher level thing than compose meant for managing clusters of container engines, even whole data centers full of them. You will find a good many people who want to jump straight from one container to a k8s cluster, but I beg you to help me resist this tendency toward overcomplexity. Google needs k8s; you probably don't, and if you do, it is inadvisable in the highest degree to implement a k8s cluster atop RouterOS.
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3040
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: Containerized SNMP monitoring (short term) - a step above built-in graphs

Sat Nov 18, 2023 5:49 pm

I'd just add anytime that package's instruction suggest using "docker compose" (and not just "docker run <image_tag>..." — that just going to be harder on RouterOS — since "compose" can create MULTIPLE containers. But nothing in RouterOS knows about compose file, since basically just the "docker run" part of Docker.

So looking a LibreNMS compose example, it's actually 7 containers, and from quick look most are needed:
https://github.com/librenms/docker/blob ... ompose.yml

As @tangent well explains, the YAML for the compose has the individual containers that would be needed inside that file. e.g. each of the item indented 2 space and under "services" has an "image" field in compose.yml — that what need for "/container/add remote-image=<from_yaml_image_field> ..." & so you likely need ~7 x /container/add's for LibreNMS.

Anyway, containers are useful and worthwhile to learn. But kinda why I was trying to steer ya to the Dude for monitoring if you have just a handful of devices.
 
tangent
Forum Guru
Forum Guru
Posts: 1230
Joined: Thu Jul 01, 2021 3:15 pm
Contact:

Re: Containerized SNMP monitoring (short term) - a step above built-in graphs

Sat Nov 18, 2023 6:05 pm

But kinda why I was trying to steer ya to the Dude for monitoring if you have just a handful of devices.

Alternately, run LibreNMS on some other always-on server on your LAN that can run a full-featured Docker Engine.

I doubt there's anything about LibreNMS that makes it impossible to get it running under RouterOS's bare-bones container engine, but it's a rock-solid guarantee that it will take more work and give you fewer management features in the end. Issues like the root shell security hole I brought up above may be a deal-killer.
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3040
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: Containerized SNMP monitoring (short term) - a step above built-in graphs

Sat Nov 18, 2023 6:36 pm

More suggesting LibreNMS may not be the best "intro to containers". ;)
I haven't research, but imagine there is lighterweight NMS that be better fit for a RouterOS container.

I doubt there's anything about LibreNMS that makes it impossible to get it running under RouterOS's bare-bones container engine, but it's a rock-solid guarantee that it will take more work and give you fewer management features in the end. Issues like the root shell security hole I brought up above may be a deal-killer.
My rule is anything that require specific "capabilities" in a compose/etc (e.g. stuff like NET_ADMIN, NET_RAW) is a bad idea in RouterOS...
Last edited by Amm0 on Sat Nov 18, 2023 6:52 pm, edited 1 time in total.
 
PappaB
just joined
Topic Author
Posts: 14
Joined: Thu Nov 16, 2023 1:55 pm

Re: Containerized SNMP monitoring (short term) - a step above built-in graphs

Sun Nov 19, 2023 10:39 am

Great feedback and insights.

Ok, if LibreNMS is not the ideal beginner project, let's hear from others in the community to see if they can propose better suited lighter weight solutions.
From my initial research, I can see that other users are interested in something similar.

I tried with the Dude, but it seems unlikely that I can get what I want from it, especially given the fact that as of V6 they killed the web server portion of it. However, I'm still playing with it and will post successes / failures as I continue.

Thanks for all the info so far, it helps a lot with my understanding.
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3040
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: Containerized SNMP monitoring (short term) - a step above built-in graphs

Sun Nov 19, 2023 6:12 pm

I didn't mean to sound discouraging... In fairness, you may not need 7 containers for LibreNMS (I just counted what's in the example), but at least 2 I'm sure (e.g. a database and librenms). A quick google did turn up the steps for Synlogy NAS and LibreNMS, you'd have to convert the "docker run" to /container/add's but rough steps are likely similar: https://jasonloong.com/blog/synology-sn ... nms-docker

The alternative to LibreNMS is Zabbix, but it's also similarly structured where parts of the monitoring/storage/UI/etc are broken up into multiple containers.

This kinda how containerization is suppose to work (e.g. one function per container) & goes to point "containers are not VM" which @tangent highlights. But you do lose something in using containers without "orchestration" (e.g. "docker compose") since dealing with "related" containers is a manual process you have to manage yourself.
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3040
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: Containerized SNMP monitoring (short term) - a step above built-in graphs

Sun Nov 19, 2023 6:23 pm

I tried with the Dude, but it seems unlikely that I can get what I want from it, especially given the fact that as of V6 they killed the web server portion of it. However, I'm still playing with it and will post successes / failures as I continue.
Webfig should have some web things for Dude. And use can you "skins" in webfig to reduce the UI so it's easier to find. While Dude excels at the monitoring side, but a simple "dashboard" (or any web UI) not so much...

@Jonte also has Splunk-based monitoring "system" but I'm not sure is a container for the needed Splunk server. But see viewtopic.php?t=179960 since that another NMS idea here.
 
PappaB
just joined
Topic Author
Posts: 14
Joined: Thu Nov 16, 2023 1:55 pm

Re: Containerized SNMP monitoring (short term) - a step above built-in graphs

Mon Nov 20, 2023 10:55 am

Thank you for all the great input and links so far.

Tangent - the part that is unclear to me is how you define / decide /map the "name" portion of the below.

/container/envs/add name=pihole_envs key=TZ value="Europe/Riga"
/container/envs/add name=pihole_envs key=WEBPASSWORD value="mysecurepassword"
/container/envs/add name=pihole_envs key=DNSMASQ_USER value="root"


In this example, the name is pihole_envs, with the various variables defined.
In my understanding, the container software need to query variables, looking at a specific name.
But, if that name is incorrect, it will not be able to get the variables.

For instance,
If I created all these variables in the Pihole example with a name of (for instance) "pihole_variables", I am assuming the software running in the container would have ignored them..

I am sure there is an easy way, but either I am just not finding it, or it is such common knowledge it is not explained in most documentation.

Thanks
 
tangent
Forum Guru
Forum Guru
Posts: 1230
Joined: Thu Jul 01, 2021 3:15 pm
Contact:

Re: Containerized SNMP monitoring (short term) - a step above built-in graphs

Mon Nov 20, 2023 11:16 am

You can have any number of environment lists and containers, and the mapping between them is up to you. You choose at container creation time via "/container add…envlist" which environment list to push into the container.

You can call each list whatever you like.
 
PappaB
just joined
Topic Author
Posts: 14
Joined: Thu Nov 16, 2023 1:55 pm

Re: Containerized SNMP monitoring (short term) - a step above built-in graphs

Mon Nov 20, 2023 11:34 am

Thank you Tangent.

I hear what you are saying, but there is a portion that does not make sense to me. (More than likely my fault - but willing to learn)

Let's say I create an entry as below.

/container/envs/add name=crazymonkey key=TZ value="Europe/Riga"

How will LibreNMS know how to read the variables in "Crazymonkey" to get the Timezone?
In other words, how are they mapped to each other (the container and variables)?
The only thing that would make sense to me is the software in the container looks for all the variables under cetrain names (eg, librenms_var, mariadb_envs, etc etc)

For instance - look at the below list.
https://github.com/jochristian/librenms ... riables.md

There are sections called General, (Distributed) Poller, etc.

Do I create the lists under General and (Distributed) Poller, etc?
 
tangent
Forum Guru
Forum Guru
Posts: 1230
Joined: Thu Jul 01, 2021 3:15 pm
Contact:

Re: Containerized SNMP monitoring (short term) - a step above built-in graphs

Mon Nov 20, 2023 11:48 am

How will LibreNMS know how to read the variables in "Crazymonkey" to get the Timezone?

Via "/container/add remote-image=whatever/librenms envlist=crazymonkey".

I think you're confusing "/container/add envlist" with "/container/envs/add". Not the same thing. The first adds a container with a given environment list, and the second adds a variable to an environment list for consumption by the first.

As to that list of environment variables you pointed to, they're giving you multiple examples. Follow the one that does the thing you want to do and use that one envlist.
 
PappaB
just joined
Topic Author
Posts: 14
Joined: Thu Nov 16, 2023 1:55 pm

Re: Containerized SNMP monitoring (short term) - a step above built-in graphs

Mon Nov 20, 2023 12:50 pm

Thanks a million Tangent.

That makes sense and clears it up.

I will post back with progress / issues.
Perhaps we can help someone else with similar needs.
 
PappaB
just joined
Topic Author
Posts: 14
Joined: Thu Nov 16, 2023 1:55 pm

Re: Containerized SNMP monitoring (short term) - a step above built-in graphs

Tue Nov 21, 2023 2:16 pm

Some updates and challenges

I decided to proceed as follows:
Approach:
Create a container for MariaDB (This is a workable db for LibreNMS, and from initial reading seems to be faster and more efficient than mySQL at present)
Create a container for LibreNMS. My thinking in this regard is that a) I can use MariaDB for something else should I choose to, and b) should LibreNMS not be the soution I am looking for, I do not have to redo everything as long as whatever I choose support MariaDB. If any other components in this design is required, I can set up a container for that component (Possibly a "collector")

1) Created a 20 Gb disk for LibreNMS (disk4). Formatted to ext4
2) Created a 20 Gb disk for MariaDB (disk5). Formatted to ext4
status below...
> /disk print
;;; LibreNMS
4 BMp disk4 @60'000'108'544-80'000'108'544 20 000 000 000
;;; MariaDB
5 BMp disk5 @80'000'122'880-100'000'122'880 20 000 000 000

3) Created the virtual interfaces
> /interface/veth/print
Flags: X - disabled; R - running
3 R name="veth4-librenms" address=172.x.1.6/24 gateway=172.x.1.2 gateway6=::
4 R name="veth5-mariadb" address=172.x.1.7/24 gateway=172.x.1.2 gateway6=""

Created environment variables (Allowing empty passw for time being while testing). Passwords changed to xxxxx
> /container/envs/print
3 name="librenms_envs" key="TZ" value="Africa/Johannesburg"
4 name="librenms_envs" key="MYSQL_ALLOW_EMPTY_PASSWORD" value="yes"
5 name="librenms_envs" key="MYSQL_DATABASE" value="librenmsdb"
6 name="librenms_envs" key="MYSQL_USER" value="root"
7 name="librenms_envs" key="MYSQL_PASSWORD" value="xxxxx"
9 name="mariadb_envs" key="MARIADB_USER" value="librenms"
10 name="mariadb_envs" key="MARIADB_PASSWORD" value="xxxxx"
11 name="mariadb_envs" key="MARIADB_DATABASE" value="librenmsdb"
12 name="mariadb_envs" key="MARIADB_ROOT_PASSWORD" value="xxxxx"

Created mountpoints- just focussing on MariaDB now. (Here I am a bit lost, but followed/adapted the logic in this article I found - https://mikrotik.xyz/mikrotik/mikrotik-hosting-docker/
> /container/mounts/print
4 name="mariadb_data" src="/disk5/mariadb/data" dst="/var/lib/mariadb"
5 name="mariadb_dump" src="/disk5/mariadb/dump" dst="/docker-entrypoint-initdb.d"

Created the container
> container/print
2 name="b5eb5528-4119-4698-83b1-xxxxxxxx" tag="library/mariadb:latest" os="linux" arch="arm64" interface=veth5-mariadb
envlist="mariadb_envs" root-dir=disk5/mariadb/MariaDB mounts=mariadb_data,mariadb_dump dns="" hostname="mariadb"
logging=yes start-on-boot=yes status=running

The container is running, but:
1) I cannot ping it - (veth interface is added to the correct bridge, and I can ping the other veth "neighbours".
2) Cannot telnet to it on port 3306 to see if MariaDB is acutally running.
3) The 2 databases (librenmsdb and dump) that were supposed to be created, seems to empty.

I suspect this might be an issue in the container definition (root-dir=disk5/mariadb/MariaDB), almost as if it were supposed to load onta an existing installation.
File structure not as expected either - see below.
Screenshot 2023-11-21 at 14.15.39.png
Any help at this stage is welcome.
You do not have the required permissions to view the files attached to this post.
 
PappaB
just joined
Topic Author
Posts: 14
Joined: Thu Nov 16, 2023 1:55 pm

Re: Containerized SNMP monitoring (short term) - a step above built-in graphs

Tue Nov 21, 2023 2:27 pm

Update.

I change the root-dir to just /disk5
I also double checked the bridge setup, and found I placed the port on the main bridge, not the docker bridge.

I can now ping the host (172.x.1.7) and will do some tests later and update here.
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3040
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: Containerized SNMP monitoring (short term) - a step above built-in graphs

Tue Nov 21, 2023 4:58 pm

I also double checked the bridge setup, and found I placed the port on the main bridge, not the docker bridge.
I have no idea why mikrotik shows an docs/example show a VETH inside new docker bridge since that add even more complexity. Although you have to be careful with putting VETH in main bridge since VETH subnet becomes a connected route and other artifacts of bridging.

You can also use a new subnet for VETH in NO bridge, and just add it to the LAN interface list. This is the safest approach. But add to existing LAN bridge should be okay, just a bridge interface is a complex beast.
 
PappaB
just joined
Topic Author
Posts: 14
Joined: Thu Nov 16, 2023 1:55 pm

Re: Containerized SNMP monitoring (short term) - a step above built-in graphs

Tue Nov 21, 2023 6:19 pm

Thank you for the input Amm0.

With documentation being a bit scarce (specific to Mikrotik), I followed along the guidelines in the Mikroik Help example for Pihole.
https://help.mikrotik.com/docs/display/ROS/Container
But I will try your method as well.

OK - Herewith some updates, and a request for advice.

So, as the project currently stand, I have loaded a mySQL client, tested access to the MariaDB install, and everything is working on that side of it.
Thus, it is time to get Librenms installed, and try to to get it to communicate with MariaDB.
(Just an observation for others - the MariaDB is using approx 100 Mb RAM (freshly "installed")

The problem I am having with the LibreNMS (upfront) is defining the mounts.
But, let's start at environment variables.
> container/envs/print
3 name="librenms_envs" key="TZ" value="Africa/Johannesburg"
4 name="librenms_envs" key="MYSQL_ALLOW_EMPTY_PASSWORD" value="yes"
5 name="librenms_envs" key="DB_NAME" value="librenmsdb"
6 name="librenms_envs" key="DB_PASSWORD" value="xxxxx"
8 name="mariadb_envs" key="MARIADB_USER" value="librenms"
9 name="mariadb_envs" key="MARIADB_PASSWORD" value="xxxxx"
10 name="mariadb_envs" key="MARIADB_DATABASE" value="librenmsdb"
11 name="mariadb_envs" key="MARIADB_ROOT_PASSWORD" value="xxxxx"
12 name="librenms_envs" key="DB_HOST" value="172.xxx.1.7"
13 name="librenms_envs" key="DB_USER" value="librenms"
14 name="librenms_envs" key="DB_PORT" value="3306"

Interface:
> /interface/veth/print
Flags: X - disabled; R - running
3 R name="veth4-librenms" address=172.xxx.1.6/24 gateway=172.xxx.1.2 gateway6=::

After first time extraction / run, I see it entered the following work directory in the container setup. "/opt/librenms"
It starts (and remains running), but I cannot ping it or access the web interface (which should according to me be on 172.xxx.2.6:8000
I double checked the veth network & bridge settings - and this time they are correct.

I delete the instance, and make some changes to my mount points as below as it seems to be looking for /opt :

> /container/mounts/print
4 name="mariadb_data" src="/disk5/mariadb/data" dst="/var/lib/mariadb"
5 name="mariadb_dump" src="/disk5/mariadb/dump" dst="/docker-entrypoint-initdb.d"
6 name="librenms" src="/disk4/opt/librenms/data" dst="/data"
7 name="opt_librenms" src="/disk4/opt" dst="/opt/librenms"

My container definition below
> container/print
4 name="b7a9f255-7bf9-481a-85da-5xxxxxxxxxx" tag="librenms/librenms:latest" os="linux" arch="arm64"
interface=veth4-librenms envlist="librenms_envs" root-dir=/disk4 mounts=librenms,opt_librenms dns=""
workdir="/opt/librenms" logging=yes status=stopped

However, now the librenms extracts, and when I start it, it runs for a few seconds and stop. With continuous ping, the IP 172.xxx.1.6 never once responded.

Any ideas on:
1) How the mounts work? A link that can point me in the right direction will be great.
2) How I can check from here what the problem might be.
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3040
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: Containerized SNMP monitoring (short term) - a step above built-in graphs

Wed Nov 22, 2023 12:03 am

Make sure logging in enabled, and when it tries to start...there should be some message as to why it didn't in logs. Since you have a mounts, you can look at /var/log... too

You may have to use the "cmd" in /container for librenms to run some one-time commands like "generate_key". But seem like there some of the one-time initialization stuff that needs to happen in my quick read (all rather convoluted for a Docker image IMO).
 
tangent
Forum Guru
Forum Guru
Posts: 1230
Joined: Thu Jul 01, 2021 3:15 pm
Contact:

Re: Containerized SNMP monitoring (short term) - a step above built-in graphs

Wed Nov 22, 2023 12:07 am

You may have to use the "cmd" in /container for librenms to run some one-time commands

I think you mean "/container/shell" here. "cmd" is a parameter to "/container/add", and while you can make persistent changes to the content of the bind mounted directories in this way, recreating the container to make each change is hunting butterflies with a sledgehammer.
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3040
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: Containerized SNMP monitoring (short term) - a step above built-in graphs

Wed Nov 22, 2023 12:10 am

You may have to use the "cmd" in /container for librenms to run some one-time commands
I think you mean "/container/shell" here. "cmd" is a parameter to "/container/add", and while you can make persistent changes to the content of the bind mounted directories in this way, recreating the container to make each change is hunting butterflies with a sledgehammer.
That a good point, but if you run a command once with mount, it do same as /container/shell - for that one command... I really didn't study the instructions but I think some cmd= may need to be define for the service to stay running.

But since it doesn't stay running, a "tail -f /dev/null" as the cmd= may be need to even use /container/shell. But using the RouterOS "shell" is likely a good idea to setup/test this.
 
tangent
Forum Guru
Forum Guru
Posts: 1230
Joined: Thu Jul 01, 2021 3:15 pm
Contact:

Re: Containerized SNMP monitoring (short term) - a step above built-in graphs

Wed Nov 22, 2023 12:34 am

There are two other differences between the methods you're disregarding/unaware of.

First, if you create a new container for each command you run, you then have to go back and clean them all up again. Even if RouterOS is smart enough to share container storage layers (I kinda doubt it) it creates a mess in "/container/print" output.

Second, there's a messy split between CMD and ENTRYPOINT in Docker for historical reasons, and different containers make use of the complications arising from it differently. On some, passing a random command as "CMD" will do what you want, while with others you'd have to override ENTRYPOINT instead, and with still others, you'd have to override both.

The new official use for CMD is actually for parameters to ENTRYPOINT, which remains fixed in normal use. My iperf3 container is a good example: ENTRYPOINT is "/bin/iperf3" and the default "-s" bit to run as a server is in CMD so you can override it easily.
 
PappaB
just joined
Topic Author
Posts: 14
Joined: Thu Nov 16, 2023 1:55 pm

Re: Containerized SNMP monitoring (short term) - a step above built-in graphs

Wed Nov 22, 2023 10:00 am

Hi Amm0 and Tangent. Once again, excellent feedback.

How would I go about to run the cmd or shell options?
I see the cmd option at the container specification option, but now sure what to put in there?
I am stuck

Herewith the latest update, setup and status. With the below, the container is running (stays running), but I am still unable to ping it / access it. I think it is in effect "working", but just unable to initialize the network portion....

> container/envs/print
3 name="librenms_envs" key="TZ" value="Africa/Johannesburg"
4 name="librenms_envs" key="MYSQL_ALLOW_EMPTY_PASSWORD" value="yes"
5 name="librenms_envs" key="DB_NAME" value="librenmsdb"
6 name="librenms_envs" key="DB_PASSWORD" value="xxxxx"
8 name="mariadb_envs" key="MARIADB_USER" value="librenms"
9 name="mariadb_envs" key="MARIADB_PASSWORD" value="xxxxx"
10 name="mariadb_envs" key="MARIADB_DATABASE" value="librenmsdb"
11 name="mariadb_envs" key="MARIADB_ROOT_PASSWORD" value="xxxxx"
12 name="librenms_envs" key="DB_HOST" value="172.xxx.1.7"
13 name="librenms_envs" key="DB_USER" value="librenms"
14 name="librenms_envs" key="DB_PORT" value="3306"

> container/mounts/print
4 name="mariadb_data" src="/disk5/mariadb/data" dst="/var/lib/mariadb"
5 name="mariadb_dump" src="/disk5/mariadb/dump" dst="/docker-entrypoint-initdb.d"
6 name="librenms" src="/disk4/opt/librenms/data" dst="/data"
7 name="opt_librenms" src="/disk4/opt" dst="/opt"

> container/print
2 name="c5c14144-2312-445f-86ef-10e74f6a5aa3" tag="library/mariadb:latest" os="linux" arch="arm64" interface=veth5-mariadb
envlist="mariadb_envs" root-dir=/disk5 mounts=mariadb_data,mariadb_dump dns="" hostname="MariaDB" logging=yes
status=running
3 name="12c5b838-4813-4194-9ed2-ae6c7b444e06" tag="librenms/librenms:latest" os="linux" arch="arm64" interface=veth4-librenms
envlist="librenms_envs" root-dir=/disk4 mounts=librenms,opt_librenms dns="" workdir="/opt/librenms" status=running

The log file from completed import as below. It seems to go through all the steps, and in the bold section below, has a chown error.
However, it seems to continue until it tries to contact the MariaDB server, which, if the network is not working, it will abviously not be able to do......



09:34:28 container,info,debug import successful, container b3e55268-3527-4573-81e3-6c20de4eb91d
09:34:41 container,info,debug [s6-init] making user provided files available at /var/run/s6/etc...exited 0.
09:34:41 container,info,debug [s6-init] ensuring user provided files have correct perms...exited 0.
09:34:41 container,info,debug [fix-attrs.d] applying ownership & permissions fixes...
09:34:41 container,info,debug [fix-attrs.d] done.
09:34:41 container,info,debug [cont-init.d] executing container initialization scripts...
09:34:41 container,info,debug [cont-init.d] 00-fix-logs.sh: executing...
09:34:41 container,info,debug chown: changing ownership of '/proc/self/fd/1': Operation not permitted
09:34:41 container,info,debug chown: changing ownership of '/proc/self/fd/2': Operation not permitted

09:34:41 container,info,debug [cont-init.d] 00-fix-logs.sh: exited 0.
09:34:41 container,info,debug [cont-init.d] 01-fix-uidgid.sh: executing...
09:34:42 container,info,debug [cont-init.d] 01-fix-uidgid.sh: exited 0.
09:34:42 container,info,debug [cont-init.d] 02-fix-perms.sh: executing...
09:34:42 container,info,debug Fixing perms...
09:34:42 container,info,debug [cont-init.d] 02-fix-perms.sh: exited 0.
09:34:42 container,info,debug [cont-init.d] 03-config.sh: executing...
09:34:42 container,info,debug Setting timezone to Africa/Johannesburg...
09:34:42 container,info,debug Setting PHP-FPM configuration...
09:34:42 container,info,debug Setting PHP INI configuration...
09:34:42 container,info,debug Setting OpCache configuration...
09:34:42 container,info,debug Setting Nginx configuration...
09:34:42 container,info,debug Updating SNMP community...
09:34:42 container,info,debug Initializing LibreNMS files / folders...
09:34:42 container,info,debug Setting LibreNMS configuration...
09:34:42 container,info,debug Checking LibreNMS plugins...
09:34:42 container,info,debug Fixing perms...
09:34:42 container,info,debug Checking additional Monitoring plugins...
09:34:42 container,info,debug Checking alert templates...
09:34:42 container,info,debug [cont-init.d] 03-config.sh: exited 0.
09:34:42 container,info,debug [cont-init.d] 04-svc-main.sh: executing...
09:34:42 container,info,debug Generating APP_KEY and unique NODE_ID
09:35:34 container,info,debug Waiting 60s for database to be ready...
09:38:41 container,info,debug ERROR: Failed to connect to database on 172.xxx.1.7

09:38:41 container,info,debug [cont-init.d] 04-svc-main.sh: exited 1.
09:38:41 container,info,debug [cont-finish.d] executing container finish scripts...
09:38:41 container,info,debug [cont-finish.d] done.
09:38:41 container,info,debug [s6-finish] waiting for services.
09:38:42 container,info,debug [s6-finish] sending all processes the TERM signal.
09:38:45 container,info,debug [s6-finish] sending all processes the KILL signal and exiting.

Also below is the contents of /var/log folder. There are files, but all 0 bytes...
Screenshot 2023-11-22 at 09.48.29.png
You do not have the required permissions to view the files attached to this post.
 
tangent
Forum Guru
Forum Guru
Posts: 1230
Joined: Thu Jul 01, 2021 3:15 pm
Contact:

Re: Containerized SNMP monitoring (short term) - a step above built-in graphs

Wed Nov 22, 2023 10:11 am

How would I go about to run the cmd or shell options?

"/container/shell 0"

🚨 Warning, warning: we are approaching the spoon-feeding event horizon… Woop, woop, woop! 🚨
 
PappaB
just joined
Topic Author
Posts: 14
Joined: Thu Nov 16, 2023 1:55 pm

Re: Containerized SNMP monitoring (short term) - a step above built-in graphs

Wed Nov 22, 2023 11:14 am

Haha - indeed Tangent - I was just getting lost there, and did not know what else to try.

So, I went back to the drawing board, deleted all aspects, and restarted.
That is when I saw that the bridge entry has become "unknown"

Once i recreated that the server came up, was pinagable and I could access the web portal.

Some great news, system resources on the RB5009 seems to idle, as I still have plenty of RAM left (more than 200 Mb left), and the CPU is idling below 10%.

Just for those wanting to try this project as well, I ran into another small issue once the server was up. It was supposed to prompt me to create and admin user, but somehow skipped that step.
It asked for a unsername and password, and checking in the DB, there was no users.

So, the command function gave me an idea, and I stopped the container, and added "lnms user:add --password=foo --role=admin myadminuser" (obviously use your own values) to the command section on the container setup.
I started it again, stopped it, and removed the "lnms user:add --password=foo --role=admin myadminuser" from the command section.
After starting the container again, I could now login to LibreNMS with the above specified details.

Next step is to set up LibreNMS, and I suspect a poller as well. It is a new product for me, so it will go slow.

I will however report back here, in case anyone else is interested in doing the same.
 
elico
Member Candidate
Member Candidate
Posts: 134
Joined: Mon Nov 07, 2016 3:23 am

Re: Containerized SNMP monitoring (short term) - a step above built-in graphs

Sat Dec 02, 2023 11:01 am

@PappaB did you managed to make it work?
 
PappaB
just joined
Topic Author
Posts: 14
Joined: Thu Nov 16, 2023 1:55 pm

Re: Containerized SNMP monitoring (short term) - a step above built-in graphs

Wed Dec 06, 2023 11:10 am

Hi Elico,

My free time is a bit limited this time of the year, so I decided not to go through the learning for LibreNMS.

Instead, I focused on getting Grafana, Prometheus and SNMP-Explorer going.

So, last night, I installed these 3, did some config and tweaking, and lo and behold, I have a working system.

Memory and CPU usage is not bad, and so far (less than 24 hours) it seems very stable.

As I get a bit more time I will share more in detail what I did.
 
PappaB
just joined
Topic Author
Posts: 14
Joined: Thu Nov 16, 2023 1:55 pm

Re: Containerized SNMP monitoring (short term) - a step above built-in graphs

Mon Dec 11, 2023 1:52 pm

Some more detail as promised.

Three different partitions (20 Gb each) were set up and formatted to host each of the containers (formatted as disks 7,8 and 9)
Three different VETH interfaces created, each with their own IP and same common default gateway (docker bridge IP)

Environment variable for the Grafana logins were set
Screenshot 2023-12-11 at 13.23.29.png
Mountpoints defined as below.
Screenshot 2023-12-11 at 13.24.05.png
Containers defined as below:
1. grafana/grafana:9.0.5
Screenshot 2023-12-11 at 13.24.26.png
2. prom/prometheus:latest
Screenshot 2023-12-11 at 13.24.54.png
3. prom/snmp-exporter:latest
Screenshot 2023-12-11 at 13.25.10.png
Once all were installed and activated, I could start the setup of hving them all communicate to each other and the destination router(s) being monitored via SNMP
I also had to upload a recent snmp.yaml (Mikrotik specific) to the snmp-exporter, as the functionaliy to probe the OIDs for the Mikrotiks were not working

On Grafana, I installed desktop 14420 and voila, I could monitor my edge router (RB5009 - this one also hosts the containers) and my Wifi Router (RB4011).

It is working fantastic, and I can report that after 5 days, it is stable.

However, one little bit that needs attention.

The Grafana desktop (14420) works well with Mikrotiks not running WifiWave2. The OIDs maps well, and the desktop is populated with a host of very useful info,
However, on routers running WifiWave2, the Wireless section of Desktop 14420 is not populated.

I have not had time to look into this, but the initial info I got is that the OID system works a little differently on routers with WifiWave2.
viewtopic.php?t=190932

If anyone has found a solution for this, please feel free to share.
You do not have the required permissions to view the files attached to this post.

Who is online

Users browsing this forum: No registered users and 9 guests