Hi,
I try to config my filebeat job in nomad. There are some difficulties with this. I can’t mount volume (/var/lib/docker), this directory is needed to read logs from other containers.
My filebeat job
job "filebeat" {
datacenters = ["dc"]
type = "system"
group "filebeat" {
network {
mode = "bridge"
port "sidecar" {
host_network = "private"
}
}
volume "docker_logs_storage" {
type = "host"
read_only = true
source = "docker_logs_storage"
}
service {
name = "elasticsearch-connect"
connect {
sidecar_service {
port = "sidecar"
proxy {
upstreams {
destination_name = "elasticsearch"
local_bind_port = 9200
}
}
}
}
}
task "filebeat" {
driver = "docker"
volume_mount {
volume = "docker_logs_storage"
destination = "/var/lib/docker"
read_only = true
}
config {
image = "docker.elastic.co/beats/filebeat:8.5.0"
cap_add = ["all"]
args = [
"-c", "/local/filebeat.yml",
"--path.data", "/alloc/data/filebeat",
"--path.logs", "/alloc/logs/filebeat",
]
mount = {
type = "bind"
source = "local/filebeat.yml"
target = "/usr/share/filebeat/filebeat.yml"
readonly = true
}
}
template {
data = <<template
filebeat.inputs:
-
paths:
- /var/lib/docker/containers/*/*.log
type: container
scan_frequency: 1s
fields_under_root: true
output.elasticsearch:
hosts: ["http://{{ env "NOMAD_UPSTREAM_IP_elasticsearch" }}:9200"]
username: "username"
password: "{{ key "secrets/elk/elasticsearch_password" }}"
tls: disable
template
destination = "local/filebeat.yml"
}
}
}
}
Filebeat logs
failed to create container: API error (400): invalid mount config: must use either propagation mode "rslave" or "rshared" when mount source is within the daemon root, daemon root: "/var/lib/docker", bind mount source: "/var/lib/docker", propagation: "rprivate"
Could you please help me with advice, how can I mount this directory for filebeat needs?