Many people use software containers to simplify application deployment. As you know ntop tools are also available on docker hub for quick deployment using Docker or other container management tools such as Portainer or Kubernetes. When using containers, there are a few things to keep in mind:
- Service Persistency
ntopng relies on third party services such as Redis (required) and InfluxDB (optional) to operate. In order not to loose information at container restart, you need to persistently store data or configure ntop tools to rely on such services on an external container that provide such services persistently.
- Filesystem Persistency
ntopng data is usually stored on /var/lib/ntopng/ and this directory must be persistent across restarts. You can map it with -v to a local directory “docker run -it -v /var/lib/ntopng/:/var/lib/ntopng/:rw ntop/ntopng:stable -i eth0”
In containers the kernel is shared and thus PF_RING must be loaded on the main host and accessed by containers. Please make sure that the PF_RING version is the same across host and containers as otherwise when starting a container you will see errors such as
root@dell:/home/ntop# docker run -it ntop/ntopng:stable -v /etc/ntopng.license:/etc/ntopng.license:ro Starting redis-server: redis-server. [PF_RING] Wrong RING version: kernel is 20, libpfring was compiled with 18
when the kernel PF_RING and the container application (using PF_RING) are not the same version.
- Packet Capture
Container network interfaces are unable to see the host traffic. If you plan to deploy ntop tools on a container and monitor the host traffic please consider using “ –network=host” when starting the container.
The license from the host is shared across all the running containers (i.e. with 1 license you can run ‘n’ containers). In order to do that you need to map the license file as follows “-v /etc/nprobe.license:/etc/nprobe.license:ro”
We hope this post will help you easilydeploying ntop tools on containers