|
Overview.
The modern OnSight infrastructure is composed of a collection of Docker containers. As a result, the network space defined by Docker is 172.17.0.0/12—with Docker using 172.17.0.1/16 for the bridge connection (docker0). The subsequent IP address, 172.17.0.2/16, is designated for the first container.
With this default IP addressing scheme, the Docker IP space may conflict with the internal network environment and cause OnSight to not be able to communicate with other devices.
The following sections will explain what steps should be taken in two different contexts:
1) Changing the Docker IP range prior to OnSight Install
2) Changing the Docker IP range for an existing OnSight.
It should be noted that the examples will designate the IP address 192.168.0.0/16 for Docker.
If changes are performed on an OnSight that is monitoring instances, it is highly recommended to create a maintenance schedule to not trigger alerts.
Changing Docker IP Range Prior to OnSight Install .
To alter the Docker IP range for an upcoming OnSight install, follow the below steps.
1) Add the file (or modify): /etc/docker/daemon.json
2) Write the following into the file and save.
{
"default-address-pools":
[
{"base":"192.168.0.0/16","size":24}
]
}
3) Restart the Docker service with the command systemctl restart docker.
4) Configure the Docker service, iptables, and NAT rules accordingly.
It is highly recommended to perform a full reboot.
Changing Docker IP Range for an Existing OnSight.
To change the Docker IP range for an existing OnSight, perform the below steps and commands.
Notes:
Changing the docker networking configuration after installation is not recommended or supported, but here are some steps possible to follow to attempt such a change on a running system.
This is a bad idea as it could create more issues and troubleshooting of the onsight installation.
Step 1: Verify the OnSight Containers & Docker Network.
Run the following three commands to verify that the OnSight containers are running:
docker ps
docker network list
docker network inspect <NETWORK-ID OR NETWORK-NAME> | grep Subnet
Step 2: Adding or Modifying /etc/docker/daemon.json
Follow the same procedure in the other scenario to create the /etc/docker/daemon.json file for a new network.
1) Add the file (or modify): /etc/docker/daemon.json
2) Write the following into the file and save.
{
"default-address-pools":
[
{"base":"192.168.0.0/16","size":24}
]
}
3) Restart the Docker service with the command systemctl restart docker.
4) Configure the Docker service, iptables, and NAT rules accordingly.
It is highly recommended to perform a full reboot.
Step 3: Create the New Network.
To create the new network in Docker, issue the command:
docker network create --drive bridge onsightnew
Verify that the new network was created with two commands:
docker network list
docker network inspect <network-name> | grep Subnet.
Step 4: Connecting the Container to the New Network
To connect the OnSight containers to the new networks, issue the following command:
docker network connect <NETWORK-ID> <CONTAINER-ID>
Verify that the OnSight collector has two to three networks available:
onsight shell
ip add
Step 5: Disconnecting the Container from Old Network.
To remove the conflicting 172.17.0.0/12 network:
docker network disconnect <NETWORK-ID> <CONTAINER-ID>
Verify that the network was removed:
docker ps
onsight shell
ip add
Step 6: Remove All Unused Networks (Optional).
To remove all unused networks for the OnSight:
docker network prune
Verify that the unused networks were pruned:
docker network list
docker ps
docker container ls
onsight status
Additional Info:
If OnSight is also running NCM, attach the new network in this order: (1) onsight-ncm-db, (2) onsight-ncm-web, (3) onsight-ncm, and (4) onsight.
|
