What if wireguard is also running in docker

[logopk]

My setup is running wireguard in a docker container managed with docker-compose

version: "2.1"
services:
  wireguard:
    image: ghcr.io/linuxserver/wireguard
    container_name: wireguard
    hostname: wireguard
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    dns:
      - <mydns>
    dns_search: <mydomain>
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Europe/Berlin
      - SERVERURL=mydomain #optional
      - SERVERPORT=51820 #optional
      - PEERS=2 #optional
      - PEERDNS=<mydns> #optional
      - INTERNAL_SUBNET=10.13.13.0 #optional
      - ALLOWEDIPS=0.0.0.0/0 #optional
    volumes:
      - wireguard_data:/config
      - /lib/modules:/lib/modules
    ports:
      - 51820:51820/udp
    sysctls:
      - net.ipv4.conf.all.src_valid_mark=1
    restart: unless-stopped
    networks:
      - default
 ...

Apparently the wg-interfaces are not available on the host, so your container isn't reading them.

Any suggestions how to fix this?

Peter

[jr0dd]

I am also curious about this. I'm running a standalone wireguard pod in my k8s cluster. It would be nice to be able to monitor with this exporter

[logopk]

My solution as for now is a multi stage build (mine has also the complexity to build the exporter for arm)...
so you may just copy the binary from the docker image mindflavor/prometheus-wireguard-exporter
Dockerfile:

FROM ghcr.io/linuxserver/wireguard as wireguard

FROM wireguard

RUN curl https://sh.rustup.rs -sSf | sh -s -- -y
RUN ~/.cargo/bin/cargo install prometheus_wireguard_exporter
RUN cp /root/.cargo/bin/prometheus_wireguard_exporter /

WORKDIR /
# copy runscript in
#
COPY /root /

EXPOSE 9586/tcp

root/etc/services.d/prometheus_wireguard_exporter/run:

#!/usr/bin/with-contenv bash
exec /prometheus_wireguard_exporter -n /config/wg0.conf

[qdm12]

@logopk not solving the issue, but #63 should take care of cross building the images for all ARM architectures, so you should now be able to just

COPY --from=MindFlavor/prometheus_wireguard_exporter /usr/local/bin/prometheus_wireguard_exporter /usr/local/bin/

to your image for it to work, without having to compile anything. You might want to subscribe to #48 to get updates on that.

[logopk]

Thank you @qdm12 that’s great.

[qdm12]

@logopk you can try now with:

COPY --from=mindflavor/prometheus-wireguard-exporter:multi-arch-dockerfile /usr/local/bin/prometheus_wireguard_exporter /usr/local/bin/

and it should work 👍

Regarding the actual issue, anyone has tried to run the exporter with --network="container:wireguard"? I'm pretty sure that should work. You would then have to publish the prometheus metric port on the wireguard container, but at least your containers would be separated.

[tomsteenbakkers]

I have tried --network="container:wireguard" but no result. Wireguard is running in a docker and Wireguard-exporter also. But it looks like Wireguard-exporter can not access the log, I can access the metrics using http://localhost:9586/metrics but it shows no data

Both containers are running in the same stack.

Any suggestions?

This is the docker-compose file I'm using.

version: '3.6'
services:

  wireguard:
    container_name: wireguard
    image: ghcr.io/linuxserver/wireguard
    restart: unless-stopped
    environment:
    - PUID=1000
    - PGID=1000
    - TZ=Etc/UTC
    - SERVERURL=<secret>
    - SERVERPORT=51820
    - PEERS=<secret>
    - PEERDNS=auto
    - ALLOWEDIPS=0.0.0.0/0
    ports:
    - "51820:51820/udp"
    volumes:
    - /home/pi/IOTstack/volumes/wireguard:/config
    - /lib/modules:/lib/modules:ro
    cap_add:
    - NET_ADMIN
    - SYS_MODULE
    sysctls:
    - net.ipv4.conf.all.src_valid_mark=1
    
  prometheus-wireguard-exporter:
    network_mode: host
    container_name: wgexporter
    restart: unless-stopped
    image: mindflavor/prometheus-wireguard-exporter
    volumes:
    - /home/pi/IOTstack/volumes/wireguard:/config
    - /lib/modules:/lib/modules:ro
    cap_add:
    - NET_ADMIN
    

[Pandaaaa906]

PROMETHEUS_WIREGUARD_EXPORTER_PREPEND_SUDO_ENABLED=true

after adding this env it worked

I have tried --network="container:wireguard" but no result. Wireguard is running in a docker and Wireguard-exporter also. But it looks like Wireguard-exporter can not access the log, I can access the metrics using http://localhost:9586/metrics but it shows no data

Both containers are running in the same stack.

Any suggestions?

This is the docker-compose file I'm using.

version: '3.6'
services:

  wireguard:
    container_name: wireguard
    image: ghcr.io/linuxserver/wireguard
    restart: unless-stopped
    environment:
    - PUID=1000
    - PGID=1000
    - TZ=Etc/UTC
    - SERVERURL=<secret>
    - SERVERPORT=51820
    - PEERS=<secret>
    - PEERDNS=auto
    - ALLOWEDIPS=0.0.0.0/0
    ports:
    - "51820:51820/udp"
    volumes:
    - /home/pi/IOTstack/volumes/wireguard:/config
    - /lib/modules:/lib/modules:ro
    cap_add:
    - NET_ADMIN
    - SYS_MODULE
    sysctls:
    - net.ipv4.conf.all.src_valid_mark=1
    
  prometheus-wireguard-exporter:
    network_mode: host
    container_name: wgexporter
    restart: unless-stopped
    image: mindflavor/prometheus-wireguard-exporter
    volumes:
    - /home/pi/IOTstack/volumes/wireguard:/config
    - /lib/modules:/lib/modules:ro
    cap_add:
    - NET_ADMIN