feat(ethtool): Gather statistics from namespaces

[zeffron]

Required for all PRs

• Updated associated README.md.
• Wrote appropriate unit tests.
• Pull request title or commits are in conventional commit format

resolves #11754

Added network namespace support to the ethtool plugin. By default, it continues
to operate as it always had, gathering metrics from the initial namespace only.
To gather metrics from additional namespaces, CAP_SYS_ADMIN must be added to
the telegraf process, and at least one of the new namespace filters must be
configured.

Unit tests for the new namespace support also require running with
CAP_SYS_ADMIN. They will be skipped if CAP_SYS_ADMIN is misisng. The
original unit tests have been updated to do minimal namespace support testing
and do not require CAP_SYS_ADMIN.

[zeffron]

I think the macOS test failures are unrelated to anything I've done. It seems to be failures in the google_cloud_storage and graylog input plugins, which I have not touched.

Update: not sure what changed, but PR checks are all passing now.

[powersj]

Thanks for the PR, some questions and comments below!

[powersj]

My concern with this is if an existing user has some additional network namespaces created, they will suddenly start getting errors from Telegraf around operation not permitted, right?

As an example, I created one namespace and ran again with no elevated permissions and error out, whereas before I was collecting metrics without issue:

2022-09-28T14:39:04Z W! [inputs.ethtool] Could not switch to namespace vnet0: operation not permitted
2022-09-28T14:39:04Z E! [inputs.ethtool] Could not return to initial namespace: operation not permitted
2022-09-28T14:39:04Z E! [inputs.ethtool] Error in plugin: operation not permitted

[zeffron]

Hmm.. I did make some changes that I didn't put through my local testing to satisfy the CI linter. I wonder if that changed things. The intention is that unless at least one of the new namespace filters is configured, behavior should be unchanged from prior to this change.
Let me investigate...

[zeffron]

Found and fixed the bug. It should be working as intended now (extra warnings in the logs, but functions as before otherwise).

[powersj]

Should the filtering of the interfaces happen before we hit this point? This way telegraf only reads this directory and attempts to change namespaces, if we have a list of namespaces to actually review.

[zeffron]

That's one option.

It would move even more of the logic out of the abstraction layer and into the implementation layer, which also makes the unit tests less useful because they're testing less of the runtime logic. Which is why I didn't go with that approach initially.

But it would be overall more performant to filter the interfaces and namespaces sooner, plus, in the namespace case, would reduce annoying log warning spam.

[zeffron]

Further testing revealed that this approach has very noticeable performance impact on my workload. Going to see what can be done to improve performance.

[zeffron]

Okay, I think this is ready again. More major refactor, but it now creates an OS thread per-namespace. This saves significant CPU performance at the cost of some extra memory. It also makes it easier to have cleaner logs in the case where default (non-namespaced) behavior is desired.

[powersj]

Thanks for the updates! I have a couple minor comments.

I do want to chat with others on the team about whether this should be a possible separate plugin. I don't want the additional namespace tooling and library to get in the way in what is a rather simple plugin. But this might be fine as is.

[zeffron]

I do want to chat with others on the team about whether this should be a possible separate plugin. I don't want the additional namespace tooling and library to get in the way in what is a rather simple plugin. But this might be fine as is.

I think ideally, this should become a more global configuration option with an easy way for plugins to take advantage of the namespace logic to do their thing. Many more plugins than just ethtool have the same limitation/issue. This is just (currently) the only networking plugin used in my project, so it's the only one where we need namespace support.

[telegraf-tiger]

Download PR build artifacts for linux_amd64.tar.gz, darwin_amd64.tar.gz, and windows_amd64.zip.
Downloads for additional architectures and packages are available below.

☺️ This pull request doesn't significantly change the Telegraf binary size (less than 1%)

📦 Click here to get additional PR build artifacts

Artifact URLs

DEB	RPM	TAR GZ	ZIP
amd64.deb	aarch64.rpm	darwin_amd64.tar.gz	windows_amd64.zip
arm64.deb	armel.rpm	darwin_arm64.tar.gz	windows_arm64.zip
armel.deb	armv6hl.rpm	freebsd_amd64.tar.gz	windows_i386.zip
armhf.deb	i386.rpm	freebsd_armv7.tar.gz
i386.deb	ppc64le.rpm	freebsd_i386.tar.gz
mips.deb	riscv64.rpm	linux_amd64.tar.gz
mipsel.deb	s390x.rpm	linux_arm64.tar.gz
ppc64el.deb	x86_64.rpm	linux_armel.tar.gz
riscv64.deb		linux_armhf.tar.gz
s390x.deb		linux_i386.tar.gz
		linux_mips.tar.gz
		linux_mipsel.tar.gz
		linux_ppc64le.tar.gz
		linux_riscv64.tar.gz
		linux_s390x.tar.gz
		static_linux_amd64.tar.gz

[srebhan]

Looks good to me. Thanks for your work @zeffron!