Timeouts on calls to docker api

CHANGELOG.next.asciidoc

@@ -207,6 +207,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
 - New module `panw` for Palo Alto Networks PAN-OS logs. {pull}11999[11999]
 - Add RabbitMQ module. {pull}12032[12032]
 - Add new `container` input. {pull}12162[12162]
+- Add timeouts on communication with docker daemon. {pull}12310[12310]
 - `container` and `docker` inputs now support reading of labels and env vars written by docker JSON file logging driver. {issue}8358[8358]
 - Add specific date processor to convert timezones so same pipeline can be used when convert_timezone is enabled or disabled. {pull}12253[12253]
 - Add MSSQL module {pull}12079[12079]

libbeat/common/docker/watcher.go

@@ -35,7 +35,11 @@ import (
 
 // Select Docker API version
 const (
-	shortIDLen = 12
+	shortIDLen                         = 12
+	dockerRequestTimeout               = 10 * time.Second
+	dockerWatchRequestTimeout          = 60 * time.Minute
+	dockerEventsWatchPityTimerInterval = 10 * time.Second
+	dockerEventsWatchPityTimerTimeout  = 10 * time.Minute
 )
 
 // Watcher reads docker events and keeps a list of known containers
@@ -68,16 +72,17 @@ type TLSConfig struct {
 
 type watcher struct {
 	sync.RWMutex
-	client             Client
-	ctx                context.Context
-	stop               context.CancelFunc
-	containers         map[string]*Container
-	deleted            map[string]time.Time // deleted annotations key -> last access time
-	cleanupTimeout     time.Duration
-	lastValidTimestamp int64
-	stopped            sync.WaitGroup
-	bus                bus.Bus
-	shortID            bool // whether to store short ID in "containers" too
+	client                     Client
+	ctx                        context.Context
+	stop                       context.CancelFunc
+	containers                 map[string]*Container
+	deleted                    map[string]time.Time // deleted annotations key -> last access time
+	cleanupTimeout             time.Duration
+	lastValidTimestamp         int64
+	lastWatchReceivedEventTime time.Time
+	stopped                    sync.WaitGroup
+	bus                        bus.Bus
+	shortID                    bool // whether to store short ID in "containers" too
 }
 
 // Container info retrieved by the watcher
@@ -224,20 +229,30 @@ func (w *watcher) watch() {
 	filter := filters.NewArgs()
 	filter.Add("type", "container")
 
-	options := types.EventsOptions{
-		Since:   fmt.Sprintf("%d", w.lastValidTimestamp),
-		Filters: filter,
-	}
-
 	for {
-		events, errors := w.client.Events(w.ctx, options)
+		options := types.EventsOptions{
+			Since:   fmt.Sprintf("%d", w.lastValidTimestamp),
+			Filters: filter,
+		}
+
+		logp.Debug("docker", "Fetching events since %s", options.Since)
+		ctx, cancel := context.WithTimeout(w.ctx, dockerWatchRequestTimeout)
+		defer cancel()
+
+		events, errors := w.client.Events(ctx, options)
+
+		//ticker for timeout to restart watcher when no events are received
+		w.lastWatchReceivedEventTime = time.Now()
+		tickChan := time.NewTicker(dockerEventsWatchPityTimerInterval)
+		defer tickChan.Stop()
 
 	WATCH:
 		for {
 			select {
 			case event := <-events:
 				logp.Debug("docker", "Got a new docker event: %v", event)
 				w.lastValidTimestamp = event.Time
+				w.lastWatchReceivedEventTime = time.Now()
 
 				// Add / update
 				if event.Action == "start" || event.Action == "update" {
@@ -289,17 +304,29 @@ func (w *watcher) watch() {
 				time.Sleep(1 * time.Second)
 				break WATCH
 
+			case <-tickChan.C:
+				if time.Since(w.lastWatchReceivedEventTime) > dockerEventsWatchPityTimerTimeout {
+					logp.Info("No events received withing %s, restarting watch call", dockerEventsWatchPityTimerTimeout)
+					time.Sleep(1 * time.Second)
+					break WATCH
+				}
+
 			case <-w.ctx.Done():
 				logp.Debug("docker", "Watcher stopped")
 				w.stopped.Done()
 				return
 			}
 		}
+
 	}
 }
 
 func (w *watcher) listContainers(options types.ContainerListOptions) ([]*Container, error) {
-	containers, err := w.client.ContainerList(w.ctx, options)
+	logp.Debug("docker", "List containers")
+	ctx, cancel := context.WithTimeout(w.ctx, dockerRequestTimeout)
+	defer cancel()
+
+	containers, err := w.client.ContainerList(ctx, options)
 	if err != nil {
 		return nil, err
 	}
@@ -316,7 +343,10 @@ func (w *watcher) listContainers(options types.ContainerListOptions) ([]*Contain
 		// If there are no network interfaces, assume that the container is on host network
 		// Inspect the container directly and use the hostname as the IP address in order
 		if len(ipaddresses) == 0 {
-			info, err := w.client.ContainerInspect(w.ctx, c.ID)
+			logp.Debug("docker", "Inspect container %s", c.ID)
+			ctx, cancel := context.WithTimeout(w.ctx, dockerRequestTimeout)
+			defer cancel()
+			info, err := w.client.ContainerInspect(ctx, c.ID)
 			if err == nil {
 				ipaddresses = append(ipaddresses, info.Config.Hostname)
 			} else {