Parse addl docker container image info #1127
Conversation
userspace/libsinsp/container.cpp
Outdated
| @@ -763,6 +815,82 @@ bool sinsp_container_manager::parse_docker(sinsp_container_info* container) | |||
| container->m_imageid = imgstr.substr(cpos + 1); | |||
| } | |||
|
|
|||
| auto split_container_image = [](const string &image, string &repo, string &tag, string &digest) | |||
There was a problem hiding this comment.
@mattpag : how about breaking this out to a separate function & adding some unit tests to verify the parsing? The test strings will also be a useful way to document what we expect.
mattpag
force-pushed
the
more-container-info
branch
from
777b874 to
cb06669
Compare
mattpag
force-pushed
the
more-container-info
branch
from
cb06669 to
7091f84
Compare
userspace/libsinsp/container.cpp
Outdated
| bool qdres = wh_query_docker(m_inspector->get_wmi_handle(), | ||
| (char*)message.c_str(), | ||
| bool qdres = wh_query_docker(m_inspector->get_wmi_handle(), | ||
| (char*)message.c_str(), |
There was a problem hiding this comment.
the variable message doesn't exist any longer, so I don't think this will compile, will it? Maybe you want to keep old line 696 around.
There was a problem hiding this comment.
Actually, this seems to conflict with other uses of get_docker() where you're trying to pass full urls. So I guess url needs to be converted to message.
There was a problem hiding this comment.
The parameter url of parse_docker is already the right thing to pass to wh_query_docker, I just missed to change message to url on line 740. Will do.
userspace/libsinsp/container.cpp
Outdated
| return sinsp_docker_response::RESP_OK; | ||
| } | ||
|
|
||
| bool sinsp_container_manager::parse_docker(sinsp_container_info* container) | ||
| { | ||
| string json; | ||
| sinsp_docker_response resp = get_docker("/v1.24", container->m_id, json); | ||
| #ifndef CYGWING_AGENT | ||
| sinsp_docker_response resp = get_docker("http://dummy" + m_api_version + "/containers/" + container->m_id + "/json", json); |
There was a problem hiding this comment.
You might want to use localhost instead of dummy, just in case some future version of curl tries to do validation of the hostname part.
| Json::Value root; | ||
| Json::Reader reader; | ||
| bool parsingSuccessful = reader.parse(json.substr(pos), root); | ||
| bool parsingSuccessful = reader.parse(json, root); |
There was a problem hiding this comment.
I guess this searching for the '{' is no longer needed, as you're expecting libcurl to properly return errors? Is it still not required on windows?
There was a problem hiding this comment.
I'm not sure I understand what you mean.
For windows, I'm doing it directly inside get_docker.
When using libcurl is not required because json will already contain only the response json, not the full HTTP response as before, or will fail with errors.
userspace/libsinsp/container.cpp
Outdated
| if(get_docker("GET /v1.30/images/" + container->m_imageid + "/json?digests=1 HTTP/1.1\r\nHost: docker \r\n\r\n", img_json) == sinsp_docker_response::RESP_OK) | ||
| #endif | ||
| { | ||
| size_t img_pos = img_json.find("{"); |
There was a problem hiding this comment.
Given that we removed a similar search for '{' above, can we also remove it here?
There was a problem hiding this comment.
Yes I missed to remove it after a refactoring, it's not needed
userspace/libsinsp/container.cpp
Outdated
| container->m_imagetag, | ||
| container->m_imagedigest); | ||
|
|
||
| if(container->m_imagedigest.empty()) |
There was a problem hiding this comment.
Just double checking--it's not possible to combine this call to get_docker with the one at the beginning of parse_docker ? I'm guessing the formats differ?
There was a problem hiding this comment.
I kept them separate because if container->m_image already contain a full qualified image name there's no need to query the images endpoint at all.
Also, note that when using libcurl, we're using HTTP1.1 pipelining so it will be almost the same as doing it in a single get_docker call.
There was a problem hiding this comment.
Ok, sounds good. Just making sure.
userspace/libsinsp/container.cpp
Outdated
| m_last_flush_time_ns(0) | ||
| m_last_flush_time_ns(0), | ||
| m_unix_socket_path(string(scap_get_host_root()) + "/var/run/docker.sock"), | ||
| m_api_version("/v1.24") |
There was a problem hiding this comment.
I like the change to embed the api version in the object, but if I recall I think the api version depends on the endpoint you're fetching, right? If that's the case, how about having multiple api versions here for the endpoints the object might need to fetch?
There was a problem hiding this comment.
I don't think we need an additional api version, 1.24 is fine for both the endpoints we might query (see https://docs.docker.com/engine/api/v1.24/#3-endpoints).
userspace/libsinsp/container.cpp
Outdated
| { | ||
| #ifndef CYGWING_AGENT | ||
| curl_global_init(CURL_GLOBAL_DEFAULT); |
There was a problem hiding this comment.
Now that both mesos and the container object might need to initialize libcurl, do you want to have a single global that does this outside of any particular object? (Not really necessary, but it would be a nice to have).
| @@ -127,6 +133,9 @@ class sinsp_container_info | |||
| string m_name; | |||
| string m_image; | |||
| string m_imageid; | |||
| string m_imagerepo; | |||
There was a problem hiding this comment.
Do you want to make these "N/A" or similar, instead of blank, in the case where it can't be parsed? Thinking particularly about parsing old capture files where the container json event is missing these fields.
There was a problem hiding this comment.
Sure, I'll create a default constructor that assign <N/A> to all the string fields.
There was a problem hiding this comment.
Actually, sysdig already print out <N/A> if string fields are empty, isn't it enough?
|
@mstemm PTAL |
mattpag
force-pushed
the
more-container-info
branch
from
6a3eb3f to
ae6f49f
Compare
If they are not already specified in the container endpoint, query the docker local daemon to retrieve also the repository, tag and digest of the container image. Also in this commit, the communication medium to the daemon has been switched from a manual implementation, hard to mantain, to libcurl. This also allow us to easily exploit HTTP/1.1 features like pipelining.
When it starts, libcurl will have already been initialized by the container manager.
mattpag
force-pushed
the
more-container-info
branch
from
bb45283 to
e3cf1a4
Compare
Parse and store three new container_info fields: repository, tag and digest.
More information on the changes in the first commit message.