From 7a4596a2a6ae78115d076bb5bf3b8d084e35455c Mon Sep 17 00:00:00 2001 From: SylvainJuge <763082+SylvainJuge@users.noreply.github.com> Date: Mon, 10 Jul 2023 10:03:07 +0200 Subject: [PATCH] Modify spec for cgroups v2 container ID parsing (#807) --------- Co-authored-by: Colton Myers --- specs/agents/metadata.md | 10 ++- tests/agents/json-specs/cgroup_parsing.json | 22 ------- .../container_metadata_discovery.json | 65 +++++++++++++++++++ 3 files changed, 74 insertions(+), 23 deletions(-) delete mode 100644 tests/agents/json-specs/cgroup_parsing.json create mode 100644 tests/agents/json-specs/container_metadata_discovery.json diff --git a/specs/agents/metadata.md b/specs/agents/metadata.md index 0aed04eb..034b9228 100644 --- a/specs/agents/metadata.md +++ b/specs/agents/metadata.md @@ -106,7 +106,15 @@ On Linux, the container ID and some of the Kubernetes metadata can be extracted If the Kubernetes pod name is not the hostname, it can be overridden by the `KUBERNETES_POD_NAME` environment variable, using the [Downward API](https://kubernetes.io/docs/tasks/inject-data-application/environment-variable-expose-pod-information/). In a similar manner, you can inform the agent of the node name and namespace, using the environment variables `KUBERNETES_NODE_NAME` and `KUBERNETES_NAMESPACE`. -*Note:* [cgroup_parsing.json](../../tests/agents/json-specs/cgroup_parsing.json) provides test cases for parsing cgroup lines. +With cgroups v2, the `/proc/self/cgroup` contains only `0::/` and does not contain the container ID and we have to parse the `/proc/self/mountinfo` with the following algorithm as a fallback. + + 1. filter the line containing `/etc/hostname` to retrieve the file mount that provides the host name to the container. + + 2. split the line on spaces and take the 3rd element containing the host path. + + 3. extract the container ID from file path by using a regular expression matching a 64 character hexadecimal ID. + +*Note:* [container_metadata_discovery.json](../../tests/agents/json-specs/container_metadata_discovery.json) provides test cases for parsing `/self/proc/*` files. ### Process metadata diff --git a/tests/agents/json-specs/cgroup_parsing.json b/tests/agents/json-specs/cgroup_parsing.json deleted file mode 100644 index f28d87d4..00000000 --- a/tests/agents/json-specs/cgroup_parsing.json +++ /dev/null @@ -1,22 +0,0 @@ -{ - "testUnderscores": { - "groupLine": "1:name=systemd:/kubepods.slice/kubepods-burstable.slice/kubepods-burstable-pod90d81341_92de_11e7_8cf2_507b9d4141fa.slice/crio-2227daf62df6694645fee5df53c1f91271546a9560e8600a525690ae252b7f63.scope", - "containerId": "2227daf62df6694645fee5df53c1f91271546a9560e8600a525690ae252b7f63", - "podId": "90d81341-92de-11e7-8cf2-507b9d4141fa" - }, - "testOpenshiftForm": { - "groupLine": "9:freezer:/kubepods.slice/kubepods-pod22949dce_fd8b_11ea_8ede_98f2b32c645c.slice/docker-b15a5bdedd2e7645c3be271364324321b908314e4c77857bbfd32a041148c07f.scope", - "containerId": "b15a5bdedd2e7645c3be271364324321b908314e4c77857bbfd32a041148c07f", - "podId": "22949dce-fd8b-11ea-8ede-98f2b32c645c" - }, - "testUbuntuCGroup": { - "groupLine": "1:name=systemd:/user.slice/user-1000.slice/user@1000.service/apps.slice/apps-org.gnome.Terminal.slice/vte-spawn-75bc72bd-6642-4cf5-b62c-0674e11bfc84.scope", - "containerId": null, - "podId": null - }, - "testAwsEcsCGroup": { - "groupLine": "1:name=systemd:/ecs/03752a671e744971a862edcee6195646/03752a671e744971a862edcee6195646-4015103728", - "containerId": "03752a671e744971a862edcee6195646-4015103728", - "podId": null - } -} diff --git a/tests/agents/json-specs/container_metadata_discovery.json b/tests/agents/json-specs/container_metadata_discovery.json new file mode 100644 index 00000000..510fd19d --- /dev/null +++ b/tests/agents/json-specs/container_metadata_discovery.json @@ -0,0 +1,65 @@ +{ + "cgroup_v1_underscores": { + "files": { + "/proc/self/cgroup": [ + "1:name=systemd:/kubepods.slice/kubepods-burstable.slice/kubepods-burstable-pod90d81341_92de_11e7_8cf2_507b9d4141fa.slice/crio-2227daf62df6694645fee5df53c1f91271546a9560e8600a525690ae252b7f63.scope" + ] + }, + "containerId": "2227daf62df6694645fee5df53c1f91271546a9560e8600a525690ae252b7f63", + "podId": "90d81341-92de-11e7-8cf2-507b9d4141fa" + }, + "cgroup_v1_openshift": { + "files": { + "/proc/self/cgroup": [ + "9:freezer:/kubepods.slice/kubepods-pod22949dce_fd8b_11ea_8ede_98f2b32c645c.slice/docker-b15a5bdedd2e7645c3be271364324321b908314e4c77857bbfd32a041148c07f.scope" + ] + }, + "containerId": "b15a5bdedd2e7645c3be271364324321b908314e4c77857bbfd32a041148c07f", + "podId": "22949dce-fd8b-11ea-8ede-98f2b32c645c" + }, + "cgroup_v1_ubuntu": { + "files": { + "/proc/self/cgroup": [ + "1:name=systemd:/user.slice/user-1000.slice/user@1000.service/apps.slice/apps-org.gnome.Terminal.slice/vte-spawn-75bc72bd-6642-4cf5-b62c-0674e11bfc84.scope" + ] + }, + "containerId": null, + "podId": null + }, + "cgroup_v1_awsEcs": { + "files": { + "/proc/self/cgroup": [ + "1:name=systemd:/ecs/03752a671e744971a862edcee6195646/03752a671e744971a862edcee6195646-4015103728" + ] + }, + "containerId": "03752a671e744971a862edcee6195646-4015103728", + "podId": null + }, + "cgroup_v2": { + "files": { + "/proc/self/cgroup": [ + "0::/" + ], + "/proc/self/mountinfo": [ + "3984 3905 0:73 / / rw,relatime shared:1863 master:1733 - overlay overlay rw,lowerdir=/var/lib/docker/overlay2/l/KEX7CWLHQCXQY2RHPGTXJ3C26N:/var/lib/docker/overlay2/l/2PVS7JRTRSTVZS4KSUAFML3BIV:/var/lib/docker/overlay2/l/52M7ARM4JDVHCJAYUI6JIKBO4B,upperdir=/var/lib/docker/overlay2/267f825fb89e584605bf161177451879c0ba8b15f7df9b51fb7843c7beb9ed25/diff,workdir=/var/lib/docker/overlay2/267f825fb89e584605bf161177451879c0ba8b15f7df9b51fb7843c7beb9ed25/work", + "3985 3984 0:77 / /proc rw,nosuid,nodev,noexec,relatime shared:1864 - proc proc rw", + "3986 3984 0:78 / /dev rw,nosuid shared:1865 - tmpfs tmpfs rw,size=65536k,mode=755,inode64", + "3987 3986 0:79 / /dev/pts rw,nosuid,noexec,relatime shared:1866 - devpts devpts rw,gid=5,mode=620,ptmxmode=666", + "3988 3984 0:80 / /sys ro,nosuid,nodev,noexec,relatime shared:1870 - sysfs sysfs ro", + "3989 3988 0:30 / /sys/fs/cgroup rw,nosuid,nodev,noexec,relatime shared:1871 - cgroup2 cgroup rw", + "3990 3986 0:76 / /dev/mqueue rw,nosuid,nodev,noexec,relatime shared:1867 - mqueue mqueue rw", + "3991 3986 0:81 / /dev/shm rw,nosuid,nodev,noexec,relatime shared:1868 - tmpfs shm rw,size=65536k,inode64", + "3992 3984 253:1 /var/lib/docker/volumes/9d18ce5b36572d85358fa936afe5a4bf95cca5c822b04941aa08c6118f6e0d33/_data /var rw,relatime shared:1872 master:1 - ext4 /dev/mapper/vgubuntu-root rw,errors=remount-ro", + "3993 3984 0:82 / /run rw,nosuid,nodev,noexec,relatime shared:1873 - tmpfs tmpfs rw,inode64", + "3994 3984 0:83 / /tmp rw,nosuid,nodev,noexec,relatime shared:1874 - tmpfs tmpfs rw,inode64", + "3995 3984 253:1 /usr/lib/modules /usr/lib/modules ro,relatime shared:1875 - ext4 /dev/mapper/vgubuntu-root rw,errors=remount-ro", + "3996 3984 253:1 /var/lib/docker/containers/6548c6863fb748e72d1e2a4f824fde92f720952d062dede1318c2d6219a672d6/resolv.conf /etc/resolv.conf rw,relatime shared:1876 - ext4 /dev/mapper/vgubuntu-root rw,errors=remount-ro", + "3997 3984 253:1 /var/lib/docker/containers/6548c6863fb748e72d1e2a4f824fde92f720952d062dede1318c2d6219a672d6/hostname /etc/hostname rw,relatime shared:1877 - ext4 /dev/mapper/vgubuntu-root rw,errors=remount-ro", + "3998 3984 253:1 /var/lib/docker/containers/6548c6863fb748e72d1e2a4f824fde92f720952d062dede1318c2d6219a672d6/hosts /etc/hosts rw,relatime shared:1878 - ext4 /dev/mapper/vgubuntu-root rw,errors=remount-ro" + ] + }, + "containerId": "6548c6863fb748e72d1e2a4f824fde92f720952d062dede1318c2d6219a672d6", + "podId": null + } +} +