Added code for a new open-vm-tools plugin, containerInfo.
- Added a new configure option --disable-containerinfo to disable building
the containerinfo plugin.
--disable-containerinfo : Will not check for any dependent packages and
will not build the containerinfo plugin.
--enable-containerinfo=no : Same as --disable-containerinfo
--enable-containerinfo=auto : Checks for the dependent packages. If they
are available, then the containerinfo plugin
will be built. Otherwise, a warning is printeds
and the containerinfo plugin will be skipped.
--enable-containerinfo
--enable-containerinfo=yes : Checks for the dependent packages. If they are
available, then the containerinfo plugin will
be built. Otherwise, the configure will
terminate with an error.
- Updated the sample tools.conf file with various settings related to
the containerinfo plugin.
- Due to an issue reported in https://github.com/protocolbuffers/protobuf/issues/9184,
implemented a workaround by changing 'import weak ' to 'import ' in the
.proto files while generating the header files.
Build dependencies: (packages names may vary with Linux release).
- or -
- libcurl4-openssl-dev libcurl-devel
- protobuf-compiler protobuf-compiler
- libprotobuf-dev protobuf-devel
- protobuf-compiler-grpc grpc-plugins
- libgrpc++-dev grpc-devel
- golang-github-containerd-containerd-dev containerd-devel
- golang-github-gogo-protobuf-dev
Runtime requirements:
- curl, protobug and grpc-cpp
[AC_VMW_LIB_ERROR([PAM], [pam])])
fi
+AC_ARG_ENABLE([containerinfo],
+ [AS_HELP_STRING([--disable-containerinfo],
+ [do not build containerinfo plugin.])],
+ [
+ enable_containerinfo=$enableval
+ ],
+ [
+ if test "$os" = "linux"; then
+ enable_containerinfo=auto
+ else
+ enable_containerinfo=no
+ fi
+ ])
+
+#
+# Check that containerinfo plugin is enabled only on linux systems.
+#
+if test "$os" != "linux"; then
+ if test "$enable_containerinfo" = "yes"; then
+ AC_MSG_ERROR([The containerinfo plugin is only supported for Linux
+ platforms. Try configure with --disable-containerinfo option.])
+ fi
+fi
+
+if test "$enable_containerinfo" = "yes" ||
+ test "$enable_containerinfo" = "auto"; then
+
+can_build_containerinfo=yes
+
+#
+# AC_VMW_CONTAINERINFO_MSG(library)
+#
+# Wrapper around AC_MSG_WARN to print a standard message about missing libraries.
+#
+# library ($1): name of missing library / package.
+#
+AC_DEFUN([AC_VMW_CONTAINERINFO_MSG],[
+ can_build_containerinfo=no
+ AC_MSG_WARN(["$1 is missing which is required for building containerinfo plugin."])
+])
+
+ AC_VMW_DEFAULT_FLAGS([CURL])
+ AC_VMW_CHECK_LIB([curl],
+ [CURL],
+ [],
+ [],
+ [],
+ [curl/curl.h],
+ [curl_easy_init],
+ [CURL_CPPFLAGS="$CURL_CPPFLAGS"],
+ [AC_VMW_CONTAINERINFO_MSG([CURL])])
+
+ AC_VMW_CHECK_LIB([protobuf],
+ [PROTOBUF],
+ [protobuf],
+ [],
+ [3.0.0],
+ [],
+ [],
+ [],
+ [AC_VMW_CONTAINERINFO_MSG(["protobuf >= 3.0.0"])])
+
+ AC_VMW_DEFAULT_FLAGS([GRPC])
+ AC_VMW_CHECK_LIBXX([grpc++],
+ [GRPC],
+ [grpc++],
+ [],
+ [1.3.2],
+ [grpc++/grpc++.h],
+ [],
+ [],
+ [AC_VMW_CONTAINERINFO_MSG(["grpc++ >= 1.3.2"])])
+
+#
+# proto files needed by containerd grpc client.
+#
+ shared_prefix=/usr/share/gocode/src/github.com
+ AC_SUBST(CONTAINERD_PROTOPATH, $shared_prefix/containerd/containerd/api/services/containers/v1)
+ AC_SUBST(GOGO_PROTOPATH, $shared_prefix/gogo/protobuf)
+ AC_CHECK_FILE([${CONTAINERD_PROTOPATH}/containers.proto],
+ [],
+ [AC_VMW_CONTAINERINFO_MSG(["containerd package"])])
+ AC_CHECK_FILE([${GOGO_PROTOPATH}/gogoproto/gogo.proto],
+ [],
+ [AC_VMW_CONTAINERINFO_MSG(["gogoproto package"])])
+
+#
+# Binaries needed to build for containerd grpc client.
+#
+ AC_CHECK_PROG([GRPC_CPP], [grpc_cpp_plugin], [grpc_cpp_plugin], [not found])
+
+ if test "$GRPC_CPP" != "grpc_cpp_plugin" ; then
+ AC_VMW_CONTAINERINFO_MSG(["grpc_cpp_plugin binary"])
+ fi
+
+ AC_CHECK_PROG([PROTOC], [protoc], [protoc], [not found])
+
+ if test "$PROTOC" != "protoc" ; then
+ AC_VMW_CONTAINERINFO_MSG(["protoc binary"])
+ fi
+
+ if test "$can_build_containerinfo" = "no" ; then
+ if test "$enable_containerinfo" = "auto" ; then
+ enable_containerinfo=no
+ AC_MSG_WARN(["Cannot enable containerinfo plugin since one ore more required packages are missing."])
+ else
+ AC_MSG_ERROR(["Cannot enable containerinfo plugin since one or more required packages are missing. Please configure without containerinfo (using --disable-containerinfo), or install the necessary libraries and devel package(s)."])
+ fi
+ else
+ enable_containerinfo=yes
+ fi
+fi
+
AC_ARG_ENABLE([vgauth],
[AS_HELP_STRING([--disable-vgauth],
[do not build vgauth.])],
AM_CONDITIONAL(HAVE_GTKMM, test "$have_x" = "yes" -a \( "$with_gtkmm" = "yes" -o "$with_gtkmm3" = "yes" \) )
AM_CONDITIONAL(HAVE_PAM, test "$with_pam" = "yes")
AM_CONDITIONAL(USE_SLASH_PROC, test "$os" = "linux")
+AM_CONDITIONAL(ENABLE_CONTAINERINFO, test "$enable_containerinfo" = "yes")
AM_CONDITIONAL(ENABLE_DEPLOYPKG, test "$enable_deploypkg" = "yes")
AM_CONDITIONAL(ENABLE_VGAUTH, test "$enable_vgauth" = "yes")
AM_CONDITIONAL(USE_XMLSEC1, test "$use_xmlsec1" = "yes")
services/plugins/gdp/Makefile \
services/plugins/appInfo/Makefile \
services/plugins/componentMgr/Makefile \
+ services/plugins/containerInfo/Makefile \
services/plugins/serviceDiscovery/Makefile \
services/plugins/desktopEvents/Makefile \
services/plugins/dndcp/Makefile \
******************************************************************************
*/
+/*
+ ******************************************************************************
+ * BEGIN containerInfo goodies.
+ */
+
+/**
+ * Defines the string used for the ContainerInfo config file group.
+ */
+#define CONFGROUPNAME_CONTAINERINFO "containerinfo"
+
+/**
+ * Define a custom ContainerInfo poll interval (in seconds).
+ *
+ * @note Illegal values result in a @c g_warning and fallback to the default
+ * poll interval.
+ *
+ * @param int User-defined poll interval. Set to 0 to disable polling.
+ */
+#define CONFNAME_CONTAINERINFO_POLLINTERVAL "poll-interval"
+
+/**
+ * Define the limit on the maximum number of containers to collect info from.
+ * If the number of running containers exceeds the limit, only the most recently
+ * created containers will be published.
+ *
+ * @note Illegal values result in a @c g_warning and fallback to the default
+ * max container limit.
+ *
+ * @param int User-defined max limit for # of containers queried.
+ */
+#define CONFNAME_CONTAINERINFO_LIMIT "max-containers"
+
+/**
+ * Defines the configuration to remove duplicate containers.
+ *
+ * @param boolean Set to TRUE to remove duplicate containers.
+ * Set to FALSE to keep duplicate containers.
+ */
+#define CONFNAME_CONTAINERINFO_REMOVE_DUPLICATES "remove-duplicates"
+
+/**
+ * Define the docker unix socket to use to communicate with the docker daemon.
+ *
+ * @note Illegal values result in a @c g_warning and fallback to docker's
+ * default unix socket.
+ *
+ * @param string absolute file path of the docker unix socket in use.
+ */
+#define CONFNAME_CONTAINERINFO_DOCKERSOCKET "docker-unix-socket"
+
+/**
+ * Define the containerd unix socket to connect with containerd gRPC server.
+ * This should be used to get containers.
+ *
+ * @note Illegal values result in a @c g_warning and fallback to the containerd
+ * default unix socket.
+ *
+ * @param string absolute file path of the containerd unix socket in use.
+ */
+#define CONFNAME_CONTAINERINFO_CONTAINERDSOCKET "containerd-unix-socket"
+
+/**
+ * Define the list of namespaces to be queried for the running containers.
+ *
+ * @note Illegal values result in a @c g_warning and fallback to the default
+ * list of namespaces.
+ *
+ * @param string Comma separated list of namespaces to be queried.
+ */
+#define CONFNAME_CONTAINERINFO_ALLOWED_NAMESPACES "allowed-namespaces"
+
+/*
+ * END containerInfo goodies.
+ ******************************************************************************
+ */
+
/*
******************************************************************************
* BEGIN ServiceDiscovery goodies.
--- /dev/null
+/*********************************************************
+ * Copyright (C) 2021 VMware, Inc. All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as published
+ * by the Free Software Foundation version 2.1 and no later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the Lesser GNU General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ *********************************************************/
+
+#ifndef _CONTAINERINFO_H_
+#define _CONTAINERINFO_H_
+
+/**
+ * @file containerInfo.h
+ *
+ * Common declarations that aid in sending container information
+ * from 'containerInfo' plugin in 'VMware Tools' to the host.
+ */
+
+/*
+ Sample JSON published to the guestinfo variable.
+ $ vmtoolsd --cmd "info-get guestinfo.vmtools.containerInfo" | jq
+ {
+ "version": "1",
+ "updateCounter": "11",
+ "publishTime": "2021-10-27T18:18:00.855Z",
+ "containerinfo": {
+ "k8s.io": [
+ {
+ "i": "k8s.gcr.io/pause"
+ }
+ ]
+ }
+}
+*/
+
+/* clang-format off */
+
+#define CONTAINERINFO_KEY "containerinfo"
+#define CONTAINERINFO_GUESTVAR_KEY "vmtools." CONTAINERINFO_KEY
+#define CONTAINERINFO_VERSION_1 1
+#define CONTAINERINFO_KEY_VERSION "version"
+#define CONTAINERINFO_KEY_UPDATE_COUNTER "updateCounter"
+#define CONTAINERINFO_KEY_PUBLISHTIME "publishTime"
+#define CONTAINERINFO_KEY_IMAGE "i"
+
+/* clang-format on */
+
+#endif
\ No newline at end of file
SUBDIRS += guestStore
SUBDIRS += componentMgr
endif
+if ENABLE_CONTAINERINFO
+ SUBDIRS += containerInfo
+endif
if ENABLE_SDMP
SUBDIRS += serviceDiscovery
endif
--- /dev/null
+ GNU LESSER GENERAL PUBLIC LICENSE
+ Version 2.1, February 1999
+
+ Copyright (C) 1991, 1999 Free Software Foundation, Inc.
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+[This is the first released version of the Lesser GPL. It also counts
+ as the successor of the GNU Library Public License, version 2, hence
+ the version number 2.1.]
+
+ Preamble
+
+ The licenses for most software are designed to take away your
+freedom to share and change it. By contrast, the GNU General Public
+Licenses are intended to guarantee your freedom to share and change
+free software--to make sure the software is free for all its users.
+
+ This license, the Lesser General Public License, applies to some
+specially designated software packages--typically libraries--of the
+Free Software Foundation and other authors who decide to use it. You
+can use it too, but we suggest you first think carefully about whether
+this license or the ordinary General Public License is the better
+strategy to use in any particular case, based on the explanations below.
+
+ When we speak of free software, we are referring to freedom of use,
+not price. Our General Public Licenses are designed to make sure that
+you have the freedom to distribute copies of free software (and charge
+for this service if you wish); that you receive source code or can get
+it if you want it; that you can change the software and use pieces of
+it in new free programs; and that you are informed that you can do
+these things.
+
+ To protect your rights, we need to make restrictions that forbid
+distributors to deny you these rights or to ask you to surrender these
+rights. These restrictions translate to certain responsibilities for
+you if you distribute copies of the library or if you modify it.
+
+ For example, if you distribute copies of the library, whether gratis
+or for a fee, you must give the recipients all the rights that we gave
+you. You must make sure that they, too, receive or can get the source
+code. If you link other code with the library, you must provide
+complete object files to the recipients, so that they can relink them
+with the library after making changes to the library and recompiling
+it. And you must show them these terms so they know their rights.
+
+ We protect your rights with a two-step method: (1) we copyright the
+library, and (2) we offer you this license, which gives you legal
+permission to copy, distribute and/or modify the library.
+
+ To protect each distributor, we want to make it very clear that
+there is no warranty for the free library. Also, if the library is
+modified by someone else and passed on, the recipients should know
+that what they have is not the original version, so that the original
+author's reputation will not be affected by problems that might be
+introduced by others.
+
+ Finally, software patents pose a constant threat to the existence of
+any free program. We wish to make sure that a company cannot
+effectively restrict the users of a free program by obtaining a
+restrictive license from a patent holder. Therefore, we insist that
+any patent license obtained for a version of the library must be
+consistent with the full freedom of use specified in this license.
+
+ Most GNU software, including some libraries, is covered by the
+ordinary GNU General Public License. This license, the GNU Lesser
+General Public License, applies to certain designated libraries, and
+is quite different from the ordinary General Public License. We use
+this license for certain libraries in order to permit linking those
+libraries into non-free programs.
+
+ When a program is linked with a library, whether statically or using
+a shared library, the combination of the two is legally speaking a
+combined work, a derivative of the original library. The ordinary
+General Public License therefore permits such linking only if the
+entire combination fits its criteria of freedom. The Lesser General
+Public License permits more lax criteria for linking other code with
+the library.
+
+ We call this license the "Lesser" General Public License because it
+does Less to protect the user's freedom than the ordinary General
+Public License. It also provides other free software developers Less
+of an advantage over competing non-free programs. These disadvantages
+are the reason we use the ordinary General Public License for many
+libraries. However, the Lesser license provides advantages in certain
+special circumstances.
+
+ For example, on rare occasions, there may be a special need to
+encourage the widest possible use of a certain library, so that it becomes
+a de-facto standard. To achieve this, non-free programs must be
+allowed to use the library. A more frequent case is that a free
+library does the same job as widely used non-free libraries. In this
+case, there is little to gain by limiting the free library to free
+software only, so we use the Lesser General Public License.
+
+ In other cases, permission to use a particular library in non-free
+programs enables a greater number of people to use a large body of
+free software. For example, permission to use the GNU C Library in
+non-free programs enables many more people to use the whole GNU
+operating system, as well as its variant, the GNU/Linux operating
+system.
+
+ Although the Lesser General Public License is Less protective of the
+users' freedom, it does ensure that the user of a program that is
+linked with the Library has the freedom and the wherewithal to run
+that program using a modified version of the Library.
+
+ The precise terms and conditions for copying, distribution and
+modification follow. Pay close attention to the difference between a
+"work based on the library" and a "work that uses the library". The
+former contains code derived from the library, whereas the latter must
+be combined with the library in order to run.
+
+ GNU LESSER GENERAL PUBLIC LICENSE
+ TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+ 0. This License Agreement applies to any software library or other
+program which contains a notice placed by the copyright holder or
+other authorized party saying it may be distributed under the terms of
+this Lesser General Public License (also called "this License").
+Each licensee is addressed as "you".
+
+ A "library" means a collection of software functions and/or data
+prepared so as to be conveniently linked with application programs
+(which use some of those functions and data) to form executables.
+
+ The "Library", below, refers to any such software library or work
+which has been distributed under these terms. A "work based on the
+Library" means either the Library or any derivative work under
+copyright law: that is to say, a work containing the Library or a
+portion of it, either verbatim or with modifications and/or translated
+straightforwardly into another language. (Hereinafter, translation is
+included without limitation in the term "modification".)
+
+ "Source code" for a work means the preferred form of the work for
+making modifications to it. For a library, complete source code means
+all the source code for all modules it contains, plus any associated
+interface definition files, plus the scripts used to control compilation
+and installation of the library.
+
+ Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope. The act of
+running a program using the Library is not restricted, and output from
+such a program is covered only if its contents constitute a work based
+on the Library (independent of the use of the Library in a tool for
+writing it). Whether that is true depends on what the Library does
+and what the program that uses the Library does.
+
+ 1. You may copy and distribute verbatim copies of the Library's
+complete source code as you receive it, in any medium, provided that
+you conspicuously and appropriately publish on each copy an
+appropriate copyright notice and disclaimer of warranty; keep intact
+all the notices that refer to this License and to the absence of any
+warranty; and distribute a copy of this License along with the
+Library.
+
+ You may charge a fee for the physical act of transferring a copy,
+and you may at your option offer warranty protection in exchange for a
+fee.
+
+ 2. You may modify your copy or copies of the Library or any portion
+of it, thus forming a work based on the Library, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+ a) The modified work must itself be a software library.
+
+ b) You must cause the files modified to carry prominent notices
+ stating that you changed the files and the date of any change.
+
+ c) You must cause the whole of the work to be licensed at no
+ charge to all third parties under the terms of this License.
+
+ d) If a facility in the modified Library refers to a function or a
+ table of data to be supplied by an application program that uses
+ the facility, other than as an argument passed when the facility
+ is invoked, then you must make a good faith effort to ensure that,
+ in the event an application does not supply such function or
+ table, the facility still operates, and performs whatever part of
+ its purpose remains meaningful.
+
+ (For example, a function in a library to compute square roots has
+ a purpose that is entirely well-defined independent of the
+ application. Therefore, Subsection 2d requires that any
+ application-supplied function or table used by this function must
+ be optional: if the application does not supply it, the square
+ root function must still compute square roots.)
+
+These requirements apply to the modified work as a whole. If
+identifiable sections of that work are not derived from the Library,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works. But when you
+distribute the same sections as part of a whole which is a work based
+on the Library, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote
+it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Library.
+
+In addition, mere aggregation of another work not based on the Library
+with the Library (or with a work based on the Library) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+ 3. You may opt to apply the terms of the ordinary GNU General Public
+License instead of this License to a given copy of the Library. To do
+this, you must alter all the notices that refer to this License, so
+that they refer to the ordinary GNU General Public License, version 2,
+instead of to this License. (If a newer version than version 2 of the
+ordinary GNU General Public License has appeared, then you can specify
+that version instead if you wish.) Do not make any other change in
+these notices.
+
+ Once this change is made in a given copy, it is irreversible for
+that copy, so the ordinary GNU General Public License applies to all
+subsequent copies and derivative works made from that copy.
+
+ This option is useful when you wish to copy part of the code of
+the Library into a program that is not a library.
+
+ 4. You may copy and distribute the Library (or a portion or
+derivative of it, under Section 2) in object code or executable form
+under the terms of Sections 1 and 2 above provided that you accompany
+it with the complete corresponding machine-readable source code, which
+must be distributed under the terms of Sections 1 and 2 above on a
+medium customarily used for software interchange.
+
+ If distribution of object code is made by offering access to copy
+from a designated place, then offering equivalent access to copy the
+source code from the same place satisfies the requirement to
+distribute the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+ 5. A program that contains no derivative of any portion of the
+Library, but is designed to work with the Library by being compiled or
+linked with it, is called a "work that uses the Library". Such a
+work, in isolation, is not a derivative work of the Library, and
+therefore falls outside the scope of this License.
+
+ However, linking a "work that uses the Library" with the Library
+creates an executable that is a derivative of the Library (because it
+contains portions of the Library), rather than a "work that uses the
+library". The executable is therefore covered by this License.
+Section 6 states terms for distribution of such executables.
+
+ When a "work that uses the Library" uses material from a header file
+that is part of the Library, the object code for the work may be a
+derivative work of the Library even though the source code is not.
+Whether this is true is especially significant if the work can be
+linked without the Library, or if the work is itself a library. The
+threshold for this to be true is not precisely defined by law.
+
+ If such an object file uses only numerical parameters, data
+structure layouts and accessors, and small macros and small inline
+functions (ten lines or less in length), then the use of the object
+file is unrestricted, regardless of whether it is legally a derivative
+work. (Executables containing this object code plus portions of the
+Library will still fall under Section 6.)
+
+ Otherwise, if the work is a derivative of the Library, you may
+distribute the object code for the work under the terms of Section 6.
+Any executables containing that work also fall under Section 6,
+whether or not they are linked directly with the Library itself.
+
+ 6. As an exception to the Sections above, you may also combine or
+link a "work that uses the Library" with the Library to produce a
+work containing portions of the Library, and distribute that work
+under terms of your choice, provided that the terms permit
+modification of the work for the customer's own use and reverse
+engineering for debugging such modifications.
+
+ You must give prominent notice with each copy of the work that the
+Library is used in it and that the Library and its use are covered by
+this License. You must supply a copy of this License. If the work
+during execution displays copyright notices, you must include the
+copyright notice for the Library among them, as well as a reference
+directing the user to the copy of this License. Also, you must do one
+of these things:
+
+ a) Accompany the work with the complete corresponding
+ machine-readable source code for the Library including whatever
+ changes were used in the work (which must be distributed under
+ Sections 1 and 2 above); and, if the work is an executable linked
+ with the Library, with the complete machine-readable "work that
+ uses the Library", as object code and/or source code, so that the
+ user can modify the Library and then relink to produce a modified
+ executable containing the modified Library. (It is understood
+ that the user who changes the contents of definitions files in the
+ Library will not necessarily be able to recompile the application
+ to use the modified definitions.)
+
+ b) Use a suitable shared library mechanism for linking with the
+ Library. A suitable mechanism is one that (1) uses at run time a
+ copy of the library already present on the user's computer system,
+ rather than copying library functions into the executable, and (2)
+ will operate properly with a modified version of the library, if
+ the user installs one, as long as the modified version is
+ interface-compatible with the version that the work was made with.
+
+ c) Accompany the work with a written offer, valid for at
+ least three years, to give the same user the materials
+ specified in Subsection 6a, above, for a charge no more
+ than the cost of performing this distribution.
+
+ d) If distribution of the work is made by offering access to copy
+ from a designated place, offer equivalent access to copy the above
+ specified materials from the same place.
+
+ e) Verify that the user has already received a copy of these
+ materials or that you have already sent this user a copy.
+
+ For an executable, the required form of the "work that uses the
+Library" must include any data and utility programs needed for
+reproducing the executable from it. However, as a special exception,
+the materials to be distributed need not include anything that is
+normally distributed (in either source or binary form) with the major
+components (compiler, kernel, and so on) of the operating system on
+which the executable runs, unless that component itself accompanies
+the executable.
+
+ It may happen that this requirement contradicts the license
+restrictions of other proprietary libraries that do not normally
+accompany the operating system. Such a contradiction means you cannot
+use both them and the Library together in an executable that you
+distribute.
+
+ 7. You may place library facilities that are a work based on the
+Library side-by-side in a single library together with other library
+facilities not covered by this License, and distribute such a combined
+library, provided that the separate distribution of the work based on
+the Library and of the other library facilities is otherwise
+permitted, and provided that you do these two things:
+
+ a) Accompany the combined library with a copy of the same work
+ based on the Library, uncombined with any other library
+ facilities. This must be distributed under the terms of the
+ Sections above.
+
+ b) Give prominent notice with the combined library of the fact
+ that part of it is a work based on the Library, and explaining
+ where to find the accompanying uncombined form of the same work.
+
+ 8. You may not copy, modify, sublicense, link with, or distribute
+the Library except as expressly provided under this License. Any
+attempt otherwise to copy, modify, sublicense, link with, or
+distribute the Library is void, and will automatically terminate your
+rights under this License. However, parties who have received copies,
+or rights, from you under this License will not have their licenses
+terminated so long as such parties remain in full compliance.
+
+ 9. You are not required to accept this License, since you have not
+signed it. However, nothing else grants you permission to modify or
+distribute the Library or its derivative works. These actions are
+prohibited by law if you do not accept this License. Therefore, by
+modifying or distributing the Library (or any work based on the
+Library), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Library or works based on it.
+
+ 10. Each time you redistribute the Library (or any work based on the
+Library), the recipient automatically receives a license from the
+original licensor to copy, distribute, link with or modify the Library
+subject to these terms and conditions. You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties with
+this License.
+
+ 11. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License. If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Library at all. For example, if a patent
+license would not permit royalty-free redistribution of the Library by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Library.
+
+If any portion of this section is held invalid or unenforceable under any
+particular circumstance, the balance of the section is intended to apply,
+and the section as a whole is intended to apply in other circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system which is
+implemented by public license practices. Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+ 12. If the distribution and/or use of the Library is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Library under this License may add
+an explicit geographical distribution limitation excluding those countries,
+so that distribution is permitted only in or among countries not thus
+excluded. In such case, this License incorporates the limitation as if
+written in the body of this License.
+
+ 13. The Free Software Foundation may publish revised and/or new
+versions of the Lesser General Public License from time to time.
+Such new versions will be similar in spirit to the present version,
+but may differ in detail to address new problems or concerns.
+
+Each version is given a distinguishing version number. If the Library
+specifies a version number of this License which applies to it and
+"any later version", you have the option of following the terms and
+conditions either of that version or of any later version published by
+the Free Software Foundation. If the Library does not specify a
+license version number, you may choose any version ever published by
+the Free Software Foundation.
+
+ 14. If you wish to incorporate parts of the Library into other free
+programs whose distribution conditions are incompatible with these,
+write to the author to ask for permission. For software which is
+copyrighted by the Free Software Foundation, write to the Free
+Software Foundation; we sometimes make exceptions for this. Our
+decision will be guided by the two goals of preserving the free status
+of all derivatives of our free software and of promoting the sharing
+and reuse of software generally.
+
+ NO WARRANTY
+
+ 15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO
+WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW.
+EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR
+OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY
+KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE
+LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME
+THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
+
+ 16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN
+WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY
+AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU
+FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR
+CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE
+LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING
+RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A
+FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF
+SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
+DAMAGES.
+
+ END OF TERMS AND CONDITIONS
+
+ How to Apply These Terms to Your New Libraries
+
+ If you develop a new library, and you want it to be of the greatest
+possible use to the public, we recommend making it free software that
+everyone can redistribute and change. You can do so by permitting
+redistribution under these terms (or, alternatively, under the terms of the
+ordinary General Public License).
+
+ To apply these terms, attach the following notices to the library. It is
+safest to attach them to the start of each source file to most effectively
+convey the exclusion of warranty; and each file should have at least the
+"copyright" line and a pointer to where the full notice is found.
+
+ <one line to give the library's name and a brief idea of what it does.>
+ Copyright (C) <year> <name of author>
+
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with this library; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+
+Also add information on how to contact you by electronic and paper mail.
+
+You should also get your employer (if you work as a programmer) or your
+school, if any, to sign a "copyright disclaimer" for the library, if
+necessary. Here is a sample; alter the names:
+
+ Yoyodyne, Inc., hereby disclaims all copyright interest in the
+ library `Frob' (a library for tweaking knobs) written by James Random Hacker.
+
+ <signature of Ty Coon>, 1 April 1990
+ Ty Coon, President of Vice
+
+That's all there is to it!
--- /dev/null
+################################################################################
+### Copyright (c) 2021 VMware, Inc. All rights reserved.
+###
+### This program is free software; you can redistribute it and/or modify
+### it under the terms of version 2 of the GNU General Public License as
+### published by the Free Software Foundation.
+###
+### This program is distributed in the hope that it will be useful,
+### but WITHOUT ANY WARRANTY; without even the implied warranty of
+### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+### GNU General Public License for more details.
+###
+### You should have received a copy of the GNU General Public License
+### along with this program; if not, write to the Free Software
+### Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+################################################################################
+
+SUBDIRS =
+
+plugindir = @VMSVC_PLUGIN_INSTALLDIR@
+plugin_LTLIBRARIES = libcontainerInfo.la
+
+PWD = $(shell pwd)
+CONTAINERS_PROTO = $(PWD)/containers.proto
+
+libcontainerInfo_la_CPPFLAGS =
+libcontainerInfo_la_CPPFLAGS += @PLUGIN_CPPFLAGS@
+
+libcontainerInfo_la_LDFLAGS =
+libcontainerInfo_la_LDFLAGS += @PLUGIN_LDFLAGS@
+
+libcontainerInfo_la_LIBADD =
+libcontainerInfo_la_LIBADD += @VMTOOLS_LIBS@
+libcontainerInfo_la_LIBADD += @GOBJECT_LIBS@
+
+libcontainerInfo_la_SOURCES =
+libcontainerInfo_la_SOURCES += containerInfo.h
+libcontainerInfo_la_SOURCES += containerInfoInt.h
+libcontainerInfo_la_SOURCES += containerInfo.c
+
+libcontainerInfo_la_SOURCES += containerInfo_docker.c
+libcontainerInfo_la_LDFLAGS += -lcurl
+libcontainerInfo_la_CPPFLAGS += @CURL_CPPFLAGS@
+libcontainerInfo_la_LIBADD += ../../../lib/jsmn/libJsmn.la
+
+libcontainerInfo_la_SOURCES += gogoproto/gogo.pb.h
+libcontainerInfo_la_SOURCES += gogoproto/gogo.pb.cc
+libcontainerInfo_la_SOURCES += containers.pb.cc
+libcontainerInfo_la_SOURCES += containers.pb.h
+libcontainerInfo_la_SOURCES += containers.grpc.pb.cc
+libcontainerInfo_la_SOURCES += containers.grpc.pb.h
+libcontainerInfo_la_SOURCES += containerInfo_grpc.cc
+
+libcontainerInfo_la_CPPFLAGS += @GRPC_CPPFLAGS@
+libcontainerInfo_la_LDFLAGS += -lprotobuf
+libcontainerInfo_la_LDFLAGS += -lgrpc++
+
+containers.grpc.pb.cc \
+containers.grpc.pb.h: $(CONTAINERS_PROTO)
+ $(PROTOC) -I$(PWD) -I$(GOGO_PROTOPATH) \
+ --grpc_out=. --plugin=protoc-gen-grpc=`which $(GRPC_CPP)` $^
+
+gogoproto/gogo.pb.cc \
+gogoproto/gogo.pb.h \
+containers.pb.cc \
+containers.pb.h: $(CONTAINERD_PROTOPATH)/containers.proto \
+ $(GOGO_PROTOPATH)/gogoproto/gogo.proto
+ sed 's/import weak /import /' \
+ $(CONTAINERD_PROTOPATH)/containers.proto > $(CONTAINERS_PROTO)
+ $(MKDIR_P) gogoproto/
+ $(PROTOC) --cpp_out=. -I$(PWD) -I$(GOGO_PROTOPATH) \
+ $(CONTAINERS_PROTO) $(GOGO_PROTOPATH)/gogoproto/gogo.proto
--- /dev/null
+/*********************************************************
+ * Copyright (C) 2021 VMware, Inc. All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as published
+ * by the Free Software Foundation version 2.1 and no later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the Lesser GNU General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ *********************************************************/
+
+/*
+ * containerInfo.c --
+ *
+ * Captures the information about running containers inside the guest
+ * and publishes it to a guest variable.
+ */
+
+#ifndef __linux__
+# error This file should not be compiled.
+#endif
+
+#define G_LOG_DOMAIN "containerInfo"
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "codeset.h"
+#include "procMgr.h"
+#include "str.h"
+#include "strutil.h"
+#include "conf.h"
+#include "util.h"
+#include "vm_atomic.h"
+#include "vmware/guestrpc/containerInfo.h"
+#include "containerInfoInt.h"
+#include "vmware/guestrpc/tclodefs.h"
+#include "vmware/tools/log.h"
+#include "vmware/tools/threadPool.h"
+
+#include "vm_version.h"
+#include "embed_version.h"
+#include "vmtoolsd_version.h"
+VM_EMBED_VERSION(VMTOOLSD_VERSION_STRING);
+
+/**
+ * Default poll interval for containerInfo is 6 hours
+ */
+#define CONTAINERINFO_DEFAULT_POLL_INTERVAL (6 * 60 * 60)
+
+/**
+ * Name of the containerd process. This is used to figure
+ * out if the containerd process is running in the list
+ * of processes.
+ */
+#define CONTAINERD_PROCESS_NAME "containerd"
+
+/**
+ * Default value for containerinfo query-limit conf key.
+ */
+#define CONTAINERINFO_DEFAULT_CONTAINER_MAX 256
+
+/**
+ * Default value for CONFNAME_CONTAINERINFO_REMOVE_DUPLICATES setting in
+ * tools configuration file.
+ *
+ * TRUE will remove duplicate containers.
+ */
+#define CONTAINERINFO_DEFAULT_REMOVE_DUPLICATES TRUE
+
+/**
+ * Default value for containerd-unix-socket conf key.
+ */
+#define CONTAINERINFO_DEFAULT_CONTAINERDSOCKET "/run/containerd/containerd.sock"
+
+/**
+ * Default value for docker-unix-socket conf key.
+ */
+#define CONTAINERINFO_DEFAULT_DOCKER_SOCKET "/var/run/docker.sock"
+
+/**
+ * Default value for allowed-namespaces conf key.
+ */
+#define CONTAINERINFO_DEFAULT_ALLOWED_NAMESPACES "moby,k8s.io,default"
+
+/**
+ * Name of the 'moby' namespace used by docker.
+ */
+#define CONTAINERINFO_DOCKER_NAMESPACE_NAME "moby"
+
+/**
+ * Maximum size of the guestinfo packet that holds the containerinfo
+ * information.
+ */
+#define CONTAINERINFO_MAX_GUESTINFO_PACKET_SIZE (63 * 1024)
+
+/**
+ * Defines current containerinfo poll interval (in seconds).
+ *
+ * Controlled by containerinfo.poll-interval config file option.
+ */
+static Atomic_uint32 gContainerInfoPollInterval = { 0 };
+
+/**
+ * ContainerInfo gather loop timeout source.
+ */
+static GSource *gContainerInfoTimeoutSource = NULL;
+
+/**
+ * ContainerInfo and AppInfo share the same host side switch so this
+ * defines the state of the AppInfo at the host side.
+ */
+static gboolean gAppInfoEnabledInHost = TRUE;
+
+/**
+ * Defines whether task is currently in progress. libcurl initialization
+ * is not thread safe so this atomic bool will ensure only one task is
+ * running at a time.
+ */
+static Atomic_Bool gTaskSubmitted = { FALSE }; // Task has not been submitted.
+
+static void TweakGatherLoop(ToolsAppCtx *ctx, gboolean force);
+
+
+/*
+ *****************************************************************************
+ * SetGuestInfo --
+ *
+ * Sends a simple key-value update request to the VMX.
+ *
+ * @param[in] ctx Application context.
+ * @param[in] key Key sent to the VMX
+ * @param[in] value GuestInfo data sent to the VMX
+ *
+ *****************************************************************************
+ */
+
+static void
+SetGuestInfo(ToolsAppCtx *ctx, // IN
+ const char *guestVariableName, // IN
+ const char *value) // IN
+{
+ char *reply = NULL;
+ gchar *msg;
+ size_t replyLen;
+
+ ASSERT(guestVariableName != NULL);
+ ASSERT(value != NULL);
+
+ msg = g_strdup_printf("info-set guestinfo.%s %s",
+ guestVariableName,
+ value);
+
+ if (!RpcChannel_Send(ctx->rpc,
+ msg,
+ strlen(msg) + 1,
+ &reply,
+ &replyLen)) {
+ g_warning("%s: Error sending RPC message: %s\n", __FUNCTION__,
+ VM_SAFE_STR(reply));
+ } else {
+ g_info("%s: Successfully published the container information.\n",
+ __FUNCTION__);
+ }
+
+ g_free(msg);
+ vm_free(reply);
+ return;
+}
+
+
+/*
+ *****************************************************************************
+ * CheckContainerdRunning --
+ *
+ * When containers are run, the containerd-shim process gets called.
+ * This function checks if containerd process exists in the list of processes,
+ * which will signal that the containerinfo loop should be started.
+ *
+ * @retval TRUE found containerd process.
+ * @retval FALSE not found.
+ *
+ *****************************************************************************
+ */
+
+static gboolean
+CheckContainerdRunning(void)
+{
+ ProcMgrProcInfoArray *procList;
+ size_t procCount;
+ int i;
+ gboolean result = FALSE;
+
+ procList = ProcMgr_ListProcesses();
+ if (procList == NULL) {
+ g_warning("%s: Failed to get the list of processes.\n",
+ __FUNCTION__);
+ return result;
+ }
+
+ procCount = ProcMgrProcInfoArray_Count(procList);
+ for (i = 0; i < procCount; i++) {
+ ProcMgrProcInfo *procInfo = ProcMgrProcInfoArray_AddressOf(procList, i);
+ if (procInfo->procCmdName != NULL &&
+ strstr(procInfo->procCmdName, CONTAINERD_PROCESS_NAME)) {
+ result = TRUE;
+ break;
+ }
+ }
+
+ ProcMgr_FreeProcList(procList);
+ return result;
+}
+
+
+/*
+ ******************************************************************************
+ * ContainerInfo_DestroyContainerData --
+ *
+ * Free function for container data. This function is called by the glib
+ * for each element in the container list while freeing.
+ *
+ * @param[in] data Pointer to the container data.
+ *
+ * @retval NONE
+ *
+ ******************************************************************************
+ */
+
+void
+ContainerInfo_DestroyContainerData(void *pointer)
+{
+ ContainerInfo *info = pointer;
+
+ if (info == NULL) {
+ return;
+ }
+
+ g_free(info->id);
+ g_free(info->image);
+ g_free(info);
+}
+
+
+/*
+ *****************************************************************************
+ * ContainerInfo_DestroyContainerList --
+ *
+ * Frees the entire memory allocated for the container list.
+ *
+ * @param[in] containerList Pointer to the container list.
+ *
+ * @retval NONE
+ *
+ *****************************************************************************
+ */
+
+void
+ContainerInfo_DestroyContainerList(GSList *containerList)
+{
+ if (containerList == NULL) {
+ return;
+ }
+
+ g_slist_free_full(containerList, ContainerInfo_DestroyContainerData);
+}
+
+
+/*
+ *****************************************************************************
+ * ContainerInfoGetNsJson --
+ *
+ * Iterates through the list of containers and prepares the JSON string for
+ * a specified namespace. The caller must free the resulting JSON string.
+ *
+ * @param[in] ns The name of the namespace
+ * @param[in] containerList The list of the running containers
+ * @param[in] dockerSocketPath The path to the unix socket used by docker.
+ * @param[in] removeDuplicates Remove duplicate containers from the output.
+ * @param[in] maxSize Maximum size of the JSON output
+ * @param[out] resultJson JSON string that is prepared.
+ *
+ * @retVal The size of the JSON string returned.
+ *
+ *****************************************************************************
+ */
+
+size_t
+ContainerInfoGetNsJson(const char *ns, // IN
+ GSList *containerList, // IN
+ const char *dockerSocketPath, // IN
+ gboolean removeDuplicates, // IN
+ unsigned int maxSize, // IN
+ char **resultJson) // OUT
+{
+ static const char headerFmt[] = "\"%s\": [";
+ static const char footer[] = "]";
+
+ GSList *info;
+ gboolean nodeAdded;
+ DynBuf dynBuffer;
+ size_t resultSize = 0;
+ GHashTable *dockerContainerTable = NULL;
+ GHashTable *imagesAdded = NULL;
+ gchar *escapedImageName = NULL;
+
+ ASSERT(resultJson != NULL);
+
+ DynBuf_Init(&dynBuffer);
+ StrUtil_SafeDynBufPrintf(&dynBuffer, headerFmt, ns);
+
+ nodeAdded = FALSE;
+
+ /*
+ * The image name may not be set for containers managed by docker.
+ * To handle such cases, get the list of containers using Docker APIs.
+ */
+ if (strcmp(ns, CONTAINERINFO_DOCKER_NAMESPACE_NAME) == 0) {
+ dockerContainerTable =
+ ContainerInfo_GetDockerContainers(dockerSocketPath);
+ }
+
+ if (removeDuplicates) {
+ imagesAdded = g_hash_table_new_full(g_str_hash, g_str_equal,
+ g_free, NULL);
+ }
+
+ for (info = containerList; info != NULL; info = info->next) {
+ static const char *nodeFmt = "%s{\""
+ CONTAINERINFO_KEY_IMAGE
+ "\":\"%s\"}";
+ size_t currentBufferSize = DynBuf_GetSize(&dynBuffer);
+ gchar *tmpNode;
+ size_t len;
+ ContainerInfo *node = (ContainerInfo *) info->data;
+
+ g_free(escapedImageName);
+ escapedImageName = NULL;
+
+ if (node->image == NULL || node->image[0] == '\0') {
+ const char *newImage = NULL;
+
+ if (dockerContainerTable != NULL) {
+ newImage = g_hash_table_lookup(dockerContainerTable, node->id);
+ }
+
+ if (newImage != NULL) {
+ escapedImageName = g_strdup(newImage);
+ } else {
+ g_warning("%s: Skipping '%s' since image name couldn't "
+ "be retrieved.\n", __FUNCTION__, node->id);
+ continue;
+ }
+ } else {
+ escapedImageName = CodeSet_JsonEscape(node->image);
+ if (NULL == escapedImageName) {
+ g_warning("%s: Failed to escape the image. Skipping '%s'\n",
+ __FUNCTION__, node->id);
+ continue;
+ }
+ }
+
+ if (removeDuplicates) {
+ /*
+ * Check if the container was already added. If already added, just
+ * skip to the next container.
+ */
+ if (g_hash_table_contains(imagesAdded, escapedImageName)) {
+ continue;
+ }
+ }
+
+ tmpNode = Str_Asprintf(&len, nodeFmt,
+ nodeAdded ? "," : "", escapedImageName);
+ if (tmpNode == NULL) {
+ g_warning("%s: Out of memory. Skipping '%s'\n",
+ __FUNCTION__, node->id);
+ break;
+ }
+
+ if (currentBufferSize + len + sizeof footer > maxSize) {
+ g_warning("%s: Skipping '%s' due to insufficient size.\n",
+ __FUNCTION__, node->id);
+ } else {
+ if (removeDuplicates) {
+ g_hash_table_add(imagesAdded, escapedImageName);
+ escapedImageName = NULL;
+ }
+ DynBuf_Append(&dynBuffer, tmpNode, len);
+ nodeAdded = TRUE;
+ }
+ g_free(tmpNode);
+ }
+
+ if (nodeAdded) {
+ DynBuf_Append(&dynBuffer, footer, strlen(footer));
+ resultSize = DynBuf_GetSize(&dynBuffer);
+ *resultJson = DynBuf_DetachString(&dynBuffer);
+ } else {
+ resultSize = 0;
+ *resultJson = NULL;
+ }
+
+ g_free(escapedImageName);
+
+ if (imagesAdded != NULL) {
+ g_hash_table_destroy(imagesAdded);
+ }
+
+ if (dockerContainerTable != NULL) {
+ g_hash_table_destroy(dockerContainerTable);
+ }
+
+ DynBuf_Destroy(&dynBuffer);
+ return resultSize;
+}
+
+
+/*
+ *****************************************************************************
+ * ContainerInfoGatherTask --
+ *
+ * Collects all the desired container related information.
+ *
+ * @param[in] ctx The application context.
+ * @param[in] data Unused
+ *
+ *****************************************************************************
+ */
+
+static void
+ContainerInfoGatherTask(ToolsAppCtx *ctx, // IN
+ gpointer data) // IN
+{
+ gchar *timeStampString = NULL;
+ int limit;
+ gint64 startInfoGatherTime;
+ gint64 endInfoGatherTime;
+ gchar *containerdSocketPath = NULL;
+ gchar *nsConfValue = NULL;
+ gchar **nsList;
+ static Atomic_uint64 updateCounter = {1};
+ uint64 counter;
+ int i;
+ DynBuf dynBuffer;
+ gchar tmpBuf[256];
+ size_t len;
+ gboolean nsAdded;
+ char *dockerSocketPath = NULL;
+ GHashTable *nsParsed;
+ gboolean removeDuplicates;
+
+ static char headerFmt[] = "{"
+ "\"" CONTAINERINFO_KEY_VERSION "\":\"%d\","
+ "\"" CONTAINERINFO_KEY_UPDATE_COUNTER "\":%"FMT64"u,"
+ "\"" CONTAINERINFO_KEY_PUBLISHTIME "\":\"%s\","
+ "\"" CONTAINERINFO_KEY "\":{";
+ static char footer[] = "}}";
+
+ if (Atomic_ReadIfEqualWriteBool(&gTaskSubmitted, FALSE, TRUE)) {
+ g_info("%s: Previously submitted task is not completed\n", __FUNCTION__);
+ return;
+ }
+
+ timeStampString = VMTools_GetTimeAsString();
+ counter = (uint64) Atomic_ReadInc64(&updateCounter);
+
+ DynBuf_Init(&dynBuffer);
+ len = Str_Snprintf(tmpBuf, sizeof tmpBuf,
+ headerFmt,
+ CONTAINERINFO_VERSION_1,
+ counter,
+ (timeStampString != NULL) ? timeStampString : "");
+ ASSERT(len > 0);
+
+ DynBuf_Append(&dynBuffer, tmpBuf, len);
+
+ if (!CheckContainerdRunning()) {
+ g_info("%s: Could not find running containerd process on the system.\n",
+ __FUNCTION__);
+ goto exit;
+ }
+
+ limit =
+ VMTools_ConfigGetInteger(ctx->config,
+ CONFGROUPNAME_CONTAINERINFO,
+ CONFNAME_CONTAINERINFO_LIMIT,
+ CONTAINERINFO_DEFAULT_CONTAINER_MAX);
+
+ if (limit < 1) {
+ g_warning("%s: invalid max-containers %d. Using default %d.\n",
+ __FUNCTION__,
+ limit,
+ CONTAINERINFO_DEFAULT_CONTAINER_MAX);
+ limit = CONTAINERINFO_DEFAULT_CONTAINER_MAX;
+ }
+
+ nsConfValue =
+ VMTools_ConfigGetString(ctx->config,
+ CONFGROUPNAME_CONTAINERINFO,
+ CONFNAME_CONTAINERINFO_ALLOWED_NAMESPACES,
+ CONTAINERINFO_DEFAULT_ALLOWED_NAMESPACES);
+ g_strstrip(nsConfValue);
+
+ if (nsConfValue[0] == '\0') {
+ g_warning("%s: Empty value found for %s.%s key. Ignoring.",
+ __FUNCTION__, CONFGROUPNAME_CONTAINERINFO,
+ CONFNAME_CONTAINERINFO_ALLOWED_NAMESPACES);
+ goto exit;
+ }
+
+ containerdSocketPath =
+ VMTools_ConfigGetString(ctx->config,
+ CONFGROUPNAME_CONTAINERINFO,
+ CONFNAME_CONTAINERINFO_CONTAINERDSOCKET,
+ CONTAINERINFO_DEFAULT_CONTAINERDSOCKET);
+ g_strstrip(containerdSocketPath);
+
+ dockerSocketPath =
+ VMTools_ConfigGetString(ctx->config,
+ CONFGROUPNAME_CONTAINERINFO,
+ CONFNAME_CONTAINERINFO_DOCKERSOCKET,
+ CONTAINERINFO_DEFAULT_DOCKER_SOCKET);
+ g_strstrip(dockerSocketPath);
+
+ if (dockerSocketPath[0] == '\0') {
+ g_warning("%s: Empty value found for %s.%s key. Using default %s.",
+ __FUNCTION__, CONFGROUPNAME_CONTAINERINFO,
+ CONFNAME_CONTAINERINFO_DOCKERSOCKET,
+ CONTAINERINFO_DEFAULT_DOCKER_SOCKET);
+ g_free(dockerSocketPath);
+ dockerSocketPath = g_strdup(CONTAINERINFO_DEFAULT_DOCKER_SOCKET);
+ }
+
+ removeDuplicates =
+ VMTools_ConfigGetBoolean(ctx->config,
+ CONFGROUPNAME_CONTAINERINFO,
+ CONFNAME_CONTAINERINFO_REMOVE_DUPLICATES,
+ CONTAINERINFO_DEFAULT_REMOVE_DUPLICATES);
+
+ startInfoGatherTime = g_get_monotonic_time();
+
+ nsList = g_strsplit(nsConfValue, ",", 0);
+ nsAdded = FALSE;
+ nsParsed = g_hash_table_new(g_str_hash, g_str_equal);
+
+ for (i = 0; nsList[i] != NULL; i++) {
+ size_t currentBufferSize = DynBuf_GetSize(&dynBuffer);
+ size_t maxSizeRemaining = CONTAINERINFO_MAX_GUESTINFO_PACKET_SIZE -
+ currentBufferSize - sizeof(footer);
+
+ gchar *nsJsonString;
+ size_t nsJsonSize;
+ GSList *containerList;
+
+ g_strstrip(nsList[i]);
+ if (nsList[i][0] == '\0') {
+ g_warning("%s: Empty value found for the namespace. Skipping.",
+ __FUNCTION__);
+ continue;
+ }
+
+ if (g_hash_table_contains(nsParsed, nsList[i])) {
+ g_debug("%s: Skipping the duplicate namespace: %s",
+ __FUNCTION__, nsList[i]);
+ continue;
+ }
+
+ if (nsAdded) {
+ maxSizeRemaining--; // Minus size of ','
+ }
+
+ if (maxSizeRemaining == 0 ||
+ maxSizeRemaining > CONTAINERINFO_MAX_GUESTINFO_PACKET_SIZE) {
+ break;
+ }
+
+ containerList =
+ ContainerInfo_GetContainerList(nsList[i], containerdSocketPath,
+ (unsigned int) limit);
+ g_hash_table_add(nsParsed, nsList[i]);
+ if (containerList == NULL) {
+ continue;
+ }
+
+ nsJsonSize = ContainerInfoGetNsJson(nsList[i], containerList,
+ dockerSocketPath, removeDuplicates, maxSizeRemaining,
+ &nsJsonString);
+ if (nsJsonSize > 0 && nsJsonSize <= maxSizeRemaining) {
+ if (nsAdded) {
+ DynBuf_Append(&dynBuffer, ",", 1);
+ }
+ DynBuf_Append(&dynBuffer, nsJsonString, nsJsonSize);
+ nsAdded = TRUE;
+ }
+ g_free(nsJsonString);
+ ContainerInfo_DestroyContainerList(containerList);
+ }
+
+ g_hash_table_destroy(nsParsed);
+ g_strfreev(nsList);
+
+ endInfoGatherTime = g_get_monotonic_time();
+
+ g_info("%s: time to complete containerInfo gather = %ld us\n",
+ __FUNCTION__, endInfoGatherTime - startInfoGatherTime);
+
+exit:
+ if (Atomic_Read32(&gContainerInfoPollInterval) == 0) {
+ /*
+ * If gatherLoop is disabled then make sure this thread
+ * did not overwrite the guestVar. The guestVar should be
+ * cleared out in this case.
+ */
+ SetGuestInfo(ctx, CONTAINERINFO_GUESTVAR_KEY, "");
+ } else {
+ DynBuf_Append(&dynBuffer, footer, sizeof(footer));
+ SetGuestInfo(ctx,
+ CONTAINERINFO_GUESTVAR_KEY,
+ DynBuf_GetString(&dynBuffer));
+ }
+
+ DynBuf_Destroy(&dynBuffer);
+ g_free(dockerSocketPath);
+ g_free(containerdSocketPath);
+ g_free(nsConfValue);
+ g_free(timeStampString);
+ Atomic_WriteBool(&gTaskSubmitted, FALSE);
+}
+
+
+/*
+ *****************************************************************************
+ * ContainerInfoGather --
+ *
+ * Creates a new thread that collects all the desired container related
+ * information and updates the VMX. Tweaks the poll gather loop as per the
+ * tools configuration after creating the thread.
+ *
+ * @param[in] data The application context.
+ *
+ * @retval G_SOURCE_REMOVE to indicate that the timer should be removed.
+ *
+ *****************************************************************************
+ */
+
+static gboolean
+ContainerInfoGather(gpointer data) // IN
+{
+ ToolsAppCtx *ctx = data;
+
+ g_debug("%s: Submitting a task to capture container information.\n",
+ __FUNCTION__);
+
+ if (!ToolsCorePool_SubmitTask(ctx, ContainerInfoGatherTask, NULL, NULL)) {
+ g_warning("%s: Failed to submit the task for capturing container "
+ "information\n", __FUNCTION__);
+ }
+
+ TweakGatherLoop(ctx, TRUE);
+
+ return G_SOURCE_REMOVE;
+}
+
+
+/*
+ *****************************************************************************
+ * TweakGatherLoopEx --
+ *
+ * Start, stop, reconfigure a ContainerInfo Gather poll loop.
+ *
+ * This function is responsible for creating, manipulating, and resetting a
+ * ContainerInfo Gather loop timeout source. The poll loop will be disabled if
+ * the poll interval is 0.
+ *
+ * @param[in] ctx The application context.
+ * @param[in] pollInterval Poll interval in seconds. A value of 0 will
+ * disable the loop.
+ *
+ *****************************************************************************
+ */
+
+static void
+TweakGatherLoopEx(ToolsAppCtx *ctx, // IN
+ guint pollInterval) // IN
+{
+ if (gContainerInfoTimeoutSource != NULL) {
+ /*
+ * Destroy the existing timeout source.
+ */
+ g_source_destroy(gContainerInfoTimeoutSource);
+ gContainerInfoTimeoutSource = NULL;
+ }
+
+ if (pollInterval > 0) {
+ if (Atomic_Read32(&gContainerInfoPollInterval) != pollInterval) {
+ g_info("%s: New value for %s is %us.\n",
+ __FUNCTION__,
+ CONFNAME_CONTAINERINFO_POLLINTERVAL,
+ pollInterval);
+ }
+
+ gContainerInfoTimeoutSource = g_timeout_source_new(pollInterval * 1000);
+ VMTOOLSAPP_ATTACH_SOURCE(ctx, gContainerInfoTimeoutSource,
+ ContainerInfoGather, ctx, NULL);
+ g_source_unref(gContainerInfoTimeoutSource);
+ Atomic_Write32(&gContainerInfoPollInterval, pollInterval);
+ } else if (Atomic_Read32(&gContainerInfoPollInterval) > 0) {
+ g_info("%s: Poll loop for %s disabled.\n",
+ __FUNCTION__, CONFNAME_CONTAINERINFO_POLLINTERVAL);
+ Atomic_Write32(&gContainerInfoPollInterval, 0);
+ SetGuestInfo(ctx, CONTAINERINFO_GUESTVAR_KEY, "");
+ }
+}
+
+
+/*
+ *****************************************************************************
+ * TweakGatherLoop --
+ *
+ * Configures the ContainerInfo Gather poll loop based on the settings in the
+ * tools configuration.
+ *
+ * This function is responsible for creating, manipulating, and resetting a
+ * ContainerInfo Gather loop timeout source.
+ *
+ * @param[in] ctx The application context.
+ * @param[in] force If set to TRUE, the poll loop will be
+ * tweaked even if the poll interval hasn't
+ * changed from the previous value.
+ *
+ *****************************************************************************
+ */
+
+static void
+TweakGatherLoop(ToolsAppCtx *ctx, // IN
+ gboolean force) // IN
+{
+ gint pollInterval;
+
+ if (gAppInfoEnabledInHost) {
+ pollInterval =
+ VMTools_ConfigGetInteger(ctx->config,
+ CONFGROUPNAME_CONTAINERINFO,
+ CONFNAME_CONTAINERINFO_POLLINTERVAL,
+ CONTAINERINFO_DEFAULT_POLL_INTERVAL);
+
+ if (pollInterval < 0) {
+ g_warning("%s: Invalid poll interval %d. Using default %us.\n",
+ __FUNCTION__, pollInterval,
+ CONTAINERINFO_DEFAULT_POLL_INTERVAL);
+ pollInterval = CONTAINERINFO_DEFAULT_POLL_INTERVAL;
+ }
+ } else {
+ pollInterval = 0;
+ }
+
+ if (force || (Atomic_Read32(&gContainerInfoPollInterval) != pollInterval)) {
+ /*
+ * pollInterval can never be a negative value. Typecasting into
+ * guint should not be a problem.
+ */
+ TweakGatherLoopEx(ctx, (guint) pollInterval);
+ }
+}
+
+
+/*
+ *****************************************************************************
+ * ContainerInfoServerConfReload --
+ *
+ * Reconfigures the poll loop interval upon config file reload.
+ *
+ * @param[in] src The source object.
+ * @param[in] ctx The application context.
+ * @param[in] data Unused.
+ *
+ *****************************************************************************
+ */
+
+static void
+ContainerInfoServerConfReload(gpointer src, // IN
+ ToolsAppCtx *ctx, // IN
+ gpointer data) // IN
+{
+ g_info("%s: Reloading the tools configuration.\n", __FUNCTION__);
+
+ TweakGatherLoop(ctx, FALSE);
+}
+
+
+/*
+ *****************************************************************************
+ * ContainerInfoServerShutdown --
+ *
+ * Cleanup internal data on shutdown.
+ *
+ * @param[in] src The source object.
+ * @param[in] ctx Application context.
+ * @param[in] data Unused.
+ *
+ *****************************************************************************
+ */
+
+static void
+ContainerInfoServerShutdown(gpointer src, // IN
+ ToolsAppCtx *ctx, // IN
+ gpointer data) // IN
+{
+ if (gContainerInfoTimeoutSource != NULL) {
+ g_source_destroy(gContainerInfoTimeoutSource);
+ gContainerInfoTimeoutSource = NULL;
+ }
+
+ SetGuestInfo(ctx, CONTAINERINFO_GUESTVAR_KEY, "");
+}
+
+
+/*
+ *----------------------------------------------------------------------------
+ *
+ * ContainerInfoServerSetOption --
+ *
+ * Handle TOOLSOPTION_ENABLE_APPINFO Set_Option callback. This callback is
+ * necessary because containerInfo shares AppInfo's host side switch.
+ *
+ * @param[in] src The source object.
+ * @param[in] ctx The app context.
+ * @param[in] option Option being set.
+ * @param[in] value Option value.
+ * @param[in] plugin Plugin registration data.
+ *
+ * @retval TRUE if the specified option is TOOLSOPTION_ENABLE_APPINFO and
+ * the containerInfo Gather poll loop is reconfigured.
+ * @retval FALSE if the specified option is not TOOLSOPTION_ENABLE_APPINFO
+ * or containerInfo Gather poll loop is not reconfigured.
+ *----------------------------------------------------------------------------
+ */
+
+static gboolean
+ContainerInfoServerSetOption(gpointer src, // IN
+ ToolsAppCtx *ctx, // IN
+ const gchar *option, // IN
+ const gchar *value, // IN
+ gpointer data) // IN
+{
+ gboolean stateChanged = FALSE;
+
+ if (strcmp(option, TOOLSOPTION_ENABLE_APPINFO) == 0) {
+ g_debug("%s: Tools set option %s=%s.\n",
+ __FUNCTION__, TOOLSOPTION_ENABLE_APPINFO, value);
+
+ if (strcmp(value, "1") == 0 && !gAppInfoEnabledInHost) {
+ gAppInfoEnabledInHost = TRUE;
+ stateChanged = TRUE;
+ } else if (strcmp(value, "0") == 0 && gAppInfoEnabledInHost) {
+ gAppInfoEnabledInHost = FALSE;
+ stateChanged = TRUE;
+ }
+
+ if (stateChanged) {
+ g_info("%s: State of AppInfo is changed to '%s' at host side.\n",
+ __FUNCTION__, gAppInfoEnabledInHost ? "enabled" : "disabled");
+ TweakGatherLoop(ctx, TRUE);
+ }
+ }
+
+ return stateChanged;
+}
+
+
+/*
+ *****************************************************************************
+ * ContainerInfoServerReset --
+ *
+ * Callback function that gets called whenever the RPC channel gets reset.
+ * Disable the current timer and set a timer for random interval; after that
+ * interval, the timer will be resumed at the standard interval.
+ * The one time random interval is intended to avoid the possibility that the
+ * containerinfo plugin might run at the same time in a collection of
+ * VMs - such as might be created by instant clone - which could in turn cause
+ * a load spike on the host.
+ *
+ * @param[in] src The source object.
+ * @param[in] ctx Application context.
+ * @param[in] data Unused.
+ *
+ *****************************************************************************
+ */
+
+static void
+ContainerInfoServerReset(gpointer src, // IN
+ ToolsAppCtx *ctx, // IN
+ gpointer data) // IN
+{
+ /*
+ * Handle reset for containerinfo loop.
+ */
+ if (gContainerInfoTimeoutSource != NULL) {
+ guint interval;
+
+ ASSERT(Atomic_Read32(&gContainerInfoPollInterval) != 0);
+
+#define MIN_CONTAINERINFO_INTERVAL 30
+
+ if (Atomic_Read32(&gContainerInfoPollInterval) >
+ MIN_CONTAINERINFO_INTERVAL) {
+ GRand *gRand = g_rand_new();
+
+ interval = g_rand_int_range(gRand,
+ MIN_CONTAINERINFO_INTERVAL,
+ Atomic_Read32(&gContainerInfoPollInterval));
+ g_rand_free(gRand);
+ } else {
+ interval = Atomic_Read32(&gContainerInfoPollInterval);
+ }
+
+#undef MIN_CONTAINERINFO_INTERVAL
+
+ g_info("%s: Using poll interval for containerinfo loop: %u.\n",
+ __FUNCTION__, interval);
+
+ TweakGatherLoopEx(ctx, interval);
+ } else {
+ /*
+ * Channel got reset. VM might have vMotioned to an older host
+ * that doesn't send the 'Set_Option enableAppInfo'.
+ * Set gAppInfoEnabledInHost to TRUE and tweak the gather loop.
+ * Else, the application information may never be captured.
+ */
+ if (!gAppInfoEnabledInHost) {
+ gAppInfoEnabledInHost = TRUE;
+ TweakGatherLoop(ctx, TRUE);
+ } else {
+ g_debug("%s: Poll loop disabled. Ignoring.\n", __FUNCTION__);
+ }
+ }
+}
+
+
+/*
+ *****************************************************************************
+ * ToolsOnLoad --
+ *
+ * Plugin entry point. Initializes internal plugin state.
+ *
+ * @param[in] ctx The app context.
+ *
+ * @retval The registration data.
+ *
+ *****************************************************************************
+ */
+
+TOOLS_MODULE_EXPORT ToolsPluginData *
+ToolsOnLoad(ToolsAppCtx *ctx) // IN
+{
+ static ToolsPluginData regData = {
+ "containerInfo",
+ NULL,
+ NULL
+ };
+
+ /*
+ * Return NULL to disable the plugin if not running in a VMware VM.
+ */
+ if (!ctx->isVMware) {
+ g_info("%s: Not running in a VMware VM.\n", __FUNCTION__);
+ return NULL;
+ }
+
+ /*
+ * Return NULL to disable the plugin if not running in vmsvc daemon.
+ */
+ if (!TOOLS_IS_MAIN_SERVICE(ctx)) {
+ g_info("%s: Not running in vmsvc daemon: container name='%s'.\n",
+ __FUNCTION__, ctx->name);
+ return NULL;
+ }
+
+ /*
+ * This plugin is useless without an RpcChannel. If we don't have one,
+ * just bail.
+ */
+ if (ctx->rpc != NULL) {
+ ToolsPluginSignalCb sigs[] = {
+ { TOOLS_CORE_SIG_CONF_RELOAD, ContainerInfoServerConfReload, NULL },
+ { TOOLS_CORE_SIG_SHUTDOWN, ContainerInfoServerShutdown, NULL },
+ { TOOLS_CORE_SIG_RESET, ContainerInfoServerReset, NULL },
+ { TOOLS_CORE_SIG_SET_OPTION, ContainerInfoServerSetOption, NULL }
+ };
+ ToolsAppReg regs[] = {
+ { TOOLS_APP_SIGNALS,
+ VMTools_WrapArray(sigs, sizeof *sigs, ARRAYSIZE(sigs))
+ }
+ };
+
+ regData.regs = VMTools_WrapArray(regs,
+ sizeof *regs,
+ ARRAYSIZE(regs));
+
+ /*
+ * Set up the containerInfo gather loop.
+ */
+ TweakGatherLoop(ctx, TRUE);
+
+ return ®Data;
+ }
+
+ return NULL;
+}
--- /dev/null
+/*********************************************************
+ * Copyright (C) 2021 VMware, Inc. All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as published
+ * by the Free Software Foundation version 2.1 and no later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the Lesser GNU General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ *********************************************************/
+
+#ifndef _CONTAINERINFOINT_H_
+#define _CONTAINERINFOINT_H_
+
+#include <glib.h>
+
+/**
+ * @file containerInfoInt.h
+ *
+ * Header file with few functions that are internal to containerInfo plugin.
+ */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef struct ContainerInfo {
+ char *id;
+ char *image;
+} ContainerInfo;
+
+void ContainerInfo_DestroyContainerData(void *pointer);
+void ContainerInfo_DestroyContainerList(GSList *containerList);
+
+GHashTable *ContainerInfo_GetDockerContainers(const char *dockerSocketPath);
+
+GSList *ContainerInfo_GetContainerList(const char *ns,
+ const char *containerdSocketPath,
+ unsigned int maxContainers);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _CONTAINERINFOINT_H_ */
--- /dev/null
+/*********************************************************
+ * Copyright (C) 2021 VMware, Inc. All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as published
+ * by the Free Software Foundation version 2.1 and no later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the Lesser GNU General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ *********************************************************/
+
+/*
+ * containerInfo_docker.c --
+ *
+ * This file defines docker specific functions which are needed by
+ * containerInfo. Docker API is called using libcurl to find runnning
+ * docker containers and collect relevant info.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#define G_LOG_DOMAIN "containerInfo"
+#include "jsmn.h"
+#include "containerInfoInt.h"
+#include <curl/curl.h>
+#include "vm_assert.h"
+
+#define HTTP_HEADER "HTTP"
+#define HTTP_HEADER_LENGTH (sizeof HTTP_HEADER - 1)
+#define HTTP_STATUS_SUCCESS "200"
+#define HTTP_STATUS_SUCCESS_LENGTH (sizeof HTTP_STATUS_SUCCESS - 1)
+#define TOKENS_PER_ALLOC 500
+#define MAX_TOKENS 100000
+
+/*
+ * docker API versions are backwards compatible with older docker Engine
+ * versions so this is the oldest API version that is documented by docker
+ * at https://docs.docker.com/engine/api/
+ */
+#define DOCKER_API_VERSION "v1.18"
+
+typedef struct DockerBuffer {
+ char *response;
+ size_t size;
+} DockerBuffer;
+
+
+/*
+ ******************************************************************************
+ * ContainerInfoJsonEq --
+ *
+ * @brief Utility function to check whether a string jsmn token has value
+ * equal to @param s
+ *
+ * @param[in] json The json string
+ * @param[in] tok The jsmn token structure pointer
+ * @param[in] s The string to match in the token
+ *
+ * @retval TRUE successfully matched the string in the json token
+ * @retval FALSE did not match the string in the json token
+ *
+ ******************************************************************************
+ */
+
+static gboolean
+ContainerInfoJsonEq(const char *json,
+ jsmntok_t *tok,
+ const char *s)
+{
+ if (tok->type == JSMN_STRING &&
+ (int) strlen(s) == tok->end - tok->start &&
+ tok->start >= 0 && tok->end < strlen(json) &&
+ strncmp(json + tok->start, s, tok->end - tok->start) == 0) {
+ return TRUE;
+ }
+ return FALSE;
+}
+
+
+/*
+ ******************************************************************************
+ * ContainerInfoJsonEqIsKey --
+ *
+ * @brief Utility function that is same as ContainerInfoJsonEq() but also
+ * checks token is of the key type in the json.
+ *
+ * @param[in] json The json string
+ * @param[in] tok The jsmn token structure pointer
+ * @param[in] s The string to match in the token
+ *
+ * @retval TRUE successfully matched the string and token is a key
+ * @retval FALSE did not match the string or token is not a key
+ *
+ ******************************************************************************
+ */
+
+static gboolean
+ContainerInfoJsonEqIsKey(const char *json,
+ jsmntok_t *tok,
+ const char *s)
+{
+ /*
+ * Check tok->size. If tok is a key, tok->size will be 1.
+ */
+ return tok->size == 1 && ContainerInfoJsonEq(json, tok, s);;
+}
+
+
+/*
+ ******************************************************************************
+ * DockerWriteCB --
+ *
+ * @brief Sets callback for writing received data when using libcurl to access
+ * docker API. This function prototype is based on
+ * https://curl.se/libcurl/c/CURLOPT_WRITEFUNCTION.html
+ *
+ * @param[in] data info received from API
+ * @param[in] size this value is always 1 (according to curl docs)
+ * @param[in] nitems size of data
+ * @param[in] userdata pointer to DockerBuffer
+ *
+ * @retval number of bytes successfully written
+ *
+ ******************************************************************************
+ */
+
+static size_t
+DockerWriteCB(void *data, // IN
+ size_t size, // IN
+ size_t nitems, // IN
+ void *userdata) // IN
+{
+ size_t realsize = size * nitems;
+ DockerBuffer *mem = (DockerBuffer *) userdata;
+ char *realptr;
+ size_t newsize = mem->size + realsize + 1;
+
+ if (newsize < mem->size) {
+ g_warning("%s:%d: size overflow\n", __FUNCTION__, __LINE__);
+ g_free(mem->response);
+ mem->response = NULL;
+ return 0;
+ }
+
+ realptr = g_try_realloc(mem->response, newsize);
+ if (realptr == NULL) {
+ g_warning("%s:%d: out of memory\n", __FUNCTION__, __LINE__);
+ g_free(mem->response);
+ mem->response = NULL;
+ return 0;
+ }
+
+ mem->response = realptr;
+ memcpy(&mem->response[mem->size], data, realsize);
+ mem->size += realsize;
+ mem->response[mem->size] = '\0';
+
+ return realsize;
+}
+
+
+/*
+ ******************************************************************************
+ * DockerHeaderCB --
+ *
+ * @brief Sets callback for receiving header data and saving HTTP status
+ * when using libcurl to access docker API. For more info see
+ * https://curl.se/libcurl/c/CURLOPT_HEADERFUNCTION.html
+ *
+ * @param[in] buffer info received from API
+ * @param[in] size this value is always 1 (according to curl docs)
+ * @param[in] nitems size of buffer
+ * @param[in] userdata pointer to string to store docker status code
+ *
+ * @retval number of bytes of header data successfully received
+ *
+ ******************************************************************************
+ */
+
+static size_t
+DockerHeaderCB(char *buffer, // IN
+ size_t size, // IN
+ size_t nitems, // IN
+ void *userdata) // IN
+{
+ size_t realSize = size * nitems;
+ char **statusCode = (char **) userdata;
+ char *statusStart;
+ char *statusEnd;
+ char *bufPtr;
+ char *bufEnd;
+
+ /*
+ * Example of buffer: HTTP/1.1 404 Not Found\r\n
+ * Do not assume that buffer is null-terminated!
+ */
+ if (realSize <= HTTP_HEADER_LENGTH ||
+ memcmp(buffer, HTTP_HEADER, HTTP_HEADER_LENGTH) != 0) {
+ /*
+ * This is a separated header line, like: Api-Version: 1.41
+ */
+ return realSize;
+ }
+
+ bufEnd = buffer + realSize;
+ bufPtr = buffer + HTTP_HEADER_LENGTH;
+ statusStart = memchr(bufPtr, ' ', bufEnd - bufPtr);
+
+ if (statusStart == NULL) {
+ g_debug("%s:%d: HTTP header has unexpected format: %.*s\n",
+ __FUNCTION__, __LINE__, (int) realSize, buffer);
+ return 0;
+ }
+
+ bufPtr = ++statusStart;
+ statusEnd = memchr(bufPtr, ' ', bufEnd - bufPtr);
+
+ if (statusEnd == NULL) {
+ g_debug("%s:%d: HTTP header has unexpected format: %.*s\n",
+ __FUNCTION__, __LINE__, (int) realSize, buffer);
+ return 0;
+ }
+
+ *statusCode = g_strndup(statusStart, statusEnd - statusStart);
+ return realSize;
+}
+
+
+/*
+ ******************************************************************************
+ * DockerCallAPI --
+ *
+ * @brief Uses libcurl to access docker API and loads response to jsonString.
+ *
+ * @param[in] url url of docker API endpoint.
+ * e.g. http://v1.18/containers/json
+ * @param[in] unixSocket unix socket to communicate with docker.
+ * @param[in/out] jsonString stores the response from docker API.
+ *
+ * @retval TRUE successfully wrote valid response to jsonString
+ * @retval FALSE on failure
+ *
+ ******************************************************************************
+ */
+
+static gboolean
+DockerCallAPI(const char *url, // IN
+ const char *unixSocket, // IN
+ char **jsonString) // OUT
+{
+ DockerBuffer result = {0};
+ char *dockerStatus = NULL;
+ CURLcode ret;
+ char errBuf[CURL_ERROR_SIZE] = {'\0'};
+ gboolean retVal = FALSE;
+ CURL *curl = curl_easy_init();
+
+ if (curl == NULL) {
+ g_warning("%s:%d: curl failed to initialize\n",
+ __FUNCTION__, __LINE__);
+ return retVal;
+ }
+
+ curl_easy_setopt(curl, CURLOPT_UNIX_SOCKET_PATH, unixSocket);
+ curl_easy_setopt(curl, CURLOPT_URL, url);
+ curl_easy_setopt(curl, CURLOPT_ERRORBUFFER, errBuf);
+ curl_easy_setopt(curl, CURLOPT_HEADERFUNCTION, DockerHeaderCB);
+ curl_easy_setopt(curl, CURLOPT_HEADERDATA, &dockerStatus);
+ curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, (void *) DockerWriteCB);
+ curl_easy_setopt(curl, CURLOPT_WRITEDATA, (void *) &result);
+
+ ret = curl_easy_perform(curl);
+
+ if (ret == CURLE_OK && result.size > 0) {
+ /*
+ * might receive CURLE_OK from libcurl but dockerStatus does not
+ * equal 200. e.g. when page is not found by docker engine.
+ */
+ if (dockerStatus != NULL &&
+ strncmp(dockerStatus, HTTP_STATUS_SUCCESS,
+ HTTP_STATUS_SUCCESS_LENGTH) == 0) {
+ *jsonString = result.response;
+ retVal = TRUE;
+ } else {
+ g_warning("%s:%d: error response from docker engine. response: %s",
+ __FUNCTION__, __LINE__, result.response != NULL ?
+ result.response : "No response from docker engine.");
+ g_free(result.response);
+ }
+ } else {
+ if (errBuf[0] != '\0') {
+ g_warning("%s:%d: %s\n", __FUNCTION__, __LINE__, errBuf);
+ } else {
+ g_warning("%s:%d: docker request unsuccessful. strerror: %s\n",
+ __FUNCTION__, __LINE__, curl_easy_strerror(ret));
+ }
+ g_free(result.response);
+ }
+
+ g_free(dockerStatus);
+ curl_easy_cleanup(curl);
+ return retVal;
+}
+
+
+/*
+ ******************************************************************************
+ * ContainerInfoParseString --
+ *
+ * @brief parses and stores input string as tokens.
+ *
+ * @param[in] jsonString The string to parse.
+ * @param[in/out] tokens Stores tokenized version of jsonString.
+ *
+ * @retval number of tokens parsed from jsonString or -1 on failure.
+ ******************************************************************************
+ */
+
+static int
+ContainerInfoParseString(char *jsonString, // IN
+ jsmntok_t **tokens) // IN/OUT
+{
+ gsize jsonLength;
+ jsmn_parser parser;
+ int numTokens;
+ int ret;
+
+ ASSERT(jsonString);
+ jsmn_init(&parser);
+ jsonLength = strlen(jsonString);
+ numTokens = TOKENS_PER_ALLOC;
+ *tokens = (jsmntok_t *) g_malloc0(numTokens * sizeof(jsmntok_t));
+
+ while ((ret = jsmn_parse(&parser, jsonString, jsonLength,
+ *tokens, numTokens)) == JSMN_ERROR_NOMEM) {
+ numTokens += TOKENS_PER_ALLOC;
+ if (numTokens > MAX_TOKENS) {
+ g_warning("%s:%d: number of jsmn tokens: %d exceeded max :%d",
+ __FUNCTION__, __LINE__,
+ numTokens, MAX_TOKENS);
+ g_free(*tokens);
+ *tokens = NULL;
+ return -1;
+ }
+ *tokens = g_realloc(*tokens, numTokens * sizeof(jsmntok_t));
+ }
+
+ if (ret < 0) {
+ g_warning("%s:%d: jsmn error: %d parsing failed at character %d\n",
+ __FUNCTION__, __LINE__, ret, parser.pos);
+ g_free(*tokens);
+ *tokens = NULL;
+ }
+
+ return ret;
+}
+
+
+/*
+ *****************************************************************************
+ * ContainerInfo_GetDockerContainers --
+ *
+ * @brief Entry point for gathering running docker container info
+ *
+ *
+ * @retval TRUE successfully collected docker container info
+ * @retval FALSE on failure
+ *
+ *****************************************************************************
+ */
+
+GHashTable *
+ContainerInfo_GetDockerContainers(const char *dockerSocketPath) // IN
+{
+ jsmntok_t *t = NULL;
+ int i;
+ int numTokens;
+ char *dockerContainerString = NULL;
+ char *endpt = g_strdup_printf("http://%s/containers/json?"
+ "filters={\"status\":[\"running\"]}",
+ DOCKER_API_VERSION);
+ GHashTable *containerTable = NULL;
+
+ if (!DockerCallAPI(endpt,
+ dockerSocketPath,
+ &dockerContainerString)) {
+ g_warning("%s: Failed to get the list of containers.", __FUNCTION__);
+ goto exit;
+ }
+
+ numTokens = ContainerInfoParseString(dockerContainerString, &t);
+
+ if (numTokens <= 0 || t[0].type != JSMN_ARRAY) {
+ g_warning("%s: invalid json response\n",
+ __FUNCTION__);
+ goto exit;
+ }
+
+ containerTable = g_hash_table_new_full(g_str_hash, g_str_equal,
+ g_free, g_free);
+
+ /* Example of "GET containers/json" response.
+ * Each item in the array is a running container.
+ * [{"Id":"370a480816ec5207c620fe628bd162925b85d150b3303601f76c3fe47ed863de",
+ * "Names":["/fervent_goldwasser"],
+ * "Image":"redis",
+ * "ImageID":"sha256:de974760ddb2f32dbddb74b7bb8cff4c1eee06d43d36d11bbc",
+ * "Command":"docker-entrypoint.sh redis-server",
+ * "Created":1623742538,
+ * "Ports":[{"PrivatePort":6379,"Type":"tcp"}],
+ * "Labels":{},
+ * "State":"running",
+ * "Status":"Up 29 minutes",
+ * "HostConfig":{"NetworkMode":"default"},
+ * "NetworkSettings":{...},
+ * "Mounts":[...]},
+ * {"Id":"b3ba5ed8b84816c66a6b6fe5903565164ea953ecdddf190263d52ed6ad0f6088",
+ * "Names":["/bold_solomon"],
+ * "Image":"nginx",
+ * "ImageID":"sha256:62d49f9bab67f7c70ac3395855bf01389eb3175b374e621f6f19",
+ * "Command":"/docker-entrypoint.sh nginx -g 'daemon off;'",
+ * "Created":1623742533,
+ * "Ports":[{"PrivatePort":80,"Type":"tcp"}],
+ * "Labels":{"maintainer":"NGINX Docker Maintainers"},
+ * "State":"running",
+ * "Status":"Up 29 minutes",
+ * "HostConfig":{"NetworkMode":"default"},
+ * "NetworkSettings":{...},
+ * "Mounts":[]}]
+ */
+ i = 1;
+ while (i < numTokens) {
+ if (t[i].type == JSMN_OBJECT) {
+ char *id = NULL;
+ char *image = NULL;
+ int end = t[i].end;
+
+ i++;
+ while (i < numTokens - 1 && t[i + 1].start < end) {
+ if (t[i].type == JSMN_STRING &&
+ t[i + 1].type == JSMN_STRING) {
+ if (ContainerInfoJsonEqIsKey(dockerContainerString,
+ &t[i], "Id")) {
+ if (id != NULL) {
+ g_warning("%s:%d: found duplicate key for \"Id\". Json"
+ "has improper format\n", __FUNCTION__, __LINE__);
+ break;
+ }
+
+ id = g_strdup_printf("%.*s",
+ t[i + 1].end - t[i + 1].start,
+ dockerContainerString + t[i + 1].start);
+ } else if (ContainerInfoJsonEqIsKey(dockerContainerString,
+ &t[i], "Image")) {
+ if (image != NULL) {
+ g_warning("%s:%d: found duplicate key for \"Image\". Json"
+ "has improper format\n", __FUNCTION__, __LINE__);
+ break;
+ }
+
+ image =
+ g_strdup_printf("%.*s",
+ t[i + 1].end - t[i + 1].start,
+ dockerContainerString + t[i + 1].start);
+ }
+ }
+
+ if (image != NULL && id != NULL) {
+ g_debug("%s: Found docker container id: %s and image: %s",
+ __FUNCTION__, id, image);
+ g_hash_table_insert(containerTable, id, image);
+ id = NULL;
+ image = NULL;
+ break;
+ }
+ i++;
+ }
+
+ /*
+ * Check id and image in the case of (image && !id) and (!image && id)
+ */
+ if (id != NULL) {
+ g_free(id);
+ }
+ if (image != NULL) {
+ g_free(image);
+ }
+ }
+ i++;
+ }
+
+exit:
+ g_free(t);
+ g_free(endpt);
+ g_free(dockerContainerString);
+ return containerTable;
+}
--- /dev/null
+/*********************************************************
+ * Copyright (C) 2021 VMware, Inc. All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as published
+ * by the Free Software Foundation version 2.1 and no later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the Lesser GNU General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ *********************************************************/
+
+/*
+ * containerInfo_grpc.cc --
+ *
+ * This file defines specific functions which are needed to query
+ * the containerd daemon and retrieve the list of running
+ * containers. A gRPC connection is created using the containerd unix
+ * socket and the specified namespace is queried for any running containers.
+ */
+
+#define G_LOG_DOMAIN "containerInfo"
+
+#include "containerInfoInt.h"
+#include "containers.grpc.pb.h"
+#include "containers.pb.h"
+#include <grpc++/grpc++.h>
+#include <stdio.h>
+
+using namespace containerd::services::containers::v1;
+using namespace google::protobuf;
+
+
+/*
+ ******************************************************************************
+ * ContainerInfo_GetContainerList --
+ *
+ * @brief A gRPC connection is created with the containerd unix
+ * socket and specified namespace is inspected for
+ * running containers.
+ *
+ * @param[in] ns Namespace to be queried.
+ * @param[in] containerdSocketPath Path of the socket.
+ * @param[in] maxContainers Maximum number of containers to be
+ * returned in the list.
+ *
+ * @retval the list of running containers.
+ * NULL if any error occurs or no containers are running.
+ *
+ ******************************************************************************
+ */
+
+GSList *
+ContainerInfo_GetContainerList(const char *ns, // IN
+ const char *containerdSocketPath, // IN
+ unsigned int maxContainers) // IN
+{
+ GSList *containerList = NULL;
+ std::shared_ptr<grpc::ChannelInterface> channel;
+ std::unique_ptr<Containers::Stub> containerStub;
+ grpc::Status status;
+ int i;
+ const ListContainersRequest req;
+ std::unique_ptr<ListContainersResponse> res;
+ grpc::ClientContext containerContext;
+ static const std::string namespaceKey = "containerd-namespace";
+ gchar *unixSocket = NULL;
+ int numContainers = 0;
+
+ if (ns == NULL || containerdSocketPath == NULL) {
+ g_warning("%s: Invalid arguments specified.\n", __FUNCTION__);
+ goto exit;
+ }
+
+ unixSocket = g_strdup_printf("unix://%s", containerdSocketPath);
+
+ containerContext.AddMetadata(namespaceKey, ns);
+
+ channel =
+ grpc::CreateChannel(unixSocket, grpc::InsecureChannelCredentials());
+
+ if (channel == nullptr) {
+ g_warning("%s: Failed to create gRPC channel\n", __FUNCTION__);
+ goto exit;
+ }
+
+ containerStub = Containers::NewStub(channel);
+ if (containerStub == nullptr) {
+ g_warning("%s: Failed to create containerStub\n", __FUNCTION__);
+ goto exit;
+ }
+
+ res = std::make_unique<ListContainersResponse>();
+ status = containerStub->List(&containerContext, req, res.get());
+
+ if (!status.ok()) {
+ g_warning("%s: Failed to list containers. Error: %s\n", __FUNCTION__,
+ status.error_message().c_str());
+ goto exit;
+ }
+
+ g_debug("%s: Namespace: '%s', number of containers found: %d", __FUNCTION__,
+ ns, res->containers_size());
+
+ for (i = 0; i < res->containers_size() && i < maxContainers; i++) {
+ Container curContainer = res->containers(i);
+ std::string id = curContainer.id();
+ std::string image = curContainer.image();
+ ContainerInfo *info = (ContainerInfo *)g_malloc(sizeof(*info));
+
+ info->id = g_strdup(id.c_str());
+ info->image = g_strdup(image.c_str());
+
+ g_debug("%s: Found container id: %s and image: %s\n", __FUNCTION__,
+ info->id, info->image);
+ containerList = g_slist_prepend(containerList, info);
+ }
+
+exit:
+ g_free(unixSocket);
+ return containerList;
+}
# guestinfo variable.
#remove-duplicates=true
+[containerinfo]
+
+# This plugin collects info about running containers in guest OS.
+
+# User-defined poll interval in seconds. Set to 0 to disable the plugin.
+#poll-interval=21600
+
+# Maximum number of containers to be retrieved.
+#max-containers=256
+
+# Whether to remove the duplicate containers information in the
+# guestinfo variable.
+#remove-duplicates=true
+
+# Unix socket to use to communicate with the docker daemon.
+#docker-unix-socket=/var/run/docker.sock
+
+# The unix socket to connect to communicate with containerd grpc server
+# for retrieving the list of running containers.
+#containerd-unix-socket=/run/containerd/containerd.sock
+
+# List of namespaces to be queried for the running containers.
+# The value for this key is a comman separated list.
+#allowed-namespaces=moby,k8s.io,default
+
[servicediscovery]
# This plugin provides admins with additional info for better VM management.
projects / thirdparty / open-vm-tools.git / commitdiff
