RepoMirrors/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git/ synced 2025-03-31 23:58:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

MINOR: debug: report in port_mortem whether a container was detected

Browse Source 
Containers often cause significant trouble depending on how they're
set up, and they're not always trivial for their users to extract info
from. Here we're trying to detect if we're running inside a container
on Linux. There are plenty of approaches and none is perfectly clean
nor reliable, which makes sense since the goal is to remain transparent
enough.

One interesting approach is to rely on the observation that containers
generally do not expose most kernel threads, and that the very firsts
of them are extremely stable across all kernel versions: pid 2 was
called "keventd" in kernel 2.4, became "kthreadd" in kernel 2.6, and
has since not changed. This is true on all architectures tested, even
with highly stripped down kernels such as those found on 15 year-old
OpenWRT images. And this one doesn't appear inside containers. Thus
here we check if we find such a thread via /proc and whether it's
called keventd or kthreadd, to detect a container, and we set the
"cont_techno" variable to "yes" or "no" depending on what is found.
This commit is contained in:
Willy Tarreau 2023-11-22 11:37:37 +01:00
parent 4e3f9921de
commit cf8be50a3d
1 changed files with 13 additions and 0 deletions

13
src/debug.c
View File

@ -83,6 +83,7 @@ struct post_mortem {
char hw_model[64]; // hardware/hypervisor product/model when known
char brd_vendor[64]; // mainboard vendor when known
char brd_model[64]; // mainboard model when known
char cont_techno[16]; // empty, "no", "yes", "docker" or others
} platform;
} post_mortem ALIGNED(256) = { };
@ -460,6 +461,8 @@ static int debug_parse_cli_show_dev(char **args, char *payload, struct appctx *a
chunk_appendf(&trash, " board vendor: %s\n", post_mortem.platform.brd_vendor);
if (*post_mortem.platform.brd_model)
chunk_appendf(&trash, " board model: %s\n", post_mortem.platform.brd_model);
if (*post_mortem.platform.cont_techno)
chunk_appendf(&trash, " container: %s\n", post_mortem.platform.cont_techno);
if (*post_mortem.platform.utsname.sysname)
chunk_appendf(&trash, " OS name: %s\n", post_mortem.platform.utsname.sysname);
if (*post_mortem.platform.utsname.release)
@ -1927,6 +1930,16 @@ static void feed_post_mortem_linux()
strcmp(trash.area, post_mortem.platform.hw_family) != 0 &&
strcmp(trash.area, post_mortem.platform.hw_model) != 0))
strlcpy2(post_mortem.platform.brd_model, trash.area, sizeof(post_mortem.platform.brd_model));
/* Check for containers. In a container on linux we don't see keventd (2.4) kthreadd (2.6+) on pid 2 */
if (read_line_to_trash("/proc/2/status") <= 0 ||
(strcmp(trash.area, "Name:\tkthreadd") != 0 &&
strcmp(trash.area, "Name:\tkeventd") != 0)) {
strlcpy2(post_mortem.platform.cont_techno, "yes", sizeof(post_mortem.platform.cont_techno));
}
else {
strlcpy2(post_mortem.platform.cont_techno, "no", sizeof(post_mortem.platform.cont_techno));
}
#endif // __linux__
}