Discovery of software in Docker containers

9.2.5 Available from 9.2.5. Docker is a platform that allows for automating the deployment of applications inside software containers. BigFix Inventory discovers software that is installed inside Docker containers. It also measures license metric utilization of the discovered products.

Discovering software

BigFix Inventory discovers software that is installed in Docker containers on condition that:
  • Only one Docker engine is deployed on the host computer.
  • The Docker container is deployed on one of the following platforms:
    • Red Hat Enterprise Linux 7 for x86
    • Red Hat Enterprise Linux 7 for IBM System z (64-bit)
    • SUSE Linux 12 for x86
  • The Docker container is running.
  • The BigFix client is installed on the host computer.
  • Scans and uploads of their results are enabled on the host computer.
  • Software that is installed in the Docker container delivers software ID tags.
  • To ensure proper discovery of software on Docker containers, the content of a Docker container cannot change throughout its lifecycle.

9.2.10 Starting from application update 9.2.10, BigFix Inventory additionally supports software discovery on Docker containers under the Red Hat® OpenShift container application platform.

Viewing software

Software that is installed in Docker containers can be viewed on the Software Installations report. It is presented under the host computer. To learn why the software was discovered, click Details.
Details of software installed in a Docker container
The details include, among other, information about:
  • 1 Container on which the software was detected.
  • 2 Software ID tag that caused the detection.

Additional configuration

In some Docker environments, you might need to perform additional steps to specify a non-default installation path, or to exclude directories from scanning. For more information, see: Configuring scans on Docker containers.

Measuring license metric utilization

Apart from discovering software that is installed in Docker containers, BigFix Inventory also reports license metric utilization of the discovered products. When the Docker is deployed on a physical host, license metric utilization is calculated on the level of the host. When it is deployed on a virtual machine, utilization is calculated on the level of the virtual machine. For more details, see the following scenarios.
Important: Docker is not a subcapacity eligible virtualization but it can be used in combination with a subcapacity eligible virtualization. The scenarios show how utilization of PVU and RVU MAPC is calculated. Utilization of other reported metrics is calculated in an analogical way.

Scenario 1: Docker deployed on a physical server

When the Docker engine is deployed directly on a physical server, PVU and RVU MAPC utilization is measured on the level of the host computer.

Example: Three containers are deployed on a physical server that has four Intel Xeon 3400 processors, each with six cores. It gives 24 cores in total. IBM MQ is installed in two out of three containers. BigFix Inventory counts PVU and RVU MAPC utilization on the level of the host computer.


Docker deployed on a physical server

In this case, IBM MQ has access to 24 cores. According to the PVU table, when the server has four sockets, this processor model is assigned 100 PVUs per core. Thus, PVU utilization for IBM MQ equals 2400 PVUs. The value would be the same if another instance of IBM MQ was installed in the third container.

Scenario 2: Docker deployed on a virtual machine

When the Docker engine is deployed on a virtual machine, PVU and RVU MAPC utilization is counted as the highest number of PVUs that are available for the virtual machine.

Example: Two virtual machines are installed on a physical server that has four Intel Xeon 3400 processors, each with six cores. It gives 24 cores in total. Each virtual machine is assigned eight cores and has two containers deployed. IBM MQ is installed:
  • In one container on the first virtual machine
  • In two containers on the second virtual machine

Docker deployed on a virtual machine

In this case, IBM MQ that is installed on each of the virtual machines has access to eight cores. In total, it has access to 16 cores out of 24 cores that are available on the physical computer. According to the PVU table, when the server has four sockets, this processor model is assigned 100 PVUs per core. Thus, PVU utilization for IBM MQ equals 1600 PVUs. If the Docker engine was deployed directly on the physical server, IBM MQ would have access to 24 cores and its PVU utilization would equal 2400 PVUs.

Disabling software discovery

By default, BigFix Inventory scans all Docker containers that are deployed on computers where the BigFix client is installed. If you do not want to scan the containers, but still want to monitor the host computer, you can disable scanning of Docker containers. For more information, see: Disabling scans on Docker containers.

Logs

To troubleshoot problems with discovery of software that is installed in Docker containers, see the docker_scan.log log. The log is stored in the BigFix client installation directory. By default, it is:
  • Linux var/opt/BesClient/LMT/CIT/docker_scan.log
  • Windows C:\Program Files (x86)\BigFix Enterprise\BESClient\LMT\CIT\docker_scan.log

10.0.9 Fixlet to force rescan Docker containers during next Software Scan

The fixlet, "Clear cache to force rescan Docker containers during next Software Scan" forces rescanning of docker containers during the next Initiate Software Scan. This is achieved by clearing cache of already scanned images. This task refers to the ISO tagged software scan on Docker containers.