Merge pull request #1617 from ramereth/container-updates

Signed-off-by: Tim Smith <tsmith@chef.io>

2 files changed, 73 insertions, 0 deletions

diff --git a/lib/ohai/plugins/linux/virtualization.rb b/lib/ohai/plugins/linux/virtualization.rb
index 7d748571..4d4d36b2 100644
--- a/lib/ohai/plugins/linux/virtualization.rb
+++ b/lib/ohai/plugins/linux/virtualization.rb
@@ -35,6 +35,10 @@ Ohai.plugin(:Virtualization) do
     which("docker")
   end
 
+  def podman_exists?
+    which("podman")
+  end
+
   collect_data(:linux) do
     virtualization Mash.new unless virtualization
     virtualization[:systems] ||= Mash.new
@@ -46,6 +50,13 @@ Ohai.plugin(:Virtualization) do
       virtualization[:systems][:docker] = "host"
     end
 
+    # Podman hosts
+    if podman_exists?
+      virtualization[:system] = "podman"
+      virtualization[:role] = "host"
+      virtualization[:systems][:podman] = "host"
+    end
+
     # Xen Notes:
     # - /proc/xen is an empty dir for EL6 + Linode Guests + Paravirt EC2 instances
     # - cpuid of guests, if we could get it, would also be a clue
@@ -210,6 +221,20 @@ Ohai.plugin(:Virtualization) do
         virtualization[:system] = "nspawn"
         virtualization[:role] = "guest"
         virtualization[:systems][:nspawn] = "guest"
+      elsif /container=podman/.match?(file_read("/proc/1/environ"))
+        logger.trace("Plugin Virtualization: /proc/1/environ indicates podman container. Detecting as podman guest")
+        virtualization[:system] = "podman"
+        virtualization[:role] = "guest"
+        virtualization[:systems][:podman] = "guest"
+      # Detect any containers that appear to be using docker such as those running on Github Actions virtual machines
+      # but aren't triggered by the cgroup regex above. It's pretty safe to assume if the cgroup contains containerd,
+      # it's likely using docker.
+      # https://rubular.com/r/qhSmV113cPmEBT
+      elsif %r{^\d+:[^:]*:/[^/]+/(containerd)-?.+$}.match?(cgroup_content)
+        logger.trace("Plugin Virtualization: /proc/self/cgroup indicates docker container. Detecting as docker guest")
+        virtualization[:system] = "docker"
+        virtualization[:role] = "guest"
+        virtualization[:systems][:docker] = "guest"
       elsif lxc_version_exists? && file_read("/proc/self/cgroup") =~ %r{\d:[^:]+:/$}
         # lxc-version shouldn't be installed by default
         # Even so, it is likely we are on an LXC capable host that is not being used as such
diff --git a/spec/unit/plugins/linux/virtualization_spec.rb b/spec/unit/plugins/linux/virtualization_spec.rb
index eeb12176..3e29533c 100644
--- a/spec/unit/plugins/linux/virtualization_spec.rb
+++ b/spec/unit/plugins/linux/virtualization_spec.rb
@@ -46,6 +46,7 @@ describe Ohai::System, "Linux virtualization platform" do
     allow(plugin).to receive(:which).with("lxc-version").and_return(nil)
     allow(plugin).to receive(:which).with("lxc-start").and_return(nil)
     allow(plugin).to receive(:which).with("docker").and_return(nil)
+    allow(plugin).to receive(:which).with("podman").and_return(nil)
     allow(plugin).to receive(:nova_exists?).and_return(false)
   end
 
@@ -96,6 +97,16 @@ describe Ohai::System, "Linux virtualization platform" do
     end
   end
 
+  describe "when we are checking for podman" do
+    it "sets podman host if docker binary exists" do
+      allow(plugin).to receive(:which).with("podman").and_return(true)
+      plugin.run
+      expect(plugin[:virtualization][:system]).to eq("podman")
+      expect(plugin[:virtualization][:role]).to eq("host")
+      expect(plugin[:virtualization][:systems][:podman]).to eq("host")
+    end
+  end
+
   describe "when we are checking for openstack" do
     it "sets openstack host if nova binary exists" do
       allow(plugin).to receive(:nova_exists?).and_return("/usr/bin/nova")
@@ -474,6 +485,18 @@ describe Ohai::System, "Linux virtualization platform" do
     end
   end
 
+  describe "when we are checking for podman" do
+    it "sets podman guest if /proc/1/environ has podman string in it" do
+      allow(plugin).to receive(:file_exist?).with("/proc/self/cgroup").and_return(true)
+      one_environ = "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/binTERM=xtermcontainer=podmanHOSTNAME=8a97c663f060HOME=/root".chomp
+      allow(plugin).to receive(:file_read).with("/proc/1/environ").and_return(one_environ)
+      allow(plugin).to receive(:file_read).with("/proc/self/cgroup").and_return("")
+      plugin.run
+      expect(plugin[:virtualization][:system]).to eq("podman")
+      expect(plugin[:virtualization][:role]).to eq("guest")
+    end
+  end
+
   describe "when we are checking for docker" do
     it "sets docker guest if /proc/self/cgroup exist and there are /docker/<hexadecimal> mounts" do
       self_cgroup = <<~CGROUP
@@ -558,6 +581,31 @@ describe Ohai::System, "Linux virtualization platform" do
       expect(plugin[:virtualization][:systems][:docker]).to eq("guest")
     end
 
+    it "sets docker guest if /proc/self/cgroup exists and there is a /system.slice/containerd.service mount" do
+      self_cgroup = <<~CGROUP
+        12:freezer:/actions_job/06f5c5298748c7418a34548cf0a2a5985b6064cc10cbc21fbaccb1d02242a89f
+        11:perf_event:/actions_job/06f5c5298748c7418a34548cf0a2a5985b6064cc10cbc21fbaccb1d02242a89f
+        10:net_cls,net_prio:/actions_job/06f5c5298748c7418a34548cf0a2a5985b6064cc10cbc21fbaccb1d02242a89f
+        9:devices:/actions_job/06f5c5298748c7418a34548cf0a2a5985b6064cc10cbc21fbaccb1d02242a89f
+        8:memory:/actions_job/06f5c5298748c7418a34548cf0a2a5985b6064cc10cbc21fbaccb1d02242a89f
+        7:cpuset:/actions_job/06f5c5298748c7418a34548cf0a2a5985b6064cc10cbc21fbaccb1d02242a89f
+        6:pids:/actions_job/06f5c5298748c7418a34548cf0a2a5985b6064cc10cbc21fbaccb1d02242a89f
+        5:hugetlb:/actions_job/06f5c5298748c7418a34548cf0a2a5985b6064cc10cbc21fbaccb1d02242a89f
+        4:cpu,cpuacct:/actions_job/06f5c5298748c7418a34548cf0a2a5985b6064cc10cbc21fbaccb1d02242a89f
+        3:blkio:/actions_job/06f5c5298748c7418a34548cf0a2a5985b6064cc10cbc21fbaccb1d02242a89f
+        2:rdma:/
+        1:name=systemd:/actions_job/06f5c5298748c7418a34548cf0a2a5985b6064cc10cbc21fbaccb1d02242a89f
+        0::/system.slice/containerd.service
+      CGROUP
+      allow(plugin).to receive(:file_exist?).with("/proc/self/cgroup").and_return(true)
+      allow(plugin).to receive(:file_read).with("/proc/self/cgroup").and_return(self_cgroup)
+      allow(plugin).to receive(:file_read).with("/proc/1/environ").and_return("")
+      plugin.run
+      expect(plugin[:virtualization][:system]).to eq("docker")
+      expect(plugin[:virtualization][:role]).to eq("guest")
+      expect(plugin[:virtualization][:systems][:docker]).to eq("guest")
+    end
+
     it "sets not set anything if /proc/self/cgroup exist and the cgroup is named arbitrarily, it isn't necessarily lxc." do
       self_cgroup = <<~CGROUP
         8:blkio:/Charlie