Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ensure that parsed container ID is 64 chars. #8206

Merged
merged 2 commits into from
Apr 4, 2023
Merged

Ensure that parsed container ID is 64 chars. #8206

merged 2 commits into from
Apr 4, 2023

Conversation

breedx-splk
Copy link
Contributor

Resolves #7437.

A few caveats about this. The TL;DR on #7437 is that a non-containerized process was reporting a container.id attribute. The submitter narrowed it down and I was able to confirm with the test case in this PR.

I hunted for other means for code to determine if it's containerized with the idea to not even do the parsing if not containerized, but I couldn't find anything useful. In fact, most approaches of detecting containerization at all do involve parsing cgroups. Wacky.

So I attempted to verify that container IDs should always be 64 characters. I found:

  • podman - docs here "Container ID (full 64-char hash)"
  • docker - UID generator source here shows 32 bytes (and even guards against fully numeric!)
  • lxc man page says "container identifier format is an alphanumeric string". If this maps into cgroups (no idea!), it would have already been broken in some cases because we enforce hex.

I'm a little concerned about this approach because the otel spec suggests that "The UUID might be abbreviated.", but it's unclear/non-specific about the circumstances that might cause this.

Open to hearing about why the approach presented here is a bad idea. 馃檭

@breedx-splk breedx-splk requested a review from a team as a code owner April 3, 2023 22:45
trask
trask approved these changes Apr 3, 2023
View reviewed changes
Copy link
Member

@trask trask left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

makes sense to me, thanks for posting your research 馃憤

I'm a little concerned about this approach because the otel spec suggests that "The UUID might be abbreviated."

I wonder if this was to accommodate external observers which may not be getting it from cgroups?

or maybe it's saying the instrumentation library "may" abbreviate it for compactness?

@arminru it looks like this text came from you, do you happen to remember more context? open-telemetry/opentelemetry-specification#673 (comment)

@arminru
Copy link
Member

arminru commented Apr 4, 2023

@trask Three years later I don't remember any details, but I think I was referring to the UUID short identifier here:
https://docs.docker.com/engine/reference/run/#container-identification
I don't think this short identifier is used by any programmatic means in practice, but rather just when a user is interacting with the console, so you might be fine with relying on the full identifier. I assume your means of retrieving the ID will always yield the full UUID anyway.

@trask trask merged commit 32b6bd2 into open-telemetry:main Apr 4, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@trask trask trask approved these changes

@mateuszrzeszutek mateuszrzeszutek mateuszrzeszutek approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

ContainerResource extract container.id in Host env
4 participants
@breedx-splk @arminru @trask @mateuszrzeszutek