api/docker/images/status.go
package images
import (
"context"
"slices"
"strings"
"time"
"github.com/docker/docker/api/types"
"github.com/docker/docker/api/types/container"
"github.com/docker/docker/api/types/filters"
portainer "github.com/portainer/portainer/api"
consts "github.com/portainer/portainer/api/docker/consts"
"github.com/opencontainers/go-digest"
"github.com/patrickmn/go-cache"
"github.com/pkg/errors"
"github.com/rs/zerolog/log"
)
// Status constants
const (
Processing = Status("processing")
Outdated = Status("outdated")
Updated = Status("updated")
Skipped = Status("skipped")
Preparing = Status("preparing")
Error = Status("error")
)
var (
statusCache = cache.New(24*time.Hour, 24*time.Hour)
remoteDigestCache = cache.New(5*time.Second, 5*time.Second)
swarmID2NameCache = cache.New(5*time.Second, 5*time.Second)
)
// Status holds Docker image analysis
type Status string
func (c *DigestClient) ContainersImageStatus(ctx context.Context, containers []types.Container, endpoint *portainer.Endpoint) Status {
cli, err := c.clientFactory.CreateClient(endpoint, "", nil)
if err != nil {
log.Error().Err(err).Msg("cannot create docker client")
return Error
}
statuses := make([]Status, len(containers))
for i, ct := range containers {
var nodeName string
if swarmNodeId := ct.Labels[consts.SwarmNodeIdLabel]; swarmNodeId != "" {
if swarmNodeName, ok := swarmID2NameCache.Get(swarmNodeId); ok {
nodeName, _ = swarmNodeName.(string)
} else {
node, _, err := cli.NodeInspectWithRaw(ctx, ct.Labels[consts.SwarmNodeIdLabel])
if err != nil {
return Error
}
nodeName = node.Description.Hostname
swarmID2NameCache.Set(swarmNodeId, nodeName, 0)
}
}
s, err := c.ContainerImageStatus(ctx, ct.ID, endpoint, nodeName)
if err != nil {
statuses[i] = Error
log.Warn().Str("containerId", ct.ID).Err(err).Msg("error when fetching image status for container")
continue
}
statuses[i] = s
if s == Outdated || s == Processing {
break
}
}
return FigureOut(statuses)
}
func FigureOut(statuses []Status) Status {
if allMatch(statuses, Skipped) {
return Skipped
}
if allMatch(statuses, Preparing) {
return Preparing
}
if contains(statuses, Outdated) {
return Outdated
} else if contains(statuses, Processing) {
return Processing
} else if contains(statuses, Error) {
return Error
}
return Updated
}
func (c *DigestClient) ContainerImageStatus(ctx context.Context, containerID string, endpoint *portainer.Endpoint, nodeName string) (Status, error) {
cli, err := c.clientFactory.CreateClient(endpoint, nodeName, nil)
if err != nil {
log.Warn().Str("swarmNodeId", nodeName).Msg("Cannot create new docker client.")
}
container, err := cli.ContainerInspect(ctx, containerID)
if err != nil {
log.Warn().Err(err).Str("containerID", containerID).Msg("Inspect container error.")
return Skipped, nil
}
var imageID string
if strings.Contains(container.Image, "sha256") {
imageID = container.Image[strings.Index(container.Image, "sha256"):]
}
if imageID == "" {
return Skipped, nil
}
digs := make([]digest.Digest, 0)
images := make([]*Image, 0)
if i, err := ParseImage(ParseImageOptions{Name: container.Config.Image}); err == nil {
images = append(images, &i)
}
imageInspect, _, err := cli.ImageInspectWithRaw(ctx, imageID)
if err != nil {
log.Debug().Str("imageID", imageID).Msg("inspect failed")
return Error, err
}
if len(imageInspect.RepoDigests) > 0 {
digs = append(digs, ParseRepoDigests(imageInspect.RepoDigests)...)
}
if len(imageInspect.RepoTags) > 0 {
images = append(images, ParseRepoTags(imageInspect.RepoTags)...)
}
s, err := c.checkStatus(images, digs)
if err != nil {
log.Debug().Str("image", container.Image).Err(err).Msg("fetching a certain image status")
return Error, err
}
statusCache.Set(imageID, s, 0)
return s, err
}
func (c *DigestClient) ServiceImageStatus(ctx context.Context, serviceID string, endpoint *portainer.Endpoint) (Status, error) {
cli, err := c.clientFactory.CreateClient(endpoint, "", nil)
if err != nil {
return Error, nil
}
containers, err := cli.ContainerList(ctx, container.ListOptions{
All: true,
Filters: filters.NewArgs(filters.Arg("label", consts.SwarmServiceIdLabel+"="+serviceID)),
})
if err != nil {
log.Warn().Err(err).Str("serviceID", serviceID).Msg("cannot list container for the service")
return Error, err
}
nonExistedOrStoppedContainers := make([]types.Container, 0)
for _, container := range containers {
if container.State == "exited" || container.State == "stopped" {
continue
}
// When there is a container with the state "Created" under the service, it
// indicates that the Docker Swarm is replacing the existing task with
// a new task. At the moment, the state of the new task is "Created", and
// the state of the old task is "Running".
// Until the new task runs up, the image status should be set "Preparing"
if container.State == "created" {
return Preparing, nil
}
nonExistedOrStoppedContainers = append(nonExistedOrStoppedContainers, container)
}
if len(nonExistedOrStoppedContainers) == 0 {
return Preparing, nil
}
return c.ContainersImageStatus(ctx, nonExistedOrStoppedContainers, endpoint), nil
}
func (c *DigestClient) checkStatus(images []*Image, digests []digest.Digest) (Status, error) {
if digests == nil {
digests = make([]digest.Digest, 0)
}
for _, img := range images {
if img.Digest != "" && !slices.Contains(digests, img.Digest) {
log.Info().Str("localDigest", img.Domain).Msg("incoming local digest is not nil")
digests = append([]digest.Digest{img.Digest}, digests...)
}
}
if len(digests) == 0 {
return Skipped, nil
}
var imageStatus Status
for _, img := range images {
var remoteDigest digest.Digest
var err error
if rd, ok := remoteDigestCache.Get(img.FullName()); ok {
remoteDigest, _ = rd.(digest.Digest)
}
if remoteDigest == "" {
remoteDigest, err = c.RemoteDigest(*img)
if err != nil {
log.Error().Str("image", img.String()).Msg("error when fetch remote digest for image")
return Error, err
}
}
remoteDigestCache.Set(img.FullName(), remoteDigest, 0)
log.Debug().Str("image", img.FullName()).Stringer("remote_digest", remoteDigest).
Int("local_digest_size", len(digests)).
Msg("Digests")
// final locals vs remote one
for _, dig := range digests {
log.Debug().
Str("image", img.FullName()).
Stringer("remote_digest", remoteDigest).
Stringer("local_digest", dig).
Msg("Comparing")
if dig == remoteDigest {
log.Debug().Str("image", img.FullName()).
Stringer("remote_digest", remoteDigest).
Stringer("local_digest", dig).
Msg("Found a match")
return Updated, nil
}
}
}
imageStatus = Outdated
return imageStatus, nil
}
func CachedResourceImageStatus(resourceID string) (Status, error) {
if s, ok := statusCache.Get(resourceID); ok {
return s.(Status), nil
}
return "", errors.Errorf("no image found in cache: %s", resourceID)
}
func CacheResourceImageStatus(resourceID string, status Status) {
statusCache.Set(resourceID, status, 0)
}
func CachedImageDigest(resourceID string) (Status, error) {
if s, ok := statusCache.Get(resourceID); ok {
return s.(Status), nil
}
return "", errors.Errorf("no image found in cache: %s", resourceID)
}
func EvictImageStatus(resourceID string) {
statusCache.Delete(resourceID)
}
func contains(statuses []Status, status Status) bool {
if len(statuses) == 0 {
return false
}
for _, s := range statuses {
if s == status {
return true
}
}
return false
}
func allMatch(statuses []Status, status Status) bool {
if len(statuses) == 0 {
return false
}
for _, s := range statuses {
if s != status {
return false
}
}
return true
}