Discovery uses the Docker Pattern to collect data about specific objects in a Docker engine, running on a Linux host.

The ServiceNow® platform supports the discovery of Docker release 1.11.0 or later.

Discovery runs the Docker Engine process classifier in the network. If the classifier identifies the dockerd or docker daemon process, the classifier triggers the Horizontal Pattern (HorizontalDiscoveryProbe) probe, which launches the Docker Pattern and begins collecting data from Docker components.
Note: For information on Probe to Pattern migration see the knowledge article KB0694477.

Prerequisites

User privileges
The user whose credentials are used to perform Docker Discovery must have privileges defined by one of these methods:
  • Provide a user with elevated rights for running commands, since the Docker daemon runs as the root user. The Docker pattern supports the use of privileged commands, such as sudo or pbrun, to run as the root user.
  • Assigned to a group named docker, which has special privileges for running Docker commands. For instructions on setting up a group, see documentation on Docker.
Latest patterns
Deploy the latest Discovery and Service Mapping Patterns application from ServiceNow Store.

Docker restrictions and considerations

When using Docker virtualization, consider the following:
  • The initial Discovery process scan can identify an application in a container and classify it correctly. However, subsequent probes launched to explore that application cannot see inside the container and cannot return details about the application.
  • Discovery scans all containers it finds, including inactive containers, which can slow down Discovery. You should delete containers that are not running.
  • Before setting sn_itom_pattern.manifest_digest_image_id property to true and running discovery: prevent duplicate Docker records from being created by deleting all Docker image records.
  • Only one Docker engine is permitted per computer (on either a physical or virtual machine).

Data collected by Discovery during horizontal discovery

These attributes are discovered, in addition to the attributes derived from the parent OSLV tables.
Table and fields Description
Docker Engine [cmdb_ci_docker_engine]
Name [name] Stores information about instances of the Docker engine.
OS Arch [os_arch]
GIT Commit [git_commit]
Build Date [build_date]
Version [version]
API Version [api_version]
Go Version [go_version]
Is Clustered [is_clustered]
Running Process [running_process]
Running Process Command [running_process_command]
Running Process Key Parameters [running_process_key_parameters]
Docker Image [cmdb_ci_docker_image]
Name [name] Stores information on the globally unique representation of Docker images.
Image id [image_id]
Image digest [image_digest]
Size (byte) [size_byte]
Image created [Image_created_at]
Docker Local Image [cmdb_ci_docker_local_image]
Name [name] Stores local instances of Docker images.
Image id [image_id]
Docker Image Tag [cmdb_ci_docker_image_tag]
Name [name] Stores tags from local Docker images.
Image id [image_id]
Repository [repository]
Tag [tag]
Docker Container [cmdb_ci_docker_container]
Name [name] Stores Docker containers found on the host.

In cases where duplicate records are created, deduplication tasks appear once discovery runs. For information on how to resolve these tasks, see the Making docker container identifier independent [KB1443042] article in the ServiceNow® Knowledge Base.

Image id [image_id]
Container id [container_id]
Size (bytes) [size_bytes]
Command [command]
Container created [container_created]
Status [status]
The Collect Container Repository extension section discovers this information.
Table and field Description
Container Repository [cmdb_ci_container_repository]
Name [name] The name of the container repository.
Container Repository Entry [cmdb_ci_container_repository_entry]
Name [name] The name of the container repository entry.
Category [category] The category of the container repository entry.

CI relationships

The Docker Pattern identifies the following relationships between discovered CIs.
Figure 1. Parent and child relationships for the OSLV and Docker dependent tables
OSLV table
The Collect Container Repository extension section of the Docker Pattern identifies these relationships.
CI Relationship CI
Docker Image [cmdb_ci_docker_image] Provisioned From::Provisioned Container Repository Entry [cmdb_ci_container_repository_entry]
Container Repository Entry [cmdb_ci_container_repository_entry] Hosted on::Hosts Container Repository [cmdb_ci_container_repository]

Identification, containment, and hosting rules

Discovery uses an application rule identifier to find the Docker engine and then applies other rules to identify specific Docker objects.

Application rule identifier

The system creates the cmdb_ci_docker_engine configuration item (CI) during process classification. Based on this, Discovery uses the Application Rule identifier on the Application [cmdb_ci_appl] table to identify the particular Docker engine encountered. After establishing this identity, Discovery uses the relationships defined in the containment and hosting rules to accurately create and update the individual Docker component CIs related to that engine.

Identifiers
Containment and hosting rules
Docker Discovery uses these Create or edit a collection of containment rules and Create or edit a collection of hosting rules rules to create configuration items (CI) from the data returned by the Docker Pattern. After Discovery identifies the Docker engine by its relationship to the Application [cmdb_ci_appl] table, it uses these rules to identify the specific CIs connected to that engine from their relationships to one another. By connecting the components to one another in this fashion, from the application down, starting with the engine, Discovery avoids creating duplicate CIs for components from other Docker engines that use the same name or image_id.
Table 1. Containment rule
Parent Child Relationship
Docker Local Image Docker Image Tag Has registered
Table 2. Hosting rules
Parent Child Relationship
Docker Container Docker Engine Managed by
Docker Local Image Docker Engine Managed by