Docker virtualization
-
- UpdatedJan 30, 2025
- 4 minutes to read
- Yokohama
- ITOM Visibility
Discovery uses the Docker Pattern to collect data about specific objects in a Docker engine, running on a Linux host.
The ServiceNow® platform supports the discovery of Docker release 1.11.0 or later.
Prerequisites
- User privileges
- The user whose credentials are used to perform Docker Discovery must have privileges defined by one of these methods:
- Provide a user with elevated rights for running commands, since the Docker daemon runs as the root user. The Docker pattern supports the use of privileged commands, such as sudo or pbrun, to run as the root user.
- Assigned to a group named docker, which has special privileges for running Docker commands. For instructions on setting up a group, see documentation on Docker.
- Latest patterns
- Deploy the latest Discovery and Service Mapping Patterns application from ServiceNow Store.
Docker restrictions and considerations
- The initial Discovery process scan can identify an application in a container and classify it correctly. However, subsequent probes launched to explore that application cannot see inside the container and cannot return details about the application.
- Discovery scans all containers it finds, including inactive containers, which can slow down Discovery. You should delete containers that are not running.
- Before setting sn_itom_pattern.manifest_digest_image_id property to true and running discovery: prevent duplicate Docker records from being created by deleting all Docker image records.
- Only one Docker engine is permitted per computer (on either a physical or virtual machine).
Data collected by Discovery during horizontal discovery
Table and fields | Description |
---|---|
Docker Engine [cmdb_ci_docker_engine] | |
Name [name] | Stores information about instances of the Docker engine. |
OS Arch [os_arch] | |
GIT Commit [git_commit] | |
Build Date [build_date] | |
Version [version] | |
API Version [api_version] | |
Go Version [go_version] | |
Is Clustered [is_clustered] | |
Running Process [running_process] | |
Running Process Command [running_process_command] | |
Running Process Key Parameters [running_process_key_parameters] | |
Docker Image [cmdb_ci_docker_image] | |
Name [name] | Stores information on the globally unique representation of Docker images. |
Image id [image_id] | |
Image digest [image_digest] | |
Size (byte) [size_byte] | |
Image created [Image_created_at] | |
Docker Local Image [cmdb_ci_docker_local_image] | |
Name [name] | Stores local instances of Docker images. |
Image id [image_id] | |
Docker Image Tag [cmdb_ci_docker_image_tag] | |
Name [name] | Stores tags from local Docker images. |
Image id [image_id] | |
Repository [repository] | |
Tag [tag] | |
Docker Container [cmdb_ci_docker_container] | |
Name [name] | Stores Docker containers found on the host. In cases where duplicate records are created, deduplication tasks appear once discovery runs. For information on how to resolve these tasks, see the Making docker container identifier independent [KB1443042] article in the ServiceNow® Knowledge Base. |
Image id [image_id] | |
Container id [container_id] | |
Size (bytes) [size_bytes] | |
Command [command] | |
Container created [container_created] | |
Status [status] |
Table and field | Description |
---|---|
Container Repository [cmdb_ci_container_repository] | |
Name [name] | The name of the container repository. |
Container Repository Entry [cmdb_ci_container_repository_entry] | |
Name [name] | The name of the container repository entry. |
Category [category] | The category of the container repository entry. |
CI relationships

CI | Relationship | CI |
---|---|---|
Docker Image [cmdb_ci_docker_image] | Provisioned From::Provisioned | Container Repository Entry [cmdb_ci_container_repository_entry] |
Container Repository Entry [cmdb_ci_container_repository_entry] | Hosted on::Hosts | Container Repository [cmdb_ci_container_repository] |
Identification, containment, and hosting rules
Discovery uses an application rule identifier to find the Docker engine and then applies other rules to identify specific Docker objects.
- Application rule identifier
The system creates the cmdb_ci_docker_engine configuration item (CI) during process classification. Based on this, Discovery uses the Application Rule identifier on the Application [cmdb_ci_appl] table to identify the particular Docker engine encountered. After establishing this identity, Discovery uses the relationships defined in the containment and hosting rules to accurately create and update the individual Docker component CIs related to that engine.
- Identifiers
- Containment and hosting rules
- Docker Discovery uses these Create or edit a collection of containment rules and Create or edit a collection of hosting rules rules to create configuration items (CI) from the data returned by the Docker Pattern. After Discovery identifies the Docker engine by its relationship to the Application [cmdb_ci_appl] table, it uses these rules to identify the specific CIs connected to that engine from their relationships to one another. By connecting the components to one another in this fashion, from the application down, starting with the engine, Discovery avoids creating duplicate CIs for components from other Docker engines that use the same name or image_id.
Table 1. Containment rule Parent Child Relationship Docker Local Image Docker Image Tag Has registered Table 2. Hosting rules Parent Child Relationship Docker Container Docker Engine Managed by Docker Local Image Docker Engine Managed by