Public Repository

Last pushed: a year ago
Short Description
CMS Universal Image Insight
Full Description

This image is used to scan docker registry and generate scan file for each image which belongs to this docker registry.
Before running of this image, you need setup swarm, mongodb as prerequisite. Then choose a registry that you want to scan.

There is a example for uii ,in my env, there are 3 linux Node(1.1.1.1,1.1.1.2,1.1.1.3)

1.swarm(1.1.1.1), customer should setup by themselves.

root@SGDLITVM0525:/# docker run -d -p 4000:2375 -v /cluster:/cluster swarm manage file:///cluster
Unable to find image 'swarm:latest' locally
latest: Pulling from library/swarm
51436fd4bb0d: Pull complete 
c31a5390266f: Pull complete 
e40019be13ea: Pull complete 
a3ed95caeb02: Pull complete 
Digest: sha256:02fdbfa3740ac923dc0c9a579ba04efaa0d39b0c05eb933358fe7421fdaf17b7
Status: Downloaded newer image for swarm:latest
3f27177903f2c352f99a58290b1b3f63ddb61aa8555a3b480480657d19fc227e
root@SGDLITVM0525:/# docker ps
CONTAINER ID        IMAGE                       COMMAND                  CREATED             STATUS                                  PORTS                                      NAMES
3f27177903f2        swarm                       "/swarm manage file:/"   5 seconds ago       Up 4 seconds                         0.0.0.0:4000->2375/tcp                     boring_mayer

make a cluster file contains the two nodes.

root@SGDLITVM0525:/# cat /cluster
1.1.1.2:2375
1.1.1.3:2375

Swarm Manager: 1.1.1.1:4000.
Swarm Node:1.1.1.2:2375
Swarm Node:1.1.1.3:2375

2.Registry(1.1.1.2),customer should setup by themselves.

root@SGDLITVM0431:/# docker run -d -p 5000:5000 --name registry  registry:2
f47d288a5596fc7aa73c8c47dbfb76019dc33da59d0bb44f5f3114e62508d935
root@SGDLITVM0431:/# docker ps
CONTAINER ID        IMAGE                         COMMAND                  CREATED             STATUS              PORTS                                                                              NAMES
f47d288a5596        registry:2                    "/bin/registry /etc/d"   6 seconds ago       Up 4 seconds        0.0.0.0:5000->5000/tcp                                                            registry

registry config.yml should configure notifications

notifications:
  endpoints:
   -  name: alistener
      url: http://1.1.1.1:8088/api/registry/event?registry=1.1.1.2:5000
      headers:
        Authorization: [Bearer <your token, if needed>]
      timeout: 500ms
      threshold: 5
      backoff: 1s

3.Mongodb(1.1.1.1)

root@SGDLITVM0525:/# docker run -d -p 27017:27017 -p 28017:28017 -e MONGODB_PASS="mypass"  tutum/mongodb
Unable to find image 'tutum/mongodb:latest' locally
latest: Pulling from tutum/mongodb
8387d9ff0016: Pull complete 
3b52deaaf0ed: Pull complete 
4bd501fad6de: Pull complete 
a3ed95caeb02: Pull complete 
808453800cde: Pull complete 
b6e2d9acbb3d: Pull complete 
c10975fb6a9d: Pull complete 
Digest: sha256:157ed000a8b751b700d3ba4118e52300a52f1dc32d73d372c3633c370a281dc1
Status: Downloaded newer image for tutum/mongodb:latest
000c016c1570e04c3af3bf75825db101c1ae4f501d22505b641b1efdad6f3151
root@SGDLITVM0525:/# docker ps
CONTAINER ID        IMAGE                       COMMAND                  CREATED             STATUS                           PORTS                                                NAMES
000c016c1570        tutum/mongodb               "/run.sh"                8 seconds ago       Up 6 seconds                     0.0.0.0:27017->27017/tcp, 0.0.0.0:28017->28017/tcp   small_mcclintock

steps to login and operation.
3.1.docker exec -it 8d6accc20995 bash
3.2.command to enter mongodb:mongo admin
3.3.command to login with account: db.auth('admin', 'mypass')
3.4.command to query all images result in mongodb: db.images.find({})
3.5.command to remove all: db.images.remove({})

4.UII(1.1.1.1)

 root@SGDLITVM0525:/# docker run -it -p 8088:8080 -v /dockerWeb/startup.json:/dockerWeb/startup.json   hpsoftware/cms-uii:0.0.1

the container stop when end the task.

root@SGDLITVM0525:/# docker ps -a
CONTAINER ID        IMAGE                      COMMAND                  CREATED             STATUS                            PORTS                                                NAMES
a86c44773015        hpsoftware/cms-uii:0.0.1   "startup"                3 minutes ago       Exited (130) 3 minutes ago                                                             determined_noyce

startup.json

{
  "config": {
    "dric.host": "1.1.1.1:8088",   //cms-uii host where you run uii
    "swarm.scan.image":"hpsoftware/cms-uii-scanner:0.0.1", //uii-scan image
    "swarm.host":"1.1.1.1:4000",  //your swarm manager address
    "registry.host": "1.1.1.2:5000", //your registry address
    "registry.interval":720000, //the interval for the whole registry check.
    "scan.interval":30000, //the interval for scan.
    "recognizer.interval":30000, //the interval for xml enrich.
    "scanner.max": 5,   // max number of scan thread running.
    "mongo": {
      "address": "dric_persistor",
      "host": "1.1.1.1", //your mongodb address
      "port": 27017,
      "username": "admin",
      "password": "mypass",
      "pool_size": 20,
      "db_name": "admin",
      "read_preference": "nearest",
      "use_mongo_types": false
    }
  }
}

UII API:
E.g 1.1.1.1:8088 is uii host.

4.1.query all images with which has imageid, or query all images.
http://1.1.1.1:8088/api/images
http://1.1.1.1:8088/api/images?include=all

4.2.query images which update after timestamp=1461393095571
http://1.1.1.1:8088/api/images?timestamp=1461393095571

4.3.query detail of specific image which imageid is dfb4481bd21b6a130d71a8afba9dd4f477113dcdd9c7d480d5a5ecd70195cd25
http://1.1.1.1:8088/api/images?id=dfb4481bd21b6a130d71a8afba9dd4f477113dcdd9c7d480d5a5ecd70195cd25

4.4.download scan file or enrich file of image which imageid is 026377f32a110fd4dd516ef088f7dfead84cc1f36fd25111c9dd0bb390b83f6b
http://1.1.1.1:8088/api/images/026377f32a110fd4dd516ef088f7dfead84cc1f36fd25111c9dd0bb390b83f6b/scan
http://1.1.1.1:8088/api/images/026377f32a110fd4dd516ef088f7dfead84cc1f36fd25111c9dd0bb390b83f6b/enrich
open scan file with xml format.
http://1.1.1.1:8088/api/images/026377f32a110fd4dd516ef088f7dfead84cc1f36fd25111c9dd0bb390b83f6b/scan_xml
http://1.1.1.1:8088/api/images/026377f32a110fd4dd516ef088f7dfead84cc1f36fd25111c9dd0bb390b83f6b/enrich_xml

4.5.download scan file or enrich file of image 1.1.1.2:5000/dmb:01
http://1.1.1.1:8088/api/images/scan?host=1.1.1.2:5000&name=dmb&tag=01
http://1.1.1.1:8088/api/images/enrich?host=1.1.1.2:5000&name=dmb&tag=01
open scan file with xml format.
http://1.1.1.1:8088/api/images/scan_xml?host=1.1.1.2:5000&name=dmb&tag=01
http://1.1.1.1:8088/api/images/enrich_xml?host=1.1.1.2:5000&name=dmb&tag=01

4.6 event api configure in registry
http://1.1.1.1:8088/api/registry/event?registry=1.1.1.2:5000

5.scan container(1.1.1.2,1.1.1.3) is running in swarm node. it is started by cms-uii sending request to swarm manger.
it will be stopped and removed after sending scan file to cms-uii host.

CONTAINER ID        IMAGE                        COMMAND                  CREATED             STATUS              PORTS                    NAMES
cbb6d4fbbd8c         hpsoftware/cms-uii:0.0.1     "wrapdocker -l=file 1"   37 seconds ago      Up 17 seconds                                sick_poincare

note: if you stop cms-uii but the scan process is the process of scanning, then when it finishes task, it will be stopped but not removed,
you may use docker rm containerid to remove it.

Docker Pull Command
Owner
hpsoftware

Comments (0)