Options for the imgtrack Script

IT Asset Management (Cloud)

Invocation

imgtrack is a shell script run from the command line of a Linux-based computer that has a local instance of Docker running, and, if necessary, is authenticated with the remote registries that store the container images used by your enterprise. The basic syntax identifies the container image under investigation (either by name or by ID), followed by zero or more option arguments.
imgtrack image [options]
If the image name is used, it follows the Docker convention of the repository/image name (shown in this page as example), a colon as a separator, and a current tag for this image within that repository (shown in this page as latest).
imgtrack example:latest --beacon https://mybeacn.example.com:443/leaveK8s
An alternative mode is to provide the --help option to list details about the command line:
imgtrack --help

Option values

Options follow the standard UNIX conventions.
  • Short-form options have a single dash followed by a single letter, and sometimes a space and a value
  • Long-form options have two dashes, the option name, and sometimes a space and a value
  • Some options are Boolean, and take effect (become true) solely from their inclusion (they do not need a value).
Placeholders for values to supply are shown thus.

Available options (listed in alphabetical order) include:

--beacon URL
-b URL

Type: Valid URL

Default: Unset

The URL of an inventory beacon to which collected inventories are uploaded immediately after collection. Must include the protocol (either http:// or https://), the host name, an optional port number (if used, separated from the host name by a colon), and any necessary path elements to reliably reach the inventory beacon. The value may include any or none of the /ManageSoftRL/Inventory path components used within the inventory beacon — these will be automatically appended by imgtrack if omitted from the flag (as in the example below).
Tip: Uptime on the inventory beacon, and network reliability on the path from the Linux device to the inventory beacon, are critical to inventory gathering. Because the derived image container is removed after the inventory gathering exercise is completed, there is no nightly catch-up of inventory uploads to recover from temporary network outages. The inventory beacon specified with this flag is the only one used by FlexNet Inventory Scanner when invoked by imgtrack. Also note that if you are using the https protocol, imgtrack supports only standard TLS to authenticate those communications.
If you do not wish to upload inventory to any inventory beacon, or if you want to provide a local file backup to recover from possible network interruptions, see --output-dir.
Example:
--beacon https://mybeacn.example.com:443/cntnrs
--build-only

Type: Boolean

Default: Unset

Stop after building the derived image. The container is not run and no inventory is produced. The ID of the derived image, and the docker command that would have been run, are printed to the screen, and then imgtrack exits. This option also automatically sets --no-cleanup-image.

Example:
imgtrack example:latest --build-only
--ca-certificates path

Type: String (valid path on the host computer to certificate bundle or folder)

Default: Unset

Copy the Certificate Authority (CA) certificates at the given path on the host computer into the derived image, and configure ndtrack to use them. The path may refer to:
  • A PEM-encoded file consisting of a bundle of CA certificates (in this case, the SSLCACertificateFile option for ndtrack is set)
  • A directory containing a number of PEM-encoded CA certificates (in this case, the SSLCACertificatePath option for ndtrack is set).
In either case, the file or directory is copied into the work directory, and then into the derived image.
Example:
imgtrack example:latest --ca-certificates /etc/ssl/certs/ca-bundle.crt
imgtrack example:latest --ca-certificates /etc/ssl/certs
--cpus float

Type: A floating-point number

Default: Unset (which means use all CPUs, which is equivalent to running a process outside a container, directly on the host, without a CPU limit)

Specifies the number of CPUs as the upper limit to assign when running the test container from the derived image. The value is passed directly to the docker run command (see the Docker documentation for details).

Example:
imgtrack example:latest --cpus 0.5
--from-ndtrack path

Type: Valid file path and file name for an installed version of the FlexNet Inventory Scanner self-installing script (ndtrack.sh) on the local device

Default: Unset

For inventory gathering, use the appropriate ndtrack binary from the ndtrack.sh self-installing script at the given path. This option can be useful in cases where the version of ndtrack embedded in imgtrack is not your organization's accepted version, but your approved version of ndtrack.sh has already been deployed to a custom location on the Linux device.

Notice that this is the dominant setting for ndtrack.sh. If the --local-ndtrack option is also given, it is ignored in favor of this option.

Compatibility is only guaranteed between imgtrack and the version of ndtrack.sh that it embeds within itself. If you specify --from-ndtrack, it is possible that the installed version of ndtrack used will not support all of the features necessary for proper operation of imgtrack. It is also your responsibility to ensure the integrity of, and trust in, the copy of ndtrack.sh that is used.

Example:
imgtrack example:latest --from-ndtrack /path/to/ndtrack.sh
--inventorysettings-path path

Type: String (valid path to an installed copy of InventorySettings.xml)

Default: Unset (meaning to look for the InventorySettings.xml file locally installed in the default path, /var/opt/managesoft/tracker/inventorysettings/InventorySettings.xml.)

To extend the functionality of the inventory component, look for (and if found, use) the copy of InventorySettings.xml found in the path provided. (If you need a copy of this file, which extends the functionality of ndtrack especially for Oracle and Microsoft inventory gathering, it is available on any inventory beacon in the default path %ProgramFiles%\Flexera Software\Inventory Beacon\RemoteExecution\Public\Inventory, as defined in the Windows share mgsRET$.)
Tip: If --no-inventorysettings is present, this option is ignored.
Example:
imgtrack example:latest --inventorysettings-path /some/directory
--libc-variant name
Type: A string value that is exactly one of:
  • glibc
  • muslc

Default: Unset

Use the named C library implementation, assumed now to be provided by the image under investigation. Skip the test to determine which C library implementation to use.

By default, imgtrack executes a container from the source image, running the command
ldd --version 2>&1
to determine which C library implementation to use based on the output (or else determine that the image is not supported). If --libc-variant is given, this test is skipped.
Example:
imgtrack example:latest --libc-variant muslc
--local-ndtrack

Type: Boolean

Default: Unset (uses the ndtrack.sh tarball bundled with imgtrack)

For inventory gathering, use the appropriate ndtrack binary from the ndtrack.sh "zero-footprint" self-installing script already present in the default location on the local computer at /opt/managesoft/libexec/support/ndtrack.sh. This option can be useful in cases where the version of ndtrack embedded in imgtrack is not your organization's accepted version, but your approved version of ndtrack.sh has already been deployed to the Linux device.
Tip: If the --from-ndtrack option is given, it takes precedence, and this option is ignored.
Compatibility is only guaranteed between imgtrack and the version of ndtrack.sh that it embeds within itself. If you specify --local-ndtrack, it is possible that the installed version of ndtrack used will not support all of the features necessary for proper operation of imgtrack. It is also your responsibility to ensure the integrity of, and trust in, the copy of ndtrack.sh that is used.
Example:
imgtrack example:latest --local-ndtrack
--memory size

Type: A special combination of an integer, followed immediately by a single character indicating the unit – one of b (bytes), k (kilobytes), m (megabytes), or g (gigabytes)

Default: Unset

Set a memory limit when running the container. This value is passed through directly to the docker run command, where the minimum value is 4m (see the Docker documentation for details).

Example:
imgtrack example:latest --memory 256m
--ndtrack-log

Type: Boolean

Default: Unset

Collect the log file written by ndtrack and print it to standard output. This is mostly useful for troubleshooting issues in the operation of ndtrack itself, such as issues uploading to the inventory beacon or issues with specific ndtrack features.

The ndtrack component does not support logging directly to standard output. To collect the logs, imgtrack creates a temporary directory within the working directory. The directory is mounted into the container at runtime, and the log file is written into it.
Tip: This is the same directory as when --output-dir is used.
Once the container exits, imgtrack writes the contents of the log file to the screen.
Example:
imgtrack example:latest --ndtrack-log
--ndtrack-opt option
-o option

Type: String

Default: Unset

Supply an option directly to the inventory component of the FlexNet Inventory Scanner (ndtrack). This should be needed only in rare circumstances. For more information about options for FlexNet Inventory Scanner, see Preferences.
Tip: Some ndtrack options are crucial to the operation of imgtrack, and cannot be overwritten. These options are visible within the imgtrack script.
Example:
imgtrack example:latest -o LowProfile=True
--network name

Type: String

Default: Unset

Attach the container to the named network. This option may be useful in cases where the default Docker network is not able to communicate with the inventory beacon, but a different Docker network can do so. The value is passed directly to the docker run command (see the Docker documentation for details).

Example:
imgtrack example:latest --network foo
--no-cleanup-all

Type: Boolean

Default: Unset

An alias for --no-cleanup-files --no-cleanup-image --no-cleanup-container.

Example:
imgtrack example:latest --no-cleanup-all
--no-cleanup-container

Type: Boolean

Default: Unset (meaning that imgtrack adds the --rm option to the Docker command, so that the container is deleted as soon as it exits)

Do not delete the container after it has exited (by omitting the --rm option from the Docker command). Eventually, this container needs to be deleted manually.
Remember: The image on which the container is based cannot be deleted while the container exists. For this reason, if you set --no-cleanup-container, it automatically also sets --no-cleanup-image, so that in due course, the derived image also needs to be deleted manually.
This is only useful for niche troubleshooting situations where you need to access the content of the container after the operation has completed.
Example:
imgtrack example:latest --no-cleanup-container
--no-cleanup-files

Type: Boolean

Default: Unset

Do not delete the working directory or any of the files contained within it. Write a message to standard output with the working directory's path (because the directory was created using the mktemp utility, meaning that the directory is unpredictably named). This is only useful for troubleshooting or evaluation.

Example:
imgtrack example:latest --no-cleanup-files
To conduct a dry run for evaluation purposes, combine this with the --build-only flag:
imgtrack example:latest --no-cleanup-files --build-only
--no-cleanup-image

Type: Boolean

Default: Unset (meaning to delete the derived image before imgtrack exits, regardless of success or failure)

Do not delete the derived image.
Tip: The derived image is not tagged, so it does not have a name. In the normal output from the docker image command, such images appear with a name and tag of "<none>". (Despite being unnamed, the derived images are labeled with information that can be used to manage them.) Note that the docker image prune command deletes these images.
Example:
imgtrack example:latest --no-cleanup-image
--no-file-evidence

Type: Boolean

Default: Unset (false)

By default, imgtrack enables a set of options to ndtrack that enable gathering file evidence through SWID tags. While the need to do so will be rare, this flag can be used to disable these options, so that file evidence from SWID tags is not included in the inventory.

Example:
imgtrack example:latest --no-file-evidence
--no-inventorysettings

Type: Boolean

Default: Unset (meaning to use the InventorySettings.xml file found in the default location to extend the functionality of the inventory component, copying it into the derived image)

When this option is specified, imgtrack does not check for InventorySettings.xml or copy the file into the derived image. Unless the derived image already contains its own copy of the inventory settings file, this results in reduced capabilities for inventory gathering by ndtrack.sh.

Example:
imgtrack example:latest --no-inventorysettings
--output-dir path
-d path

Type: Valid, existing directory on the host device (before triggering inventory collection, imgtrack verifies that the directory exists and that it can write to the directory, and exits with an error if verification fails)

Default: Unset

Copy the inventory to a directory on the host computer. When this option is given, a temporary directory is first created within the working directory used by imgtrack. The directory is mounted into the container at runtime, and the inventory is written into it. After the container terminates successfully, the inventory file is copied from the temporary directory into the final directory specified in this option.

Example:
imgtrack example:latest -d /some/local/host/path
--pull

Type: Boolean

Default: Unset (false)

Pull the identified image from the current registry of images to the local computer. For imgtrack to operate correctly, the image under investigation must be present in the local Docker image index on the local Linux device. This option causes imgtrack to run docker pull to transfer the image from the registry to the local image index before commencing any interactions with the image under investigation.

To avoid setting authentication parameters on the command line, imgtrack does not support logging in to any registry. If the target registry requires authentication, an operator must either:
  • Use the docker login command prior to running imgtrack with the ‑‑pull option; or
  • Ensure that the target image is already present on the local machine prior to running imgtrack, and in this case the --pull option should be omitted.
Example:
imgtrack example:latest --pull
--verbose
-v

Type: Boolean

Default: Unset

Enable more verbose logging from imgtrack.

Example:
imgtrack example:latest -v

IT Asset Management (Cloud)

Current