Options for the imgtrack Script
Invocation
imgtrack image [options]
If
the image name is used, it follows the Docker convention of the repository/image
name (shown in this page as example), a colon as a separator, and
a current tag for this image within that repository (shown in this page as
latest).
imgtrack example:latest --beacon https://mybeacn.example.com:443/leaveK8s
An
alternative mode is to provide the --help
option to list details
about the command line:imgtrack --help
Option values
- Short-form options have a single dash followed by a single letter, and sometimes a space and a value
- Long-form options have two dashes, the option name, and sometimes a space and a value
- Some options are Boolean, and take effect (become true) solely from their inclusion (they do not need a value).
Available options (listed in alphabetical order) include:
|
Type: Valid URL Default: Unset The URL of an inventory beacon to which collected inventories are
uploaded immediately after collection. Must include the protocol (either
http:// or https://), the
host name, an optional port number (if used, separated from the host
name by a colon), and any necessary path elements to reliably reach the
inventory beacon. The value may include any or none of the
/ManageSoftRL/Inventory path components used
within the inventory beacon — these will be automatically appended
by imgtrack if omitted from the flag (as in the
example below).
Tip: Uptime on the inventory beacon,
and network reliability on the path from the Linux device to the
inventory beacon, are critical to inventory gathering.
Because the derived image container is removed after the inventory
gathering exercise is completed, there is no nightly catch-up of
inventory uploads to recover from temporary network outages. The
inventory beacon specified with this flag is the
only one used by FlexNet Inventory Scanner when invoked by
imgtrack. Also note that if you are using
the
If you do not wish to upload inventory to any
inventory beacon, or if you want to provide a local file
backup to recover from possible network interruptions, see
https protocol, imgtrack
supports only standard TLS to authenticate those
communications.--output-dir .Example:
|
|
Type: Boolean Default: Unset Stop after building the derived image. The container is not run and no
inventory is produced. The ID of the derived image, and the docker
command that would have been run, are printed to the screen, and then
imgtrack exits. This option also automatically
sets Example:
|
|
Type: String (valid path on the host computer to certificate bundle or folder) Default: Unset Copy the Certificate Authority (CA) certificates at the given path on the
host computer into the derived image, and configure
ndtrack to use them. The path may refer to:
Example:
|
|
Type: A floating-point number Default: Unset (which means use all CPUs, which is equivalent to running a process outside a container, directly on the host, without a CPU limit) Specifies the number of CPUs as the upper limit to assign when running
the test container from the derived image. The value is passed directly
to the Example:
|
|
Type: Valid file path and file name for an installed version of the FlexNet Inventory Scanner self-installing script (ndtrack.sh) on the local device Default: Unset For inventory gathering, use the appropriate ndtrack binary from the ndtrack.sh self-installing script at the given path. This option can be useful in cases where the version of ndtrack embedded in imgtrack is not your organization's accepted version, but your approved version of ndtrack.sh has already been deployed to a custom location on the Linux device. Notice that this is the dominant setting for
ndtrack.sh. If the
Compatibility is only guaranteed between imgtrack
and the version of ndtrack.sh that it embeds within
itself. If you specify Example:
|
|
Type: String (valid path to an installed copy of InventorySettings.xml) Default: Unset (meaning to look for the InventorySettings.xml file locally installed in the default path, /var/opt/managesoft/tracker/inventorysettings/InventorySettings.xml.) To extend the functionality of the inventory component, look for (and if
found, use) the copy of InventorySettings.xml found
in the path provided. (If you need a copy of this file, which extends
the functionality of ndtrack especially for Oracle
and Microsoft inventory gathering, it is available on any inventory beacon in the default path %ProgramFiles%\Flexera
Software\Inventory
Beacon\RemoteExecution\Public\Inventory, as defined in
the Windows share
mgsRET$ .)Tip: If
--no-inventorysettings is present, this option
is ignored.Example:
|
|
Type: A string value that is exactly one of:
Default: Unset Use the named C library implementation, assumed now to be provided by the image under investigation. Skip the test to determine which C library implementation to use. By default, imgtrack executes a container from the
source image, running the command
to determine which C
library implementation to use based on the output (or else determine
that the image is not supported). If --libc-variant is
given, this test is skipped.Example:
|
|
Type: Boolean Default: Unset (uses the For inventory gathering, use the appropriate ndtrack
binary from the ndtrack.sh "zero-footprint"
self-installing script already present in the default location on the
local computer at
/opt/managesoft/libexec/support/ndtrack.sh.
This option can be useful in cases where the version of
ndtrack embedded in
imgtrack is not your organization's accepted
version, but your approved version of ndtrack.sh
has already been deployed to the Linux device.
Tip: If the
Compatibility is only
guaranteed between imgtrack and the version of
ndtrack.sh that it embeds within itself. If you
specify --from-ndtrack option is given, it takes
precedence, and this option is ignored. --local-ndtrack , it is possible that the
installed version of ndtrack used will not support
all of the features necessary for proper operation of
imgtrack. It is also your responsibility to
ensure the integrity of, and trust in, the copy of
ndtrack.sh that is used.Example:
|
|
Type: A special combination of an integer, followed immediately by a single character indicating the unit – one of b (bytes), k (kilobytes), m (megabytes), or g (gigabytes) Default: Unset Set a memory limit when running the container. This value is passed
through directly to the Example:
|
|
Type: Boolean Default: Unset Collect the log file written by ndtrack and print it to standard output. This is mostly useful for troubleshooting issues in the operation of ndtrack itself, such as issues uploading to the inventory beacon or issues with specific ndtrack features. The ndtrack component does not support logging
directly to standard output. To collect the logs,
imgtrack creates a temporary directory within
the working directory. The directory is mounted into the container at
runtime, and the log file is written into it.
Tip: This is
the same directory as when
Once the container exits, imgtrack writes
the contents of the log file to the screen. --output-dir is used.
Example:
|
|
Type: String Default: Unset Supply an option directly to the inventory component of the FlexNet Inventory Scanner (ndtrack). This should be needed
only in rare circumstances. For more information about options for
FlexNet Inventory Scanner, see Preferences.
Tip: Some ndtrack options are crucial to
the operation of imgtrack, and cannot be
overwritten. These options are visible within the
imgtrack script.
Example:
|
|
Type: String Default: Unset Attach the container to the named network. This option may be useful in
cases where the default Docker network is not able to communicate with
the inventory beacon, but a different Docker network can do so.
The value is passed directly to the Example:
|
|
Type: Boolean Default: Unset An alias for Example:
|
|
Type: Boolean Default: Unset (meaning that imgtrack adds
the Do not delete the container after it has exited (by omitting the
--rm option from the Docker command). Eventually,
this container needs to be deleted manually.Remember: The
image on which the container is based cannot be deleted while the
container exists. For this reason, if you set
This is only
useful for niche troubleshooting situations where you need to access the
content of the container after the operation has completed.--no-cleanup-container , it automatically also
sets --no-cleanup-image , so that in due course, the
derived image also needs to be deleted manually.Example:
|
|
Type: Boolean Default: Unset Do not delete the working directory or any of the files contained within it. Write a message to standard output with the working directory's path (because the directory was created using the mktemp utility, meaning that the directory is unpredictably named). This is only useful for troubleshooting or evaluation. Example:
To
conduct a dry run for evaluation purposes, combine this with the
--build-only
flag:
|
|
Type: Boolean Default: Unset (meaning to delete the derived image before imgtrack exits, regardless of success or failure) Do not delete the derived image.
Tip: The derived image is
not tagged, so it does not have a name. In the normal output from
the
docker image command, such images appear with a
name and tag of "<none> ". (Despite being
unnamed, the derived images are labeled with information that can be
used to manage
them.)
Note that the docker image prune command deletes
these images. Example:
|
|
Type: Boolean Default: Unset (false) By default, imgtrack enables a set of options to ndtrack that enable gathering file evidence through SWID tags. While the need to do so will be rare, this flag can be used to disable these options, so that file evidence from SWID tags is not included in the inventory. Example:
|
|
Type: Boolean Default: Unset (meaning to use the InventorySettings.xml file found in the default location to extend the functionality of the inventory component, copying it into the derived image) When this option is specified, imgtrack does not check for InventorySettings.xml or copy the file into the derived image. Unless the derived image already contains its own copy of the inventory settings file, this results in reduced capabilities for inventory gathering by ndtrack.sh. Example:
|
|
Type: Valid, existing directory on the host device (before triggering inventory collection, imgtrack verifies that the directory exists and that it can write to the directory, and exits with an error if verification fails) Default: Unset Copy the inventory to a directory on the host computer. When this option is given, a temporary directory is first created within the working directory used by imgtrack. The directory is mounted into the container at runtime, and the inventory is written into it. After the container terminates successfully, the inventory file is copied from the temporary directory into the final directory specified in this option. Example:
|
|
Type: Boolean Default: Unset (false) Pull the identified image from the current registry of images to the
local computer. For imgtrack to operate correctly,
the image under investigation must be present in the local Docker image
index on the local Linux device. This option causes
imgtrack to run To avoid setting authentication parameters on the command line,
imgtrack does not support logging in to any
registry. If the target registry requires authentication, an operator
must either:
Example:
|
|
Type: Boolean Default: Unset Enable more verbose logging from imgtrack. Example:
|
IT Asset Management (Cloud)
Current