[Podman] Supports SQLite containers database back-end to support newer versions (4.8+)

[tbavelier]

What does this PR do?

• Introduces a lightweight SQLite database client sqlite_db_client.go for podman having exact parity with the current BoltDB client db_client.go to support newer Podman versions
• Modifies the detection of the podman feature : podman_db_path is provided by the user OR /var/lib/containers/storage exists (previously, only if /var/lib/containers exists)
• Modifies config.go to default podman_db_path to an empty string instead of /var/lib/containers/storage/libpod/bolt_state.db
• Modifies the podman workloadmeta collector behaviour :
  • previously, it would be created if /var/lib/containers exists on the system : this could cause a loop of logs about /var/lib/containers/storage/libpod/bolt_state.db not being accessible to the host Agent (running under dd-agent)
  • Instead, the collector now ensures the db file exists (is accessible to the Agent) and ends with a known extension .sql or .db to select the client to use

Motivation

• Anticipate feature request when customers eventually upgrade podman to newer versions that default to the SQLite backend (with the BoltDB backend being deprecated in 5.0+)

Additional Notes

• Similar to the current BoltDB client, we use a slightly tweaked AllContainers function from the podman Go package returning the same type, an array of containers with their configuration and their state.

Possible Drawbacks / Trade-offs

• Introduces a new Go dependency

Describe how to test/QA your changes

2 environments/versions of podman will be needed :

• A ubuntu 22.04 vm where podman 3.4.x (BoltDB) can be installed easily with sudo apt-get install podman -yq (.deb releases are very far behind main)
• A CentOS Stream VM (e.g. stream 8) to benefit from the latest binaries with sudo yum -y install podman (4.8.x+)

podman containers can be run both in rootless and rootfull mode : both behaviours should be tested.

• Rootfull :

  sudo podman run -d --name dd-agent \
      --cgroupns host --pid host \
      -v /var/lib/containers/storage:/var/lib/containers/storage/:ro \
      -v /proc/:/host/proc/:ro \
      -v /sys/fs/cgroup/:/host/sys/fs/cgroup:ro \
      -e DD_API_KEY=<> \
      -e DD_HOSTNAME=rootfull-podman \
      <REPLACE ME WITH CUSTOM IMAGE>
  

• Rootless (e.g. run by the ubuntu user) :

  podman run -d --name dd-agent \
      --cgroupns host --pid host \
      -v /home/ubuntu/.local/share/containers/storage:/var/lib/containers/storage/:ro \
      -v /proc/:/host/proc/:ro \
      -v /sys/fs/cgroup/:/host/sys/fs/cgroup:ro \
      -e DD_API_KEY=<> \
      -e DD_HOSTNAME=rootless-podman \
      <REPLACE ME WITH CUSTOM IMAGE>
  

1. Ensure the podman workloadmeta collector is working in both rootfull and rootless by running agent workload-list -v : assess containers with runtime podman are present matching ids from the (sudo) podman ps command
2. Assess podman feature is automatically detected as /var/lib/containers/storage is mounted inside your Agent
3. Test the usage of a different podman_db_path, e.g. using -v /var/lib/containers/storage:/abc:ro (mounting the storage file in /abc) and -e DD_PODMAN_DB_PATH=/abc/libpod/bolt_state.db (providing the path to the DB location inside the Agent)
4. Assess the matrix below (feature parity to current podman support) (depends on the cgroups version on the VM) :
   • cgroups v1 :
     • Rootless :
       • container metrics are NOT available
       • live containers are collected
     • Rootfull :
       • container metrics are available
       • live containers are collected
   • cgroups v2 :
     • Rootless :
       • container metrics are available
       • live containers are collected
     • Rootfull :
       • container metrics are available
       • live containers are collected

[cit-pr-commenter]

Go Package Import Differences

Baseline: cfbbd27
Comparison: cb21295

binary	os	arch	change
agent	linux	amd64	+1, -0 +github.com/mattn/go-sqlite3
agent	linux	arm64	+1, -0 +github.com/mattn/go-sqlite3
dogstatsd	linux	amd64	+1, -0 +github.com/mattn/go-sqlite3
dogstatsd	linux	arm64	+1, -0 +github.com/mattn/go-sqlite3
process-agent	linux	amd64	+1, -0 +github.com/mattn/go-sqlite3
process-agent	linux	arm64	+1, -0 +github.com/mattn/go-sqlite3
security-agent	linux	amd64	+1, -0 +github.com/mattn/go-sqlite3
security-agent	linux	arm64	+1, -0 +github.com/mattn/go-sqlite3
trace-agent	linux	amd64	+1, -0 +github.com/mattn/go-sqlite3
trace-agent	linux	arm64	+1, -0 +github.com/mattn/go-sqlite3

[pr-commenter]

Test changes on VM

Use this command from test-infra-definitions to manually test this PR changes on a VM:

inv create-vm --pipeline-id=31445103 --os-family=ubuntu

[pr-commenter]

Regression Detector

Regression Detector Results

Run ID: 62dbd2e-67e7-4952-97cc-4bf4a3826b3f
Baseline: f5bf73f
Comparison: cb21295

Performance changes are noted in the perf column of each table:

• ✅ = significantly better comparison variant performance
• ❌ = significantly worse comparison variant performance
• ➖ = no significant change in performance

No significant changes in experiment optimization goals

Confidence level: 90.00%
Effect size tolerance: |Δ mean %| ≥ 5.00%

There were no significant changes in experiment optimization goals at this confidence level and effect size tolerance.

Experiments ignored for regressions

Regressions in experiments with settings containing erratic: true are ignored.

perf	experiment	goal	Δ mean %	Δ mean % CI
➖	file_to_blackhole	% cpu utilization	+0.32	[-5.90, +6.54]

Fine details of change detection per experiment

perf	experiment	goal	Δ mean %	Δ mean % CI
➖	file_tree	memory utilization	+3.37	[+3.26, +3.48]
➖	process_agent_real_time_mode	memory utilization	+1.50	[+1.46, +1.55]
➖	idle	memory utilization	+0.94	[+0.90, +0.98]
➖	process_agent_standard_check	memory utilization	+0.65	[+0.60, +0.70]
➖	process_agent_standard_check_with_stats	memory utilization	+0.39	[+0.34, +0.43]
➖	file_to_blackhole	% cpu utilization	+0.32	[-5.90, +6.54]
➖	basic_py_check	% cpu utilization	+0.20	[-2.27, +2.67]
➖	trace_agent_json	ingress throughput	+0.00	[-0.04, +0.04]
➖	uds_dogstatsd_to_api	ingress throughput	+0.00	[-0.20, +0.20]
➖	trace_agent_msgpack	ingress throughput	-0.02	[-0.03, -0.01]
➖	tcp_dd_logs_filter_exclude	ingress throughput	-0.02	[-0.05, +0.00]
➖	otel_to_otel_logs	ingress throughput	-0.36	[-0.79, +0.07]
➖	tcp_syslog_to_blackhole	ingress throughput	-0.71	[-0.78, -0.63]
➖	uds_dogstatsd_to_api_cpu	% cpu utilization	-2.11	[-5.01, +0.78]
➖	pycheck_1000_100byte_tags	% cpu utilization	-2.18	[-7.07, +2.71]

Explanation

A regression test is an A/B test of target performance in a repeatable rig, where "performance" is measured as "comparison variant minus baseline variant" for an optimization goal (e.g., ingress throughput). Due to intrinsic variability in measuring that goal, we can only estimate its mean value for each experiment; we report uncertainty in that value as a 90.00% confidence interval denoted "Δ mean % CI".

For each experiment, we decide whether a change in performance is a "regression" -- a change worth investigating further -- if all of the following criteria are true:

1. Its estimated |Δ mean %| ≥ 5.00%, indicating the change is big enough to merit a closer look.

2. Its 90.00% confidence interval "Δ mean % CI" does not contain zero, indicating that if our statistical model is accurate, there is at least a 90.00% chance there is a difference in performance between baseline and comparison variants.

3. Its configuration does not mark it "erratic".

[tbavelier]

Superseded by #24373 to clean commit history