Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Own driver #224

Merged
merged 3 commits into from
Mar 25, 2017
Merged

Own driver #224

merged 3 commits into from
Mar 25, 2017

Conversation

mstemm
Copy link
Contributor

@mstemm mstemm commented Mar 21, 2017

Start packaging (and building when necessary) a falco-specific kernel
module in falco releases. Previously, falco would depend on sysdig and
use its kernel module instead.

Also add some travis tests that test packaged builds.

See commits for details on changes.

@mstemm
Build and package standalone falco kernel module
ec5adfe 
Start packaging (and building when necessary) a falco-specific kernel
module in falco releases. Previously, falco would depend on sysdig and
use its kernel module instead.

The kernel module was already templated to some degree in various
places, so we just had to change the templated name from
sysdig/sysdig-probe to falco/falco-probe.

In containers, run falco-probe-loader instead of
sysdig-probe-loader. This is actually a script in the sysdig repository
which is modified in draios/sysdig#789, and uses
the filename to indicate what kernel module to build and/or load.

For the falco package itself, don't depend on sysdig any longer but instead
depend on dkms and its dependencies, using sysdig as a guide on the set
of required packages.

Additionally, for the package pre-install/post-install scripts start
running falco-probe-loader.

Finally, add a --version argument to falco so it can pass the desired
version string to falco-probe-loader.
bertocci
bertocci reviewed Mar 21, 2017
View reviewed changes
Copy link
Contributor

@bertocci bertocci left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The falco-probe-loader parts look good

This was referenced Mar 21, 2017
Closed
Merged
@mstemm
Add ability to run live for specific duration
52b006e 
Use -M <secs> (same as sysdig) to run falco for a specific duration and
exit.
@mstemm
Copy link
Contributor Author

mstemm commented Mar 24, 2017

Once merged, this fixes #188.

@mstemm
Add automated tests for packages/driver installs
73fbbdb 
Add automated tests for running falco from a package and container. As a
result, this will also test building the kernel module as well as
runnning falco-probe-loader as a backup.

In travis.yml, switch to the docker-enabled vm and install dkms. This
changed the environment slightly, so change how avocado's python
dependencies are installed. After building falco, copy the .deb package
to docker/local and build a local docker image based on that package.

Add the following new tests:

 - docker_package: this uses "docker run" to run the image created in
   travis.yml. This includes using dkms to build the kernel module and
   load it. In addition, the conf directory is mounted to /host/conf, the
   rules directory is mounted to /host/rules, and the traces directory is
   mounted to /host/traces.
 - docker_package_local_driver: this disables dkms via a volume mount
   that maps /dev/null to /usr/sbin/dkms and copies the kernel module by
   hand into the container to /root/.sysdig/falco-probe-....ko. As a
   result, falco-probe-loader will use the local kernel module instead
   of building one itself.
 - debian_package: this installs the .deb package and runs the installed
   version of falco.

Ideally, there'd also be a test for downloading the driver, but since
the driver depends on the kernel as well as the falco version string,
you can't put a single driver on download.draios.com that will work
long-term.

These tests depend on the following new test attributes:
  - package: if present, this points to the docker image/debian package
    to install.
  - addl_docker_run_args: if present, will be added to the docker run
    command.
  - copy_local_driver: if present, will copy the built kernel module to
    ~/.sysdig. ~/.sysdig/* is always cleared out before each test.
  - run_duration: maps to falco's -M <secs> flag
  - trace_file is now optional.

Also add some misc general test changes:
  - Clean up our use of process.run. By default it will fail a test if the
    run program returns non-zero, so we don't have to grab the exit
    status. In addition, get rid of sudo in the command lines and use the
    sudo attribute instead.

  - Fix some tests that were writing to files below /tmp/falco_outputs
    by creating the directory first. Useful when running avocado directly.
@mstemm mstemm merged commit 3c20511 into dev Mar 25, 2017
@mstemm mstemm deleted the own-driver branch March 25, 2017 04:35
This was referenced Mar 25, 2017
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bertocci bertocci bertocci left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@mstemm @bertocci