-
Notifications
You must be signed in to change notification settings - Fork 100
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add linux container support #131
Conversation
zwass
commented
Sep 12, 2017
•
edited
Loading
edited
- Add Makefile commands for container generation and pushing
- Refactor code for finding extension path
- Refactor tests for changed extension path (tests now run ~50% faster)
See newly generated repos at https://cloud.docker.com/app/kolide/repository/list?name=launcher&namespace=kolide&page=1 |
Makefile
Outdated
|
||
containers: xp-launcher xp-extension $(CONTAINERS) | ||
|
||
$(CONTAINERS): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is clever, I like it!
docker/centos6/Dockerfile
Outdated
|
||
COPY build/linux/ /usr/local/bin/ | ||
|
||
ENTRYPOINT ["/usr/local/bin/launcher", "-osqueryd_path", "/usr/bin/osqueryd", "-debug"] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is it necessary to define osqueryd_path
? I would imagine that /usr/bin
is in the default PATH
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think it's necessary, but I'm just being explicit here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's definitely a nit, but I think if it works without defining the flag, we should leave it out as it illustrates the simplicity of the launcher command-line experience. That being said, however, isn't hostname
required now? Maybe we should just not have an entrypoint in these containers?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
FWIW, I think it should be a CMD not an ENTRYPOINT.
The entrypoints are annoying to override in a pinch.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am okay with deleting the ENTRYPOINT
, but I don't see the purpose of having a CMD
when there are still other arguments (enroll secret, host:port) that must be specified.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Those could be passed as env vars?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does launcher support passing options as env vars? If so, it doesn't indicate in launcher --help
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yep, check out the flag parsing code:
launcher/cmd/launcher/launcher.go
Lines 63 to 124 in e5aa845
var ( | |
flDebug = flag.Bool( | |
"debug", | |
false, | |
"enable debug logging", | |
) | |
flVersion = flag.Bool( | |
"version", | |
false, | |
"print launcher version and exit", | |
) | |
flInsecureTLS = flag.Bool( | |
"insecure", | |
false, | |
"do not verify TLS certs for outgoing connections", | |
) | |
flInsecureGRPC = flag.Bool( | |
"insecure_grpc", | |
false, | |
"dial GRPC without a TLS config", | |
) | |
flOsquerydPath = flag.String( | |
"osqueryd_path", | |
env.String("KOLIDE_LAUNCHER_OSQUERYD_PATH", ""), | |
"path to osqueryd binary", | |
) | |
flRootDirectory = flag.String( | |
"root_directory", | |
env.String("KOLIDE_LAUNCHER_ROOT_DIRECTORY", os.TempDir()), | |
"path to the working directory where file artifacts can be stored", | |
) | |
flNotaryServerURL = flag.String( | |
"notary_url", | |
env.String("KOLIDE_LAUNCHER_NOTARY_SERVER_URL", ""), | |
"The URL of the notary update server", | |
) | |
flKolideServerURL = flag.String( | |
"hostname", | |
env.String("KOLIDE_LAUNCHER_HOSTNAME", ""), | |
"Hostname of the remote server to communicate with", | |
) | |
flEnrollSecret = flag.String( | |
"enroll_secret", | |
env.String("KOLIDE_LAUNCHER_ENROLL_SECRET", ""), | |
"The enrollment secret used to authenticate with the server", | |
) | |
flEnrollSecretPath = flag.String( | |
"enroll_secret_path", | |
env.String("KOLIDE_LAUNCHER_ENROLL_SECRET_PATH", ""), | |
"Path to a file containing the enrollment secret", | |
) | |
flMirrorURL = flag.String( | |
"mirror_url", | |
env.String("KOLIDE_LAUNCHER_MIRROR_SERVER_URL", ""), | |
"The URL of the mirror server for autoupdates", | |
) | |
flAutoupdateInterval = flag.Duration( | |
"autoupdate_interval", | |
duration("KOLIDE_LAUNCHER_AUTOUPDATE_INTERVAL", 1*time.Hour), | |
"The interval when launcher checks for new updates. Only enabled if notary_url is set.", | |
) | |
) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It looks like there is some dependency on specifying the full path of the launcher in order to find the extension binary. I think I should be able to fix this in the Go launcher code, but if not, it would probably warrant leaving the ENTRYPOINT
.
Hmm, my fix for getting the correct binary path seems to have broken some assumptions in tests. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks great
|
||
CONTAINERS = ubuntu14 ubuntu16 centos6 centos7 | ||
|
||
.PHONY: push-containers containers $(CONTAINERS) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
there is already a phony on line 3; do you think it's worth adding these up there and/or adding phonies for all of the targets?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There's a bunch of refactoring that could be done to this Makefile to avoid redundant builds (see generate
, for example... It should be a .PHONY
, and should list the files it generates as dependencies. Then those files should have make rules. That would enable them to only be built when needed), but I'd like to merge as-is now and come back to that when it's a priority.