Add linux container support

[zwass]

• Add Makefile commands for container generation and pushing
• Refactor code for finding extension path
• Refactor tests for changed extension path (tests now run ~50% faster)

[zwass]

See newly generated repos at https://cloud.docker.com/app/kolide/repository/list?name=launcher&namespace=kolide&page=1

[marpaia]

This is clever, I like it!

[marpaia]

Is it necessary to define osqueryd_path? I would imagine that /usr/bin is in the default PATH?

[zwass]

I don't think it's necessary, but I'm just being explicit here.

[marpaia]

It's definitely a nit, but I think if it works without defining the flag, we should leave it out as it illustrates the simplicity of the launcher command-line experience. That being said, however, isn't hostname required now? Maybe we should just not have an entrypoint in these containers?

[groob]

FWIW, I think it should be a CMD not an ENTRYPOINT.

The entrypoints are annoying to override in a pinch.

[zwass]

I am okay with deleting the ENTRYPOINT, but I don't see the purpose of having a CMD when there are still other arguments (enroll secret, host:port) that must be specified.

[groob]

Those could be passed as env vars?

[zwass]

Does launcher support passing options as env vars? If so, it doesn't indicate in launcher --help.

[marpaia]

yep, check out the flag parsing code:

launcher/cmd/launcher/launcher.go

Lines 63 to 124 in e5aa845

	var (
	flDebug = flag.Bool(
	"debug",
	false,
	"enable debug logging",
	)
	flVersion = flag.Bool(
	"version",
	false,
	"print launcher version and exit",
	)
	flInsecureTLS = flag.Bool(
	"insecure",
	false,
	"do not verify TLS certs for outgoing connections",
	)
	flInsecureGRPC = flag.Bool(
	"insecure_grpc",
	false,
	"dial GRPC without a TLS config",
	)
	flOsquerydPath = flag.String(
	"osqueryd_path",
	env.String("KOLIDE_LAUNCHER_OSQUERYD_PATH", ""),
	"path to osqueryd binary",
	)
	flRootDirectory = flag.String(
	"root_directory",
	env.String("KOLIDE_LAUNCHER_ROOT_DIRECTORY", os.TempDir()),
	"path to the working directory where file artifacts can be stored",
	)
	flNotaryServerURL = flag.String(
	"notary_url",
	env.String("KOLIDE_LAUNCHER_NOTARY_SERVER_URL", ""),
	"The URL of the notary update server",
	)
	flKolideServerURL = flag.String(
	"hostname",
	env.String("KOLIDE_LAUNCHER_HOSTNAME", ""),
	"Hostname of the remote server to communicate with",
	)
	flEnrollSecret = flag.String(
	"enroll_secret",
	env.String("KOLIDE_LAUNCHER_ENROLL_SECRET", ""),
	"The enrollment secret used to authenticate with the server",
	)
	flEnrollSecretPath = flag.String(
	"enroll_secret_path",
	env.String("KOLIDE_LAUNCHER_ENROLL_SECRET_PATH", ""),
	"Path to a file containing the enrollment secret",
	)
	flMirrorURL = flag.String(
	"mirror_url",
	env.String("KOLIDE_LAUNCHER_MIRROR_SERVER_URL", ""),
	"The URL of the mirror server for autoupdates",
	)
	flAutoupdateInterval = flag.Duration(
	"autoupdate_interval",
	duration("KOLIDE_LAUNCHER_AUTOUPDATE_INTERVAL", 1*time.Hour),
	"The interval when launcher checks for new updates. Only enabled if notary_url is set.",
	)
	)

[zwass]

It looks like there is some dependency on specifying the full path of the launcher in order to find the extension binary. I think I should be able to fix this in the Go launcher code, but if not, it would probably warrant leaving the ENTRYPOINT.

[zwass]

Hmm, my fix for getting the correct binary path seems to have broken some assumptions in tests.

[marpaia]

This looks great

[marpaia]

there is already a phony on line 3; do you think it's worth adding these up there and/or adding phonies for all of the targets?

[zwass]

There's a bunch of refactoring that could be done to this Makefile to avoid redundant builds (see generate, for example... It should be a .PHONY, and should list the files it generates as dependencies. Then those files should have make rules. That would enable them to only be built when needed), but I'd like to merge as-is now and come back to that when it's a priority.