Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove bootstrap.sh and collector-wrapper.sh #1814

Merged
merged 1 commit into from
Sep 3, 2024
Merged

Remove bootstrap.sh and collector-wrapper.sh #1814

merged 1 commit into from
Sep 3, 2024

Conversation

Molter73
Copy link
Collaborator

@Molter73 Molter73 commented Aug 28, 2024
edited
Loading

Description

These two scripts have been pretty much redundant for some time now.

bootstrap.sh used to have the responsibility of removing the kernel module when collector stopped and printing some additional system information, but we no longer support kernel modules and printing the system information can be done with the C++ binary all the same.

collector-wrapper.sh gave the ability to manipulate how the collector binary was called, allowing things like running collector under valgrind. Without bootstrap.sh, the same thing can be achieved with entrypoint and command.

Checklist

  • Investigated and inspected CI test results
  • Updated documentation accordingly

Automated testing

  • Added unit tests
  • Added integration tests
  • Added regression tests

If any of these don't apply, please comment below.

Testing Performed

CI should be enough, but just in case I deployed collector and checked it worked correctly.

Also compared the previous log output with the new one to check the information is the same:

New log 
[INFO    2024/08/28 16:29:42] Collector Version: 3.19.x-62-g1b91997fa2-dirty
[INFO    2024/08/28 16:29:42] OS: Debian GNU/Linux 12 (bookworm)
[INFO    2024/08/28 16:29:42] Kernel Version: 6.10.6-200.fc40.x86_64
[INFO    2024/08/28 16:29:42] Hostname: 'kind-control-plane'
[INFO    2024/08/28 16:29:42] User configured collection-method=core_bpf
[INFO    2024/08/28 16:29:42] Ignore network : 169.254.0.0/16
[INFO    2024/08/28 16:29:42] Ignore network : fe80::/10
[INFO    2024/08/28 16:29:42] Afterglow is enabled
[INFO    2024/08/28 16:29:42] Sensor configured at address: sensor.stackrox.svc:443
[INFO    2024/08/28 16:29:42] Attempting to connect to Sensor
[INFO    2024/08/28 16:29:42] Successfully connected to Sensor.
[INFO    2024/08/28 16:29:42] Config: collection_method:core_bpf, scrape_interval:30, turn_off_scrape:0, hostname:kind-control-plane, processesListeningOnPorts:1, logLevel:INFO, set_import_users:0, collect_connection_status:1, enable_detailed_metrics:1, enable_external_ips:0
[INFO    2024/08/28 16:29:42] Trying to open the right engine!
[INFO    2024/08/28 16:29:46]
[INFO    2024/08/28 16:29:46] This product uses ebpf subcomponents licensed under the GNU
[INFO    2024/08/28 16:29:46] GENERAL PURPOSE LICENSE Version 2 outlined in the /kernel-modules/LICENSE file.
[INFO    2024/08/28 16:29:46] Source code for the ebpf subcomponents is available at
[INFO    2024/08/28 16:29:46] https://github.com/stackrox/falcosecurity-libs/
[INFO    2024/08/28 16:29:46]
[INFO    2024/08/28 16:29:46]
[INFO    2024/08/28 16:29:46] == Collector Startup Diagnostics: ==
[INFO    2024/08/28 16:29:46]  Connected to Sensor?       true
[INFO    2024/08/28 16:29:46]  Kernel driver candidates:
[INFO    2024/08/28 16:29:46]    core_bpf (available)
[INFO    2024/08/28 16:29:46]  Driver loaded into kernel: core_bpf
[INFO    2024/08/28 16:29:46] ====================================
[INFO    2024/08/28 16:29:46]
[INFO    2024/08/28 16:29:46] Network scrape interval set to 30 seconds
[INFO    2024/08/28 16:29:46] Waiting for Sensor to become ready ...
[INFO    2024/08/28 16:29:46] Sensor connectivity is successful
[INFO    2024/08/28 16:29:46] Started network status notifier.
[INFO    2024/08/28 16:29:46] Trying to establish GRPC stream for signals ...
[INFO    2024/08/28 16:29:46] Established network connection info stream.
[INFO    2024/08/28 16:29:46] Successfully established GRPC stream for signals.
[INFO    2024/08/28 16:29:46] Found self-check process event.
[INFO    2024/08/28 16:29:47] Found self-check connection event.
Old log 
Collector Version: 3.19.x-61-g18fbe6077a
OS: Debian GNU/Linux 12 (bookworm)
Kernel Version: 6.10.6-200.fc40.x86_64
Starting StackRox Collector...
[INFO    2024/08/28 16:13:48] Hostname: 'kind-control-plane'
[INFO    2024/08/28 16:13:48] User configured collection-method=core_bpf
[INFO    2024/08/28 16:13:48] Ignore network : 169.254.0.0/16
[INFO    2024/08/28 16:13:48] Ignore network : fe80::/10
[INFO    2024/08/28 16:13:48] Afterglow is enabled
[INFO    2024/08/28 16:13:48] Sensor configured at address: sensor.stackrox.svc:443
[INFO    2024/08/28 16:13:48] Attempting to connect to Sensor
[INFO    2024/08/28 16:13:48] Successfully connected to Sensor.
[INFO    2024/08/28 16:13:48] Config: collection_method:core_bpf, scrape_interval:30, turn_off_scrape:0, hostname:kind-control-plane, processesListeningOnPorts:1, logLevel:INFO, set_import_users:0, collect_connection_status:1, enable_detailed_metrics:1, enable_external_ips:0
[INFO    2024/08/28 16:13:48] Trying to open the right engine!
[INFO    2024/08/28 16:13:52]
[INFO    2024/08/28 16:13:52] This product uses ebpf subcomponents licensed under the GNU
[INFO    2024/08/28 16:13:52] GENERAL PURPOSE LICENSE Version 2 outlined in the /kernel-modules/LICENSE file.
[INFO    2024/08/28 16:13:52] Source code for the ebpf subcomponents is available at
[INFO    2024/08/28 16:13:52] https://github.com/stackrox/falcosecurity-libs/
[INFO    2024/08/28 16:13:52]
[INFO    2024/08/28 16:13:52]
[INFO    2024/08/28 16:13:52] == Collector Startup Diagnostics: ==
[INFO    2024/08/28 16:13:52]  Connected to Sensor?       true
[INFO    2024/08/28 16:13:52]  Kernel driver candidates:
[INFO    2024/08/28 16:13:52]    core_bpf (available)
[INFO    2024/08/28 16:13:52]  Driver loaded into kernel: core_bpf
[INFO    2024/08/28 16:13:52] ====================================
[INFO    2024/08/28 16:13:52]
[INFO    2024/08/28 16:13:52] Network scrape interval set to 30 seconds
[INFO    2024/08/28 16:13:52] Waiting for Sensor to become ready ...
[INFO    2024/08/28 16:13:52] Sensor connectivity is successful
[INFO    2024/08/28 16:13:52] Started network status notifier.
[INFO    2024/08/28 16:13:52] Trying to establish GRPC stream for signals ...
[INFO    2024/08/28 16:13:52] Established network connection info stream.
[INFO    2024/08/28 16:13:52] Successfully established GRPC stream for signals.
[INFO    2024/08/28 16:13:52] Found self-check process event.
[INFO    2024/08/28 16:13:53] Found self-check connection event.

@Molter73
Remove bootstrap.sh and collector-wrapper.sh
b111e3d 
These two scripts have been pretty much redundant for some time now.

bootstrap.sh used to have the responsibility of removing the kernel
module when collector stopped and printing some additional system
information, but we no longer support kernel modules and printing the
system information can be done with the C++ binary all the same.

collector-wrapper.sh gave the ability to manipulate how the collector
binary was called, allowing things like running collector under
valgrind. Without bootstrap.sh, the same thing can be achieved with
entrypoint and command.
@Molter73 Molter73 requested a review from a team as a code owner August 28, 2024 16:32
ovalenti
ovalenti approved these changes Aug 29, 2024
View reviewed changes
Copy link
Contributor

@ovalenti ovalenti left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks you for this one ! I really like the idea to get rid of those scripts 👊

collector/CMakeLists.txt
set(COLLECTOR_VERSION "0.0.0")
endif()

configure_file(${CMAKE_CURRENT_SOURCE_DIR}/Version.h.in ${CMAKE_CURRENT_BINARY_DIR}/Version.h)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am curious about when this gets reevaluated. For instance, in a dev environment, is the Collector version going to remain the same until the project is reconfigured ?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

From the cmake docs:

If the input file is modified the build system will re-run CMake to re-configure the file and generate the build system again. The generated file is modified and its timestamp updated on subsequent cmake runs only if its content is changed.

So it will retrigger if you change the file or manually re-run cmake. The way we use it right now running with our make files, this file gets re-created on every make image call.

@Molter73 Molter73 merged commit f3f3a9a into master Sep 3, 2024
45 of 46 checks passed
@Molter73 Molter73 deleted the mauro/remove-bootstrap branch September 3, 2024 08:37
Molter73 added a commit that referenced this pull request Sep 4, 2024
@Molter73
Fix Konflux build after collector scripts removal
aaa6467 
PR #1814 removed the scripts used by collector to run, making it
possible for it to be run directly. The Konflux build is still
attempting to copy the scripts directory into the image even though it
doesn't exist anymore, so we should remove that line from the
dockerfile.

As an additional cleanup, since we have been linking falco statically
for some time now, there's no need to call ldconfig anymore.
@Molter73 Molter73 mentioned this pull request Sep 4, 2024
Merged
6 tasks
Molter73 added a commit that referenced this pull request Sep 4, 2024
@Molter73
Add collector version to compilation step
1cf1613 
Yet another mistake from #1814. The version of collector is now
hardcoded into the binary, but that needs to be set at compile time,
which was not being done in konflux builds. The label with the version
was being set properly, this only affects collector printing its version
to the logs.
@Molter73 Molter73 mentioned this pull request Sep 4, 2024
Merged
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ovalenti ovalenti ovalenti approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Molter73 @ovalenti