From b111e3d4b8251abf316c2c2b0d873af280621732 Mon Sep 17 00:00:00 2001 From: Mauro Ezequiel Moltrasio Date: Wed, 28 Aug 2024 17:52:12 +0200 Subject: [PATCH] Remove bootstrap.sh and collector-wrapper.sh These two scripts have been pretty much redundant for some time now. bootstrap.sh used to have the responsibility of removing the kernel module when collector stopped and printing some additional system information, but we no longer support kernel modules and printing the system information can be done with the C++ binary all the same. collector-wrapper.sh gave the ability to manipulate how the collector binary was called, allowing things like running collector under valgrind. Without bootstrap.sh, the same thing can be achieved with entrypoint and command. --- collector/CMakeLists.txt | 7 ++ collector/Makefile | 3 +- collector/Version.h.in | 10 ++ collector/collector.cpp | 7 ++ collector/container/Dockerfile | 12 +-- collector/container/konflux.Dockerfile | 9 +- collector/container/scripts/bootstrap.sh | 91 ------------------- .../container/scripts/collector-wrapper.sh | 5 - collector/lib/HostInfo.h | 5 + 9 files changed, 37 insertions(+), 112 deletions(-) create mode 100644 collector/Version.h.in delete mode 100755 collector/container/scripts/bootstrap.sh delete mode 100755 collector/container/scripts/collector-wrapper.sh diff --git a/collector/CMakeLists.txt b/collector/CMakeLists.txt index 81df51d9ab..f5a85f4eac 100644 --- a/collector/CMakeLists.txt +++ b/collector/CMakeLists.txt @@ -31,6 +31,12 @@ if(NOT BPF_DEBUG_MODE) set(BPF_DEBUG_MODE OFF) endif() +if (NOT COLLECTOR_VERSION) + set(COLLECTOR_VERSION "0.0.0") +endif() + +configure_file(${CMAKE_CURRENT_SOURCE_DIR}/Version.h.in ${CMAKE_CURRENT_BINARY_DIR}/Version.h) + set(FALCO_DIR ${PROJECT_SOURCE_DIR}/../falcosecurity-libs) add_subdirectory(${PROJECT_SOURCE_DIR}/proto) @@ -43,6 +49,7 @@ include_directories(${FALCO_DIR}/userspace/libsinsp) include_directories(${FALCO_DIR}/userspace/chisel) include_directories(${FALCO_DIR}/userspace/common) include_directories(${PROJECT_BINARY_DIR}/EXCLUDE_FROM_DEFAULT_BUILD/common) +include_directories(${CMAKE_CURRENT_BINARY_DIR}) include_directories(/usr/local/include) include_directories(/usr/local/include/tbb) include_directories(/usr/local/include/jsoncpp) diff --git a/collector/Makefile b/collector/Makefile index 86dcbded49..7d5ee76180 100644 --- a/collector/Makefile +++ b/collector/Makefile @@ -25,7 +25,8 @@ cmake-configure/collector: -DUSE_VALGRIND=$(USE_VALGRIND) \ -DADDRESS_SANITIZER=$(ADDRESS_SANITIZER) \ -DTRACE_SINSP_EVENTS=$(TRACE_SINSP_EVENTS) \ - -DBPF_DEBUG_MODE=$(BPF_DEBUG_MODE) + -DBPF_DEBUG_MODE=$(BPF_DEBUG_MODE) \ + -DCOLLECTOR_VERSION=$(COLLECTOR_VERSION) cmake-build/collector: cmake-configure/collector $(COLLECTOR_BUILD_DEPS) docker exec $(COLLECTOR_BUILDER_NAME) \ diff --git a/collector/Version.h.in b/collector/Version.h.in new file mode 100644 index 0000000000..ae8eb9c625 --- /dev/null +++ b/collector/Version.h.in @@ -0,0 +1,10 @@ +#ifndef _VERSION_H_ +#define _VERSION_H_ + +#define COLLECTOR_VERSION "${COLLECTOR_VERSION}" + +inline const char* GetCollectorVersion() { + return COLLECTOR_VERSION; +} + +#endif // _VERSION_H_ diff --git a/collector/collector.cpp b/collector/collector.cpp index 5a7d0d1068..d6202ea330 100644 --- a/collector/collector.cpp +++ b/collector/collector.cpp @@ -40,6 +40,7 @@ extern "C" { #include "LogLevel.h" #include "Logging.h" #include "Utility.h" +#include "Version.h" static const int MAX_GRPC_CONNECTION_POLLS = 30; @@ -123,6 +124,12 @@ void initialChecks() { } int main(int argc, char** argv) { + // Print system information before doing actual work. + auto& host_info = HostInfo::Instance(); + CLOG(INFO) << "Collector Version: " << GetCollectorVersion(); + CLOG(INFO) << "OS: " << host_info.GetDistro(); + CLOG(INFO) << "Kernel Version: " << host_info.GetKernelVersion().GetRelease(); + initialChecks(); CollectorArgs* args = CollectorArgs::getInstance(); diff --git a/collector/container/Dockerfile b/collector/container/Dockerfile index 2a7e955eb7..510d0f92d6 100644 --- a/collector/container/Dockerfile +++ b/collector/container/Dockerfile @@ -5,7 +5,6 @@ ARG ROOT_DIR=. ARG COLLECTOR_VERSION ENV ROOT_DIR=$ROOT_DIR -ENV COLLECTOR_VERSION="${COLLECTOR_VERSION}" ENV COLLECTOR_HOST_ROOT=/host LABEL name="collector" \ @@ -20,16 +19,15 @@ WORKDIR / COPY container/${BUILD_TYPE}/install.sh / RUN ./install.sh && rm -f install.sh -COPY container/scripts/collector-wrapper.sh /usr/local/bin -COPY container/scripts/bootstrap.sh / +# Uncomment this line to enable generation of core for collector +# RUN echo '/core/core.%e.%p.%t' > /proc/sys/kernel/core_pattern + COPY container/THIRD_PARTY_NOTICES/ /THIRD_PARTY_NOTICES/ COPY kernel-modules /kernel-modules COPY container/bin/collector /usr/local/bin/ COPY container/bin/self-checks /usr/local/bin/self-checks COPY container/status-check.sh /usr/local/bin/status-check.sh -RUN chmod 700 bootstrap.sh - EXPOSE 8080 9090 HEALTHCHECK \ @@ -40,9 +38,7 @@ HEALTHCHECK \ # the command uses /ready API CMD /usr/local/bin/status-check.sh -ENTRYPOINT ["/bootstrap.sh"] - -CMD collector-wrapper.sh \ +ENTRYPOINT collector \ --collector-config=$COLLECTOR_CONFIG \ --collection-method=$COLLECTION_METHOD \ --grpc-server=$GRPC_SERVER diff --git a/collector/container/konflux.Dockerfile b/collector/container/konflux.Dockerfile index 909fa41fd7..a61b3e30cd 100644 --- a/collector/container/konflux.Dockerfile +++ b/collector/container/konflux.Dockerfile @@ -142,23 +142,18 @@ LABEL \ ARG BUILD_DIR ARG CMAKE_BUILD_DIR -ENV COLLECTOR_VERSION="${COLLECTOR_TAG}" ENV COLLECTOR_HOST_ROOT=/host COPY --from=builder ${CMAKE_BUILD_DIR}/collector/collector /usr/local/bin/ COPY --from=builder ${CMAKE_BUILD_DIR}/collector/self-checks /usr/local/bin/ COPY --from=builder ${BUILD_DIR}/collector/container/scripts / -RUN mv /collector-wrapper.sh /usr/local/bin/ && \ - chmod 700 bootstrap.sh && \ - echo '/usr/local/lib' > /etc/ld.so.conf.d/usrlocallib.conf && \ +RUN echo '/usr/local/lib' > /etc/ld.so.conf.d/usrlocallib.conf && \ ldconfig EXPOSE 8080 9090 -ENTRYPOINT ["/bootstrap.sh"] - -CMD collector-wrapper.sh \ +ENTRYPOINT collector \ --collector-config=$COLLECTOR_CONFIG \ --collection-method=$COLLECTION_METHOD \ --grpc-server=$GRPC_SERVER diff --git a/collector/container/scripts/bootstrap.sh b/collector/container/scripts/bootstrap.sh deleted file mode 100755 index 8b3c0a4772..0000000000 --- a/collector/container/scripts/bootstrap.sh +++ /dev/null @@ -1,91 +0,0 @@ -#!/bin/bash - -log() { echo "$*" >&2; } - -function get_os_release_value() { - local key="$1" - local os_release_file="/host/etc/os-release" - if [[ ! -f "$os_release_file" ]]; then - os_release_file="/host/usr/lib/os-release" - fi - if [[ -f "$os_release_file" ]]; then - while IFS="=" read -r var value; do - if [[ "$key" == "$var" ]]; then - # remove quotes - local trimmed_value - trimmed_value="${value%\"}" - trimmed_value="${trimmed_value#\"}" - echo "$trimmed_value" - fi - done < "$os_release_file" - fi -} - -function get_distro() { - local distro - distro=$(get_os_release_value 'PRETTY_NAME') - if [[ -z "$distro" ]]; then - echo "Linux" - fi - echo "$distro" -} - -function test { - "$@" - local status=$? - if [[ $status -ne 0 ]]; then - log "Error with $1" - exit $status - fi - return $status -} - -exit_with_error() { - log "" - log "Please provide this complete error message to StackRox support." - log "This program will now exit and retry when it is next restarted." - log "" - exit 1 -} - -function clean_up() { - log "collector pid to be stopped is $PID" - kill -TERM "$PID" - wait "$PID" -} - -function main() { - - # Get the host kernel version (or user defined env var) - [ -n "$KERNEL_VERSION" ] || KERNEL_VERSION="$(uname -r)" - - # Export SNI_HOSTNAME and default it to sensor.stackrox - export SNI_HOSTNAME="${SNI_HOSTNAME:-sensor.stackrox}" - - # Get the linux distribution and BUILD_ID and ID to identify kernel version (COS or RHEL) - OS_DISTRO="$(get_distro)" - - # Print node info - log "Collector Version: ${COLLECTOR_VERSION}" - log "OS: ${OS_DISTRO}" - log "Kernel Version: ${KERNEL_VERSION}" - - # Uncomment this to enable generation of core for Collector - # echo '/core/core.%e.%p.%t' > /proc/sys/kernel/core_pattern - - # Remove "/bin/sh -c" from arguments - shift - shift - log "Starting StackRox Collector..." - # Signal handler for SIGTERM - trap 'clean_up' TERM QUIT INT - # shellcheck disable=SC2294 # Shellcheck usually does not allow eval to process arrays - eval exec "$@" & - PID=$! - wait $PID - status=$? - - exit $status -} - -main "$@" diff --git a/collector/container/scripts/collector-wrapper.sh b/collector/container/scripts/collector-wrapper.sh deleted file mode 100755 index 7050a43746..0000000000 --- a/collector/container/scripts/collector-wrapper.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/usr/bin/env bash - -# shellcheck source=/dev/null -. <(declare -xp | grep '^declare -x COLLECTOR_ENV_' | sed -E 's/COLLECTOR_ENV_//') - exec $COLLECTOR_PRE_ARGUMENTS collector "$@" diff --git a/collector/lib/HostInfo.h b/collector/lib/HostInfo.h index 6beb907fe9..c7f485d809 100644 --- a/collector/lib/HostInfo.h +++ b/collector/lib/HostInfo.h @@ -137,6 +137,11 @@ struct KernelVersion { return ss.str(); } + // Same output as calling `uname -r` in the shell + const std::string& GetRelease() { + return release; + } + // the kernel version int kernel; // the kernel major version