[system-probe] Start of dynamic instrumentation system probe module

[grantseltzer]

What does this PR do?

This introduces the scaffolding for the new dynamic instrumentation system-probe module. This will be a module used by the dynamic-instrumentation product for system level tracing of user applications. This belongs in the system-probe as it will soon need higher level permissions (CAP_SYS_ADMIN, CAP_BPF) for loading and attaching bpf programs, and inspecting inside container filesystems.

Motivation

This PR simply creates the module in code, and gives it the scaffolding for reading a static configuration file. The motivation for this is to break up the large amount of code that will need to be placed here into smaller PRs.

Additional Notes

• This also is specified via go build tags to only build on Linux which is required for the bpf features it will consume.
• This is opened after realizing [system-probe] Start of dynamic instrumentation system probe module #16022 was from a branch on my fork of the repo.

Possible Drawbacks / Trade-offs

Describe how to test/QA your changes

• Build the system probe: inv system-probe.build
• Run the system-probe sudo bin/system-probe/system-probe

You should see it's disabled:

2023-03-08 13:37:33 PST | SYS-PROBE | INFO | (cmd/system-probe/api/module/loader.go:50 in Register) | module dynamic_instrumentation disabled
2023-03-08 13:37:33 PST | SYS-PROBE | INFO | (cmd/system-probe/app/run.go:123 in run) | system probe successfully started

You can run it enabled by setting DD_DYNAMIC_INSTRUMENTATION_ENABLED=1 or adding the following section to your system-probe config:

####################################
## Dynamic Instrumentation Config ##
###################################

dynamic_instrumentation:
  ## @param enabled - boolean - optional - default: false
  ## @env DD_DYNAMIC_INSTRUMENTATION_ENABLED - boolean -optional - default: false
  ## Set to true to enable the User Tracer Module of the System Probe
  #
  enabled: true

Reviewer's Checklist

• If known, an appropriate milestone has been selected; otherwise the Triage milestone is set.
• Use the major_change label if your change either has a major impact on the code base, is impacting multiple teams or is changing important well-established internals of the Agent. This label will be use during QA to make sure each team pay extra attention to the changed behavior. For any customer facing change use a releasenote.
• A release note has been added or the changelog/no-changelog label has been applied.
• Changed code has automated tests for its functionality.
• Adequate QA/testing plan information is provided if the qa/skip-qa label is not applied.
• At least one team/.. label has been applied, indicating the team(s) that should QA this change.
• If applicable, docs team has been notified or an issue has been opened on the documentation repo.
• If applicable, the need-change/operator and need-change/helm labels have been applied.
• If applicable, the k8s/<min-version> label, indicating the lowest Kubernetes version compatible with this feature.
• If applicable, the config template has been updated.

[sgnn7]

Few nits. I'll preemptively approve since they're easy fixes.

[sgnn7]

Offset in column 2

[sgnn7]

Linter errors are right - you have an exclusion flag in the other file but no build flag here so for non-Linux platforms both files will be built, causing name collision. I would probably suggest that you maybe name this file module_linux just to make it clear from that standpoint that this only works on that platform.

[sgnn7]

Linter is correct here - you're not using "github.com/DataDog/datadog-agent/pkg/security/config" package in windows impl

[guyarb]

it is recommended to add the feature to:

• pkg/metadata/inventories/README.md
• pkg/metadata/inventories/inventories.go

and to add UTs for the configuration:

• pkg/network/config/config_test.go

adding an example PR from my team #14620

[grantseltzer]

The metadata/inventories package seems to have specific features rather than having the whole module enabled. For example USM just has different network protocols it supports, rather than USM as a whole. Are you sure it makes sense to have something like feature_dynamic_instrumentation_enabled? I don't know what inventories is so I really don't know. I can certainly add it and then add specific features as they get added.

Similarly, dynamic instrumentation might not belong under pkg/network/config since it's not a network feature.

[guyarb]

usm is not the best example (unforutnately, as we started as a feature in npm and evolved)
but take a look in npm https://github.com/DataDog/datadog-agent/blob/main/pkg/metadata/inventories/inventories.go#L418
or CWS https://github.com/DataDog/datadog-agent/blob/main/pkg/metadata/inventories/inventories.go#L415

[guyarb]

regarding the configuration test, you don't need to add them in pkg/network/config/config_test.go but a similar to the correct config_test.go file
another example in other package https://github.com/DataDog/datadog-agent/blob/main/pkg/config/config_test.go

[grantseltzer]

Sounds good - I've added to the metadata/inventories package and added a test to cmd/system-probe/config/config_linux_test.go

[brycekahle]

Minor suggestions, but nothing blocking.

[grantseltzer]

@brycekahle Is there anything else I can do to help this get merged?

[github-actions]

⚠️🚨 Warning, this pull request increases the binary size of serverless extension by 4096 bytes. Each MB of binary size increase means about 10ms of additional cold start time, so this pull request would increase cold start time by 0ms.

New dependencies added

We suggest you consider adding the !serverless build tag to remove any new dependencies not needed in the serverless extension.

If you have questions, we are happy to help, come visit us in the #serverless slack channel and provide a link to this comment.

[guyarb]

@grantseltzer seems like you never logged in into CircleCI, therefore the relevant jobs didn't run, and those jobs are required for merging