Skip to content

Add RPM packaging#9092

Closed
tsg wants to merge 7 commits intoelastic:feature-auditbeat-hostfrom
tsg:add_rpm_packaging
Closed

Add RPM packaging#9092
tsg wants to merge 7 commits intoelastic:feature-auditbeat-hostfrom
tsg:add_rpm_packaging

Conversation

@tsg
Copy link
Copy Markdown
Contributor

@tsg tsg commented Nov 15, 2018
edited
Loading

This adds support for programmatically reading the list of RPM packages. The previous version was using exec (called the rpm binary), but we'd like to keep Auditbeat exec free, because execs are currently blocked by seccomp, as a security feature.

Using the model from Journalbeat, the new code uses dlopen get the relevant C functions and calls them using CGo. This means that librpm is not a hard dependency, but only for when this functionality is needed.

Ready for reviews, but there's a couple of things left to do:

  • Figure out cross-compiling during mage package (we need librpm-devel).
  • Figure out how to run the test in a Redhat enviromnent. There is a unit test that checks that the RPM output is the same as the one from exec-ing the rpm commmand, but that test is skipped on on non-Redhat systems. Currently, we run all tests in a Debian based docker image.

Part of #8725.

@tsg tsg requested review from andrewkroh and cwurm November 15, 2018 11:03
houndci-bot
houndci-bot reviewed Nov 15, 2018
View reviewed changes
@tsg tsg added the SecOps label Nov 15, 2018
@elasticmachine
Copy link
Copy Markdown
Contributor

elasticmachine commented Nov 15, 2018

Pinging @elastic/secops

andrewkroh
andrewkroh reviewed Nov 15, 2018
View reviewed changes
x-pack/auditbeat/module/system/packages/rpm_linux.go Outdated
Copy link
Copy Markdown
Member

@andrewkroh andrewkroh Nov 15, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This handle is never Closed().

Copy link
Copy Markdown
Contributor Author

@tsg tsg Nov 23, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, it's not, but I cannot just add a defer because I cannot call the functions from it, it panics. It's currently a singleton so it exists only once per process. Putting it in the Metricset structure would be possible, but requires a bigger refactoring of the whole module. Let me know if you think it's worth doing it anyway.

Copy link
Copy Markdown
Member

@andrewkroh andrewkroh Nov 27, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That should be find then. I guess I missed the if cFun == nil check surrounding its usage.

@cwurm cwurm mentioned this pull request Nov 16, 2018
Closed
21 tasks
@tsg tsg force-pushed the add_rpm_packaging branch from 18606ec to 4579eb4 Compare November 27, 2018 11:26
andrewkroh
andrewkroh reviewed Nov 27, 2018
View reviewed changes
Copy link
Copy Markdown
Member

@andrewkroh andrewkroh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It should be good to merge after adding that platform filter to the magefile.go.

x-pack/auditbeat/module/system/packages/rpm_linux.go Outdated
Copy link
Copy Markdown
Member

@andrewkroh andrewkroh Nov 27, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That should be find then. I guess I missed the if cFun == nil check surrounding its usage.

auditbeat/magefile.go
"linux/ppc64le": installLinuxPPC64LE,
"linux/s390x": installLinuxS390X,

//"linux/ppc64": installLinuxPpc64,
Copy link
Copy Markdown
Member

@andrewkroh andrewkroh Nov 27, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A few lines up in init() add a filter to prevent mage package from attempting to build these targets.

mage.Platforms = mage.Platforms.Filter("!linux/ppc64 !linux/mips64")

This is similar to what journalbeat has but with the linux selector.

beats/journalbeat/magefile.go

Lines 35 to 38 in 1411852

func init() {
mage.BeatDescription = "Journalbeat ships systemd journal entries to Elasticsearch or Logstash."
mage.Platforms = mage.Platforms.Filter("linux !linux/ppc64 !linux/mips64")

@cwurm cwurm mentioned this pull request Dec 11, 2018
Merged
This was referenced Jan 16, 2019
Closed
Merged
This was referenced Jan 29, 2019
Closed
Merged
@cwurm
Copy link
Copy Markdown
Contributor

cwurm commented Jan 29, 2019

@tsg Package dataset is merged into master with #10225 - can you rebase this?

@tsg tsg mentioned this pull request Jan 30, 2019
Merged
@tsg
Copy link
Copy Markdown
Contributor Author

tsg commented Jan 30, 2019

Superseded by #10429

@tsg tsg closed this Jan 30, 2019
This was referenced Feb 1, 2019
Closed
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@andrewkroh andrewkroh andrewkroh left review comments

@cwurm cwurm Awaiting requested review from cwurm

+1 more reviewer

@houndci-bot houndci-bot houndci-bot left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

Auditbeat

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@tsg @elasticmachine @cwurm @andrewkroh @houndci-bot