Skip to content

[9.3] [CI] Harden Defend Workflows VM provisioning (#254354)#254384

Merged
kibanamachine merged 1 commit intoelastic:9.3from
kibanamachine:backport/9.3/pr-254354
Feb 23, 2026
Merged

[9.3] [CI] Harden Defend Workflows VM provisioning (#254354)#254384
kibanamachine merged 1 commit intoelastic:9.3from
kibanamachine:backport/9.3/pr-254354

Conversation

@kibanamachine
Copy link
Copy Markdown
Contributor

@kibanamachine kibanamachine commented Feb 23, 2026

Backport

This will backport the following commits from main to 9.3:

Questions ?

Please refer to the Backport tool documentation

@patrykkopycinski @kibanamachine
[CI] Harden Defend Workflows VM provisioning (elastic#254354)
6dc0788 
## Summary

Fixes Defend Workflows Cypress CI failures caused by VirtualBox kernel
module not being loaded on CI agents. The CI image ships with VirtualBox
7.0.x, but recent GCP kernel updates (`6.17.0-1008-gcp`) break module
compilation for that version.

### Changes

**New: `ensure_virtualbox.sh`** — shared pre-flight script sourced by
all Defend Workflows CI scripts. It:
1. Checks if `VBoxManage --version` reports a healthy state (not just
exit code — parses output for "kernel module is not loaded" warning)
2. Attempts to load existing kernel modules (`modprobe vboxdrv`,
`/sbin/vboxconfig`)
3. If module build fails (kernel too new for VirtualBox 7.0.x), upgrades
to **VirtualBox 7.1** from Oracle's repo which supports newer kernels
4. Exports `VAGRANT_DEFAULT_PROVIDER=virtualbox` to skip Vagrant's
provider auto-discovery
5. Prints full diagnostics on failure (packages, kernel version, DKMS
status)

**Updated: `vm_services.ts`**
- `VAGRANT_DEFAULT_PROVIDER=virtualbox` set in vagrant env on CI (local
dev keeps VMware auto-discovery)
- Pre-flight disk space check

**Updated: `Vagrantfile`**
- Installs `unzip` via `apt-get` for provisioning

### Files changed
- `.buildkite/scripts/steps/functional/ensure_virtualbox.sh` (new)
- `.buildkite/scripts/steps/functional/defend_workflows*.sh` (4 files —
source ensure_virtualbox.sh)
- `x-pack/.../endpoint/common/vm_services.ts`
- `x-pack/.../endpoint/common/vagrant/Vagrantfile`

---------

Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
(cherry picked from commit 11333fb)
@kibanamachine kibanamachine added the backport This PR is a backport of another PR label Feb 23, 2026
@kibanamachine kibanamachine enabled auto-merge (squash) February 23, 2026 09:45
@kibanamachine kibanamachine mentioned this pull request Feb 23, 2026
Merged
@kibanamachine kibanamachine merged commit 6c00d51 into elastic:9.3 Feb 23, 2026
18 checks passed
@elasticmachine
Copy link
Copy Markdown
Contributor

elasticmachine commented Feb 23, 2026

💚 Build Succeeded

Metrics [docs]

Unknown metric groups

ESLint disabled line counts

id before after diff
securitySolution 706 705 -1

Total ESLint disabled count

id before after diff
securitySolution 811 810 -1

cc @patrykkopycinski

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] approved these changes

Assignees

@patrykkopycinski patrykkopycinski

Labels

backport This PR is a backport of another PR

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@kibanamachine @elasticmachine @patrykkopycinski