new: driver selection in falco.yaml#2413
Conversation
therealbobo
force-pushed
the
new/mode-in-config
branch
from
beef31d to
efc957c
Compare
|
Thank you for this! @therealbobo |
It could be a possible solution. However, how could that option interact with other ways to select the driver? Let's discuss it! |
|
I think that the driver selected in |
therealbobo
force-pushed
the
new/mode-in-config
branch
from
efc957c to
4723660
Compare
|
Issues go stale after 90d of inactivity. Mark the issue as fresh with Stale issues rot after an additional 30d of inactivity and eventually close. If this issue is safe to close now please do so with Provide feedback via https://github.com/falcosecurity/community. /lifecycle stale |
|
/reopen /remove-lifecycle stale |
|
@FedeDP: Reopened this PR. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
/milestone 0.37.0 |
|
We actually need this for the shiny new falco-driver-loader integrated inside falcoctl: falcosecurity/falcoctl#327 |
|
I'd suggest a rebase, and then:
Imho config option should always take precedence over deprecated cmdline/env var, since otherwise falcoctl would not be able to correctly instrument the right driver for Falco. /cc @leogr |
FedeDP
force-pushed
the
new/mode-in-config
branch
from
ef38a9f to
7b39c8e
Compare
leogr
left a comment
leogr
left a comment
There was a problem hiding this comment.
Love this. It's a huge improvement, and we will finally get a bit of consistency across our configuration. So, first of all, a big thanks to @therealbobo, @Andreagit97, and @FedeDP 👏
The implementation is already good. I've just left some comments about minor issues I've found when reviewing.
Other than that, I want to ensure that a warning message is printed to the user any time a deprecated option is used (either command line or config). I've already identified a corner case (see my comment below) and I think another similar corner case can happen if the user modified both the old and the new field in the configuration file.
Ping me privately, I can provide more details if needed.
| // at least one change in the default config we don't allow to use the command line options. | ||
| if(s.config->m_changes_in_engine_config) | ||
| { | ||
| return run_result::ok(); |
There was a problem hiding this comment.
I'm fine with this behavior. However, I don't like silently ignoring deprecated options here (users may not get what's happening).
So, when the user mistakenly uses BOTH the command line flag AND change the config, we should print something like:
The '-g,--gvisor-config' command line option is deprecated and will be removed in Falco version 0.38. Note that this option is ineffective when 'engine' settings are specified via the configuration file.
There was a problem hiding this comment.
I'd add a single log, something like:
if(s.config->m_changes_in_engine_config)
{
falco_logger::log(falco_logger::level::WARNING,
"Since the new 'engine' config key is being used, deprecated CLI options "
"[-e,-g,--gvisor-config,--nodriver,--modern-bpf] and FALCO_BPF_PROBE environment variable will be ignored.\n");
return run_result::ok();
There was a problem hiding this comment.
Added in latest commit; example output:
Thu Nov 23 15:15:50 2023: Falco version: 0.37.0-146+9bf0565 (x86_64)
Thu Nov 23 15:15:50 2023: Falco initialized with configuration file: ../falco.yaml
Thu Nov 23 15:15:50 2023: Since the new 'engine' config key is being used, deprecated CLI options [-e,-g,--gvisor-config,--nodriver,--modern-bpf] and FALCO_BPF_PROBE environment variable will be ignored.
Thu Nov 23 15:15:50 2023: Loading rules from file ../rules/falco_rules.yaml
There was a problem hiding this comment.
Ok. I was thinking of printing the warning only if one of those options was used. But your solution is fine anyway 👍
|
|
||
| // If overridden from CLI options (soon to be removed), | ||
| // use the requested driver. | ||
| if (getenv(FALCO_BPF_ENV_VARIABLE)) |
There was a problem hiding this comment.
What will happen when this gets merged, and perhaps some of the users will use the same env var in the config 👇 ?
engine:
kind: kmod
kmod:
buf_size_preset: 4
drop_failed_exit: false
ebpf:
# path to the elf file to load.
probe: ${FALCO_BPF_PROBE}🤯
There was a problem hiding this comment.
Nothing, i mean the deprecated env variable takes precedence.
There was a problem hiding this comment.
Nothing, i mean the deprecated env variable takes precedence.
Will it print a warning even if it shouldn't? 🤔
There was a problem hiding this comment.
Yes it will print the newly introduced warning about the fact that FALCO_BPF_PROBE env variable will be ignored, and that is correct(since we won't directly use the env variable but the new config key that resolves to the env variable value)
There was a problem hiding this comment.
Oh i mis-read (i thought kind: bpf was in use). In this case, as i stated earlier, the deprecated env variable takes precedence (since the bpf kind configuration is not even parsed, because the kind is kmod).
No warning in this case (except for the FALCO_BPF_PROBE env var deprecation )
FedeDP
force-pushed
the
new/mode-in-config
branch
from
eb0689d to
a8749b6
Compare
Also, properly warn the user that deprecated CLI options will be ignored when the new `engine` configuration key is in use. Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
FedeDP
force-pushed
the
new/mode-in-config
branch
from
a8749b6 to
8f3edcc
Compare
These macros will be used by other files so we need to share them Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
|
LGTM label has been added. DetailsGit tree hash: f99a5c87c0a21f7dc134467c3c73787ba75ee22f |
leogr
left a comment
leogr
left a comment
There was a problem hiding this comment.
For sure we need to deeply test it, but LGTM at the moment!
Thank you'll!
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: Andreagit97, leogr, LucaGuerra, therealbobo The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Please see: falcosecurity/falco#2413. Signed-off-by: Aldo Lacuku <aldo@lacuku.eu>
Please see: falcosecurity/falco#2413. Signed-off-by: Aldo Lacuku <aldo@lacuku.eu>
Please see: falcosecurity/falco#2413. Signed-off-by: Aldo Lacuku <aldo@lacuku.eu>
Please see: falcosecurity/falco#2413. Signed-off-by: Aldo Lacuku <aldo@lacuku.eu>
Please see: falcosecurity/falco#2413. Signed-off-by: Aldo Lacuku <aldo@lacuku.eu>
Please see: falcosecurity/falco#2413. Signed-off-by: Aldo Lacuku <aldo@lacuku.eu>
7 participants
Signed-off-by: Roberto Scolaro roberto.scolaro21@gmail.com
What type of PR is this?
/kind feature
Any specific area of the project related to this PR?
What this PR does / why we need it:
It might be useful to configure the driver mode via the configuration file
falco.yamlWhich issue(s) this PR fixes:
Fixes #
Special notes for your reviewer:
Does this PR introduce a user-facing change?: