new: falcoctl driver loader by FedeDP · Pull Request #2905 · falcosecurity/falco

FedeDP · 2023-11-09T11:34:09Z

What type of PR is this?

/kind feature

Any specific area of the project related to this PR?

/area build

What this PR does / why we need it:

This PR drops old falco-driver-loader script in favor of new falcoctl driver command.

Which issue(s) this PR fixes:

Fixes #2675

Special notes for your reviewer:

This is wip because falcoctl's PR (falcosecurity/falcoctl#343) is still to be merged and this will need some more work.
I opened this one to give an idea of the final look.

Does this PR introduce a user-facing change?:

new!: dropped falco-driver-loader script in favor of new falcoctl driver command

FedeDP · 2023-11-09T11:34:27Z

cmake/modules/falcoctl.cmake

        falcoctl
-        URL "https://github.com/falcosecurity/falcoctl/releases/download/v${FALCOCTL_VERSION}/falcoctl_${FALCOCTL_VERSION}_${FALCOCTL_SYSTEM_NAME}_${FALCOCTL_SYSTEM_PROC_GO}.tar.gz"
-        URL_HASH "SHA256=${FALCOCTL_HASH}"
+        URL "https://github.com/falcosecurity/falcoctl/archive/555594a2860284947ff83eefd4bd9a5abc6e9fe1.zip"


Download zip from my own falcoctl PR.

FedeDP · 2023-11-09T11:34:43Z

docker/driver-loader-legacy/docker-entrypoint.sh

 done

-/usr/bin/falco-driver-loader "$@"
+/usr/bin/falcoctl driver config "$@"


This will need some more work, i am not sure what we want to do.

Same goes for other occurrences.

This will need some more work, i am not sure what we want to do.

What do you mean? what do we miss here?

Oh the parameters being passed to falco-driver-loader were surely different from the one being passed to falcoctl driver; also config might be wrong there, since we may want to let users decide which subcmd to invoke.

We decided to reimplement a similar switch logic to the one supported by falco-driver-loader (https://github.com/falcosecurity/falco/blob/master/scripts/falco-driver-loader#L752) managing each flag.

docker/no-driver/Dockerfile

FedeDP · 2023-11-09T11:35:49Z

scripts/debian/postinst.in

-# If needed, try to load/compile the driver through falco-driver-loader
+# If needed, try to load/compile the driver through falcoctl
+echo "[POST-INSTALL] Configure falcoctl driver type:"
+falcoctl driver config --type $chosen_driver


We now configure the desired driver type, and then build/download the driver using falcoctl.

FedeDP · 2023-11-09T11:36:09Z

scripts/falcoctl/falcoctl.yaml.in

falcoctl config file must now be configured properly.

leogr

Nice!

Just did a first look and left a few comments.

docker/no-driver/Dockerfile

docker/no-driver/Dockerfile.distroless

scripts/falcoctl/falcoctl.yaml.in

FedeDP · 2023-11-10T10:00:27Z

Note: once #2413 gets merged, this should be at least ready for local testing with the CI produced packages.

FedeDP · 2023-11-10T10:52:17Z

build-packages is failing with:

CMake Error at /__w/falco/falco/build/cmake_install.cmake:294 (file):
  file INSTALL cannot find
  "/__w/falco/falco/build/falcoctl-prefix/src/falcoctl/falcoctl": No such
  file or directory.

that is because our falcoctl.cmake file expects falcoctl releases (and is not able to build falcoctl from sources since it would add the huge dep on go), but is now pointing to a falcoctl commit hash zip file.
I would love to fix the CI to be able to test; perhaps we will need to tag a falcoctl alpha release once falcosecurity/falcoctl#343 is merged.

FedeDP · 2023-11-14T11:40:36Z

TODO:

once new: driver selection in falco.yaml #2413 is merged, update deb/rpm scripts using new chosen_driver names (ie: "kmod", "ebpf" and "modern-ebpf").
also, are per-driver systemd units still needed? Btw they should enforce a driver.kind, like -o driver.kind=kmod
-> we might want to deprecate current units and add a new falco@.service templated unit that enables the requested driver.

FedeDP · 2023-11-27T14:11:57Z

also, are per-driver systemd units still needed? Btw they should enforce a driver.kind, like -o driver.kind=kmod
-> we might want to deprecate current units and add a new falco@.service templated unit that enables the requested driver.

Done.
About the single unit (deprecating existing ones), i haven't got strong opinions.

FedeDP · 2023-11-27T14:12:14Z

We just need an alpha tag of falcoctl 0.7.0 to be tested within this PR.

FedeDP · 2023-11-27T15:34:10Z

Done: https://github.com/falcosecurity/falcoctl/releases/tag/v0.7.0-alpha1

FedeDP · 2023-11-29T16:34:16Z

falcosecurity/testing#34 + falcosecurity/testing#33 should allow test-dev-packages checks to pass fine.

FedeDP · 2023-12-01T12:49:56Z

The only failing test left is

TestFalcoLegacyBPF

that will be fixed by falcosecurity/testing#34

…coctl driver` command. Signed-off-by: Federico Di Pierro <nierro92@gmail.com>

FedeDP · 2023-12-06T09:39:57Z

cmake/modules/falcoctl.cmake

 string(TOLOWER ${CMAKE_HOST_SYSTEM_NAME} FALCOCTL_SYSTEM_NAME)

-set(FALCOCTL_VERSION "0.6.2")
+set(FALCOCTL_VERSION "0.7.0-alpha2")


Will need to bump to beta1 once it is out.

…onfig key. Signed-off-by: Federico Di Pierro <nierro92@gmail.com>

…nd `FALCOCTL_ENABLED` . Also, env variables always have precedence over dialog (ie: if they are set, we always skip dialog). Signed-off-by: Federico Di Pierro <nierro92@gmail.com>