diff --git a/.github/actions/setup-vm-creds/action.yml b/.github/actions/setup-vm-creds/action.yml new file mode 100644 index 0000000000..20e44bde67 --- /dev/null +++ b/.github/actions/setup-vm-creds/action.yml @@ -0,0 +1,109 @@ +name: Setup VM Credentials +description: | + This action will setup the runner with the necessary credentials to create and + interact with VMs + +inputs: + gcp-ssh-key: + description: + The SSH private key to use for GCP + gcp-ssh-key-pub: + description: + The SSH public key to use for GCP + s390x-ssh-key: + description: + The SSH private key to use for s390x + ppc64le-ssh-key: + description: + The SSH private key to use for ppc64le + ppc64le-ssh-key-pub: + description: + The SSH public key to use for ppc64le + s390x-key: + description: + The API key to use for s390x + ppc64le-key: + description: + The API key to use for ppc64le + redhat-username: + description: + The username for registering redhat servers + redhat-password: + description: + The password for registering redhat servers + vm-type: + description: + The type of VMs to be created + job-tag: + description: + Optional job tag to add to the ID +runs: + using: composite + steps: + - shell: bash + run: | + mkdir -p /tmp/secret/stackrox-collector-e2e-tests + cp "$GOOGLE_APPLICATION_CREDENTIALS" /tmp/secret/stackrox-collector-e2e-tests/GOOGLE_CREDENTIALS_COLLECTOR_SVC_ACCT + + mkdir -p "$HOME/.ssh" + chmod 0700 "$HOME/.ssh" + + function copy_secret_to_file() { + local secret="$1" + local destination="$2" + local perms="$3" + + echo "$secret" > "$destination" + chmod "$perms" "$destination" + } + + copy_secret_to_file "${{ inputs.gcp-ssh-key }}" "$HOME/.ssh/google_compute_engine" 0600 + copy_secret_to_file "${{ inputs.gcp-ssh-key-pub }}" "$HOME/.ssh/google_compute_engine.pub" 0600 + copy_secret_to_file "${{ inputs.s390x-ssh-key }}" "$HOME/.ssh/acs-s390x-rsa.prv" 0600 + copy_secret_to_file "${{ inputs.ppc64le-ssh-key }}" "$HOME/.ssh/acs-ppc64le-rsa.prv" 0600 + + ls -lah $HOME/.ssh/ + + - shell: bash + run: | + # + # JOB_ID is a little odd in that it needs to be unique per vm_type, + # but GHA's run_id is only unique per job. Appending the vm_type + # makes it fit our requirements... + # + # but wait, there's more + # + # the job id is used both as part of a GCP instance name and label, but + # also as a group name in ansible, which means it has some restrictions: + # + # - must be alpha-numeric + # - must not contain underscores (because of GCP) + # - must not contain hyphens (because of ansible) + # + # vm_type may contain hyphens, so the id is normalized below + # + JOB_ID="${{ github.run_id }}${{ inputs.vm-type }}${{ inputs.job-tag }}" + NORM_JOB_ID="${JOB_ID//-/}" + + { + echo "IBM_CLOUD_POWER_API_KEY=${{ inputs.ppc64le-key }}" + echo "IBM_CLOUD_S390X_API_KEY=${{ inputs.s390x-key }}" + echo "IBM_CLOUD_POWER_SSH_PUBLIC_KEY=${{ inputs.ppc64le-ssh-key-pub }}" + echo "JOB_ID=${NORM_JOB_ID}" + echo "BUILD_TYPE=ci" + echo "VM_TYPE=${{ inputs.vm-type }}" + echo "REDHAT_USERNAME=${{ inputs.redhat-username }}" + echo "REDHAT_PASSWORD=${{ inputs.redhat-password }}" + } >> "$GITHUB_ENV" + + - shell: bash + run: | + python -m pip install -r "${{ github.workspace }}/ansible/requirements.txt" + ansible-galaxy collection install -r "${{ github.workspace }}/ansible/requirements.yml" + ansible-galaxy collection install -r "${{ github.workspace }}/ansible/ansible-collections.yml" + + # Added workaround for ssh connection issue with power vm from ubuntu machine. + # Changing mtu works in resolving the issue + - shell: bash + run: sudo ifconfig eth0 mtu 1000 up + diff --git a/.github/workflows/collector-builder.yml b/.github/workflows/collector-builder.yml index dca30abff8..8c9b68b55f 100644 --- a/.github/workflows/collector-builder.yml +++ b/.github/workflows/collector-builder.yml @@ -11,11 +11,12 @@ on: outputs: collector-builder-tag: description: The builder tag used by the build - value: ${{ jobs.build-builder-image.outputs.collector-builder-tag || 'master' }} + value: ${{ jobs.build-builder-image.outputs.collector-builder-tag || '3.16.x-195-g8f32e71fad' }} env: COLLECTOR_TAG: ${{ inputs.collector-tag }} DEFAULT_BUILDER_TAG: 3.16.x-195-g8f32e71fad + ANSIBLE_CONFIG: ${{ github.workspace }}/ansible/ansible.cfg jobs: builder-needs-rebuilding: @@ -59,6 +60,7 @@ jobs: env: PLATFORM: linux/${{ matrix.arch }} + BUILD_TYPE: ci steps: - uses: actions/checkout@v3 @@ -71,6 +73,35 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v2 + - uses: actions/setup-python@v3 + with: + python-version: "3.10" + + - uses: 'google-github-actions/auth@v1' + with: + credentials_json: '${{ secrets.GOOGLE_CREDENTIALS_COLLECTOR_SVC_ACCT }}' + + - uses: 'google-github-actions/setup-gcloud@v1' + + - uses: ./.github/actions/setup-vm-creds + with: + gcp-ssh-key: ${{ secrets.GCP_SSH_KEY }} + gcp-ssh-key-pub: ${{ secrets.GCP_SSH_KEY_PUB }} + s390x-ssh-key: ${{ secrets.IBM_CLOUD_S390X_SSH_PRIVATE_KEY }} + ppc64le-ssh-key: ${{ secrets.IBM_CLOUD_POWER_SSH_PRIVATE_KEY }} + ppc64le-ssh-key-pub: ${{ secrets.IBM_CLOUD_POWER_SSH_PUBLIC_KEY }} + s390x-key: ${{ secrets.IBM_CLOUD_S390x_API_KEY }} + ppc64le-key: ${{ secrets.IBM_CLOUD_POWER_API_KEY }} + redhat-username: ${{ secrets.REDHAT_USERNAME }} + redhat-password: ${{ secrets.REDHAT_PASSWORD }} + vm-type: all + job-tag: builder + + - name: Create Build VMs + if: matrix.arch == 's390x' + run: | + make -C "${{ github.workspace }}/ansible" create-build-vms + - name: Define builder tag id: builder-tag run: | @@ -84,7 +115,7 @@ jobs: echo "COLLECTOR_BUILDER_TAG=${COLLECTOR_BUILDER_TAG}" >> "$GITHUB_ENV" echo "collector-builder-tag=${COLLECTOR_BUILDER_TAG}" >> "$GITHUB_OUTPUT" - - name: Create Ansible Vars (inc. secrets) + - name: Create ansible vars run: | { echo "---" @@ -92,21 +123,19 @@ jobs: echo "stackrox_io_password: ${{ secrets.QUAY_STACKROX_IO_RW_PASSWORD }}" echo "rhacs_eng_username: ${{ secrets.QUAY_RHACS_ENG_RW_USERNAME }}" echo "rhacs_eng_password: ${{ secrets.QUAY_RHACS_ENG_RW_PASSWORD }}" + echo "collector_git_ref: ${{ github.ref }}" + echo "collector_git_sha: ${{ github.sha }}" + echo "collector_builder_tag: ${{ env.COLLECTOR_BUILDER_TAG }}" } > ${{ github.workspace }}/ansible/secrets.yml - if [[ "${RUNNER_DEBUG}" == "1" ]]; then - echo "ANSIBLE_STDOUT_CALLBACK=debug" >> "${GITHUB_ENV}" - fi - - name: Build images if: | github.event_name == 'push' || matrix.arch == 'amd64' || - contains(github.event.pull_request.labels.*.name, 'run-multiarch-builds') + (contains(github.event.pull_request.labels.*.name, 'run-multiarch-builds') && matrix.arch != 's390x') timeout-minutes: 480 run: | ansible-galaxy install -r ansible/requirements.yml - ansible-playbook \ --connection local \ -i localhost, \ @@ -115,6 +144,24 @@ jobs: -e @'${{ github.workspace }}/ansible/secrets.yml' \ ansible/ci-build-builder.yml + - name: Build s390x images + if: | + github.event_name == 'push' || + (contains(github.event.pull_request.labels.*.name, 'run-multiarch-builds') && matrix.arch == 's390x') + timeout-minutes: 480 + run: | + ansible-playbook \ + -i ansible/ci \ + -e build_hosts='job_id_${{ env.JOB_ID }}' \ + -e arch='${{ matrix.arch }}' \ + -e @'${{ github.workspace }}/ansible/secrets.yml' \ + ansible/ci-build-builder.yml + + - name: Destroy VMs + if: always() && matrix.arch == 's390x' + run: | + make -C ansible destroy-vms + create-multiarch-manifest: needs: - build-builder-image diff --git a/.github/workflows/collector-slim.yml b/.github/workflows/collector-slim.yml index aed651ddda..68c6a0b9cf 100644 --- a/.github/workflows/collector-slim.yml +++ b/.github/workflows/collector-slim.yml @@ -23,6 +23,7 @@ env: COLLECTOR_TAG: ${{ inputs.collector-tag }} COLLECTOR_BUILDER_TAG: ${{ inputs.collector-builder-tag }} RHACS_ENG_IMAGE: quay.io/rhacs-eng/collector:${{ inputs.collector-tag }} + ANSIBLE_CONFIG: ${{ github.workspace }}/ansible/ansible.cfg jobs: build-collector-image: @@ -42,22 +43,52 @@ jobs: submodules: true - name: Set up QEMU - uses: docker/setup-qemu-action@v2 + uses: docker/setup-qemu-action@v3 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 + uses: docker/setup-buildx-action@v3 + + - uses: actions/setup-python@v3 + with: + python-version: "3.10" + + - uses: 'google-github-actions/auth@v1' + with: + credentials_json: '${{ secrets.GOOGLE_CREDENTIALS_COLLECTOR_SVC_ACCT }}' + + - uses: 'google-github-actions/setup-gcloud@v1' + + - uses: ./.github/actions/setup-vm-creds + with: + gcp-ssh-key: ${{ secrets.GCP_SSH_KEY }} + gcp-ssh-key-pub: ${{ secrets.GCP_SSH_KEY_PUB }} + s390x-ssh-key: ${{ secrets.IBM_CLOUD_S390X_SSH_PRIVATE_KEY }} + ppc64le-ssh-key: ${{ secrets.IBM_CLOUD_POWER_SSH_PRIVATE_KEY }} + ppc64le-ssh-key-pub: ${{ secrets.IBM_CLOUD_POWER_SSH_PUBLIC_KEY }} + s390x-key: ${{ secrets.IBM_CLOUD_S390x_API_KEY }} + ppc64le-key: ${{ secrets.IBM_CLOUD_POWER_API_KEY }} + redhat-username: ${{ secrets.REDHAT_USERNAME }} + redhat-password: ${{ secrets.REDHAT_PASSWORD }} + vm-type: all + job-tag: builder + + - name: Create Build VMs + if: matrix.arch == 's390x' + run: | + make -C "${{ github.workspace }}/ansible" create-build-vms - name: Checks PR, main and release branches run: | if [[ "${{ github.event_name }}" == 'pull_request' ]]; then echo "COLLECTOR_APPEND_CID=true" >> "$GITHUB_ENV" + echo "TRACE_SINSP_EVENTS=1" >> "$GITHUB_ENV" if [[ "${{ contains(github.event.pull_request.labels.*.name, 'address-sanitizer') }}" == "true" ]]; then echo "ADDRESS_SANITIZER=true" >> "$GITHUB_ENV" fi fi - - name: Create Ansible Vars (inc. secrets) + - name: Create ansible vars run: | { echo "---" @@ -65,31 +96,57 @@ jobs: echo "stackrox_io_password: ${{ secrets.QUAY_STACKROX_IO_RW_PASSWORD }}" echo "rhacs_eng_username: ${{ secrets.QUAY_RHACS_ENG_RW_USERNAME }}" echo "rhacs_eng_password: ${{ secrets.QUAY_RHACS_ENG_RW_PASSWORD }}" + echo "collector_git_ref: ${{ github.ref }}" + echo "collector_git_sha: ${{ github.sha }}" + echo "collector_builder_tag: ${{ env.COLLECTOR_BUILDER_TAG }}" + echo "disable_profiling: ${{ matrix.arch != 'amd64' && matrix.arch != 'arm64' }}" + echo "rhacs_eng_image: ${{ env.RHACS_ENG_IMAGE }}" + echo "collector_image: ${{ inputs.collector-image }}" + echo "collector_tag: ${{ inputs.collector-tag }}" } > ${{ github.workspace }}/ansible/secrets.yml - if [[ "${RUNNER_DEBUG}" == "1" ]]; then - echo "ANSIBLE_STDOUT_CALLBACK=debug" >> "${GITHUB_ENV}" - fi + - name: Authenticate with GCP + uses: 'google-github-actions/auth@v1' + with: + credentials_json: '${{ secrets.GOOGLE_CREDENTIALS_COLLECTOR_SVC_ACCT }}' + + - name: Setup GCP + uses: 'google-github-actions/setup-gcloud@v1' - name: Build images if: | github.event_name == 'push' || matrix.arch == 'amd64' || - contains(github.event.pull_request.labels.*.name, 'run-multiarch-builds') + (contains(github.event.pull_request.labels.*.name, 'run-multiarch-builds') && matrix.arch != 's390x') timeout-minutes: 480 run: | - ansible-galaxy install -r ansible/requirements.yml ansible-playbook \ --connection local \ -i localhost, \ --limit localhost \ - -e collector_image='${{ inputs.collector-image }}' \ -e arch='${{ matrix.arch }}' \ - -e disable_profiling="${{ matrix.arch != 'amd64' && matrix.arch != 'arm64' }}" \ + -e @'${{ github.workspace }}/ansible/secrets.yml' \ + ansible/ci-build-collector.yml + + - name: Build s390x image + if: | + github.event_name == 'push' || + (contains(github.event.pull_request.labels.*.name, 'run-multiarch-builds') && matrix.arch == 's390x') + timeout-minutes: 480 + run: | + ansible-playbook \ + -i ansible/ci \ + -e arch='${{ matrix.arch }}' \ + -e build_hosts='job_id_${{ env.JOB_ID }}' \ -e @'${{ github.workspace }}/ansible/secrets.yml' \ ansible/ci-build-collector.yml env: - ANSIBLE_CONFIG: ansible/ansible.cfg + VM_TYPE: rhel-s390x + + - name: Destroy Build VMs + if: always() && matrix.arch == 's390x' + run: | + make -C ansible destroy-vms create-multiarch-manifest: needs: diff --git a/.github/workflows/integration-tests-vm-type.yml b/.github/workflows/integration-tests-vm-type.yml index d5ed0159bc..1c4d0e7975 100644 --- a/.github/workflows/integration-tests-vm-type.yml +++ b/.github/workflows/integration-tests-vm-type.yml @@ -36,29 +36,10 @@ on: default: "" jobs: - run: + tests: + name: Testing ${{ inputs.vm_type }} runs-on: ubuntu-latest env: - # - # JOB_ID is a little odd in that it needs to be unique per vm_type, - # but GHA's run_id is only unique per job. Appending the vm_type - # makes it fit our requirements... - # - # but wait, there's more - # - # the job id is used both as part of a GCP instance name and label, but - # also as a group name in ansible, which means it has some restrictions: - # - # - must be alpha-numeric - # - must not contain underscores (because of GCP) - # - must not contain hyphens (because of ansible) - # - # vm_type may contain hyphens, so the id is normalized below - # - JOB_ID: ${{ github.run_id }}${{ inputs.vm_type }}${{ inputs.job-tag }} - GCP_SSH_KEY_FILE: ~/.ssh/GCP_SSH_KEY - BUILD_TYPE: ci - VM_TYPE: "${{ inputs.vm_type }}" COLLECTOR_IMAGE: quay.io/rhacs-eng/collector:${{ inputs.collector-tag }} COLLECTOR_QA_TAG: ${{ inputs.collector-qa-tag }} TEST_IMAGE: quay.io/rhacs-eng/qa-multi-arch:collector-tests-${{ inputs.collector-tag }} @@ -68,16 +49,11 @@ jobs: - uses: actions/setup-go@v3 with: go-version: '1.19' # to match the requirement in the integration tests + - uses: actions/setup-python@v3 with: python-version: "3.10" - - name: Install python dependencies - run: python -m pip install -r ansible/requirements.txt - - - name: Install ansible dependencies - run: ansible-galaxy collection install -r ansible/ansible-collections.yml - - name: Authenticate with GCP uses: 'google-github-actions/auth@v1' with: @@ -86,80 +62,21 @@ jobs: - name: Setup GCP uses: 'google-github-actions/setup-gcloud@v1' - - name: Copy creds files - run: | - # Temporary compatibility with OSCI - mkdir -p /tmp/secret/stackrox-collector-e2e-tests - cp "$GOOGLE_APPLICATION_CREDENTIALS" /tmp/secret/stackrox-collector-e2e-tests/GOOGLE_CREDENTIALS_COLLECTOR_SVC_ACCT - - mkdir -p "$HOME/.ssh" - chmod 0700 "$HOME/.ssh" - - function copy_secret_to_file() { - local secret="$1" - local destination="$2" - local perms="$3" - - echo "$secret" > "$destination" - chmod "$perms" "$destination" - } - - copy_secret_to_file "$GCP_SSH_KEY" "$HOME/.ssh/GCP_SSH_KEY" 0600 - copy_secret_to_file "$GCP_SSH_KEY_PUB" "$HOME/.ssh/GCP_SSH_KEY.pub" 0600 - copy_secret_to_file "$IBM_S390X_SSH_KEY" "$HOME/.ssh/acs-sshkey_rsa.prv" 0600 - - if [[ '${{ inputs.vm_type }}' =~ ppc64le ]]; then - copy_secret_to_file "$IBM_PPC64LE_SSH_KEY" "$HOME/.ssh/acs-sshkey_rsa.prv" 0600 - fi - env: - GCP_SSH_KEY: ${{ secrets.GCP_SSH_KEY }} - GCP_SSH_KEY_PUB: ${{ secrets.GCP_SSH_KEY_PUB }} - IBM_S390X_SSH_KEY: ${{ secrets.IBM_CLOUD_S390X_SSH_PRIVATE_KEY }} - IBM_PPC64LE_SSH_KEY: ${{ secrets.IBM_CLOUD_POWER_SSH_PRIVATE_KEY }} - - - name: Set environment - run: | - NORM_JOB_ID="${JOB_ID//-/}" - echo "JOB_ID=${NORM_JOB_ID}" | tee -a "$GITHUB_ENV" - - if [[ '${{ contains(github.event.pull_request.labels.*.name, 'integration-tests-trace-logging') }}' == 'true' ]]; then - echo "COLLECTOR_LOG_LEVEL=trace" | tee -a "$GITHUB_ENV" - fi - - if [[ '${{ inputs.vm_type }}' =~ s390x ]]; then - { - echo "IC_API_KEY=${{ secrets.IBM_CLOUD_S390X_API_KEY }}" - echo "IC_REGION=ca-tor" - } >> "${GITHUB_ENV}" - fi - - if [[ '${{ inputs.vm_type }}' =~ ppc64le ]]; then - { - echo "IC_API_KEY=${{ secrets.IBM_CLOUD_POWER_API_KEY }}" - echo "IC_REGION=osa" - echo "IC_ZONE=osa21" - echo "IBM_CLOUD_POWER_SSH_PUBLIC_KEY=${{ secrets.IBM_CLOUD_POWER_SSH_PUBLIC_KEY }}" - } >> "${GITHUB_ENV}" - fi - - if [[ '${{ inputs.vm_type }}' =~ rhel ]]; then - { - echo "REDHAT_USERNAME=${{ secrets.REDHAT_USERNAME }}" - echo "REDHAT_PASSWORD=${{ secrets.REDHAT_PASSWORD }}" - } >> "${GITHUB_ENV}" - fi - - if [[ "${RUNNER_DEBUG}" == "1" ]]; then - echo "ANSIBLE_STDOUT_CALLBACK=debug" >> "${GITHUB_ENV}" - fi - - # Workaround for ssh connection issue with power vm from ubuntu machine. - # Changing mtu works in resolving the issue - - name: Set MTU for Power VMs - if: ${{ contains(inputs.vm_type, 'ppc64le') }} - run: sudo ifconfig eth0 mtu 1000 up - - - name: Create VMs + - uses: ./.github/actions/setup-vm-creds + with: + gcp-ssh-key: ${{ secrets.GCP_SSH_KEY }} + gcp-ssh-key-pub: ${{ secrets.GCP_SSH_KEY_PUB }} + s390x-ssh-key: ${{ secrets.IBM_CLOUD_S390X_SSH_PRIVATE_KEY }} + ppc64le-ssh-key: ${{ secrets.IBM_CLOUD_POWER_SSH_PRIVATE_KEY }} + ppc64le-ssh-key-pub: ${{ secrets.IBM_CLOUD_POWER_SSH_PUBLIC_KEY }} + s390x-key: ${{ secrets.IBM_CLOUD_S390x_API_KEY }} + ppc64le-key: ${{ secrets.IBM_CLOUD_POWER_API_KEY }} + redhat-username: ${{ secrets.REDHAT_USERNAME }} + redhat-password: ${{ secrets.REDHAT_PASSWORD }} + vm-type: ${{ inputs.vm_type }} + job-tag: ${{ inputs.job-tag }} + + - name: Create Test VMs if: ${{ ! inputs.run-benchmarks }} run: | make -C "${{ github.workspace }}/ansible" create-ci-vms diff --git a/.github/workflows/integration-tests.yml b/.github/workflows/integration-tests.yml index 944242a59c..021755b717 100644 --- a/.github/workflows/integration-tests.yml +++ b/.github/workflows/integration-tests.yml @@ -84,6 +84,26 @@ jobs: job-tag: ${{ inputs.job-tag }} secrets: inherit + s390x-integration-tests: + uses: ./.github/workflows/integration-tests-vm-type.yml + if: contains(github.event.pull_request.labels.*.name, 'run-multiarch-builds') || github.event_name == 'push' + with: + vm_type: rhel-s390x + collector-tag: ${{ inputs.collector-tag }} + collector-qa-tag: ${{ inputs.collector-qa-tag }} + job-tag: ${{ inputs.job-tag }} + secrets: inherit + + ppc64le-integration-tests: + uses: ./.github/workflows/integration-tests-vm-type.yml + if: contains(github.event.pull_request.labels.*.name, 'run-multiarch-builds') || github.event_name == 'push' + with: + vm_type: rhel-ppc64le + collector-tag: ${{ inputs.collector-tag }} + collector-qa-tag: ${{ inputs.collector-qa-tag }} + job-tag: ${{ inputs.job-tag }} + secrets: inherit + notify: runs-on: ubuntu-latest if: always() && contains(join(needs.*.result, ','), 'failure') && github.event_name == 'push' @@ -91,6 +111,7 @@ jobs: - amd64-required-integration-tests - amd64-all-integration-tests - arm64-integration-tests + - s390x-integration-tests steps: - name: Slack notification uses: rtCamp/action-slack-notify@v2 diff --git a/ansible/Makefile b/ansible/Makefile index 791c6f072f..4dd9511653 100644 --- a/ansible/Makefile +++ b/ansible/Makefile @@ -1,3 +1,6 @@ +BASE_PATH = ./.. +include ../Makefile-constants.mk + ifeq ($(BUILD_TYPE), ci) CONTEXT=ci else @@ -66,6 +69,13 @@ create-ci-vms: --tags setup,provision \ integration-tests.yml +.PHONY: create-build-vms +create-build-vms: + ansible-playbook -i $(CONTEXT) \ + -e job_id="$(JOB_ID)" \ + --tags setup,provision \ + ci-create-build-vms.yml + .PHONY: vm-local-dev vm-local-dev: ansible-playbook -i $(CONTEXT) \ diff --git a/ansible/ansible.cfg b/ansible/ansible.cfg index 701e93eacf..1997769950 100644 --- a/ansible/ansible.cfg +++ b/ansible/ansible.cfg @@ -1,5 +1,5 @@ [defaults] -stdout_callback=selective +stdout_callback=debug stderr_callback=debug display_skipped_hosts=false host_key_checking=False @@ -7,4 +7,4 @@ remote_tmp = /tmp/ansible forks = 20 [ssh_connection] -ssh_args = -C -o ControlMaster=auto -o ControlPersist=60s -o ServerAliveInterval=30 -o ServerAliveCountMax=10 +ssh_args = -o StrictHostKeyChecking=no -C -o ControlMaster=auto -o ControlPersist=60s -o ServerAliveInterval=30 -o ServerAliveCountMax=10 diff --git a/ansible/ci-build-builder.yml b/ansible/ci-build-builder.yml index a09ecdbd3c..98fb9ef5ef 100644 --- a/ansible/ci-build-builder.yml +++ b/ansible/ci-build-builder.yml @@ -1,16 +1,28 @@ --- - name: Build and push collector image - hosts: all + hosts: "{{ build_hosts | default('all') }}" environment: BUILD_BUILDER_IMAGE: "true" - COLLECTOR_BUILDER_TAG: "{{ ansible_env.COLLECTOR_BUILDER_TAG }}" - PLATFORM: "{{ ansible_env.PLATFORM }}" + COLLECTOR_BUILDER_TAG: "{{ collector_builder_tag }}" + PLATFORM: "linux/{{ arch }}" + + vars: + collector_root: "{{ ansible_env.HOME }}/collector" tasks: + - name: Clone repository + ansible.builtin.git: + repo: https://github.com/stackrox/collector + dest: "{{ collector_root }}" + version: "{{ collector_git_sha }}" + refspec: "+{{ collector_git_ref | replace('refs/', '') }}" + recursive: true + when: arch == "s390x" + - name: Build the collector builder image community.general.make: - chdir: "{{ lookup('env', 'GITHUB_WORKSPACE') }}" + chdir: "{{ ansible_env.GITHUB_WORKSPACE | default(collector_root) }}" target: builder - name: Retag collector builder image to arch specific diff --git a/ansible/ci-build-collector-full.yml b/ansible/ci-build-collector-full.yml index 3259fd256d..8bd347cd17 100644 --- a/ansible/ci-build-collector-full.yml +++ b/ansible/ci-build-collector-full.yml @@ -19,7 +19,7 @@ - name: Build full image when: - build_full_image - - arch != 'arm64' + - arch != 'arm64' and arch != 'ppc64le' and arch != 's390x' block: - name: Calculate required layers shell: @@ -46,7 +46,7 @@ source: build - name: Retag slim image - when: not build_full_image or arch == 'arm64' + when: not build_full_image or arch == 'arm64' or arch == 'ppc64le' or arch == 's390x' block: - name: Retag slim image community.docker.docker_image: diff --git a/ansible/ci-build-collector.yml b/ansible/ci-build-collector.yml index b1938e65d7..19a9c0b690 100644 --- a/ansible/ci-build-collector.yml +++ b/ansible/ci-build-collector.yml @@ -1,22 +1,35 @@ --- - name: Build and push collector image - hosts: all + hosts: "{{ build_hosts | default('all') }}" environment: - COLLECTOR_BUILDER_TAG: "{{ ansible_env.COLLECTOR_BUILDER_TAG }}" - PLATFORM: "{{ ansible_env.PLATFORM }}" - COLLECTOR_TAG: "{{ ansible_env.COLLECTOR_TAG }}" + COLLECTOR_BUILDER_TAG: "{{ collector_builder_tag }}" + PLATFORM: "linux/{{ arch }}" + COLLECTOR_TAG: "{{ collector_tag }}" DISABLE_PROFILING: "{{ disable_profiling }}" + vars: + collector_root: "{{ ansible_env.HOME }}/collector" + tasks: + - debug: var=collector_root + - name: Clone repository + ansible.builtin.git: + repo: https://github.com/stackrox/collector + dest: "{{ collector_root }}" + version: "{{ collector_git_sha }}" + refspec: "+{{ collector_git_ref | replace('refs/', '') }}" + recursive: true + when: arch == "s390x" + - name: Run the builder image community.general.make: - chdir: "{{ lookup('env', 'GITHUB_WORKSPACE') }}" + chdir: "{{ ansible_env.GITHUB_WORKSPACE | default(collector_root) }}" target: start-builder - name: Build the collector image community.general.make: - chdir: "{{ lookup('env', 'GITHUB_WORKSPACE') }}" + chdir: "{{ ansible_env.GITHUB_WORKSPACE | default(collector_root) }}" target: image register: build_result # ensure this action is printed @@ -61,14 +74,14 @@ - name: Push slim to quay.io/rhacs-eng community.docker.docker_image: name: "{{ collector_image }}-{{ arch }}-slim" - repository: "{{ ansible_env.RHACS_ENG_IMAGE }}-{{ arch }}-slim" + repository: "{{ rhacs_eng_image }}-{{ arch }}-slim" push: true source: local - name: Push base to quay.io/stackrox-io community.docker.docker_image: name: "{{ collector_image }}-{{ arch }}-slim" - repository: "{{ ansible_env.RHACS_ENG_IMAGE }}-{{ arch }}-base" + repository: "{{ rhacs_eng_image }}-{{ arch }}-base" push: true source: local @@ -78,8 +91,8 @@ - "Pushed the following images:" - " {{ collector_image }}-{{ arch }}-slim" - " {{ collector_image }}-{{ arch }}-base" - - " {{ ansible_env.RHACS_ENG_IMAGE }}-{{ arch }}-slim" - - " {{ ansible_env.RHACS_ENG_IMAGE }}-{{ arch }}-base" + - " {{ rhacs_eng_image }}-{{ arch }}-slim" + - " {{ rhacs_eng_image }}-{{ arch }}-base" tags: [print_action] - name: Logout of quay.io diff --git a/ansible/ci-create-build-vms.yml b/ansible/ci-create-build-vms.yml new file mode 100644 index 0000000000..34913b56c9 --- /dev/null +++ b/ansible/ci-create-build-vms.yml @@ -0,0 +1,24 @@ +--- +- name: Create Build VMs + hosts: localhost + tags: + - setup + tasks: + - name: Create VMs for each architecture + include_role: + name: create-all-vms + vars: + vm_list: + # s390x + rhel-s390x: "{{ virtual_machines['rhel-s390x'] }}" + +- name: Provision Build VMs + hosts: "job_id_{{ job_id }}" + roles: + - provision-vm + gather_facts: no + strategy: free + become: yes + tags: + - setup + - provision diff --git a/ansible/ci/group_vars/all.yml b/ansible/ci/group_vars/all.yml index dab7be66c1..26bac086e1 100644 --- a/ansible/ci/group_vars/all.yml +++ b/ansible/ci/group_vars/all.yml @@ -15,4 +15,4 @@ gcp_default_labels: stackrox-ci: "true" ibm_output_inventory_file: "{{ lookup('env', 'PWD') }}/ci/inventory_ibmcloud.yml" -ibm_disk_size: 10 +ibm_disk_size: 32 diff --git a/ansible/ci/inventory_gcp.yml b/ansible/ci/inventory_gcp.yml index ab2b58af0c..b258005cc2 100644 --- a/ansible/ci/inventory_gcp.yml +++ b/ansible/ci/inventory_gcp.yml @@ -18,6 +18,8 @@ keyed_groups: - prefix: vm_arch key: labels.vm_arch +groups: + gcp: true auth_kind: serviceaccount service_account_file: /tmp/secret/stackrox-collector-e2e-tests/GOOGLE_CREDENTIALS_COLLECTOR_SVC_ACCT hostnames: diff --git a/ansible/dev/inventory_gcp.yml b/ansible/dev/inventory_gcp.yml index d0c6ffaaa0..20338647a4 100644 --- a/ansible/dev/inventory_gcp.yml +++ b/ansible/dev/inventory_gcp.yml @@ -19,6 +19,8 @@ keyed_groups: - prefix: vm_arch key: labels.vm_arch +groups: + gcp: true auth_kind: application hostnames: - name diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml index e3acd8d94a..9b523abc1b 100644 --- a/ansible/group_vars/all.yml +++ b/ansible/group_vars/all.yml @@ -1,15 +1,12 @@ --- gcp_ssh_key_file: "{{ lookup('env', 'GCP_SSH_KEY_FILE', default='~/.ssh/google_compute_engine') }}" -ibmcloud_ssh_key_file: "{{ lookup('env', 'IBMCLOUD_SSH_KEY_FILE', default='~/.ssh/acs-sshkey_rsa.prv') }}" current_user: "{{ lookup('env', 'USER') }}" test_platform: "{{ lookup('env', 'VM_TYPE', default='rhel') }}" collector_root: "{{ playbook_dir }}/.." collector_repo: "quay.io/stackrox-io" -ansible_ssh_private_key_file: "{{ virtual_machines[test_platform].ssh_key_file | default(gcp_ssh_key_file) }}" - # These control the container runtime used on the VMs. # They can be overridden in platform-specific group_vars files runtime_command: docker @@ -23,8 +20,6 @@ excluded_pairs: # e.g. - ['ubuntu-1804-lts', 'core_bpf'] # This can be removed once we have downloadable s390x eBPF drivers - [ 'rhel-8-6-s390x', 'ebpf' ] - # Also exclude Power & core_bpf, since it is currently unsupported - - [ 'p', 'core_bpf' ] # No ebpf support for arm... Yet...? - [ 'rhel-9-arm64', 'ebpf' ] - [ 'ubuntu-2004-lts-arm64', 'ebpf' ] @@ -34,6 +29,9 @@ excluded_pairs: # eBPF on Garden Linux is not supported. - [ 'garden-linux', 'ebpf' ] + - [ 'p', 'ebpf' ] + - [ 'rhel-8-6-s390x', 'ebpf' ] + virtual_machines: rhel: project: rhel-cloud @@ -51,7 +49,7 @@ virtual_machines: rhel-s390x: project: rhel-s390x-cloud arch: s390x - ssh_key_file: "{{ ibmcloud_ssh_key_file }}" + ssh_key_file: "~/.ssh/acs-s390x-rsa.prv" families: - rhel-8-6-s390x @@ -60,7 +58,7 @@ virtual_machines: rhel-ppc64le: project: rhel-ppc64le-cloud arch: ppc64le - ssh_key_file: "{{ ibmcloud_ssh_key_file }}" + ssh_key_file: "~/.ssh/acs-ppc64le-rsa.prv" families: - p diff --git a/ansible/group_vars/gcp.yml b/ansible/group_vars/gcp.yml new file mode 100644 index 0000000000..1688e931c6 --- /dev/null +++ b/ansible/group_vars/gcp.yml @@ -0,0 +1,3 @@ +--- + +ansible_private_key_file: "{{ gcp_ssh_key_file }}" diff --git a/ansible/requirements.yml b/ansible/requirements.yml index 58569acb20..67b8ceb7f4 100644 --- a/ansible/requirements.yml +++ b/ansible/requirements.yml @@ -2,3 +2,4 @@ collections: - community.general - community.docker +- ibm.cloudcollection diff --git a/ansible/roles/create-all-vms/tasks/by-family.yml b/ansible/roles/create-all-vms/tasks/by-family.yml index 230b9f96a1..50c0ca5d16 100644 --- a/ansible/roles/create-all-vms/tasks/by-family.yml +++ b/ansible/roles/create-all-vms/tasks/by-family.yml @@ -1,8 +1,24 @@ --- +- include_vars: ppc64le.yml +- include_vars: s390x.yml + +- set_fact: + arch: "{{ item.0.value.arch | default('amd64') }}" + +- set_fact: + ibm_env: "{{ s390x.env }}" + when: arch == 's390x' + +- set_fact: + ibm_env: "{{ ppc64le.env }}" + when: arch == 'ppc64le' + - name: Create VMs From Family include_role: name: create-vm + apply: + environment: "{{ ibm_env | default({}) }}" vars: vm_name: "{{ gcp_instance_prefix }}-{{ normalized_collection_method }}-{{ item.1 }}-{{ job_id }}" vm_project: "{{ item.0.value.project }}" @@ -12,5 +28,6 @@ vm_collection_method: "{{ collection_method | default('any') | replace('-', '_') }}" vm_available_zones: "{{ gcp_available_zones }}" vm_ignition: "{{ item.0.value.ignition | default({}) }}" - vm_arch: "{{ item.0.value.arch | default('amd64') }}" + vm_arch: "{{ arch }}" vm_machine_type: "{{ item.0.value.machine_type | default('e2-standard-2') }}" + vm_ssh_key_file: "{{ item.0.value.ssh_key_file | default(gcp_ssh_key_file) }}" diff --git a/ansible/roles/create-all-vms/tasks/by-image.yml b/ansible/roles/create-all-vms/tasks/by-image.yml index bae8fe357c..21595eef35 100644 --- a/ansible/roles/create-all-vms/tasks/by-image.yml +++ b/ansible/roles/create-all-vms/tasks/by-image.yml @@ -26,3 +26,4 @@ vm_ignition: "{{ item.0.value.ignition | default({}) }}" vm_arch: "{{ item.0.value.arch | default('amd64') }}" vm_machine_type: "{{ item.0.value.machine_type | default('e2-standard-2') }}" + vm_ssh_key_file: "{{ item.0.value.ssh_key_file | default(gcp_ssh_key_file) }}" diff --git a/ansible/roles/create-vm/tasks/create-ppc64le-vm.yml b/ansible/roles/create-vm/tasks/create-ppc64le-vm.yml index 39ac98ccfc..b46ef686aa 100644 --- a/ansible/roles/create-vm/tasks/create-ppc64le-vm.yml +++ b/ansible/roles/create-vm/tasks/create-ppc64le-vm.yml @@ -142,8 +142,9 @@ groups: - job_id_{{ job_id }} - platform_{{ test_platform }} + - vm_arch_ppc64le ansible_ssh_extra_args: -o StrictHostKeyChecking=no - ansible_ssh_private_key_file: "~/.ssh/acs-sshkey_rsa.prv" + ansible_ssh_private_key_file: "{{ vm_ssh_key_file }}" vm_config: "{{ vm_config }}" vm_image_family: "{{ vm_family }}" vm_collection_method: "{{ vm_collection_method }}" diff --git a/ansible/roles/create-vm/tasks/create-s390x-vm.yml b/ansible/roles/create-vm/tasks/create-s390x-vm.yml index 66c25acf7c..0ba5e09b4b 100644 --- a/ansible/roles/create-vm/tasks/create-s390x-vm.yml +++ b/ansible/roles/create-vm/tasks/create-s390x-vm.yml @@ -57,8 +57,9 @@ groups: - job_id_{{ job_id }} - platform_{{ test_platform }} + - vm_arch_s390x ansible_ssh_extra_args: "-o StrictHostKeyChecking=no" - ansible_ssh_private_key_file: "~/.ssh/acs-sshkey_rsa.prv" + ansible_ssh_private_key_file: "{{ vm_ssh_key_file }}" vm_config: "{{ vm_config }}" vm_image_family: "{{ vm_family }}" vm_collection_method: "{{ vm_collection_method }}" diff --git a/ansible/roles/create-vm/templates/ibm-cloud-inventory.j2 b/ansible/roles/create-vm/templates/ibm-cloud-inventory.j2 index cf788cb226..adf80a412f 100644 --- a/ansible/roles/create-vm/templates/ibm-cloud-inventory.j2 +++ b/ansible/roles/create-vm/templates/ibm-cloud-inventory.j2 @@ -4,7 +4,7 @@ {% for entry in entries if hostvars[entry].get('ibm_cloud_vm') %} {{ entry }}: ansible_user: root - ansible_ssh_private_key_file: {{ ansible_ssh_private_key_file }} + ansible_ssh_private_key_file: {{ hostvars[entry]['ansible_ssh_private_key_file'] }} ansible_host: {{ hostvars[entry]['ansible_host'] }} vm_config: {{ hostvars[entry]['vm_config'] }} vm_collection_method: {{ hostvars[entry]['vm_collection_method'] }} diff --git a/ansible/roles/destroy-vm/tasks/destroy-ppc64le-vm.yml b/ansible/roles/destroy-vm/tasks/destroy-ppc64le-vm.yml index 7b17558f8f..79d9d898e5 100644 --- a/ansible/roles/destroy-vm/tasks/destroy-ppc64le-vm.yml +++ b/ansible/roles/destroy-vm/tasks/destroy-ppc64le-vm.yml @@ -1,19 +1,12 @@ --- - -#Set fact that are required to destroy vsi instance + +# Set fact that are required to destroy vsi instance - set_fact: - region: "{{ lookup('env', 'IC_REGION') }}" - zone: "{{ lookup('env', 'IC_ZONE') }}" - pi_cloud_instance_id: "51a46537-a3a3-4e79-88ee-507feb47e7d0" hostname: "{{ inventory_hostname }}" - name: Get instance id by name delegate_to: localhost - environment: - IC_API_KEY: "{{ lookup('env', 'IC_API_KEY') }}" ibm.cloudcollection.ibm_pi_instance_info: - region: "{{ region }}" - zone: "{{ zone }}" pi_instance_name: "{{ hostname }}" pi_cloud_instance_id: "{{ pi_cloud_instance_id }}" failed_when: @@ -39,8 +32,6 @@ - name: Delete instance by id delegate_to: localhost ibm.cloudcollection.ibm_pi_instance: - region: "{{ region }}" - zone: "{{ zone }}" state: absent pi_cloud_instance_id: "{{ pi_cloud_instance_id }}" id: "{{ pi_instance.id }}" @@ -54,8 +45,6 @@ - name: Check for existing network delegate_to: localhost ibm.cloudcollection.ibm_pi_network_info: - region: "{{ region }}" - zone: "{{ zone }}" pi_network_name: "{{ hostname }}-network" pi_cloud_instance_id: "{{ pi_cloud_instance_id }}" failed_when: @@ -73,8 +62,6 @@ - name: Delete network delegate_to: localhost ibm.cloudcollection.ibm_pi_network: - region: "{{ region }}" - zone: "{{ zone }}" pi_cloud_instance_id: "{{ pi_cloud_instance_id }}" state: absent id: "{{ pi_network_id }}" @@ -85,8 +72,6 @@ - name: Check for existing SSH Key delegate_to: localhost ibm.cloudcollection.ibm_pi_key_info: - region: "{{ region }}" - zone: "{{ zone }}" pi_key_name: "{{ hostname }}-ssh-key" pi_cloud_instance_id: "{{ pi_cloud_instance_id }}" failed_when: @@ -104,8 +89,6 @@ - name: Delete SSH Key delegate_to: localhost ibm.cloudcollection.ibm_pi_key: - region: "{{ region }}" - zone: "{{ zone }}" pi_cloud_instance_id: "{{ pi_cloud_instance_id }}" state: absent pi_ssh_key: "{{ pi_ssh_key_existing_output.resource }}" @@ -122,4 +105,4 @@ path: '{{ ibm_output_inventory_file }}' state: absent retries: 5 - delay: 10 \ No newline at end of file + delay: 10 diff --git a/ansible/roles/destroy-vm/tasks/destroy-s390x-vm.yml b/ansible/roles/destroy-vm/tasks/destroy-s390x-vm.yml index b77581a7c4..3e454d4f0b 100644 --- a/ansible/roles/destroy-vm/tasks/destroy-s390x-vm.yml +++ b/ansible/roles/destroy-vm/tasks/destroy-s390x-vm.yml @@ -2,6 +2,9 @@ shell: hostname register: hostname +- debug: + var: hostname + - name: Check for existing VSI delegate_to: localhost ibm.cloudcollection.ibm_is_instance_info: @@ -46,4 +49,4 @@ delegate_to: localhost file: path: '{{ ibm_output_inventory_file }}' - state: absent \ No newline at end of file + state: absent diff --git a/ansible/roles/destroy-vm/tasks/main.yml b/ansible/roles/destroy-vm/tasks/main.yml index 649938b0ab..d7b9c9759e 100644 --- a/ansible/roles/destroy-vm/tasks/main.yml +++ b/ansible/roles/destroy-vm/tasks/main.yml @@ -1,5 +1,8 @@ --- +- include_vars: ppc64le.yml +- include_vars: s390x.yml + - name: Destroy GCP VM delegate_to: localhost google.cloud.gcp_compute_instance: @@ -13,9 +16,15 @@ when: vm_arch == "amd64" or vm_arch == "arm64" - name: Delete IBM Z VM - include_tasks: destroy-s390x-vm.yml + include_tasks: + file: destroy-s390x-vm.yml + apply: + environment: "{{ s390x.env }}" when: vm_arch == "s390x" - name: Delete IBM Power VSI - include_tasks: destroy-ppc64le-vm.yml + include_tasks: + file: destroy-ppc64le-vm.yml + apply: + environment: "{{ ppc64le.env }}" when: vm_arch == "ppc64le" diff --git a/ansible/roles/provision-vm/tasks/redhat.yml b/ansible/roles/provision-vm/tasks/redhat.yml index f1bb2573c2..1d6a769201 100644 --- a/ansible/roles/provision-vm/tasks/redhat.yml +++ b/ansible/roles/provision-vm/tasks/redhat.yml @@ -38,6 +38,8 @@ - docker-ce - docker-ce-cli - containerd.io + - git + - make state: latest update_cache: true diff --git a/ansible/roles/run-test-target/tasks/main.yml b/ansible/roles/run-test-target/tasks/main.yml index c049fa0962..721ff6d689 100644 --- a/ansible/roles/run-test-target/tasks/main.yml +++ b/ansible/roles/run-test-target/tasks/main.yml @@ -19,7 +19,7 @@ # which is quite significant for a specific test suite # (i.e. when testing during development) but is only # minor when running on CI - when: collector_test == 'ci-integration-tests' + when: collector_test == 'ci-integration-tests' and vm_arch == 'amd64' # # Separation of collection method is only possible with a separate diff --git a/ansible/roles/run-test-target/tasks/test-collection-method.yml b/ansible/roles/run-test-target/tasks/test-collection-method.yml index 5c2e2dacfa..0b63cc30de 100644 --- a/ansible/roles/run-test-target/tasks/test-collection-method.yml +++ b/ansible/roles/run-test-target/tasks/test-collection-method.yml @@ -76,6 +76,7 @@ -e IMAGE_FAMILY \ -e COLLECTOR_IMAGE \ -e COLLECTOR_QA_TAG \ + -e COLLECTOR_LOG_LEVEL \ {{ integration_tests_image }} \ {{ run_args }} -test.v 2>&1 environment: @@ -84,6 +85,7 @@ IMAGE_FAMILY: "{{ vm_image_family }}" COLLECTOR_IMAGE: "{{ collector_image }}" COLLECTOR_QA_TAG: "{{ lookup('env', 'COLLECTOR_QA_TAG', default=lookup('file', integration_tests_root + '/container/QA_TAG')) }}" + COLLECTOR_LOG_LEVEL: "{{ lookup('env', 'COLLECTOR_LOG_LEVEL', default='info') }}" register: test_result # ensure that this is printed tags: [print_action] diff --git a/ansible/roles/create-vm/vars/ppc64le.yml b/ansible/vars/ppc64le.yml similarity index 58% rename from ansible/roles/create-vm/vars/ppc64le.yml rename to ansible/vars/ppc64le.yml index c6447fa3d6..b91ad41a04 100644 --- a/ansible/roles/create-vm/vars/ppc64le.yml +++ b/ansible/vars/ppc64le.yml @@ -6,7 +6,15 @@ sys_type: s922 pi_image: "rhel-8.8-05102023" proc_type: shared processors: "0.25" -memory: "2" +memory: "6" storage_type: tier3 pi_cloud_instance_id: "51a46537-a3a3-4e79-88ee-507feb47e7d0" ssh_public_key: "{{ lookup('env', 'IBM_CLOUD_POWER_SSH_PUBLIC_KEY') }}" +api_key: "{{ lookup('env', 'IBM_CLOUD_POWER_API_KEY') }}" +region: osa + +ppc64le: + env: + IC_API_KEY: "{{ lookup('env', 'IBM_CLOUD_POWER_API_KEY') }}" + IC_REGION: osa + IC_ZONE: osa21 diff --git a/ansible/roles/create-vm/vars/s390x.yml b/ansible/vars/s390x.yml similarity index 85% rename from ansible/roles/create-vm/vars/s390x.yml rename to ansible/vars/s390x.yml index 0d98bc2282..eacf535be8 100644 --- a/ansible/roles/create-vm/vars/s390x.yml +++ b/ansible/vars/s390x.yml @@ -1,5 +1,6 @@ --- + s390x: #rhel-8-6-s390x vsi_image_id: r038-0d89bf54-c28f-4dc4-bec0-0f8e03a74de3 @@ -16,3 +17,7 @@ s390x: # vsi_resource_group: stackrox-ci-resource-group vsi_resource_group_id: 1a33a6a9bd6e498f8115e9b1064bfa97 disk_size: "{{ ibm_disk_size }}" + + env: + IC_API_KEY: "{{ lookup('env', 'IBM_CLOUD_S390X_API_KEY') }}" + IC_REGION: ca-tor diff --git a/collector/CMakeLists.txt b/collector/CMakeLists.txt index cb28034efd..67a9f197cb 100644 --- a/collector/CMakeLists.txt +++ b/collector/CMakeLists.txt @@ -123,10 +123,7 @@ set(DRIVER_DEVICE_NAME "${DRIVER_NAME}" CACHE STRING "Driver device name" FORCE) set(SCAP_HOST_ROOT_ENV_VAR_NAME "COLLECTOR_HOST_ROOT" CACHE STRING "Host root environment variable name" FORCE) -# ppc64le is not supported for the "modern" probe -if(NOT CMAKE_HOST_SYSTEM_PROCESSOR STREQUAL "ppc64le") - set(BUILD_LIBSCAP_MODERN_BPF ON CACHE BOOL "Enable modern bpf engine" FORCE) -endif() +set(BUILD_LIBSCAP_MODERN_BPF ON CACHE BOOL "Enable modern bpf engine" FORCE) set(MODERN_BPF_EXCLUDE_PROGS "^(openat2|ppoll|setsockopt|clone3|io_uring_setup|nanosleep)$" CACHE STRING "Set of syscalls to exclude from modern bpf engine " FORCE) diff --git a/collector/lib/HostHeuristics.cpp b/collector/lib/HostHeuristics.cpp index 9fdc50e630..5fe01bec86 100644 --- a/collector/lib/HostHeuristics.cpp +++ b/collector/lib/HostHeuristics.cpp @@ -27,11 +27,6 @@ class CollectionHeuristic : public Heuristic { // If we're configured to use eBPF with BTF, we try to be conservative // and fail instead of falling-back to ebpf. if (config.GetCollectionMethod() == CollectionMethod::CORE_BPF) { - if (kernel.machine == "ppc64le") { - CLOG(FATAL) << "CORE_BPF collection method is not supported on ppc64le. " - << "HINT: Change collection method to eBPF with collector.collectionMethod=EBPF."; - } - if (!host.HasBTFSymbols()) { CLOG(FATAL) << "Missing BTF symbols, core_bpf is not available. " << "They can be provided by the kernel when configured with DEBUG_INFO_BTF, " diff --git a/integration-tests/Dockerfile b/integration-tests/Dockerfile index c9a92c740b..000f4171c0 100644 --- a/integration-tests/Dockerfile +++ b/integration-tests/Dockerfile @@ -13,7 +13,7 @@ COPY go.* "$TEST_ROOT" WORKDIR "$TEST_ROOT" -RUN CGO_ENABLED=0 go test -tags bench -c -o collector-tests +RUN CGO_ENABLED=0 GOOS=linux GOARCH=$TARGETARCH go test -tags bench -c -o collector-tests FROM alpine:3.18