Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Run multiarch builds natively rather than via QEMU #1479

Closed
wants to merge 100 commits into from
Closed

Run multiarch builds natively rather than via QEMU #1479

wants to merge 100 commits into from

Conversation

Stringy
Copy link
Collaborator

@Stringy Stringy commented Dec 20, 2023

Description

This PR attempts to add ppc64le and arm64 to the existing native builds provided for s390x in #1448

@Stringy Stringy requested a review from a team as a code owner December 20, 2023 13:57
@Stringy Stringy added the run-multiarch-builds Run steps for non-x86 archs. label Dec 20, 2023
@Stringy Stringy force-pushed the giles/multiarch-native-builds branch from dfd2e05 to 165afea Compare December 20, 2023 14:14
@Stringy Stringy force-pushed the giles/multiarch-native-builds branch from 23b5bd2 to 8fd91f3 Compare January 2, 2024 11:20
erthalion and others added 26 commits January 3, 2024 08:31
@erthalion @Stringy
Use vanilla Falco
02c1229 
This change makes it so collector compiles and runs using upstream Falco
directly. There are a few minor tweaks still required in Falco itself,
but they are things that are either on their way to upstream or should
be real ease to upstream.

List of changes needed for vanilla to be compatible:
- Remove sinsp-wrapper and link directly to sinsp.
- Remove sinsp_filter_check_iface in favor of sinsp_filter_check.
- Use MINIMAL_BUILD instead of MINIMAL_BUILD_WITH_EBPF.
- Remove g_bpf_drop_syscalls.
- eBPF probe is compiled directly instead of via cmake.
@Molter73 @Stringy
Create fake proc dir from the integration test directly
150ad1a
@Molter73 @Stringy
Exclude container creation events from runc
2cba7ad
@Molter73 @Stringy
Cleanups + use falco 0.13.1
50c0eab 
Add uthash submodule
@Molter73 @Stringy
Move filtering higher in the chain
360c9fc
@Molter73 @Stringy
Mounts /sys/kernel/debug directly
8be9e85 
Fix locations for BTF symbols
@Molter73 @Stringy
Prevent unnecessary string copies
3db1e67
@erthalion @Stringy
Socket only fd
aeed652 
Configure build process to enable socket only fd optimization
@erthalion @Stringy
Specify interesting_subsys
7264dc2 
As an optimization, use only a certain subset of cgroup subsystems.
@erthalion @Stringy
Skip some cgroups to avoid overhead
9f2be56 
It could be expesinve to pass large cgroup names from the kernel to user
space.
@Molter73 @Stringy
Use precompiled builder for speeeeeeed
5e3520a
@erthalion @Stringy
Point to the latest Falco
e07c365
@Molter73 @Stringy
Build builder image
d77321f 
Needed to include the arm64 builder image
@erthalion @Stringy
Explicitly add procexit event
5161388 
One side effect of [1] is that procexit is not included by default
any more if ppm_sc is not empty. Which means to continue receiving
procexit we need to explicitly add it into the list of interesting
events. procexit is essential for memory management, as its handlers
perform threadinfo cache clean up.

[1]: falcosecurity/libs#1001
@erthalion @Stringy
Assert logging
4a445d8 
Turn on Falco assert logging for all build types. Make _DEBUG dependent
on the Debug build type, it would impact asserts logic when asserts
logging is disabled.
@erthalion @Stringy
Fix exit code in the debug mode
08f1f2e 
If CMAKE_BUILD_TYPE is debug, the condition for stripping the binary is
not invoked, and the resulting exit code is 1, stopping the build.
Ignore this branch and return exit code 0.
@Stringy
Fix falco main commit
61f438b
@erthalion @Stringy
Use vanilla Falco
c0c3ba0 
This change makes it so collector compiles and runs using upstream Falco
directly. There are a few minor tweaks still required in Falco itself,
but they are things that are either on their way to upstream or should
be real ease to upstream.

List of changes needed for vanilla to be compatible:
- Remove sinsp-wrapper and link directly to sinsp.
- Remove sinsp_filter_check_iface in favor of sinsp_filter_check.
- Use MINIMAL_BUILD instead of MINIMAL_BUILD_WITH_EBPF.
- Remove g_bpf_drop_syscalls.
- eBPF probe is compiled directly instead of via cmake.
@Molter73 @Stringy
Cleanups + use falco 0.13.1
374caac 
Add uthash submodule
@Molter73 @Stringy
Cleanups + use falco 0.13.1
b1025af 
Add uthash submodule
@Stringy
Lets try this again, shall we?
389b3e1
@Stringy
Rename multiarch-integration-tests to s390x-integration-tests, for si…
57c15e8 
…mplification and clarity
@Stringy
Inherit secrets in s390x tests
8b6567b
@Stringy
Pin arch in collector tests image build
8d5022f
@Stringy
Add ppc64le testing and reenable core-bpf
061c960
@Stringy
Possible fix to zero-size full images
bb44aa3
@Stringy Stringy force-pushed the giles/ppc64le-core-bpf-testing branch from 5528455 to dc521ae Compare January 3, 2024 08:54
erthalion and others added 19 commits January 3, 2024 11:01
@erthalion @Stringy
Use vanilla Falco
b60f0d7 
This change makes it so collector compiles and runs using upstream Falco
directly. There are a few minor tweaks still required in Falco itself,
but they are things that are either on their way to upstream or should
be real ease to upstream.

List of changes needed for vanilla to be compatible:
- Remove sinsp-wrapper and link directly to sinsp.
- Remove sinsp_filter_check_iface in favor of sinsp_filter_check.
- Use MINIMAL_BUILD instead of MINIMAL_BUILD_WITH_EBPF.
- Remove g_bpf_drop_syscalls.
- eBPF probe is compiled directly instead of via cmake.
@Molter73 @Stringy
Cleanups + use falco 0.13.1
1b0ca88 
Add uthash submodule
@Molter73 @Stringy
Cleanups + use falco 0.13.1
8e68248 
Add uthash submodule
@Stringy
Fix some mistakenly commited changes
6428f9e
@Stringy
Initial attempt at native s390x builds
a0323f3
@Stringy
Fix inventory downloading
a14b448
@Stringy
Consolidates ansible vars and fixes remote checkout
a7fad27
@Stringy
Attempt to build all multiarch platforms natively
01b5708
@Stringy
Forgot fcarm key
3a77db0
@Stringy
Switch to RHEL for arm
9ada78d
@Stringy
Cleanup ppc64le variables and playbooks
f0622db
@Stringy
Fix pi_name use in ppc64le VM creation
9f7f9c0
@Stringy
Missed pi_image
9c95e0c
@Stringy
Dont forget to refresh the inventory
5e26ee8
@Stringy
Some fixes; increase ppc64le size, fix gcp ssh keys
a2aac51
@Stringy
Better fix for private key
1992835
@Stringy
Switch to systemd_service for ppc64le flake
442432c
@Stringy
Attempt rescue for docker service, to help with power flake
b0ba0ef
@Stringy
Actually fix ppc64le provisioning now
fcb1444
@Stringy Stringy force-pushed the giles/multiarch-native-builds branch from 8fd91f3 to fcb1444 Compare January 3, 2024 11:17
Base automatically changed from giles/ppc64le-core-bpf-testing to mauro/use-falco-upstream January 3, 2024 13:56
Base automatically changed from mauro/use-falco-upstream to master January 5, 2024 07:46
@Stringy Stringy closed this Sep 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
run-multiarch-builds Run steps for non-x86 archs.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Stringy @erthalion @Molter73