Closed FedeDP closed 1 year ago
Note: points 1-3 are partially solved by https://github.com/alacuku/e2e-falco-tests, a PoC repo created for this very same reason.
It just needs minor updates and changes (as of now, the repo expects the drivers_test
binary to be copied to microvms; instead, we need to clone and build scap-open
and drivers inside the vms).
So, in the near future (ie: this week and the next one) the aim is to provide new images to be tested and implement the new Ansible tasks to build drivers and scap-open
on each of them.
Once we reach:
We will need to:
See the donation proposal for @alacuku repo: https://github.com/falcosecurity/evolution/issues/282
Status update: we were able to test on both x86 and aarch64 metal nodes the current https://github.com/alacuku/e2e-falco-tests implementation; it works fine. @therealbobo is working on adding more and more images to our matrix grid + has forked ignite repo to add a small patch: https://github.com/therealbobo/ignite; @alacuku has worked on improving its e2e-falco-tests repo, by improving the main playbook making it much more customizable and implementing a scap-open playbook that builds drivers + scap-open and tests all 3 drivers with scap-open, see: https://github.com/alacuku/e2e-falco-tests/blob/main/scap-open-test.yml and its role: https://github.com/alacuku/e2e-falco-tests/blob/main/roles/scap-open-test/tasks/main.yml.
With this, what we still need is to add a github action self-hosted runner on our nodes, and build the CI. Finally, we also need to improve the output matrix UX :)
/assign @FedeDP :heart:
Hey since friday, we have github pages support for the kernel test matrix :) It looks awesome IMHO! See: https://alacuku.github.io/e2e-falco-tests/
I am going to move all the CI + gh pages stuff to libs push: master
very soon, even today hopefully; so that when we finally donate the alacuku/e2e-falco-tests
repository to falcosecurity, we have already everything in place and we only need a couple of small fixes (namely: change the repository name being cloned in CI actions/checkout
!).
I will move remaining tasks to a new tracking issue!
This issue will serve as a tracker for the implementation of the "Kernel Version Testing" framework for the Falco libs. The framework aims to test the compatibility of the drivers (kmod, bpf, and the modern bpf) across different kernels and distributions by running
scap-open
anddrivers_test
functions. The testing environment will leverage Firecracker microVMs with OCI artifacts for storing kernels and images. The entire testing process will be orchestrated using an Ansible playbook, and the output will be a Markdown matrix detailing the test results.It is, for all intents and purposes, an implementation of the detailed proposal merged ~ a week ago: https://github.com/falcosecurity/libs/blob/master/proposals/20230530-driver-kernel-testing-framework.md
Tasks
Set up Firecracker microVMs:
Implement OCI artifact storage:
falcosecurity/drivers_testing_{kernel,rootfs}
)Design and implement the Ansible playbook:
Generate the Markdown matrix:
Integration with CI/CD pipeline:
First Impl (ETA end of July)
Given all of the above, first implementation should be considered done when:
scap-open
to validate the drivers build and bpf verifiersSecond iteration
drivers_test
executable instead ofscap-open
to also verify drivers correct behaviorIdeas
Additional Notes
Please use this issue to track the progress of individual tasks related to the implementation of the Kernel Version Testing framework. Update the task checkboxes as you make progress, and provide relevant details, code snippets, or documentation in the comments.
Feel free to ask any questions or seek clarification regarding the tasks!