Open FedeDP opened 11 months ago
Copy all images used by the matrix (ie: https://github.com/falcosecurity/kernel-testing/blob/main/ansible-playbooks/group_vars/all/vars.yml#L18) under the falcosecurity dockerhub repo
Coolest thing we can do is to add a CI on kernel-testing repo to automatically push images to ghcr if needed after a new release. Right now, it is a bit hard because we haven't got any access to the arm64 node used for kernel-testing (it's self-hosted runner is linked to the libs repo), thus we are not able to build and push arm64 images natively. And pushing 6 "big" images using QEMU is going to take hours and hours.
Ideas for v3:
Related to the CI that pushes the images, it would be nice to cache those images on the runner for both docker and ignite. That would speed up the testing process.
I think that it would actually just work :tm: if we use the same nodes to push images and run the tests, right?
For the docker images, the answer is yes, but we need to remove the one cached by ignite and import the new ones.
First drivers release with matrixes attached: https://github.com/falcosecurity/libs/releases/tag/5.1.0%2Bdriver
Since ignite
has been archived, we:
Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale
.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close
.
Provide feedback via https://github.com/falcosecurity/community.
/lifecycle stale
/remove-lifecycle stale
So, https://github.com/falcosecurity/kernel-testing/pull/70 and https://github.com/falcosecurity/kernel-testing/pull/74 were merged and we now have:
main
tag, and $tag,latest
tags for releases. Moreover, build is also tested in PR when images/
subfolder is modified. See github packages for the repo (since images are pushed to ghcr): https://github.com/orgs/falcosecurity/packages?repo_name=kernel-testingI am currently:
Then, we will need to either fork ignite
and improve it to suit our needs, or switch to use flintlock
or find something else; moreover, we also rely on weaveworks/ignite-kernel:5.14.16
as kernel image for builders; given that weaveworks
is shutting down (https://news.ycombinator.com/item?id=39262650), we should probably either copy those images under falcosecurity or just use one of our kernel images.
Cache ignite root somehow (ie: only rebuild the ignite root used for the VMs when changes to dockerfiles are made); this would greatly speed up tests duration
Idea would be to let the kernel-testing repo access the cncf nodes, then:
CLEANUP
env, so that main
and $tag
images are already cached on the nodesansible-playbook cleanup-roots.yml && ansible-playbook generate-roots.yml
. We first cleanup existing roots, then generate the new one. After this, the main.yml
should avoid deleting/generating the roots each time.Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale
.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close
.
Provide feedback via https://github.com/falcosecurity/community.
/lifecycle stale
/remove-lifecycle stale
For caching, we could try to leverage actions/cache
somehow; cache limits for github actions is 10GB that should be enough, possibly: https://github.com/actions/cache?tab=readme-ov-file#cache-limits
Just a quick additional note: @FedeDP I'll get back to trying to also integrate the vagrant test VM loop end of June as we previously discussed, just FYI. I'll ping you to get access to the servers then.
See #1191
These are some improvements that need to land for kernel version testing framework.
Needed before "v1":
kernel-testing
repo)v2 stuff
drivers_test
executable instead of scap-open to also verify drivers correct behaviorupstream our ignite patch from https://github.com/therealbobo/igniteupstream project is archivedweaveworks/ignite-kernel:5.14.16
weaveworks/ubuntu-kernel:5.14.16
Future ideas