Failing to download prebuilt module

falcosecurity / test-infra

Falco workflow & testing infrastructure

https://prow.falco.org

Apache License 2.0

31 stars 109 forks source link

Failing to download prebuilt module #667

Closed jswoods closed 2 years ago

jswoods commented 2 years ago

I'm seeing this issue when starting falco:

* Looking for a falco module locally (kernel 5.4.181-99.354.amzn2.x86_64)
* Trying to download a prebuilt falco module from https://download.falco.org/driver/3aa7a83bf7b9e6229a3824e3fd1f4452d1e95cb4/falco_amazonlinux2_5.4.181-99.354.amzn2.x86_64_1.ko
curl: (22) The requested URL returned error: 404

However, it looks like this module was added as part of https://github.com/falcosecurity/test-infra/pull/657. According to https://github.com/falcosecurity/test-infra/tree/master/driverkit#faq, the final step after merging requires a make publish_s3. Perhaps this still needs to be done?

maxgio92 commented 2 years ago

Thanks for raising this issue @jswoods. We're going to give a check

someword commented 2 years ago

@maxgio92 - Any updates on this? People using AWS EKS AMIs (and possibly other AMIs with the same kernel) are not able to run falco because of the missing kernel module. Thanks!

maxgio92 commented 2 years ago

@someword after trying to download the prebuilt module, the build also fails? Thank you for your time and info

FedeDP commented 2 years ago

Hi! It seems only latest libs version drivers were built. You are not using Falco 0.31.1 right? It is a bug btw; this is the output from CI:

utils/checkfiles config/3aa7a83bf7b9e6229a3824e3fd1f4452d1e95cb4/amazonlinux2_5.4.181-99.354.amzn2.x86_64_1.yaml
DRIVERKIT=/bin/driverkit S3_DRIVERS_BUCKET="falco-distribution" S3_DRIVERS_KEY_PREFIX="driver" SKIP_EXISTING=true utils/build config/3aa7a83bf7b9e6229a3824e3fd1f4452d1e95cb4/amazonlinux2_5.4.181-99.354.amzn2.x86_64_1.yaml
[36mINFO[0m using config file                             [36mfile[0m=config/3aa7a83bf7b9e6229a3824e3fd1f4452d1e95cb4/amazonlinux2_5.4.181-99.354.amzn2.x86_64_1.yaml
[36mINFO[0m driver building, it will take a few seconds   [36mprocessor[0m=docker
[31mFATA[0m exiting                                       [31merror[0m="Error: No such container:path: 55b681f5729cf09ecb6e62c4e2c798aad44723123d3ba6408f8de911f35b7f98:/tmp/driver/module.ko"

EDIT: possibly a bug in driverkit 0.6.0?

FedeDP commented 2 years ago

Can confirm that driverkit@f876c8444c2d21cd41acaf639eed5e6dae84a631 works fine. I will have a look at it ;)

FedeDP commented 2 years ago

https://github.com/falcosecurity/driverkit/pull/132 fixes the issue.

someword commented 2 years ago

@someword after trying to download the prebuilt module, the build also fails? Thank you for your time and info

@maxgio92 - I had not changed the falco image tag so we were still using 0.30.0. But I have changed to 0.31.1 and the kernel module exists and falco now starts. Thanks for the help!

maxgio92 commented 2 years ago

Thanks @someword for your time!

maxgio92 commented 2 years ago

I think @FedeDP this issue can be considered closed. WDYT?

FedeDP commented 2 years ago

I think so! :rocket: