diff --git a/action.yml b/action.yml index 470a248..e11a7aa 100644 --- a/action.yml +++ b/action.yml @@ -14,6 +14,10 @@ inputs: description: 'Whether to generate matrixes as matrix_$architecture artifact' required: false default: 'false' + testexe: + description: 'Test executable to be run. One of scap-open or drivers-test' + required: false + default: 'scap-open' outputs: ansible_output: @@ -59,7 +63,7 @@ runs: working-directory: ${{ github.action_path }}/ansible-playbooks shell: bash run: | - ansible-playbook scap-open.yml --extra-vars "@vars.yml" || : + ansible-playbook ${{ inputs.testexe }}.yml --extra-vars "@vars.yml" || : - name: Tar output files shell: bash diff --git a/ansible-playbooks/build-scap-open.yml b/ansible-playbooks/build-scap-open.yml new file mode 100644 index 0000000..82c3faf --- /dev/null +++ b/ansible-playbooks/build-scap-open.yml @@ -0,0 +1,61 @@ +# Playbook used to build and distribute scap-open to all vms. + +- name: Build scap-open on designated builder + hosts: "centos-builder" + remote_user: "{{ user }}" + gather_facts: false + tasks: + - name: Copy bpf skeleton to centos builder + ansible.builtin.copy: + src: "/tmp/bpf_probe.skel.h" + dest: "/tmp" + mode: '0755' + + - name: Create cmake output dir + ansible.builtin.file: + path: "{{ remote_repos_folder }}/repos/{{ repos['libs'].name }}/build" + state: directory + mode: "0755" + register: cmake_result + + - name: Prepare cmake for repository + ansible.builtin.shell: + cmd: | + source /opt/rh/devtoolset-9/enable && + cmake \ + -DCMAKE_BUILD_TYPE=Release \ + -DBUILD_LIBSCAP_MODERN_BPF=ON \ + -DMODERN_BPF_SKEL_DIR=/tmp \ + -DBUILD_DRIVER=Off \ + -DBUILD_BPF=Off \ + -DBUILD_LIBSCAP_GVISOR=OFF \ + -DCREATE_TEST_TARGETS=Off \ + .. + chdir: "{{ remote_repos_folder }}/repos/{{ repos['libs'].name }}/build" + changed_when: false + register: cmake_result + + - name: Build scap-open with modern probe + ansible.builtin.shell: + cmd: source /opt/rh/devtoolset-9/enable && make scap-open -j {{ cpus }} + chdir: "{{ remote_repos_folder }}/repos/{{ repos['libs'].name }}/build" + changed_when: false + register: cmake_result + + - name: Fetch the scap-open binary + ansible.builtin.fetch: + src: "{{ remote_repos_folder }}/repos/{{ repos['libs'].name }}/build/libscap/examples/01-open/scap-open" + dest: "/tmp/" + flat: true + +- name: Play that distributes scap-open binary to VMs + hosts: "machines" + remote_user: "{{ user }}" + gather_facts: false + tasks: + - name: Copy scap-open binary to all VMs + ansible.builtin.copy: + src: "/tmp/scap-open" + dest: "/tmp" + mode: '0755' + become: false diff --git a/ansible-playbooks/build-skeleton.yml b/ansible-playbooks/build-skeleton.yml new file mode 100644 index 0000000..8bcbc96 --- /dev/null +++ b/ansible-playbooks/build-skeleton.yml @@ -0,0 +1,39 @@ +# Playbook used to build modern bpf skeleton. + +- name: Build bpf skeleton on designated builder VM + hosts: "fedora-builder" + remote_user: "{{ user }}" + gather_facts: false + tasks: + - name: Create cmake output dir + ansible.builtin.file: + path: "{{ remote_repos_folder }}/repos/{{ repos['libs'].name }}/skeleton-build" + state: directory + mode: "0755" + register: cmake_result + + - name: Prepare cmake for repository + ansible.builtin.command: + cmd: > + cmake + -DUSE_BUNDLED_DEPS=ON + -DBUILD_LIBSCAP_MODERN_BPF=ON + -DBUILD_LIBSCAP_GVISOR=OFF + -DCREATE_TEST_TARGETS=OFF + .. + chdir: "{{ remote_repos_folder }}/repos/{{ repos['libs'].name }}/skeleton-build" + changed_when: false + register: cmake_result + + - name: Build skeleton + ansible.builtin.command: + cmd: make ProbeSkeleton -j {{ cpus }} + chdir: "{{ remote_repos_folder }}/repos/{{ repos['libs'].name }}/skeleton-build" + changed_when: false + register: cmake_result + + - name: Fetch the skeleton file + ansible.builtin.fetch: + src: "{{ remote_repos_folder }}/repos/{{ repos['libs'].name }}/skeleton-build/skel_dir/bpf_probe.skel.h" + dest: /tmp/ + flat: true diff --git a/ansible-playbooks/drivers-test.yml b/ansible-playbooks/drivers-test.yml new file mode 100644 index 0000000..e8dd641 --- /dev/null +++ b/ansible-playbooks/drivers-test.yml @@ -0,0 +1,45 @@ +# Playbook used to run drivers_test role. +# Check the role for more information + +- name: Include build-skeleton playbook + import_playbook: build-skeleton.yml +- name: Include build-scap-open playbook + import_playbook: build-scap-open.yml + +# We need this since every VM is going to build its own drivers_test binary, +# because drivers_test is very tied to the kernel we are running on +# and must be built on each VM. +# To eventually (where supported) build drivers_test with modern_bpf support enabled, +# we need to pass the modern probe skeleton to each VM. +- name: Play that distributes modern bpf skeleton to VMs + hosts: "machines" + remote_user: "{{ user }}" + gather_facts: false + tasks: + - name: Copy bpf_probe.skel.h to all VMs + ansible.builtin.copy: + src: "/tmp/bpf_probe.skel.h" + dest: "/tmp" + mode: '0755' + become: false + +- name: Play that builds and runs drivers tests using drivers_test binary + hosts: "machines" + gather_facts: true + remote_user: "{{ user }}" + become: true + serial: 30 + roles: + - drivers_test + +- name: Remove artifacts from localhost + hosts: localhost + gather_facts: false + tasks: + - name: Remove artifacs + ansible.builtin.file: + path: "./roles/drivers_test/files/" + state: absent + with_items: + - "/tmp/scap-open" + - "/tmp/bpf_probe.skel.h" diff --git a/ansible-playbooks/roles/drivers_test/tasks/main.yml b/ansible-playbooks/roles/drivers_test/tasks/main.yml new file mode 100644 index 0000000..183a8c3 --- /dev/null +++ b/ansible-playbooks/roles/drivers_test/tasks/main.yml @@ -0,0 +1,217 @@ +--- +# tasks file for drivers_test +- name: Setting output directory for results + ansible.builtin.set_fact: + output_dest_dir: "{{ output_dir }}/drivers-test-test/{{ inventory_hostname }}" + +- name: Create output directory on localhost + become: false + delegate_to: localhost + block: + - name: Create output directory if it does not exist ({{ output_dir }}) + ansible.builtin.file: + path: "{{ output_dest_dir }}" + state: directory + mode: '0755' + +- name: Check Modern Bpf Support + block: + - name: Check modern-bpf support + ansible.builtin.command: + cmd: /tmp/scap-open --num_events 0 --modern_bpf + register: result + changed_when: false + rescue: + - name: Disable Modern Bpf support + ansible.builtin.set_fact: + modern_bpf_supported: false + when: result.rc == 95 + +- name: Check Old Bpf Support + block: + - name: Enable old Bpf support + ansible.builtin.set_fact: + bpf_supported: true + when: ansible_kernel is version(bpf_minimum_kver[ansible_architecture],'>=') + +- name: Prepare the build directory + block: + - name: Create cmake output dir + ansible.builtin.file: + path: "{{ remote_repos_folder }}/repos/{{ repos['libs'].name }}/build" + state: directory + mode: "0766" + register: cmake_result + + - name: Prepare cmake for repository + ansible.builtin.command: + cmd: > + cmake + -DUSE_BUNDLED_DEPS=ON + -DBUILD_LIBSCAP_MODERN_BPF={{ modern_bpf_supported }} + -DMODERN_BPF_SKEL_DIR=/tmp + -DBUILD_LIBSCAP_GVISOR=OFF + -DBUILD_BPF={{ bpf_supported }} + -DENABLE_DRIVERS_TESTS=On + -DCREATE_TEST_TARGETS=On + -DENABLE_IA32_TESTS=Off + -DSCAP_FILES_SUITE_ENABLE=Off + .. + chdir: "{{ remote_repos_folder }}/repos/{{ repos['libs'].name }}/build" + changed_when: false + register: cmake_result + rescue: + - name: Print error message to stdout --- build directory + ansible.builtin.debug: + var: cmake_result + always: + - name: Dump error message to file + ansible.builtin.copy: + content: "{{ cmake_result | to_nice_json }}" + dest: "{{ output_dest_dir }}/cmake-configure.json" + mode: '0755' + delegate_to: localhost + become: false + +- name: Build drivers_test binary + block: + - name: Build drivers_test + ansible.builtin.command: + cmd: make drivers_test -j {{ cpus }} + chdir: "{{ remote_repos_folder }}/repos/{{ repos['libs'].name }}/build" + register: dt_result + changed_when: false + rescue: + - name: Print error message to stdout --- drivers_test + ansible.builtin.debug: + var: dt_result + always: + - name: Dump error message to file + ansible.builtin.copy: + content: "{{ dt_result | to_nice_json }}" + dest: "{{ output_dest_dir }}/drivers_test_build.json" + mode: '0755' + delegate_to: localhost + become: false + +- name: Build and load the kernel module + block: + - name: Unload the kernel module + ansible.builtin.command: + cmd: rmmod driver/scap.ko + chdir: "{{ remote_repos_folder }}/repos/{{ repos['libs'].name }}/build" + failed_when: false + changed_when: false + + - name: Build kmod + ansible.builtin.command: + cmd: make driver -j {{ cpus }} + chdir: "{{ remote_repos_folder }}/repos/{{ repos['libs'].name }}/build" + register: km_result + changed_when: false + + - name: Load the kernel module + ansible.builtin.command: + cmd: insmod driver/scap.ko + chdir: "{{ remote_repos_folder }}/repos/{{ repos['libs'].name }}/build" + register: km_result + changed_when: false + rescue: + - name: Print error message to stdout --- kernel module + ansible.builtin.debug: + var: km_result + always: + - name: Dump error message to file + ansible.builtin.copy: + content: "{{ km_result | to_nice_json }}" + dest: "{{ output_dest_dir }}/kmod_build.json" + mode: '0755' + delegate_to: localhost + become: false + +- name: drivers_test + kernel module + block: + - name: Run drivers_test with kernel module + ansible.builtin.command: + cmd: ./test/drivers/drivers_test -k + chdir: "{{ remote_repos_folder }}/repos/{{ repos['libs'].name }}/build" + register: result + changed_when: false + rescue: + - name: Print error message to stdout -- drivers_test + kernel module + ansible.builtin.debug: + var: result + always: + - name: Dump error message to file + ansible.builtin.copy: + content: "{{ result | to_nice_json }}" + dest: "{{ output_dest_dir }}/kmod_drivers_test.json" + mode: '0755' + delegate_to: localhost + become: false + +- name: Build bpf probe + block: + - name: Build bpf probe + ansible.builtin.command: + cmd: make bpf -j {{ cpus }} + chdir: "{{ remote_repos_folder }}/repos/{{ repos['libs'].name }}/build" + register: bpf_probe_result + when: bpf_supported + changed_when: false + rescue: + - name: Print error message to stdout --- build bpf probe + ansible.builtin.debug: + var: bpf_probe_result + always: + - name: Dump error message to file + ansible.builtin.copy: + content: "{{ bpf_probe_result | to_nice_json }}" + dest: "{{ output_dest_dir }}/bpf-probe_build.json" + mode: '0755' + delegate_to: localhost + become: false + +- name: drivers_test + bpf probe + block: + - name: Run drivers_test with bpf probe + ansible.builtin.command: + cmd: ./test/drivers/drivers_test -b driver/bpf/probe.o + chdir: "{{ remote_repos_folder }}/repos/{{ repos['libs'].name }}/build" + register: result + when: bpf_supported + changed_when: false + rescue: + - name: Print error message to stdout --- drivers_test + bpf probe + ansible.builtin.debug: + var: result + always: + - name: Dump error message to file + ansible.builtin.copy: + content: "{{ result | to_nice_json }}" + dest: "{{ output_dest_dir }}/bpf-probe_drivers_test.json" + mode: '0755' + delegate_to: localhost + become: false + +- name: drivers_test + modern probe + block: + - name: Run drivers_test with modern-probe + ansible.builtin.command: + cmd: ./test/drivers/drivers_test -m + chdir: "{{ remote_repos_folder }}/repos/{{ repos['libs'].name }}/build" + register: result + when: modern_bpf_supported + changed_when: false + rescue: + - name: Print error message to stdout --- drivers_test + modern probe + ansible.builtin.debug: + var: result + always: + - name: Dump error message to file + ansible.builtin.copy: + content: "{{ result | to_nice_json }}" + dest: "{{ output_dest_dir }}/modern-bpf_drivers_test.json" + mode: '0755' + delegate_to: localhost + become: false diff --git a/ansible-playbooks/roles/drivers_test/vars/main.yml b/ansible-playbooks/roles/drivers_test/vars/main.yml new file mode 100644 index 0000000..c1d3acd --- /dev/null +++ b/ansible-playbooks/roles/drivers_test/vars/main.yml @@ -0,0 +1,6 @@ +--- +modern_bpf_supported: true +bpf_supported: false +bpf_minimum_kver: + aarch64: '4.17' + x86_64: '4.14' diff --git a/ansible-playbooks/scap-open.yml b/ansible-playbooks/scap-open.yml index 5207c8a..386e040 100644 --- a/ansible-playbooks/scap-open.yml +++ b/ansible-playbooks/scap-open.yml @@ -1,103 +1,10 @@ # Playbook used to run scap-open-test role. # Check the role for more information -- name: Build bpf skeleton on designated builder VM - hosts: "fedora-builder" - remote_user: "{{ user }}" - gather_facts: false - tasks: - - name: Create cmake output dir - ansible.builtin.file: - path: "{{ remote_repos_folder }}/repos/{{ repos['libs'].name }}/skeleton-build" - state: directory - mode: "0755" - register: cmake_result - - - name: Prepare cmake for repository - ansible.builtin.command: - cmd: > - cmake - -DUSE_BUNDLED_DEPS=ON - -DBUILD_LIBSCAP_MODERN_BPF=ON - -DBUILD_LIBSCAP_GVISOR=OFF - -DCREATE_TEST_TARGETS=OFF - .. - chdir: "{{ remote_repos_folder }}/repos/{{ repos['libs'].name }}/skeleton-build" - changed_when: false - register: cmake_result - - - name: Build skeleton - ansible.builtin.command: - cmd: make ProbeSkeleton -j {{ cpus }} - chdir: "{{ remote_repos_folder }}/repos/{{ repos['libs'].name }}/skeleton-build" - changed_when: false - register: cmake_result - - - name: Fetch the skeleton file - ansible.builtin.fetch: - src: "{{ remote_repos_folder }}/repos/{{ repos['libs'].name }}/skeleton-build/skel_dir/bpf_probe.skel.h" - dest: /tmp/ - flat: true - -- name: Build scap-open on designated builder - hosts: "centos-builder" - remote_user: "{{ user }}" - gather_facts: false - tasks: - - name: Copy bpf skeleton to centos builder - ansible.builtin.copy: - src: "/tmp/bpf_probe.skel.h" - dest: "/tmp" - mode: '0755' - - - name: Create cmake output dir - ansible.builtin.file: - path: "{{ remote_repos_folder }}/repos/{{ repos['libs'].name }}/build" - state: directory - mode: "0755" - register: cmake_result - - - name: Prepare cmake for repository - ansible.builtin.shell: - cmd: | - source /opt/rh/devtoolset-9/enable && - cmake \ - -DCMAKE_BUILD_TYPE=Release \ - -DBUILD_LIBSCAP_MODERN_BPF=ON \ - -DMODERN_BPF_SKEL_DIR=/tmp \ - -DBUILD_DRIVER=Off \ - -DBUILD_BPF=Off \ - -DBUILD_LIBSCAP_GVISOR=OFF \ - -DCREATE_TEST_TARGETS=Off \ - .. - chdir: "{{ remote_repos_folder }}/repos/{{ repos['libs'].name }}/build" - changed_when: false - register: cmake_result - - - name: Build scap-open with modern probe - ansible.builtin.shell: - cmd: source /opt/rh/devtoolset-9/enable && make scap-open -j {{ cpus }} - chdir: "{{ remote_repos_folder }}/repos/{{ repos['libs'].name }}/build" - changed_when: false - register: cmake_result - - - name: Fetch the scap-open binary - ansible.builtin.fetch: - src: "{{ remote_repos_folder }}/repos/{{ repos['libs'].name }}/build/libscap/examples/01-open/scap-open" - dest: "/tmp/" - flat: true - -- name: Play that distributes scap-open binary to VMs - hosts: "machines" - remote_user: "{{ user }}" - gather_facts: false - tasks: - - name: Copy scap-open binary to all VMs - ansible.builtin.copy: - src: "/tmp/scap-open" - dest: "/tmp" - mode: '0755' - become: false +- name: Include build-skeleton playbook + import_playbook: build-skeleton.yml +- name: Include build-scap-open playbook + import_playbook: build-scap-open.yml - name: Play that runs probes tests using scap-open binary hosts: "machines"