Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add RPM packaging #9092

Closed
wants to merge 7 commits into from
Closed

Add RPM packaging #9092

wants to merge 7 commits into from

Conversation

tsg
Copy link
Contributor

@tsg tsg commented Nov 15, 2018
edited
Loading

This adds support for programmatically reading the list of RPM packages. The previous version was using exec (called the rpm binary), but we'd like to keep Auditbeat exec free, because execs are currently blocked by seccomp, as a security feature.

Using the model from Journalbeat, the new code uses dlopen get the relevant C functions and calls them using CGo. This means that librpm is not a hard dependency, but only for when this functionality is needed.

Ready for reviews, but there's a couple of things left to do:

  • Figure out cross-compiling during mage package (we need librpm-devel).
  • Figure out how to run the test in a Redhat enviromnent. There is a unit test that checks that the RPM output is the same as the one from exec-ing the rpm commmand, but that test is skipped on on non-Redhat systems. Currently, we run all tests in a Debian based docker image.

Part of #8725.

@tsg tsg requested review from cwurm and andrewkroh November 15, 2018 11:03
@tsg tsg added the SecOps label Nov 15, 2018
@elasticmachine
Copy link
Collaborator

Pinging @elastic/secops

andrewkroh
andrewkroh reviewed Nov 15, 2018
View reviewed changes
x-pack/auditbeat/module/system/packages/rpm_common.go Outdated Show resolved Hide resolved
x-pack/auditbeat/module/system/packages/rpm_linux.go Outdated Show resolved Hide resolved
x-pack/auditbeat/module/system/packages/rpm_linux.go
}
var cFun cFunctions

librpm, err := dlopen.GetHandle(librpmNames)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This handle is never Closed().

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, it's not, but I cannot just add a defer because I cannot call the functions from it, it panics. It's currently a singleton so it exists only once per process. Putting it in the Metricset structure would be possible, but requires a bigger refactoring of the whole module. Let me know if you think it's worth doing it anyway.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That should be find then. I guess I missed the if cFun == nil check surrounding its usage.

x-pack/auditbeat/module/system/packages/rpm_linux.go Outdated Show resolved Hide resolved
x-pack/auditbeat/module/system/packages/rpm_common.go Outdated Show resolved Hide resolved
x-pack/auditbeat/module/system/packages/rpm_others.go Outdated Show resolved Hide resolved
x-pack/auditbeat/module/system/packages/rpm_linux.go Outdated Show resolved Hide resolved
@cwurm cwurm mentioned this pull request Nov 16, 2018
Closed
21 tasks
@tsg tsg force-pushed the add_rpm_packaging branch from 18606ec to 4579eb4 Compare November 27, 2018 11:26
andrewkroh
andrewkroh reviewed Nov 27, 2018
View reviewed changes
Copy link
Member

@andrewkroh andrewkroh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It should be good to merge after adding that platform filter to the magefile.go.

x-pack/auditbeat/module/system/packages/rpm_linux.go
}
var cFun cFunctions

librpm, err := dlopen.GetHandle(librpmNames)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That should be find then. I guess I missed the if cFun == nil check surrounding its usage.

auditbeat/magefile.go
"linux/ppc64le": installLinuxPPC64LE,
"linux/s390x": installLinuxS390X,

//"linux/ppc64": installLinuxPpc64,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A few lines up in init() add a filter to prevent mage package from attempting to build these targets.

mage.Platforms = mage.Platforms.Filter("!linux/ppc64 !linux/mips64")

This is similar to what journalbeat has but with the linux selector.

beats/journalbeat/magefile.go

Lines 35 to 38 in 1411852

func init() {
mage.BeatDescription = "Journalbeat ships systemd journal entries to Elasticsearch or Logstash."
mage.Platforms = mage.Platforms.Filter("linux !linux/ppc64 !linux/mips64")

@cwurm cwurm mentioned this pull request Dec 11, 2018
Merged
This was referenced Jan 16, 2019
Closed
Merged
This was referenced Jan 29, 2019
Closed
Merged
@cwurm
Copy link
Contributor

cwurm commented Jan 29, 2019

@tsg Package dataset is merged into master with #10225 - can you rebase this?

@tsg tsg mentioned this pull request Jan 30, 2019
Merged
@tsg
Copy link
Contributor Author

tsg commented Jan 30, 2019

Superseded by #10429

@tsg tsg closed this Jan 30, 2019
This was referenced Feb 1, 2019
Closed
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@houndci-bot houndci-bot houndci-bot left review comments

@andrewkroh andrewkroh andrewkroh left review comments

@cwurm cwurm Awaiting requested review from cwurm

Assignees
No one assigned
Labels
Auditbeat
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@tsg @elasticmachine @cwurm @andrewkroh @houndci-bot