Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Tweaking SLES Builder #308

Merged
merged 6 commits into from
Dec 1, 2023
Merged

Tweaking SLES Builder #308

merged 6 commits into from
Dec 1, 2023

Conversation

EXONER4TED
Copy link
Contributor

What type of PR is this?

Uncomment one (or more) /kind <> lines:

/kind bug

/kind cleanup

/kind design

/kind documentation

/kind failing-test

/kind feature

Any specific area of the project related to this PR?

Uncomment one (or more) /area <> lines:

/area build

/area cmd

/area pkg

/area docs

/area tests

What this PR does / why we need it:

Tweaking the SLES builder to:

  1. match the OS ID (which is sles actually, when I thought it was just sle previously):
scwx-sles12-sp5:/ # cat /etc/os-release
NAME="SLES"
VERSION="12-SP5"
VERSION_ID="12.5"
PRETTY_NAME="SUSE Linux Enterprise Server 12 SP5"
ID="sles"
ANSI_COLOR="0;32"
CPE_NAME="cpe:/o:suse:sles:12:sp5"
  1. The SLES builder requires --net=host on the docker CLI at runtime to properly connect the container to the host for authentication. It's kind of odd, but more info can be found on it here: https://github.com/SUSE/container-suseconnect

For using "pay as you go" images in public clouds for SUSE, the OS will authenticate to SUSE mirrors automatically. Any container on the host will see this authentication as well automatically with the containerbuild-regionsrv service. However, for any of that to work, the container must run in host network mode.

Which issue(s) this PR fixes:

Fixes # N/A

Special notes for your reviewer:
I'm only halfway certain this will work, so more PR's may be needed after this one if it doesn't work. Currently in a bit of a trial/error on the authentication for SLES, but this change should be harmless since I'm only catching the SLES target type (which doesn't really work anyway currently).

Does this PR introduce a user-facing change?:

Nope

NONE

@poiana poiana added kind/bug Something isn't working dco-signoff: yes area/pkg labels Dec 1, 2023
@poiana poiana requested review from FedeDP and Lowaiz December 1, 2023 03:44
@EXONER4TED EXONER4TED marked this pull request as draft December 1, 2023 03:53
@EXONER4TED EXONER4TED marked this pull request as ready for review December 1, 2023 04:09
@poiana poiana requested a review from leodido December 1, 2023 04:09
FedeDP
FedeDP reviewed Dec 1, 2023
View reviewed changes
pkg/driverbuilder/docker.go Outdated
// check if on a sles target type, which requires docker to run with `--net=host` for builder images to work
// for more info, see the suse container connect README: https://github.com/SUSE/container-suseconnect
var netMode = container.NetworkMode("default")
if b.TargetType == "sles" {
Copy link
Contributor

@FedeDP FedeDP Dec 1, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would add a new builders interface (Network mode() string) and only implement in for sles builder instead.
Here we can just check

if vv, ok := v.(NetworkModder); ok {
  NetMode = vv.NetworkMode()
}

I think it is more elegant and future proof this way because all the builder knowledge will belong to the builder specific source file.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This makes way more sense 🙂 I just removed the if and set the default network mode to "default", but it can be overridden in an individual builder. Then the hostConfig just has:

NetworkMode: container.NetworkMode(b.BuilderImageNetworkMode),

Let me know if you'd like it a different way or want the functions moved around. I put the default function in builders.go

@EXONER4TED
netmode interface
2955526 
Signed-off-by: Logan Bond <[email protected]>
@poiana poiana added size/L and removed size/M labels Dec 1, 2023
@EXONER4TED EXONER4TED mentioned this pull request Dec 1, 2023
Merged
@EXONER4TED
simplify the check
026cce7 
Signed-off-by: Logan Bond <[email protected]>
@poiana poiana added size/M and removed size/L labels Dec 1, 2023
FedeDP
FedeDP approved these changes Dec 1, 2023
View reviewed changes
Copy link
Contributor

@FedeDP FedeDP left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/approve

@poiana poiana added the lgtm label Dec 1, 2023
@poiana
Copy link

poiana commented Dec 1, 2023

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: EXONER4TED, FedeDP

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@poiana
Copy link

poiana commented Dec 1, 2023

LGTM label has been added.

Git tree hash: 479e5d2529f69acf0de785c262b0494997ef10ba

@poiana poiana merged commit ba598bc into falcosecurity:master Dec 1, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@FedeDP FedeDP FedeDP approved these changes

@Lowaiz Lowaiz Awaiting requested review from Lowaiz

@leodido leodido Awaiting requested review from leodido

Assignees

@FedeDP FedeDP

Labels
approved area/pkg dco-signoff: yes kind/bug Something isn't working lgtm size/M
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@EXONER4TED @poiana @FedeDP