chore(ansible-playbooks)!: get rid of ignite#101
Merged
poiana merged 22 commits intofalcosecurity:mainfrom Dec 3, 2025
Merged
Conversation
Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>
Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>
Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>
Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>
Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>
Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>
Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>
Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>
Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>
Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>
Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>
Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>
Spawn VMs with firecracker and populate inventory.ini with their IP addresses. Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>
In `bootstrap` role, use a `runtime` folder to store files produced at runtime. Moreover, use the `files` folder to store scripts and static files, as per ansible guidance. Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>
Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>
Move tap dev map computation and verification near to tap device creation task to reduce the race condition window. Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>
Unix socket path length is limited to 108 characters on Linux. This means that Firecracker could not be able to spawn VMs if the provided path length is bigger than that. To allow the socket path to be of a reasonable length, put it directly under /tmp, and use a combination of the run id and the machine name to define the file name. This should be ok for majority of applications. Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>
The following machines for unknown reasons, don't work, and prevent the ansible playbooks from working correctly: - `amazonlinux2-4.19` - `oraclelinux-3.10` - `ubuntu-4.15` Remove them until a solution or a replacement is found. Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>
`bootstrap`, `cleanup_up` and `common` roles are run through playbooks specifying `hosts: localhost`, so `delegate_to: localhost` statements are redudant. Get rid of them. Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>
Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>
Currently, the action ref is used as images tag. This requires images to be re-tagged every time a new release of this project is created. Split their functions by requiring the action user to provide an images tag as action input. Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>
0598880 to
d7668af
Compare
Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>
d7668af to
f19de65
Compare
Contributor
Author
|
I created falcosecurity/libs#2732 to test the new kernel testing framework in this PR. The following two job runs certify it works! |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: ekoops, therealbobo The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR gets rid of
ignite, as the project has been archived on Dec 7, 2023, and is no longer maintained.The new architecture details are explained in the new
architecture.mdfile. In a nutshell, we are now directly using firecracker and providing our own simple networking implementation.The PR adds a new
example_config_amd64.shscript, demonstrating how to install on the node any prerequisite to run the ansible playbooks.It also replaces some
makeinvocation with the correspondingcmakeones, and removes some redundantdelegate_to: localhost.Finally, it updates the provided action by mandating to specify an images tag to be used for retrieving kernel and rootfs images. Any action user must now specify the images tag, but can freely choose the action reference to be used in CI.
Please notice that the new implementation doesn't work well with the following machines:
amazonlinux2-4.19oraclelinux-3.10ubuntu-4.15For this reason, I temporarily commented them. In the future, we can come back to those 3 and try to fix them.