Skip to content

Commit

Permalink
chore: small improvements plus added docs for new images Makefile env…
Browse files Browse the repository at this point in the history
… variables.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
  • Loading branch information
FedeDP authored and poiana committed Feb 6, 2024
1 parent d196486 commit f10873b
Show file tree
Hide file tree
Showing 4 changed files with 75 additions and 47 deletions.
6 changes: 4 additions & 2 deletions .github/workflows/reusable_build_images.yml
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,10 @@ jobs:
run: |
echo "TAG=${{ inputs.version }}" >> $GITHUB_ENV
- name: Set CLEANUP env var (CI only, because of limited disk space)
run: |
echo "CLEANUP=true" >> $GITHUB_ENV
- name: Build images
working-directory: ./images
run: |
Expand All @@ -65,5 +69,3 @@ jobs:
cat failed.txt
exit 1;
fi
63 changes: 33 additions & 30 deletions ansible-playbooks/group_vars/all/vars.yml
Original file line number Diff line number Diff line change
Expand Up @@ -13,44 +13,47 @@ user: root
# Images tag to be used.
tag: main

# Image repository to be used.
repo: "ghcr.io/falcosecurity/kernel-testing"

# Each machine entry requires the following fields
# name: the name given to the vm;
# kernel: reference to an OCI image containing a kernel;
# rootfs: reference to an OCI image used as base rootfs for the vm.
# arch: architecture of the kernel and base images. (x86_64/aarch64).
machines:
- {name: "amazonlinux2022-5.15", kernel: "ghcr.io/falcosecurity/kernel-testing/amazonlinux2022-kernel:5.15-x86_64-{{ tag }}", rootfs: "ghcr.io/falcosecurity/kernel-testing/amazonlinux2022-image:5.15-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length]
- {name: "amazonlinux2023-6.1", kernel: "ghcr.io/falcosecurity/kernel-testing/amazonlinux2023-kernel:6.1-x86_64-{{ tag }}", rootfs: "ghcr.io/falcosecurity/kernel-testing/amazonlinux2023-image:6.1-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length]
- {name: "amazonlinux2-4.19", kernel: "ghcr.io/falcosecurity/kernel-testing/amazonlinux2-kernel:4.19-x86_64-{{ tag }}", rootfs: "ghcr.io/falcosecurity/kernel-testing/amazonlinux2-image:4.19-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length]
- {name: "amazonlinux2-5.10", kernel: "ghcr.io/falcosecurity/kernel-testing/amazonlinux2-kernel:5.10-x86_64-{{ tag }}", rootfs: "ghcr.io/falcosecurity/kernel-testing/amazonlinux2-image:5.10-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length]
- {name: "amazonlinux2-5.15", kernel: "ghcr.io/falcosecurity/kernel-testing/amazonlinux2-kernel:5.15-x86_64-{{ tag }}", rootfs: "ghcr.io/falcosecurity/kernel-testing/amazonlinux2-image:5.15-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length]
- {name: "amazonlinux2-5.4", kernel: "ghcr.io/falcosecurity/kernel-testing/amazonlinux2-kernel:5.4-x86_64-{{ tag }}", rootfs: "ghcr.io/falcosecurity/kernel-testing/amazonlinux2-image:5.4-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length]
- {name: "archlinux-6.0", kernel: "ghcr.io/falcosecurity/kernel-testing/archlinux-kernel:6.0-x86_64-{{ tag }}", rootfs: "ghcr.io/falcosecurity/kernel-testing/archlinux-image:6.0-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length]
- {name: "archlinux-6.7", kernel: "ghcr.io/falcosecurity/kernel-testing/archlinux-kernel:6.7-x86_64-{{ tag }}", rootfs: "ghcr.io/falcosecurity/kernel-testing/archlinux-image:6.7-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length]
- {name: "centos-3.10", kernel: "ghcr.io/falcosecurity/kernel-testing/centos-kernel:3.10-x86_64-{{ tag }}", rootfs: "ghcr.io/falcosecurity/kernel-testing/centos-image:3.10-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length]
- {name: "centos-4.18", kernel: "ghcr.io/falcosecurity/kernel-testing/centos-kernel:4.18-x86_64-{{ tag }}", rootfs: "ghcr.io/falcosecurity/kernel-testing/centos-image:4.18-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length]
- {name: "centos-5.14", kernel: "ghcr.io/falcosecurity/kernel-testing/centos-kernel:5.14-x86_64-{{ tag }}", rootfs: "ghcr.io/falcosecurity/kernel-testing/centos-image:5.14-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length]
- {name: "fedora-5.17", kernel: "ghcr.io/falcosecurity/kernel-testing/fedora-kernel:5.17-x86_64-{{ tag }}", rootfs: "ghcr.io/falcosecurity/kernel-testing/fedora-image:5.17-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length]
- {name: "fedora-5.8", kernel: "ghcr.io/falcosecurity/kernel-testing/fedora-kernel:5.8-x86_64-{{ tag }}", rootfs: "ghcr.io/falcosecurity/kernel-testing/fedora-image:5.8-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length]
- {name: "fedora-6.2", kernel: "ghcr.io/falcosecurity/kernel-testing/fedora-kernel:6.2-x86_64-{{ tag }}", rootfs: "ghcr.io/falcosecurity/kernel-testing/fedora-image:6.2-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length]
- {name: "oraclelinux-3.10", kernel: "ghcr.io/falcosecurity/kernel-testing/oraclelinux-kernel:3.10-x86_64-{{ tag }}", rootfs: "ghcr.io/falcosecurity/kernel-testing/oraclelinux-image:3.10-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length]
- {name: "oraclelinux-4.14", kernel: "ghcr.io/falcosecurity/kernel-testing/oraclelinux-kernel:4.14-x86_64-{{ tag }}", rootfs: "ghcr.io/falcosecurity/kernel-testing/oraclelinux-image:4.14-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length]
- {name: "oraclelinux-5.15", kernel: "ghcr.io/falcosecurity/kernel-testing/oraclelinux-kernel:5.15-x86_64-{{ tag }}", rootfs: "ghcr.io/falcosecurity/kernel-testing/oraclelinux-image:5.15-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length]
- {name: "oraclelinux-5.4", kernel: "ghcr.io/falcosecurity/kernel-testing/oraclelinux-kernel:5.4-x86_64-{{ tag }}", rootfs: "ghcr.io/falcosecurity/kernel-testing/oraclelinux-image:5.4-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length]
- {name: "ubuntu-4.15", kernel: "ghcr.io/falcosecurity/kernel-testing/ubuntu-kernel:4.15-x86_64-{{ tag }}", rootfs: "ghcr.io/falcosecurity/kernel-testing/ubuntu-image:4.15-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length]
- {name: "ubuntu-6.5", kernel: "ghcr.io/falcosecurity/kernel-testing/ubuntu-kernel:6.5-x86_64-{{ tag }}", rootfs: "ghcr.io/falcosecurity/kernel-testing/ubuntu-image:6.5-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length]
- {name: "amazonlinux2022-5.15", kernel: "ghcr.io/falcosecurity/kernel-testing/amazonlinux2022-kernel:5.15-aarch64-{{ tag }}", rootfs: "ghcr.io/falcosecurity/kernel-testing/amazonlinux2022-image:5.15-aarch64-{{ tag }}", arch: "aarch64"} # noqa: yaml[line-length]
- {name: "amazonlinux2-5.4", kernel: "ghcr.io/falcosecurity/kernel-testing/amazonlinux2-kernel:5.4-aarch64-{{ tag }}", rootfs: "ghcr.io/falcosecurity/kernel-testing/amazonlinux2-image:5.4-aarch64-{{ tag }}", arch: "aarch64"} # noqa: yaml[line-length]
- {name: "fedora-6.2", kernel: "ghcr.io/falcosecurity/kernel-testing/fedora-kernel:6.2-aarch64-{{ tag }}", rootfs: "ghcr.io/falcosecurity/kernel-testing/fedora-image:6.2-aarch64-{{ tag }}", arch: "aarch64"} # noqa: yaml[line-length]
- {name: "oraclelinux-4.14", kernel: "ghcr.io/falcosecurity/kernel-testing/oraclelinux-kernel:4.14-aarch64-{{ tag }}", rootfs: "ghcr.io/falcosecurity/kernel-testing/oraclelinux-image:4.14-aarch64-{{ tag }}", arch: "aarch64"} # noqa: yaml[line-length]
- {name: "oraclelinux-5.15", kernel: "ghcr.io/falcosecurity/kernel-testing/oraclelinux-kernel:5.15-aarch64-{{ tag }}", rootfs: "ghcr.io/falcosecurity/kernel-testing/oraclelinux-image:5.15-aarch64-{{ tag }}", arch: "aarch64"} # noqa: yaml[line-length]
- {name: "ubuntu-6.5", kernel: "ghcr.io/falcosecurity/kernel-testing/ubuntu-kernel:6.5-aarch64-{{ tag }}", rootfs: "ghcr.io/falcosecurity/kernel-testing/ubuntu-image:6.5-aarch64-{{ tag }}", arch: "aarch64"} # noqa: yaml[line-length]
- {name: "amazonlinux2022-5.15", kernel: "{{ repo }}/amazonlinux2022-kernel:5.15-x86_64-{{ tag }}", rootfs: "{{ repo }}/amazonlinux2022-image:5.15-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length]
- {name: "amazonlinux2023-6.1", kernel: "{{ repo }}/amazonlinux2023-kernel:6.1-x86_64-{{ tag }}", rootfs: "{{ repo }}/amazonlinux2023-image:6.1-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length]
- {name: "amazonlinux2-4.19", kernel: "{{ repo }}/amazonlinux2-kernel:4.19-x86_64-{{ tag }}", rootfs: "{{ repo }}/amazonlinux2-image:4.19-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length]
- {name: "amazonlinux2-5.10", kernel: "{{ repo }}/amazonlinux2-kernel:5.10-x86_64-{{ tag }}", rootfs: "{{ repo }}/amazonlinux2-image:5.10-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length]
- {name: "amazonlinux2-5.15", kernel: "{{ repo }}/amazonlinux2-kernel:5.15-x86_64-{{ tag }}", rootfs: "{{ repo }}/amazonlinux2-image:5.15-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length]
- {name: "amazonlinux2-5.4", kernel: "{{ repo }}/amazonlinux2-kernel:5.4-x86_64-{{ tag }}", rootfs: "{{ repo }}/amazonlinux2-image:5.4-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length]
- {name: "archlinux-6.0", kernel: "{{ repo }}/archlinux-kernel:6.0-x86_64-{{ tag }}", rootfs: "{{ repo }}/archlinux-image:6.0-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length]
- {name: "archlinux-6.7", kernel: "{{ repo }}/archlinux-kernel:6.7-x86_64-{{ tag }}", rootfs: "{{ repo }}/archlinux-image:6.7-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length]
- {name: "centos-3.10", kernel: "{{ repo }}/centos-kernel:3.10-x86_64-{{ tag }}", rootfs: "{{ repo }}/centos-image:3.10-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length]
- {name: "centos-4.18", kernel: "{{ repo }}/centos-kernel:4.18-x86_64-{{ tag }}", rootfs: "{{ repo }}/centos-image:4.18-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length]
- {name: "centos-5.14", kernel: "{{ repo }}/centos-kernel:5.14-x86_64-{{ tag }}", rootfs: "{{ repo }}/centos-image:5.14-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length]
- {name: "fedora-5.17", kernel: "{{ repo }}/fedora-kernel:5.17-x86_64-{{ tag }}", rootfs: "{{ repo }}/fedora-image:5.17-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length]
- {name: "fedora-5.8", kernel: "{{ repo }}/fedora-kernel:5.8-x86_64-{{ tag }}", rootfs: "{{ repo }}/fedora-image:5.8-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length]
- {name: "fedora-6.2", kernel: "{{ repo }}/fedora-kernel:6.2-x86_64-{{ tag }}", rootfs: "{{ repo }}/fedora-image:6.2-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length]
- {name: "oraclelinux-3.10", kernel: "{{ repo }}/oraclelinux-kernel:3.10-x86_64-{{ tag }}", rootfs: "{{ repo }}/oraclelinux-image:3.10-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length]
- {name: "oraclelinux-4.14", kernel: "{{ repo }}/oraclelinux-kernel:4.14-x86_64-{{ tag }}", rootfs: "{{ repo }}/oraclelinux-image:4.14-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length]
- {name: "oraclelinux-5.15", kernel: "{{ repo }}/oraclelinux-kernel:5.15-x86_64-{{ tag }}", rootfs: "{{ repo }}/oraclelinux-image:5.15-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length]
- {name: "oraclelinux-5.4", kernel: "{{ repo }}/oraclelinux-kernel:5.4-x86_64-{{ tag }}", rootfs: "{{ repo }}/oraclelinux-image:5.4-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length]
- {name: "ubuntu-4.15", kernel: "{{ repo }}/ubuntu-kernel:4.15-x86_64-{{ tag }}", rootfs: "{{ repo }}/ubuntu-image:4.15-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length]
- {name: "ubuntu-6.5", kernel: "{{ repo }}/ubuntu-kernel:6.5-x86_64-{{ tag }}", rootfs: "{{ repo }}/ubuntu-image:6.5-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length]
- {name: "amazonlinux2022-5.15", kernel: "{{ repo }}/amazonlinux2022-kernel:5.15-aarch64-{{ tag }}", rootfs: "{{ repo }}/amazonlinux2022-image:5.15-aarch64-{{ tag }}", arch: "aarch64"} # noqa: yaml[line-length]
- {name: "amazonlinux2-5.4", kernel: "{{ repo }}/amazonlinux2-kernel:5.4-aarch64-{{ tag }}", rootfs: "{{ repo }}/amazonlinux2-image:5.4-aarch64-{{ tag }}", arch: "aarch64"} # noqa: yaml[line-length]
- {name: "fedora-6.2", kernel: "{{ repo }}/fedora-kernel:6.2-aarch64-{{ tag }}", rootfs: "{{ repo }}/fedora-image:6.2-aarch64-{{ tag }}", arch: "aarch64"} # noqa: yaml[line-length]
- {name: "oraclelinux-4.14", kernel: "{{ repo }}/oraclelinux-kernel:4.14-aarch64-{{ tag }}", rootfs: "{{ repo }}/oraclelinux-image:4.14-aarch64-{{ tag }}", arch: "aarch64"} # noqa: yaml[line-length]
- {name: "oraclelinux-5.15", kernel: "{{ repo }}/oraclelinux-kernel:5.15-aarch64-{{ tag }}", rootfs: "{{ repo }}/oraclelinux-image:5.15-aarch64-{{ tag }}", arch: "aarch64"} # noqa: yaml[line-length]
- {name: "ubuntu-6.5", kernel: "{{ repo }}/ubuntu-kernel:6.5-aarch64-{{ tag }}", rootfs: "{{ repo }}/ubuntu-image:6.5-aarch64-{{ tag }}", arch: "aarch64"} # noqa: yaml[line-length]

builders:
- {name: "centos-builder", kernel: "weaveworks/ignite-kernel:5.14.16", rootfs: "ghcr.io/falcosecurity/kernel-testing/builder:x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length]
- {name: "fedora-builder", kernel: "weaveworks/ignite-kernel:5.14.16", rootfs: "ghcr.io/falcosecurity/kernel-testing/modernprobe-builder:x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length]
- {name: "centos-builder", kernel: "weaveworks/ignite-kernel:5.14.16", rootfs: "ghcr.io/falcosecurity/kernel-testing/builder:aarch64-{{ tag }}", arch: "aarch64"} # noqa: yaml[line-length]
- {name: "fedora-builder", kernel: "weaveworks/ignite-kernel:5.14.16", rootfs: "ghcr.io/falcosecurity/kernel-testing/modernprobe-builder:aarch64-{{ tag }}", arch: "aarch64"} # noqa: yaml[line-length]
- {name: "centos-builder", kernel: "weaveworks/ignite-kernel:5.14.16", rootfs: "{{ repo }}/builder:x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length]
- {name: "fedora-builder", kernel: "weaveworks/ignite-kernel:5.14.16", rootfs: "{{ repo }}/modernprobe-builder:x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length]
- {name: "centos-builder", kernel: "weaveworks/ignite-kernel:5.14.16", rootfs: "{{ repo }}/builder:aarch64-{{ tag }}", arch: "aarch64"} # noqa: yaml[line-length]
- {name: "fedora-builder", kernel: "weaveworks/ignite-kernel:5.14.16", rootfs: "{{ repo }}/modernprobe-builder:aarch64-{{ tag }}", arch: "aarch64"} # noqa: yaml[line-length]

output_dir: "~/ansible_output"
# Number of cpus.
Expand Down
31 changes: 19 additions & 12 deletions images/Makefile
Original file line number Diff line number Diff line change
@@ -1,18 +1,19 @@
DRY_RUN := false
PUSH := false
LATEST := false
DRY_RUN ?= false
PUSH ?= false
LATEST ?= false
TAG ?= main
REPOSITORY := ghcr.io/falcosecurity/kernel-testing
CLEANUP ?= false
REPOSITORY ?= ghcr.io/falcosecurity/kernel-testing
ARCH ?= $(shell uname -m)
YAML_FILE := images.yaml
YAML_FILE ?= images.yaml

.PHONY: build-rootfs build-kernel generate-yaml build-all initrd-builder modernprobe-builder builder

builder:
if [ "$(DRY_RUN)" = "true" ]; then \
echo "Dry run: Building builder image: docker build -t $(REPOSITORY)/builder:$(ARCH)-$(TAG)"; \
else \
echo "Building modernprobe-builder image"; \
echo "Building builder image"; \
image=$(REPOSITORY)/builder:$(ARCH); \
docker build -t $$image-$(TAG) builder || echo "FAIL: $$image-$(TAG)" >> failed.txt; \
if [ "$(PUSH)" = "true" ]; then \
Expand Down Expand Up @@ -72,9 +73,12 @@ build-rootfs:
docker push $$image-latest; \
fi; \
fi; \
docker image rm -f $$image-$(TAG); \
docker image rm -f $$image-latest; \
docker builder prune -f -a; \
if [ "$(CLEANUP)" = "true" ]; then \
echo "Cleaning image: $$image-$(TAG)"; \
docker image rm -f $$image-$(TAG); \
docker image rm -f $$image-latest; \
docker system prune -f; \
fi; \
fi; \
done

Expand All @@ -97,9 +101,12 @@ build-kernel: initrd-builder
docker push $$image-latest; \
fi; \
fi; \
docker image rm -f $$image-$(TAG); \
docker image rm -f $$image-latest; \
docker builder prune -f -a; \
if [ "$(CLEANUP)" = "true" ]; then \
echo "Cleaning image: $$image-$(TAG)"; \
docker image rm -f $$image-$(TAG); \
docker image rm -f $$image-latest; \
docker system prune -f; \
fi; \
fi; \
done

Expand Down
22 changes: 19 additions & 3 deletions images/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -23,12 +23,22 @@ The Makefile provides several targets, each serving a specific purpose:

- `build-rootfs` and `build-kernel`: These targets build root filesystem and kernel images, respectively. The `build-kernel` target depends on `initrd-builder`, which must be built first.

- `docker-push`: This target pushes the built images to a Docker Hub registry. You can use this step to make the images accessible to other systems.

- `generate-yaml`: This target generates a YAML file named `images.yaml`, which contains information about the built images. The YAML file includes details about the kernel and rootfs images for each version and distribution. This generated YAML file can be conveniently copied to the variables file of Ansible to keep the test environment up to date.

- `build-all`: This target is a convenience target that sequentially builds both root filesystem and kernel images.

By default, no images will be pushed. You need to set the `PUSH` variable to `true` to enable images push to remote registry.
Also, the default images tag will be `main` and the images name will be built as:
```
{{ repo }} /{{ distro }}-kernel:{{ kernelversion }}-{{ arch }}-{{ tag }}
```
for kernel images, or
```
{{ repo }} /{{ distro }}-image:{{ kernelversion }}-{{ arch }}-{{ tag }}
```
for rootfs images.
Eg: `ghcr.io/falcosecurity/kernel-testing/amazonlinux2022-kernel:5.15-x86_64-main`.

## Usage

The typical workflow for using this Makefile is as follows:
Expand Down Expand Up @@ -72,7 +82,13 @@ You can customize the Makefile to suit your specific requirements. The variables

- `DRY_RUN`: Set this variable to `true` for a dry run, where the build commands will be printed but not executed.

- `PUSH`: Set this variable to `true` when executing build to also push built image to remote registry.
- `PUSH`: Set this variable to `true` to also push built images to remote registry. Disabled by default.

- `LATEST`: Set this variable to `true` to also push built images as latest tag. Disabled by default.

- `TAG`: Set this variable to the images tag name. Defaults to `main`.

- `CLEANUP`: Set this variable to `true` to cleanup images right after they get built. This is useful to test images build in CI, where disk space might be limited.

- `REPOSITORY`: The Docker repository where the built images will be tagged and pushed.

Expand Down

0 comments on commit f10873b

Please sign in to comment.