Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix a regression on tetra tracingpolicy enable/disable #1562

Merged
merged 7 commits into from
Oct 16, 2023

Conversation

mtardy
Copy link
Member

@mtardy mtardy commented Oct 6, 2023

Fixes #1489.

See individual commits, this PR:

  • Fixes a regression on enable/disable because of PostUnloadHook
  • Adds new enable/disable on tracingpolicy cmd
  • Reworks the tracingpolicy commands so that we get accurate exit code
  • Deprecates the sensors command
  • Extends the TracingPolicyStatus to have a better gRPC API to list TracingPolicies
Fixes a regression on enable/disable sensors that would prevent a sensor from being enabled.

@mtardy mtardy added the release-note/bug This PR fixes an issue in a previous release of Tetragon. label Oct 6, 2023
@netlify
Copy link

netlify bot commented Oct 6, 2023

Deploy Preview for tetragon ready!

Name Link
🔨 Latest commit 8d6ff91
🔍 Latest deploy log https://app.netlify.com/sites/tetragon/deploys/65293d0cb554be0008118232
😎 Deploy Preview https://deploy-preview-1562--tetragon.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

@mtardy mtardy force-pushed the pr/mtardy/fix-disable-enable branch 2 times, most recently from 0da5bb1 to 2a724dc Compare October 9, 2023 10:47
@mtardy mtardy marked this pull request as ready for review October 9, 2023 10:48
@mtardy mtardy requested a review from a team as a code owner October 9, 2023 10:48
@mtardy mtardy requested review from jrfastab and kkourt October 9, 2023 10:48
@mtardy mtardy force-pushed the pr/mtardy/fix-disable-enable branch from 2a724dc to 10c6857 Compare October 9, 2023 11:12
@mtardy mtardy force-pushed the pr/mtardy/fix-disable-enable branch from 10c6857 to 8e637bc Compare October 10, 2023 08:36
@mtardy
Copy link
Member Author

mtardy commented Oct 10, 2023

maybe it would be reasonable to add a test covering that regression.

@mtardy mtardy force-pushed the pr/mtardy/fix-disable-enable branch from 8e637bc to 8867b22 Compare October 10, 2023 17:22
@mtardy
Copy link
Member Author

mtardy commented Oct 10, 2023

I added a test in c738ea3.

Copy link
Contributor

@kkourt kkourt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks! LGTM!

The only thing I'm not sure about is what to do when destroy fails. If we cannot recover from such a case, I'd suggest we just remove the sensor anyway and issue a warning. I'm happy to be convinced otherwise though.

All other comments are just nits.

pkg/sensors/load.go Show resolved Hide resolved
pkg/sensors/sensors.go Show resolved Hide resolved
pkg/sensors/handler.go Show resolved Hide resolved
pkg/sensors/handler.go Show resolved Hide resolved
// Previously, enabled, filterID and error were bundled in a
// string. To have a retro-compatible tetra command, we scan
// the string. If the scan fails, it means something else
// might be in Info and we print it.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's make a note of the version that required this (0.11) so that we can remove it eventually.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

sure good idea

@mtardy mtardy force-pushed the pr/mtardy/fix-disable-enable branch 3 times, most recently from 6f7d645 to 77ebd7e Compare October 13, 2023 13:46
Comment on lines +86 to +91
// destroy will attempt to destroy all the sensors in a collection
func (c *collection) destroy() {
for _, s := range c.sensors {
s.Destroy()
}
}
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

better like that

Commit 310846e introduced a cleanup of
the kprobe table entry on unload, which introduced some issues because
unload is using when disabling sensors (that might be re-enabled later).
Previous pre and post-hooks are still useful for resources management on
unload.

The kprobe table entry is added on creation (not load) and then it must
be cleaned up on deletion introducing the new sensor.Destroy() method.
'Destroy' expresses the idea that the sensor is not usable past this
point and must be recreated to be loaded.

Signed-off-by: Mahe Tardy <[email protected]>
Add support of enable and disable Tracing Policy in tetra CLI.

Signed-off-by: Mahe Tardy <[email protected]>
Commands were implemented in a way that most of them would not return an
exit code != 0 on error and no messages on success. This fixes the
issues for the tracing policy subcommands and cleanup the implem.

Signed-off-by: Mahe Tardy <[email protected]>
Enable and disable were the only features that were only available
trough the sensors command and gRPCs, now that they are implemented in
the tracingpolicy interface, let's deprecate/hide the sensors command.

Signed-off-by: Mahe Tardy <[email protected]>
Previously, enabled, filter_id and error were bundled into the info
string. We add new dedicated fields and make the new tetra also
retrocompatible with the old API missing those fields by parsing the
info string.

Signed-off-by: Mahe Tardy <[email protected]>
This should make sure the regression #1489 doesn't appear
anymore: disabling/enabling broke because we cleaned up the generic
kprobe table on unloading, which should have been done only on
destroying the probe.

Signed-off-by: Mahe Tardy <[email protected]>
The testutils Config.TetragonLib (or in the end ConfigDefault.TetragonLib)
was never written to the actual option.Config.HubbleLib. We noticed it
was done manually all over the place in tests so this commit adds it in
TestSensorRun that runs in TestMain.

Signed-off-by: Mahe Tardy <[email protected]>
@mtardy mtardy force-pushed the pr/mtardy/fix-disable-enable branch from 77ebd7e to 0690282 Compare October 13, 2023 15:28
@kkourt kkourt merged commit 10bf8dc into main Oct 16, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
release-note/bug This PR fixes an issue in a previous release of Tetragon.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Regression on v0.11.0 when re-enabling TracingPolicy with sensors API
2 participants