From 9e7df1c710b3e688cc2db05f976b031175e99993 Mon Sep 17 00:00:00 2001 From: Mauro Ezequiel Moltrasio Date: Fri, 20 Oct 2023 16:38:20 +0200 Subject: [PATCH] Add ccache to falco and collector devcontainers --- collector/Dockerfile | 12 +++++- falco-libs/compile-falco.sh | 2 + falco-libs/fedora.Dockerfile | 9 ++++- lua/collector.lua | 12 ++++++ lua/falco.lua | 12 ++++++ lua/init.lua | 72 +++++++++++++++++++++--------------- 6 files changed, 86 insertions(+), 33 deletions(-) diff --git a/collector/Dockerfile b/collector/Dockerfile index 268ba97..c18a09d 100644 --- a/collector/Dockerfile +++ b/collector/Dockerfile @@ -1,10 +1,18 @@ FROM quay.io/stackrox-io/collector-builder:cache -RUN dnf install -y \ +RUN dnf install -y epel-release && \ + dnf install -y \ + ccache \ clang-tools-extra \ clang-analyzer \ podman-docker && \ - dnf clean all + dnf clean all && \ + ln -s $(which ccache) /usr/local/bin/gcc && \ + ln -s $(which ccache) /usr/local/bin/g++ && \ + echo "" > /etc/profile.d/ccache.sh + +ENV CC=/usr/local/bin/gcc +ENV CXX=/usr/local/bin/g++ COPY clangd.yaml /root/.config/clangd/config.yaml diff --git a/falco-libs/compile-falco.sh b/falco-libs/compile-falco.sh index 56c432f..a5a23ad 100755 --- a/falco-libs/compile-falco.sh +++ b/falco-libs/compile-falco.sh @@ -34,6 +34,8 @@ function configure () { -DBUILD_LIBSCAP_MODERN_BPF=ON \ -DUSE_BUNDLED_LIBBPF="${use_bundled_libbpf}" \ -DUSE_BUNDLED_ZLIB=ON \ + -DUSE_BUNDLED_UTHASH=ON \ + -DUSE_BUNDLED_TINYDIR=ON \ -DCMAKE_EXPORT_COMPILE_COMMANDS=ON \ -DCREATE_TEST_TARGETS=ON \ -DBUILD_SHARED_LIBS="${build_shared_libs}" \ diff --git a/falco-libs/fedora.Dockerfile b/falco-libs/fedora.Dockerfile index 15d72e3..27a6c89 100644 --- a/falco-libs/fedora.Dockerfile +++ b/falco-libs/fedora.Dockerfile @@ -3,6 +3,7 @@ FROM fedora:38 RUN dnf install -y \ gcc \ gcc-c++ \ + ccache \ libasan \ libubsan \ bpftool \ @@ -46,7 +47,10 @@ RUN dnf install -y \ # Set some symlinks to allow building of drivers. kernel_version=$(uname -r) && \ ln -s "/host/lib/modules/$kernel_version" "/lib/modules/$kernel_version" && \ - ln -s "/host/usr/src/kernels/$kernel_version" "/usr/src/kernels/$kernel_version" + ln -s "/host/usr/src/kernels/$kernel_version" "/usr/src/kernels/$kernel_version" && \ + ln -s $(which ccache) /usr/local/bin/gcc && \ + ln -s $(which ccache) /usr/local/bin/g++ && \ + echo "" > /etc/profile.d/ccache.sh # Install docker CLI RUN dnf config-manager --add-repo \ @@ -54,5 +58,8 @@ RUN dnf config-manager --add-repo \ dnf install -y docker-ce-cli && \ dnf clean all +ENV CC=/usr/local/bin/gcc +ENV CXX=/usr/local/bin/g++ + COPY clangd.yaml /root/.config/clangd/config.yaml COPY compile-falco.sh /usr/bin/ diff --git a/lua/collector.lua b/lua/collector.lua index 0c5a724..3f14ae6 100644 --- a/lua/collector.lua +++ b/lua/collector.lua @@ -23,4 +23,16 @@ M.setup = function(opts) } end +M.volume_claim = function() + return { + apiVersion = 'v1', + kind = 'PersistentVolumeClaim', + metadata = { name = 'collector-ccache', }, + spec = { + accessModes = { 'ReadWriteOnce' }, + resources = { requests = { storage = '5Gi' } }, + }, + } +end + return M diff --git a/lua/falco.lua b/lua/falco.lua index e228460..fe04f29 100644 --- a/lua/falco.lua +++ b/lua/falco.lua @@ -23,4 +23,16 @@ M.setup = function(opts) } end +M.volume_claim = function() + return { + apiVersion = 'v1', + kind = 'PersistentVolumeClaim', + metadata = { name = 'falco-ccache', }, + spec = { + accessModes = { 'ReadWriteOnce' }, + resources = { requests = { storage = '5Gi' } }, + }, + } +end + return M diff --git a/lua/init.lua b/lua/init.lua index 44ab77d..13b53ce 100644 --- a/lua/init.lua +++ b/lua/init.lua @@ -1,42 +1,51 @@ local collector_repo = os.getenv('GOPATH') .. '/src/github.com/stackrox/collector' local falco_repo = os.getenv('GOPATH') .. '/src/github.com/falcosecurity/libs' +local collector = require('collector') +local falco = require('falco') + +local collector_claim = collector.volume_claim() +local falco_claim = falco.volume_claim() local volumes = { - { name = 'proc-fs', hostPath = { path = '/proc', } }, - { name = 'sys-fs', hostPath = { path = '/sys', } }, - { name = 'etc-fs', hostPath = { path = '/etc', } }, - { name = 'dev-fs', hostPath = { path = '/dev', } }, - { name = 'usr-lib-fs', hostPath = { path = '/usr/lib', } }, - { name = 'usr-src-fs', hostPath = { path = '/usr/src', } }, - { name = 'modules-fs', hostPath = { path = '/lib/modules', } }, - { name = 'docker-sock', hostPath = { path = '/var/run/docker.sock', } }, - { name = 'collector-repo', hostPath = { path = collector_repo, } }, - { name = 'falco-repo', hostPath = { path = falco_repo, } }, + { name = 'proc-fs', hostPath = { path = '/proc', } }, + { name = 'sys-fs', hostPath = { path = '/sys', } }, + { name = 'etc-fs', hostPath = { path = '/etc', } }, + { name = 'dev-fs', hostPath = { path = '/dev', } }, + { name = 'usr-lib-fs', hostPath = { path = '/usr/lib', } }, + { name = 'usr-src-fs', hostPath = { path = '/usr/src', } }, + { name = 'modules-fs', hostPath = { path = '/lib/modules', } }, + { name = 'docker-sock', hostPath = { path = '/var/run/docker.sock', } }, + { name = 'collector-repo', hostPath = { path = collector_repo, } }, + { name = 'falco-repo', hostPath = { path = falco_repo, } }, + { name = 'collector-ccache', persistentVolumeClaim = { claimName = collector_claim.metadata.name } }, + { name = 'falco-ccache', persistentVolumeClaim = { claimName = falco_claim.metadata.name, } }, } local collector_opts = { repo_path = collector_repo, volumes = { - { mountPath = '/host/proc', name = 'proc-fs', readOnly = true, }, - { mountPath = '/host/sys', name = 'sys-fs', readOnly = true, }, - { mountPath = '/host/etc', name = 'etc-fs', readOnly = true, }, - { mountPath = '/host/usr/lib', name = 'usr-lib-fs', readOnly = true, }, - { mountPath = collector_repo, name = 'collector-repo', }, + { mountPath = '/host/proc', name = 'proc-fs', readOnly = true, }, + { mountPath = '/host/sys', name = 'sys-fs', readOnly = true, }, + { mountPath = '/host/etc', name = 'etc-fs', readOnly = true, }, + { mountPath = '/host/usr/lib', name = 'usr-lib-fs', readOnly = true, }, + { mountPath = '/root/.cache/ccache', name = 'collector-ccache', }, + { mountPath = collector_repo, name = 'collector-repo', }, }, } local falco_opts = { repo_path = falco_repo, volumes = { - { name = 'usr-src-fs', mountPath = '/usr/src', }, - { name = 'modules-fs', mountPath = '/lib/modules', }, - { name = 'docker-sock', mountPath = '/var/run/docker.sock', }, - { name = 'dev-fs', mountPath = '/host/dev', readOnly = true, }, - { name = 'proc-fs', mountPath = '/host/proc', readOnly = true, }, - { name = 'sys-fs', mountPath = '/host/sys', readOnly = true, }, - { name = 'etc-fs', mountPath = '/host/etc', readOnly = true, }, - { name = 'usr-lib-fs', mountPath = '/host/usr/lib', readOnly = true, }, - { mountPath = falco_repo, name = 'falco-repo', }, + { mountPath = '/host/dev', name = 'dev-fs', readOnly = true, }, + { mountPath = '/host/proc', name = 'proc-fs', readOnly = true, }, + { mountPath = '/host/sys', name = 'sys-fs', readOnly = true, }, + { mountPath = '/host/etc', name = 'etc-fs', readOnly = true, }, + { mountPath = '/host/usr/lib', name = 'usr-lib-fs', readOnly = true, }, + { mountPath = '/usr/src', name = 'usr-src-fs', }, + { mountPath = '/lib/modules', name = 'modules-fs', }, + { mountPath = '/var/run/docker.sock', name = 'docker-sock', }, + { mountPath = '/root/.cache/ccache', name = 'falco-ccache', }, + { mountPath = falco_repo, name = 'falco-repo', }, } } @@ -49,20 +58,23 @@ local metadata = { } } -local collector = require('collector').setup(collector_opts) -local falco = require('falco').setup(falco_opts) - local spec = { containers = { - collector, - falco, + collector.setup(collector_opts), + falco.setup(falco_opts), }, volumes = volumes, } -return { +local pod = { apiVersion = 'v1', kind = 'Pod', metadata = metadata, spec = spec, } + +return { + collector_claim, + falco_claim, + pod, +}