/
envoy.istio
/
tetragon
GigaCode
beta
ОбзорЦентр заботыВойти

tetragon

Форк
0
Ветки: 173Коммиты: 3447Теги: 32
tetragon
/pkg
/sensors
/config
/confmap
/
confmap.go 
182 строки · 6.3 Кб
1
// SPDX-License-Identifier: Apache-2.0
2
// Copyright Authors of Tetragon
3


4
package confmap
5


6
import (
7
	"fmt"
8
	"path"
9
	"path/filepath"
10


11
	"github.com/cilium/ebpf"
12
	"github.com/cilium/tetragon/pkg/cgroups"
13
	"github.com/cilium/tetragon/pkg/logger"
14
	"github.com/cilium/tetragon/pkg/option"
15
	"github.com/cilium/tetragon/pkg/sensors/base"
16
	"github.com/cilium/tetragon/pkg/sensors/exec/config"
17
	"github.com/cilium/tetragon/pkg/sensors/program"
18
	"github.com/sirupsen/logrus"
19
)
20


21
const (
22
	configMapName = "tg_conf_map"
23
)
24


25
type TetragonConfKey struct {
26
	Key uint32
27
}
28


29
type TetragonConfValue struct {
30
	LogLevel        uint32 `align:"loglevel"`           // Tetragon log level
31
	PID             uint32 `align:"pid"`                // Tetragon PID for debugging purpose
32
	NSPID           uint32 `align:"nspid"`              // Tetragon PID in namespace for debugging purpose
33
	TgCgrpHierarchy uint32 `align:"tg_cgrp_hierarchy"`  // Tetragon Cgroup tracking hierarchy ID
34
	TgCgrpSubsysIdx uint32 `align:"tg_cgrp_subsys_idx"` // Tracking Cgroup css idx at compile time
35
	TgCgrpLevel     uint32 `align:"tg_cgrp_level"`      // Tetragon cgroup level
36
	TgCgrpId        uint64 `align:"tg_cgrpid"`          // Tetragon cgroup ID
37
	CgrpFsMagic     uint64 `align:"cgrp_fs_magic"`      // Cgroupv1 or cgroupv2
38
}
39


40
var (
41
	log = logger.GetLogger()
42
)
43


44
// confmapSpec returns the spec for the configuration map
45
func confmapSpec() (*ebpf.MapSpec, error) {
46
	objName := config.ExecObj()
47
	objPath := path.Join(option.Config.HubbleLib, objName)
48
	spec, err := ebpf.LoadCollectionSpec(objPath)
49
	if err != nil {
50
		return nil, fmt.Errorf("loading spec for %s failed: %w", objPath, err)
51
	}
52
	mapSpec, ok := spec.Maps[configMapName]
53
	if !ok {
54
		return nil, fmt.Errorf("%s not found in %s (%v)", configMapName, objPath, spec.Maps)
55
	}
56
	return mapSpec, nil
57
}
58


59
// UpdateTgRuntimeConf() Gathers information about Tetragon runtime environment and
60
// update the TetragonConfMap that is the BPF `tg_conf_map`.
61
//
62
// It detects the CgroupFS magic, Cgroup runtime mode, discovers cgroup css's that
63
// registered during boot and propagated to all tasks inside their css_set, detects
64
// the deployment mode from kubernetes, containers, to standalone or systemd services.
65
// All discovered information will also be logged for debugging purpose.
66
//
67
// On failures it returns an error, and it default prints a warning that advanced
68
// Cgroups tracking will be disabled which will affect process association with
69
// kubernetes pods and containers.
70
//
71
// Important: this function does not take extra arguments as it should auto detect
72
// environment without any help. For testing use the specific variant that can be
73
// tuned with specific argument values.
74
func UpdateTgRuntimeConf(mapDir string, nspid int) error {
75
	// First let's detect cgroupfs magic
76
	cgroupFsMagic, err := cgroups.DetectCgroupFSMagic()
77
	if err != nil {
78
		log.WithField("confmap-update", configMapName).WithError(err).Warnf("Detection of Cgroupfs version failed")
79
		log.WithField("confmap-update", configMapName).Warn("Cgroupfs magic is unknown, advanced Cgroups tracking will be disabled")
80
		return err
81
	}
82


83
	// This must be called before probing cgroup configurations
84
	err = cgroups.DiscoverSubSysIds()
85
	if err != nil {
86
		log.WithField("confmap-update", configMapName).WithError(err).Warnf("Detection of Cgroup Subsystem Controllers failed")
87
		log.WithField("confmap-update", configMapName).Warn("Cgroup Subsystems IDs are unknown, advanced Cgroups tracking will be disabled")
88
		return err
89
	}
90


91
	// Detect deployment mode
92
	deployMode, err := cgroups.DetectDeploymentMode()
93
	if err != nil {
94
		log.WithField("confmap-update", configMapName).WithError(err).Warnf("Detection of deployment mode failed")
95
		log.WithField("confmap-update", configMapName).Warn("Deployment mode is unknown, advanced Cgroups tracking will be disabled")
96
		return err
97
	}
98


99
	mode := cgroups.DeploymentCode(deployMode)
100


101
	if option.Config.UsernameMetadata == int(option.USERNAME_METADATA_UNIX) &&
102
		mode != cgroups.DEPLOY_SD_SERVICE && mode != cgroups.DEPLOY_SD_USER {
103
		option.Config.UsernameMetadata = int(option.USERNAME_METADATA_DISABLED)
104
		log.WithFields(logrus.Fields{
105
			"confmap-update":  configMapName,
106
			"deployment.mode": mode.String(),
107
		}).Warn("Username resolution is not available for given deployment mode")
108
	}
109


110
	v := &TetragonConfValue{
111
		LogLevel:        uint32(logger.GetLogLevel()),
112
		TgCgrpHierarchy: cgroups.GetCgrpHierarchyID(),
113
		TgCgrpSubsysIdx: cgroups.GetCgrpSubsystemIdx(),
114
		NSPID:           uint32(nspid),
115
		CgrpFsMagic:     cgroupFsMagic,
116
	}
117


118
	if err := UpdateConfMap(mapDir, v); err != nil {
119
		log.WithField("confmap-update", configMapName).WithError(err).Warnf("failed to update map")
120
		return err
121
	}
122


123
	log.WithFields(logrus.Fields{
124
		"confmap-update":                configMapName,
125
		"deployment.mode":               mode.String(),
126
		"log.level":                     logrus.Level(v.LogLevel).String(),
127
		"cgroup.fs.magic":               cgroups.CgroupFsMagicStr(v.CgrpFsMagic),
128
		"cgroup.controller.name":        cgroups.GetCgrpControllerName(),
129
		"cgroup.controller.hierarchyID": v.TgCgrpHierarchy,
130
		"cgroup.controller.index":       v.TgCgrpSubsysIdx,
131
		"NSPID":                         nspid,
132
	}).Info("Updated TetragonConf map successfully")
133


134
	return nil
135
}
136


137
func ReadTgRuntimeConf(mapDir string) (*TetragonConfValue, error) {
138
	configMap := base.GetTetragonConfMap()
139
	mapPath := filepath.Join(mapDir, configMap.Name)
140


141
	m, err := ebpf.LoadPinnedMap(mapPath, nil)
142
	if err != nil {
143
		return nil, err
144
	}
145


146
	defer m.Close()
147


148
	var v TetragonConfValue
149
	k := &TetragonConfKey{Key: 0}
150


151
	if err = m.Lookup(k, &v); err != nil {
152
		return nil, err
153
	}
154


155
	return &v, nil
156
}
157


158
// UpdateConfMap updates the configuration map with the provided value
159
func UpdateConfMap(mapDir string, v *TetragonConfValue) error {
160
	configMap := base.GetTetragonConfMap()
161
	mapPath := filepath.Join(mapDir, configMap.Name)
162
	mapSpec, err := confmapSpec()
163
	if err != nil {
164
		return err
165
	}
166


167
	m, err := program.LoadOrCreatePinnedMap(mapPath, mapSpec)
168
	if err != nil {
169
		return err
170
	}
171
	defer m.Close()
172


173
	k := &TetragonConfKey{Key: 0}
174
	err = m.Update(k, v, ebpf.UpdateAny)
175
	if err != nil {
176
		log.WithField("confmap-update", configMap.Name).WithError(err).Warn("Failed to update TetragonConf map")
177
		log.WithField("confmap-update", configMap.Name).Warn("Update TetragonConf map failed, advanced Cgroups tracking will be disabled")
178
		return err
179
	}
180


181
	return nil
182
}
183

Использование cookies

Мы используем файлы cookie в соответствии с Политикой конфиденциальности и Политикой использования cookies.

Нажимая кнопку «Принимаю», Вы даете АО «СберТех» согласие на обработку Ваших персональных данных в целях совершенствования нашего веб-сайта и Сервиса GitVerse, а также повышения удобства их использования.

Запретить использование cookies Вы можете самостоятельно в настройках Вашего браузера.