From 6ee0707082f70f51de9071c9fa33bfb994a38859 Mon Sep 17 00:00:00 2001 From: Gerlando Falauto Date: Mon, 8 Apr 2024 19:06:12 +0200 Subject: [PATCH] feat(agent_install): only install required packages [SMAGENT-6558] rework the role so to only install the packages required by the selected driver (and therefore, the respective dependencies). Also, remove packages which are no longer required by the selected driver type. Notice we need to craft a list augmented with the selected version, if one is present. Most of the selection logic (namely, based on the version) resides in the 'agent' filter which is probably far from ideal but gets the job done. --- plugins/filter/agent.py | 55 ++++++++++++++++++++++++++++++ roles/agent_install/tasks/main.yml | 29 ++++++++++------ 2 files changed, 74 insertions(+), 10 deletions(-) diff --git a/plugins/filter/agent.py b/plugins/filter/agent.py index 4cb6682bc..d82016fa7 100644 --- a/plugins/filter/agent.py +++ b/plugins/filter/agent.py @@ -1,4 +1,6 @@ from ansible.utils.display import Display +from distutils.version import LooseVersion + def to_agent_driver_type(data): """ Return the desired Sysdig Agent driver type """ try: @@ -24,6 +26,56 @@ def to_agent_version(data): return "latest" +def to_agent_version_pinned(data): + """ Returns True when the agent version to install is pinned, False otherwise + """ + v = to_agent_version(data) + if v and v != '' and v != "latest": + return True + return False + +def to_agent_packages(data): + """ Returns the agent packages to install + """ + pinned = to_agent_version_pinned(data) + older = False + all_packages = { + "draios-agent": False, + "draios-agent-slim": False, + "draios-agent-kmodule": False, + "draios-agent-legacy-ebpf": False, + } + if pinned: + version = to_agent_version(data) + minver = LooseVersion("1.0.0") + maxver = LooseVersion("13.1.0") + older = minver < LooseVersion(version) < maxver + if older: + all_packages ["draios-agent"] = True + else: + dt = to_agent_driver_type(data) + if dt == "universal_ebpf": + all_packages ["draios-agent-slim"] = True + elif dt == "legacy_ebpf": + all_packages ["draios-agent-slim"] = True + all_packages ["draios-agent-legacy-ebpf"] = True + else: + all_packages ["draios-agent"] = True + all_packages ["draios-agent-slim"] = True + all_packages ["draios-agent-kmodule"] = True + + return all_packages + +def to_agent_uninstall_packages(data): + """ Return the list of packages to be uninstalled + """ + return [ k for k, v in to_agent_packages(data).items() if v == False ] + +def to_agent_install_packages(data): + """ Return the list of packages to be uninstalled + """ + return [ k for k, v in to_agent_packages(data).items() if v == True ] + def to_agent_install_probe_build_dependencies(data): """ Return true or false depending on if the probe (legacy_ebpf|kmod) build dependencies should be installed @@ -39,5 +91,8 @@ def filters(self): return { "toAgentDriverType": to_agent_driver_type, "toAgentVersion": to_agent_version, + "toAgentVersionPinned": to_agent_version_pinned, + "toAgentInstallPackages": to_agent_install_packages, + "toAgentUninstallPackages": to_agent_uninstall_packages, "toAgentInstallProbeBuildDependencies": to_agent_install_probe_build_dependencies } diff --git a/roles/agent_install/tasks/main.yml b/roles/agent_install/tasks/main.yml index 9cfa6daf3..f86e1dd0e 100644 --- a/roles/agent_install/tasks/main.yml +++ b/roles/agent_install/tasks/main.yml @@ -3,6 +3,9 @@ ansible.builtin.set_fact: agent_install_version: "{{ configuration | sysdig.agent.toAgentVersion }}" agent_install_driver_type: "{{ configuration | sysdig.agent.toAgentDriverType | lower }}" + agent_install_pinned: "{{ configuration | sysdig.agent.toAgentVersionPinned }}" + agent_install_packages: "{{ configuration | sysdig.agent.toAgentInstallPackages }}" + agent_uninstall_packages: "{{ configuration | sysdig.agent.toAgentUninstallPackages }}" agent_install_probe_build_dependencies: "{{ configuration | sysdig.agent.toAgentInstallProbeBuildDependencies | bool }}" agent_install_deb_repository_url: "{{ configuration | sysdig.agent.toDebUrl | default('https://download.sysdig.com/stable/deb', true) }}" agent_install_deb_repository_gpgkey: "{{ configuration | sysdig.agent.toDebGpgKey | default('https://download.sysdig.com/DRAIOS-GPG-KEY.public', true) }}" @@ -10,6 +13,16 @@ agent_install_rpm_repository_gpgkey: "{{ configuration | sysdig.agent.toRpmGpgKey | default('https://download.sysdig.com/DRAIOS-GPG-KEY.public', true) }}" agent_install_local_forwarder_enabled: "{{ configuration | sysdig.agent.toLocalForwarderEnabled | bool }}" + +- name: Build versions suffix + ansible.builtin.set_fact: + agent_install_version_suffix: "{% if agent_install_pinned %}{% if ansible_pkg_mgr == 'apt' %}={{ agent_install_version }}{% else %}-{{ agent_install_version }}{% endif %}{% endif %}" + +- name: Build install package list + ansible.builtin.set_fact: + agent_install_package_list: "{{ agent_install_package_list | default([]) + [item + agent_install_version_suffix] }}" + with_items: "{{ agent_install_packages }}" + - name: Install Sysdig Agent block: - name: Validate Environment @@ -22,20 +35,16 @@ - name: Configure Sysdig Agent Repository ansible.builtin.include_tasks: "agent/configure-{{ 'rpm' if ansible_pkg_mgr in ['dnf', 'yum'] else 'deb' }}-repository.yml" - - name: Install Sysdig Agent (latest) + - name: Uninstall Unneeded Sysdig Agent Packages ansible.builtin.package: - name: draios-agent - state: latest - when: (not agent_install_version) or - (agent_install_version and (agent_install_version == 'latest' or agent_install_version == "")) + name: "{{ agent_uninstall_packages }}" + state: absent + ignore_errors: true - - name: Install Sysdig Agent (pinned) + - name: Install Sysdig Agent "{{ agent_install_package_list }} " ansible.builtin.package: - name: "draios-agent{% if agent_install_version != 'latest' %}{% if ansible_pkg_mgr == 'apt' %}={% else %}-{% endif %}{{ agent_install_version }}{% endif %}" + name: "{{ agent_install_package_list }}" state: present - when: - - agent_install_version - - agent_install_version != 'latest' - name: Create dragent.yaml file ansible.builtin.template: