Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How to install or use sysdig in container on Fedora Silverblue or Fedora CoreOS? #2035

Closed
Alex2357 opened this issue Sep 29, 2023 · 4 comments
Closed

How to install or use sysdig in container on Fedora Silverblue or Fedora CoreOS? #2035

Alex2357 opened this issue Sep 29, 2023 · 4 comments
Labels
stale

Comments

@Alex2357
Copy link

Hi Everyone, need some help on how to use sysdig on Fedora Silverblue & Fedora CoreOS.
Sorry, if I'm asking simple question but I'm not an expert in Fedora Silverblue & Fedora CoreOS.
I have tried install rpm and it did not work.

sudo rpm-ostree install sysdig-0.33.1-x86_64.rpm
[sudo] password for user: 
Checking out tree 84a1d65... done
Enabled rpm-md repositories: fedora-cisco-openh264 fedora-modular updates-modular updates fedora copr:copr.fedorainfracloud.org:phracek:PyCharm google-chrome rpmfusion-nonfree-nvidia-driver rpmfusion-nonfree-steam updates-archive
Updating metadata for 'updates-modular'... done
Updating metadata for 'updates'... done
Updating metadata for 'updates-archive'... done
Importing rpm-md... done
rpm-md repo 'fedora-cisco-openh264' (cached); generated: 2023-03-14T10:56:46Z solvables: 4
rpm-md repo 'fedora-modular' (cached); generated: 2023-04-13T20:30:47Z solvables: 1082
rpm-md repo 'updates-modular'; generated: 2023-09-16T00:25:03Z solvables: 1087
rpm-md repo 'updates'; generated: 2023-09-27T02:38:11Z solvables: 24456
rpm-md repo 'fedora' (cached); generated: 2023-04-13T20:37:10Z solvables: 69222
rpm-md repo 'copr:copr.fedorainfracloud.org:phracek:PyCharm' (cached); generated: 2023-07-16T06:58:28Z solvables: 5
rpm-md repo 'google-chrome' (cached); generated: 2023-09-27T20:29:41Z solvables: 3
rpm-md repo 'rpmfusion-nonfree-nvidia-driver' (cached); generated: 2023-09-26T10:39:34Z solvables: 29
rpm-md repo 'rpmfusion-nonfree-steam' (cached); generated: 2023-08-10T16:27:32Z solvables: 2
rpm-md repo 'updates-archive'; generated: 2023-09-26T01:48:51Z solvables: 38543
Resolving dependencies... done
Will download: 218 packages (112.4 MB)
Downloading from 'updates'... done
Downloading from 'fedora'... done
Importing packages... done
Relabeling... done
Checking out packages... done
Running pre scripts... done
Running post scripts... done
error: Running %post for sysdig: bwrap(/bin/sh): Child process killed by signal 8; run `journalctl -t 'rpm-ostree(sysdig.post)'` for more information
[user@userpc Tools]$ 
[user@userpc Tools]$ journalctl -t 'rpm-ostree(sysdig.post)'
Journal file /var/log/journal/4ed818aa1e7a471894351922646dfb9d/user-524288@03b9dd0317ab4f12a2c2225752cceeda-0000000000000000-0000000000000000.journal corrupted, ignoring file.
Sep 28 19:40:49 userpc rpm-ostree(sysdig.post)[26818]: Error! No write access to DKMS tree at /var/lib/dkms
Sep 28 19:40:49 userpc rpm-ostree(sysdig.post)[26862]: Error! No write access to DKMS tree at /var/lib/dkms
Sep 28 19:40:49 userpc rpm-ostree(sysdig.post)[26903]: Sign command: /lib/modules/6.5.5-200.fc38.x86_64/build/scripts/sign-file
Sep 28 19:40:49 userpc rpm-ostree(sysdig.post)[26903]: Signing key: /var/lib/dkms/mok.key
Sep 28 19:40:49 userpc rpm-ostree(sysdig.post)[26903]: Public certificate (MOK): /var/lib/dkms/mok.pub
Sep 28 19:40:49 userpc rpm-ostree(sysdig.post)[26903]: Certificate or key are missing, generating self signed certificate for MOK...
Sep 28 19:40:50 userpc rpm-ostree(sysdig.post)[26903]: Key file /var/lib/dkms/mok.key not found and can't be generated, modules won't be signed
Sep 28 19:40:50 userpc rpm-ostree(sysdig.post)[26903]: Creating symlink /var/lib/dkms/scap/59fb313475b82f842e9e9bbc1e0e629428c0a4cf/source -> /usr/src/scap-59fb313475b82f842e9e9bbc1e0e629428c0a4cf
Sep 28 19:40:50 userpc rpm-ostree(sysdig.post)[26980]: mkdir: cannot create directory ‘/var/lib/dkms’: Read-only file system
Sep 28 19:40:50 userpc rpm-ostree(sysdig.post)[26981]: ln: failed to create symbolic link '/var/lib/dkms/scap/59fb313475b82f842e9e9bbc1e0e629428c0a4cf/source': No such file or directory
Sep 28 19:40:50 userpc rpm-ostree(sysdig.post)[26988]: ls: cannot access '/var/lib/dkms/scap/59fb313475b82f842e9e9bbc1e0e629428c0a4cf/source': No such file or directory
Sep 28 19:40:50 userpc rpm-ostree(sysdig.post)[26991]: Error! The directory /var/lib/dkms/scap/59fb313475b82f842e9e9bbc1e0e629428c0a4cf/source does not appear to have module source located within it.
Sep 28 19:40:50 userpc rpm-ostree(sysdig.post)[26991]: Build halted.
[user@userpc Tools]$

Then I have tried to use in Podman as it comes OOB in Fedora Silverblue and also had next issues

sudo podman run --rm -i -t --privileged --net=host \
    -v /dev:/host/dev \
    -v /proc:/host/proc:ro \
    -v /boot:/host/boot:ro \
    -v /var/home/user/src:/src \
    -v /lib/modules:/host/lib/modules:ro \
    -v /usr:/host/usr:ro \
    -v /etc:/host/etc:ro \
    docker.io/sysdig/sysdig
* Setting up /usr/src links from host
* Running scap-driver-loader for: driver version=59fb313475b82f842e9e9bbc1e0e629428c0a4cf, arch=x86_64, kernel release=6.5.5-200.fc38.x86_64, kernel version=1
* Running scap-driver-loader with: driver=module, compile=yes, download=yes

================ Cleaning phase ================

* 1. Check if kernel module 'scap' is still loaded:
- OK! There is no 'scap' module loaded.

* 2. Check all versions of kernel module 'scap' in dkms:
- There are some versions of 'scap' module in dkms.

* 3. Removing all the following versions from dkms:
59fb313475b82f842e9e9bbc1e0e629428c0a4cf

- Removing 59fb313475b82f842e9e9bbc1e0e629428c0a4cf...

------------------------------
Deleting module version: 59fb313475b82f842e9e9bbc1e0e629428c0a4cf
completely from the DKMS tree.
------------------------------
Done.

- OK! Removing '59fb313475b82f842e9e9bbc1e0e629428c0a4cf' succeeded.


[SUCCESS] Cleaning phase correctly terminated.

================ Cleaning phase ================

* Looking for a scap module locally (kernel 6.5.5-200.fc38.x86_64)
* Filename 'scap_fedora_6.5.5-200.fc38.x86_64_1.ko' is composed of:
 - driver name: scap
 - target identifier: fedora
 - kernel release: 6.5.5-200.fc38.x86_64
 - kernel version: 1
* Trying to download a prebuilt scap module from https://download.sysdig.com/scap-drivers/59fb313475b82f842e9e9bbc1e0e629428c0a4cf/x86_64/scap_fedora_6.5.5-200.fc38.x86_64_1.ko
curl: (22) The requested URL returned error: 404 
Unable to find a prebuilt scap module
install: /usr/lib/gcc/x86_64-redhat-linux/8/
* Trying to dkms install scap module with GCC /usr/bin/gcc
DIRECTIVE: MAKE="'/tmp/scap-dkms-make'"

Creating symlink /var/lib/dkms/scap/59fb313475b82f842e9e9bbc1e0e629428c0a4cf/source ->
                 /usr/src/scap-59fb313475b82f842e9e9bbc1e0e629428c0a4cf

DKMS: add completed.
* Running dkms build failed, couldn't find /var/lib/dkms/scap/59fb313475b82f842e9e9bbc1e0e629428c0a4cf/build/make.log (with GCC /usr/bin/gcc)
* Trying to load a system scap module, if present
Consider compiling your own scap driver and loading it or getting in touch with the Sysdig community

Any advice on how can I use it in Fedora Silverblue & Fedora CoreOS?
@Alex2357
Copy link
Author

Installing as described here https://github.com/draios/sysdig/wiki/How-to-Install-Sysdig-for-Linux#user-content-automatic-installation also did not work

curl -s https://download.sysdig.com/stable/install-sysdig | bash
* Detecting operating system
* Installing EPEL repository (for DKMS)
warning: /var/tmp/rpm-tmp.UNZRJM: Header V4 RSA/SHA256 Signature, key ID 2f86d6a1: NOKEY
Many EPEL packages require the CodeReady Builder (CRB) repository.
It is recommended that you run /usr/bin/crb enable to enable the CRB repository.
* Installing Sysdig public key
* Installing Sysdig repository
* Installing kernel headers
Error: Unable to find a match: kernel-devel-6.5.5-200.fc38.x86_64
Unable to find kernel development files for the current kernel version 6.5.5-200.fc38.x86_64
This usually means that your system is not up-to-date or you installed a custom kernel version.
The installation will continue but you'll need to install these yourself in order to use Sysdig.
Please write to the mailing list at https://groups.google.com/forum/#!forum/sysdig
if you need further assistance.
* Installing Sysdig
modprobe: FATAL: Module scap not found.

@therealbobo
Copy link
Contributor

Hi @Alex2357! After a quick look, it seems that fedora silverblue doesn't support dkms. This is not a big deal since you are running a very recent kernel. Given that, if the sysdig executable is correctly installed (or you can use the container), you just need to add the --modern-bpf flag and you should be good to go! Let me know if you encounter any problem! 😄

@github-actions GitHub Actions
Copy link

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@github-actions github-actions bot added the stale label Jan 28, 2024
@github-actions github-actions bot closed this as not planned Won't fix, can't repro, duplicate, stale Feb 5, 2024
@therealbobo therealbobo reopened this Feb 15, 2024
@github-actions github-actions bot removed the stale label Feb 16, 2024
@github-actions GitHub Actions
Copy link

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@github-actions github-actions bot added the stale label Jun 15, 2024
@github-actions github-actions bot closed this as not planned Won't fix, can't repro, duplicate, stale Jun 23, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
stale
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Alex2357 @therealbobo