From a75b4034c91de84e81034c679046bced74a48c00 Mon Sep 17 00:00:00 2001 From: Leonardo Di Giovanna Date: Wed, 17 Dec 2025 10:06:54 +0100 Subject: [PATCH 1/7] refactor(images): replace 'as' with 'AS' Signed-off-by: Leonardo Di Giovanna --- images/aarch64/amazonlinux2/5.4/Dockerfile.kernel | 2 +- images/aarch64/amazonlinux2022/5.15/Dockerfile.kernel | 2 +- images/aarch64/oraclelinux/4.14/Dockerfile.kernel | 2 +- images/aarch64/oraclelinux/5.15/Dockerfile.kernel | 2 +- images/x86_64/amazonlinux2/4.19/Dockerfile.kernel | 2 +- images/x86_64/amazonlinux2/5.10/Dockerfile.kernel | 2 +- images/x86_64/amazonlinux2/5.15/Dockerfile.kernel | 2 +- images/x86_64/amazonlinux2/5.4/Dockerfile.kernel | 2 +- images/x86_64/amazonlinux2022/5.15/Dockerfile.kernel | 2 +- images/x86_64/amazonlinux2023/6.1/Dockerfile.kernel | 2 +- images/x86_64/fedora/5.17/Dockerfile.kernel | 2 +- images/x86_64/fedora/5.8/Dockerfile.kernel | 2 +- images/x86_64/oraclelinux/3.10/Dockerfile.kernel | 2 +- images/x86_64/oraclelinux/4.14/Dockerfile.kernel | 2 +- images/x86_64/oraclelinux/5.15/Dockerfile.kernel | 2 +- images/x86_64/oraclelinux/5.4/Dockerfile.kernel | 2 +- 16 files changed, 16 insertions(+), 16 deletions(-) diff --git a/images/aarch64/amazonlinux2/5.4/Dockerfile.kernel b/images/aarch64/amazonlinux2/5.4/Dockerfile.kernel index f9b4238..794814c 100644 --- a/images/aarch64/amazonlinux2/5.4/Dockerfile.kernel +++ b/images/aarch64/amazonlinux2/5.4/Dockerfile.kernel @@ -26,7 +26,7 @@ RUN touch .placeholder && \ cd .. && \ find ./extracted/ -name 'vmlinuz-*' -exec cp -v {} extracted/vmlinux \; -FROM amazonlinux:2 as kmod-builder +FROM amazonlinux:2 AS kmod-builder ARG VERSION ARG URL diff --git a/images/aarch64/amazonlinux2022/5.15/Dockerfile.kernel b/images/aarch64/amazonlinux2022/5.15/Dockerfile.kernel index c8af74e..75f75b0 100644 --- a/images/aarch64/amazonlinux2022/5.15/Dockerfile.kernel +++ b/images/aarch64/amazonlinux2022/5.15/Dockerfile.kernel @@ -27,7 +27,7 @@ RUN touch .placeholder && \ find ./extracted/lib/modules -name vmlinuz -exec cp -v {} extracted/vmlinux.gz \; && \ gunzip extracted/vmlinux.gz -FROM amazonlinux:2023 as kmod-builder +FROM amazonlinux:2023 AS kmod-builder ARG VERSION ARG URL diff --git a/images/aarch64/oraclelinux/4.14/Dockerfile.kernel b/images/aarch64/oraclelinux/4.14/Dockerfile.kernel index fd19f60..6dee9cd 100644 --- a/images/aarch64/oraclelinux/4.14/Dockerfile.kernel +++ b/images/aarch64/oraclelinux/4.14/Dockerfile.kernel @@ -21,7 +21,7 @@ RUN touch .placeholder && \ cd .. && \ find ./extracted/ -name 'vmlinuz-*' -exec cp -v {} extracted/vmlinux \; -FROM amazonlinux:2 as kmod-builder +FROM amazonlinux:2 AS kmod-builder ARG VERSION ARG URL diff --git a/images/aarch64/oraclelinux/5.15/Dockerfile.kernel b/images/aarch64/oraclelinux/5.15/Dockerfile.kernel index 93705bb..7125a32 100644 --- a/images/aarch64/oraclelinux/5.15/Dockerfile.kernel +++ b/images/aarch64/oraclelinux/5.15/Dockerfile.kernel @@ -26,7 +26,7 @@ RUN touch .placeholder && \ cd .. && \ find ./extracted/ -name 'vmlinuz*' -exec cp -v {} extracted/vmlinux \; -FROM oraclelinux:9 as kmod-builder +FROM oraclelinux:9 AS kmod-builder ARG VERSION ARG ARCHITECTURE diff --git a/images/x86_64/amazonlinux2/4.19/Dockerfile.kernel b/images/x86_64/amazonlinux2/4.19/Dockerfile.kernel index cdd3f4f..6180d44 100644 --- a/images/x86_64/amazonlinux2/4.19/Dockerfile.kernel +++ b/images/x86_64/amazonlinux2/4.19/Dockerfile.kernel @@ -28,7 +28,7 @@ RUN touch .placeholder && \ cd .. && \ extract-vmlinux $(find ./extracted/ -name 'vmlinuz-*') > extracted/vmlinux -FROM amazonlinux:2 as kmod-builder +FROM amazonlinux:2 AS kmod-builder ARG VERSION ARG URL diff --git a/images/x86_64/amazonlinux2/5.10/Dockerfile.kernel b/images/x86_64/amazonlinux2/5.10/Dockerfile.kernel index 32ade69..181a2c2 100644 --- a/images/x86_64/amazonlinux2/5.10/Dockerfile.kernel +++ b/images/x86_64/amazonlinux2/5.10/Dockerfile.kernel @@ -28,7 +28,7 @@ RUN touch .placeholder && \ cd .. && \ extract-vmlinux $(find ./extracted/ -name 'vmlinuz-*') > extracted/vmlinux -FROM amazonlinux:2 as kmod-builder +FROM amazonlinux:2 AS kmod-builder ARG VERSION ARG URL diff --git a/images/x86_64/amazonlinux2/5.15/Dockerfile.kernel b/images/x86_64/amazonlinux2/5.15/Dockerfile.kernel index 8569dd4..e684d6f 100644 --- a/images/x86_64/amazonlinux2/5.15/Dockerfile.kernel +++ b/images/x86_64/amazonlinux2/5.15/Dockerfile.kernel @@ -28,7 +28,7 @@ RUN touch .placeholder && \ cd .. && \ extract-vmlinux $(find ./extracted/ -name 'vmlinuz-*') > extracted/vmlinux -FROM amazonlinux:2 as kmod-builder +FROM amazonlinux:2 AS kmod-builder ARG VERSION ARG URL diff --git a/images/x86_64/amazonlinux2/5.4/Dockerfile.kernel b/images/x86_64/amazonlinux2/5.4/Dockerfile.kernel index 1fef308..5ca9d36 100644 --- a/images/x86_64/amazonlinux2/5.4/Dockerfile.kernel +++ b/images/x86_64/amazonlinux2/5.4/Dockerfile.kernel @@ -28,7 +28,7 @@ RUN touch .placeholder && \ cd .. && \ extract-vmlinux $(find ./extracted/ -name 'vmlinuz-*') > extracted/vmlinux -FROM amazonlinux:2 as kmod-builder +FROM amazonlinux:2 AS kmod-builder ARG VERSION ARG URL diff --git a/images/x86_64/amazonlinux2022/5.15/Dockerfile.kernel b/images/x86_64/amazonlinux2022/5.15/Dockerfile.kernel index d670bab..1fb56e4 100644 --- a/images/x86_64/amazonlinux2022/5.15/Dockerfile.kernel +++ b/images/x86_64/amazonlinux2022/5.15/Dockerfile.kernel @@ -28,7 +28,7 @@ RUN touch .placeholder && \ cd .. && \ extract-vmlinux $(find ./extracted/lib/modules -name vmlinuz) > extracted/vmlinux -FROM amazonlinux:2023 as kmod-builder +FROM amazonlinux:2023 AS kmod-builder ARG VERSION ARG URL diff --git a/images/x86_64/amazonlinux2023/6.1/Dockerfile.kernel b/images/x86_64/amazonlinux2023/6.1/Dockerfile.kernel index 17214a3..b8d8b73 100644 --- a/images/x86_64/amazonlinux2023/6.1/Dockerfile.kernel +++ b/images/x86_64/amazonlinux2023/6.1/Dockerfile.kernel @@ -28,7 +28,7 @@ RUN touch .placeholder && \ cd .. && \ extract-vmlinux $(find ./extracted/lib/modules -name vmlinuz) > extracted/vmlinux -FROM amazonlinux:2023 as kmod-builder +FROM amazonlinux:2023 AS kmod-builder ARG VERSION ARG URL diff --git a/images/x86_64/fedora/5.17/Dockerfile.kernel b/images/x86_64/fedora/5.17/Dockerfile.kernel index c969a9a..60c9914 100644 --- a/images/x86_64/fedora/5.17/Dockerfile.kernel +++ b/images/x86_64/fedora/5.17/Dockerfile.kernel @@ -30,7 +30,7 @@ RUN touch .placeholder && \ find . -name '*.xz' -exec xz -d {} \; && \ extract-vmlinux $(find lib/modules -name vmlinuz) > /home/ubuntu/extracted/vmlinux -FROM fedora:36 as kmod-builder +FROM fedora:36 AS kmod-builder ARG VERSION ARG HVERSION diff --git a/images/x86_64/fedora/5.8/Dockerfile.kernel b/images/x86_64/fedora/5.8/Dockerfile.kernel index 553dffc..22e2642 100644 --- a/images/x86_64/fedora/5.8/Dockerfile.kernel +++ b/images/x86_64/fedora/5.8/Dockerfile.kernel @@ -30,7 +30,7 @@ RUN touch .placeholder && \ find . -name '*.xz' -exec xz -d {} \; && \ extract-vmlinux $(find lib/modules -name vmlinuz) > /home/ubuntu/extracted/vmlinux -FROM fedora:33 as kmod-builder +FROM fedora:33 AS kmod-builder ARG VERSION ARG HVERSION diff --git a/images/x86_64/oraclelinux/3.10/Dockerfile.kernel b/images/x86_64/oraclelinux/3.10/Dockerfile.kernel index a4a2938..346fb35 100644 --- a/images/x86_64/oraclelinux/3.10/Dockerfile.kernel +++ b/images/x86_64/oraclelinux/3.10/Dockerfile.kernel @@ -23,7 +23,7 @@ RUN touch .placeholder && \ cd .. && \ extract-vmlinux $(find ./extracted/ -name 'vmlinuz-*') > extracted/vmlinux -FROM oraclelinux:7 as kmod-builder +FROM oraclelinux:7 AS kmod-builder ARG VERSION ARG URL diff --git a/images/x86_64/oraclelinux/4.14/Dockerfile.kernel b/images/x86_64/oraclelinux/4.14/Dockerfile.kernel index 55b5432..b41c5d6 100644 --- a/images/x86_64/oraclelinux/4.14/Dockerfile.kernel +++ b/images/x86_64/oraclelinux/4.14/Dockerfile.kernel @@ -23,7 +23,7 @@ RUN touch .placeholder && \ cd .. && \ extract-vmlinux $(find ./extracted/ -name 'vmlinuz-*') > extracted/vmlinux -FROM oraclelinux:7 as kmod-builder +FROM oraclelinux:7 AS kmod-builder ARG VERSION ARG URL diff --git a/images/x86_64/oraclelinux/5.15/Dockerfile.kernel b/images/x86_64/oraclelinux/5.15/Dockerfile.kernel index a087729..80c41cf 100644 --- a/images/x86_64/oraclelinux/5.15/Dockerfile.kernel +++ b/images/x86_64/oraclelinux/5.15/Dockerfile.kernel @@ -26,7 +26,7 @@ RUN touch .placeholder && \ cd .. && \ extract-vmlinux $(find ./extracted/ -name 'vmlinuz') > extracted/vmlinux -FROM oraclelinux:9 as kmod-builder +FROM oraclelinux:9 AS kmod-builder ARG VERSION ARG URL diff --git a/images/x86_64/oraclelinux/5.4/Dockerfile.kernel b/images/x86_64/oraclelinux/5.4/Dockerfile.kernel index 2e38235..d2f8c79 100644 --- a/images/x86_64/oraclelinux/5.4/Dockerfile.kernel +++ b/images/x86_64/oraclelinux/5.4/Dockerfile.kernel @@ -23,7 +23,7 @@ RUN touch .placeholder && \ cd .. && \ extract-vmlinux $(find ./extracted/ -name 'vmlinuz') > extracted/vmlinux -FROM oraclelinux:8 as kmod-builder +FROM oraclelinux:8 AS kmod-builder ARG VERSION ARG URL From b9af38620b0bd65b7f511b8842c36d7a29b35a9e Mon Sep 17 00:00:00 2001 From: Leonardo Di Giovanna Date: Wed, 17 Dec 2025 14:31:23 +0100 Subject: [PATCH 2/7] fix(images): install correct AWS `linux-{headers,tools}` on ubuntu The current installation method for AWS linux headers and tools is based on downloading them from `ports.ubuntu.com` or `archive.ubuntu.com`, and then installing them with `dpkg -i`. Unfortunately, the current implementation doesn't work, because AWS headers are split into two packages: for example, headers for kernel `6.5.0-1024-aws` are split into `linux-headers-6.5.0-1024-aws` and `linux-aws-6.5-headers-6.5.0-1024`; both must be installed in order for anything using headers to work. Fix this headers and tools using directly the package manager. Signed-off-by: Leonardo Di Giovanna --- images/aarch64/ubuntu/6.5/Dockerfile | 10 ++-------- images/x86_64/ubuntu/4.15/Dockerfile | 10 ++-------- images/x86_64/ubuntu/6.2/Dockerfile | 10 +++------- images/x86_64/ubuntu/6.5/Dockerfile | 9 ++------- 4 files changed, 9 insertions(+), 30 deletions(-) diff --git a/images/aarch64/ubuntu/6.5/Dockerfile b/images/aarch64/ubuntu/6.5/Dockerfile index fe59fbb..ed721dd 100644 --- a/images/aarch64/ubuntu/6.5/Dockerfile +++ b/images/aarch64/ubuntu/6.5/Dockerfile @@ -1,7 +1,6 @@ FROM ubuntu:22.04 ARG VERSION=6.5.0-1024-aws -ARG URL='https://ports.ubuntu.com/ubuntu-ports/pool/main/l/linux-aws-6.5/' ARG CMAKE_VERSION # Use bash for all RUN steps with some safety options enabled. @@ -20,6 +19,8 @@ RUN apt-get update && apt-get install -y \ kmod \ libcap-dev \ libelf-dev \ + linux-headers-${VERSION} \ + linux-tools-${VERSION} \ llvm \ net-tools \ openssh-server \ @@ -31,13 +32,6 @@ RUN apt-get update && apt-get install -y \ wget && \ apt-get clean && \ rm -rf /var/lib/apt/lists/* && \ - curl ${URL} | \ - grep -E "linux-headers-${VERSION}|linux-tools-${VERSION}" | \ - grep "arm64" | \ - cut -d\" -f8 | \ - xargs -I@ curl -LO ${URL}@ && \ - find . -name '*.deb' | xargs -n1 dpkg -i --force-depends && \ - rm -f *.deb && \ CMAKE_ARCH="aarch64" && \ CMAKE_RELEASE_NAME="cmake-${CMAKE_VERSION}-linux-${CMAKE_ARCH}" && \ curl -L "https://github.com/Kitware/CMake/releases/download/v${CMAKE_VERSION}/${CMAKE_RELEASE_NAME}.tar.gz" | \ diff --git a/images/x86_64/ubuntu/4.15/Dockerfile b/images/x86_64/ubuntu/4.15/Dockerfile index c1c682b..a902e13 100644 --- a/images/x86_64/ubuntu/4.15/Dockerfile +++ b/images/x86_64/ubuntu/4.15/Dockerfile @@ -1,7 +1,6 @@ FROM ubuntu:18.04 ARG VERSION=4.15.0-1118-aws -ARG URL='https://archive.ubuntu.com/ubuntu/pool/main/l/linux-aws/' ARG CMAKE_VERSION # Use bash for all RUN steps with some safety options enabled. @@ -20,6 +19,8 @@ RUN apt-get update && apt-get install -y \ kmod \ libcap-dev \ libelf-dev \ + linux-headers-${VERSION} \ + linux-tools-${VERSION} \ llvm \ net-tools \ openssh-server \ @@ -31,13 +32,6 @@ RUN apt-get update && apt-get install -y \ wget && \ apt-get clean && \ rm -rf /var/lib/apt/lists/* && \ - curl ${URL} | \ - grep -E "linux-headers-${VERSION}|linux-tools-${VERSION}|linux-tools-common_${VERSION}" | \ - grep -vE 'i386|lowlatency' | \ - cut -d\" -f8 | \ - xargs -I@ curl -LO ${URL}@ && \ - find . -name '*.deb' | xargs -n1 dpkg -i --force-depends && \ - rm -f *.deb && \ CMAKE_ARCH="x86_64" && \ CMAKE_RELEASE_NAME="cmake-${CMAKE_VERSION}-linux-${CMAKE_ARCH}" && \ curl -L "https://github.com/Kitware/CMake/releases/download/v${CMAKE_VERSION}/${CMAKE_RELEASE_NAME}.tar.gz" | \ diff --git a/images/x86_64/ubuntu/6.2/Dockerfile b/images/x86_64/ubuntu/6.2/Dockerfile index 66e6bbb..c3a786d 100644 --- a/images/x86_64/ubuntu/6.2/Dockerfile +++ b/images/x86_64/ubuntu/6.2/Dockerfile @@ -1,7 +1,6 @@ FROM ubuntu:22.04 ARG VERSION=6.2.0-1018-aws -ARG URL='https://archive.ubuntu.com/ubuntu/pool/main/l/linux-aws-6.2/' ARG CMAKE_VERSION # Use bash for all RUN steps with some safety options enabled. @@ -20,6 +19,8 @@ RUN apt-get update && apt-get install -y \ kmod \ libcap-dev \ libelf-dev \ + linux-headers-${VERSION} \ + linux-tools-${VERSION} \ llvm \ net-tools \ openssh-server \ @@ -30,12 +31,7 @@ RUN apt-get update && apt-get install -y \ udev \ wget && \ apt-get clean && \ - curl ${URL} | \ - grep -E "linux-headers-${VERSION}|linux-tools-${VERSION}|linux-tools-common_${VERSION}" | \ - cut -d\" -f8 | \ - xargs -I@ curl -LO ${URL}@ && \ - find . -name '*.deb' | xargs -n1 dpkg -i --force-depends && \ - rm -f *.deb && \ + rm -rf /var/lib/apt/lists/* && \ CMAKE_ARCH="x86_64" && \ CMAKE_RELEASE_NAME="cmake-${CMAKE_VERSION}-linux-${CMAKE_ARCH}" && \ curl -L "https://github.com/Kitware/CMake/releases/download/v${CMAKE_VERSION}/${CMAKE_RELEASE_NAME}.tar.gz" | \ diff --git a/images/x86_64/ubuntu/6.5/Dockerfile b/images/x86_64/ubuntu/6.5/Dockerfile index 55cf186..d9988cc 100644 --- a/images/x86_64/ubuntu/6.5/Dockerfile +++ b/images/x86_64/ubuntu/6.5/Dockerfile @@ -1,7 +1,6 @@ FROM ubuntu:22.04 ARG VERSION=6.5.0-1024-aws -ARG URL='https://archive.ubuntu.com/ubuntu/pool/main/l/linux-aws-6.5/' ARG CMAKE_VERSION # Use bash for all RUN steps with some safety options enabled. @@ -20,6 +19,8 @@ RUN apt-get update && apt-get install -y \ kmod \ libcap-dev \ libelf-dev \ + linux-headers-${VERSION} \ + linux-tools-${VERSION} \ llvm \ net-tools \ openssh-server \ @@ -31,12 +32,6 @@ RUN apt-get update && apt-get install -y \ wget && \ apt-get clean && \ rm -rf /var/lib/apt/lists/* && \ - curl ${URL} | \ - grep -E "linux-headers-${VERSION}|linux-tools-${VERSION}|linux-tools-common_${VERSION}" | \ - cut -d\" -f8 | \ - xargs -I@ curl -LO ${URL}@ && \ - find . -name '*.deb' | xargs -n1 dpkg -i --force-depends && \ - rm -f *.deb && \ CMAKE_ARCH="x86_64" && \ CMAKE_RELEASE_NAME="cmake-${CMAKE_VERSION}-linux-${CMAKE_ARCH}" && \ curl -L "https://github.com/Kitware/CMake/releases/download/v${CMAKE_VERSION}/${CMAKE_RELEASE_NAME}.tar.gz" | \ From bd0b0e3022728ce7f9d763264c708570b5316b7c Mon Sep 17 00:00:00 2001 From: Leonardo Di Giovanna Date: Wed, 17 Dec 2025 14:52:44 +0100 Subject: [PATCH 3/7] chore(images/Makefile): tag images built by `arch/distro/kern` targets Signed-off-by: Leonardo Di Giovanna --- images/Makefile | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/images/Makefile b/images/Makefile index cb7346a..ea46190 100644 --- a/images/Makefile +++ b/images/Makefile @@ -126,8 +126,8 @@ build-kernel: initrd-builder arch=$(ARCH); \ rootfs_dir=$$(find . -type d -path "./$$arch/$$distro/$$version"); \ kernel_dir=$$(find . -type d -path "./$$arch/$$distro/$$version"); \ - rootfs_image=$(REPOSITORY)/$$distro-image:$$version-$$arch; \ - kernel_image=$(REPOSITORY)/$$distro-kernel:$$version-$$arch; \ + rootfs_image=$(REPOSITORY)/$$distro-image:$$version-$$arch-$(TAG); \ + kernel_image=$(REPOSITORY)/$$distro-kernel:$$version-$$arch-$(TAG); \ if [ -n "$$rootfs_dir" ]; then \ if [ "$(DRY_RUN)" = "true" ]; then \ echo "Dry run: Building rootfs image: docker build -t $$rootfs_image --build-arg CMAKE_VERSION=\"$(CMAKE_VERSION)\" $$rootfs_dir"; \ @@ -148,7 +148,10 @@ build-kernel: initrd-builder echo "Dry run: Building kernel image: docker build -t $$kernel_image -f $$kernel_dir/Dockerfile.kernel $$kernel_dir"; \ else \ echo "Building kernel image: $$kernel_image"; \ - docker build -t $$kernel_image -f $$kernel_dir/Dockerfile.kernel $$kernel_dir; \ + docker build \ + -t $$kernel_image \ + -f $$kernel_dir/Dockerfile.kernel \ + $$kernel_dir; \ if [ "$(PUSH)" = "true" ]; then \ echo "Pushing image: $$kernel_image"; \ docker push $$kernel_image; \ From 0aab34f645fd4cc025ad3d77decb14ae149e26fc Mon Sep 17 00:00:00 2001 From: Leonardo Di Giovanna Date: Wed, 17 Dec 2025 15:41:24 +0100 Subject: [PATCH 4/7] fix(images/modernprobe-builder): fix modern probe build Pin `modernprobe-builder` base image to`fedora:39`. Fedora 39 is deprecated, but this ensures working BPF object files build to run our distro/kernel tests. In the future, we can upgrade this after we investigate more the issues related to modern `clang` versions. Signed-off-by: Leonardo Di Giovanna --- images/modernprobe-builder/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/modernprobe-builder/Dockerfile b/images/modernprobe-builder/Dockerfile index fc456c5..599a4b6 100644 --- a/images/modernprobe-builder/Dockerfile +++ b/images/modernprobe-builder/Dockerfile @@ -1,4 +1,4 @@ -FROM fedora:latest +FROM fedora:39 ARG CMAKE_VERSION From 5644c31fc18c999a842b067cd786be2f585955ed Mon Sep 17 00:00:00 2001 From: Leonardo Di Giovanna Date: Thu, 18 Dec 2025 12:00:50 +0100 Subject: [PATCH 5/7] chore(ansible-playbooks): disable legacy BPF tests on some oraclelinux Disable BPF tests for both `oraclelinux-5.4-x86_64` and `oraclelinux-5.15-aarch64`. The VMs rootfs are based on `oraclelinux:8` and `oraclelinux:9`, which unfortunately provide a too much recent clang version (clang 20). This version doesn't work well wil the kernel expectation, and results in failing legacy BPF tests. BPF tests are disabled through a new `skip_legacy_bpf_tests` property in machine specification (see `ansible-playbooks/group_vars/all/vars.yml`). The new mechanism works by disabling legacy BPF support if the property is defined and set to true. Signed-off-by: Leonardo Di Giovanna --- ansible-playbooks/group_vars/all/vars.yml | 4 ++-- ansible-playbooks/roles/scap_open/tasks/main.yml | 12 +++++++++++- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/ansible-playbooks/group_vars/all/vars.yml b/ansible-playbooks/group_vars/all/vars.yml index fa29024..952a531 100644 --- a/ansible-playbooks/group_vars/all/vars.yml +++ b/ansible-playbooks/group_vars/all/vars.yml @@ -37,14 +37,14 @@ machines: - {name: "fedora-6.2", kernel: "{{ repo }}/fedora-kernel:6.2-x86_64-{{ tag }}", rootfs: "{{ repo }}/fedora-image:6.2-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length] - {name: "oraclelinux-4.14", kernel: "{{ repo }}/oraclelinux-kernel:4.14-x86_64-{{ tag }}", rootfs: "{{ repo }}/oraclelinux-image:4.14-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length] - {name: "oraclelinux-5.15", kernel: "{{ repo }}/oraclelinux-kernel:5.15-x86_64-{{ tag }}", rootfs: "{{ repo }}/oraclelinux-image:5.15-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length] - - {name: "oraclelinux-5.4", kernel: "{{ repo }}/oraclelinux-kernel:5.4-x86_64-{{ tag }}", rootfs: "{{ repo }}/oraclelinux-image:5.4-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length] + - {name: "oraclelinux-5.4", kernel: "{{ repo }}/oraclelinux-kernel:5.4-x86_64-{{ tag }}", rootfs: "{{ repo }}/oraclelinux-image:5.4-x86_64-{{ tag }}", arch: "x86_64", skip_legacy_bpf_tests: true} # noqa: yaml[line-length] - {name: "ubuntu-5.8", kernel: "{{ repo }}/ubuntu-kernel:5.8-x86_64-{{ tag }}", rootfs: "{{ repo }}/ubuntu-image:5.8-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length] - {name: "ubuntu-6.5", kernel: "{{ repo }}/ubuntu-kernel:6.5-x86_64-{{ tag }}", rootfs: "{{ repo }}/ubuntu-image:6.5-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length] - {name: "amazonlinux2022-5.15", kernel: "{{ repo }}/amazonlinux2022-kernel:5.15-aarch64-{{ tag }}", rootfs: "{{ repo }}/amazonlinux2022-image:5.15-aarch64-{{ tag }}", arch: "aarch64"} # noqa: yaml[line-length] - {name: "amazonlinux2-5.4", kernel: "{{ repo }}/amazonlinux2-kernel:5.4-aarch64-{{ tag }}", rootfs: "{{ repo }}/amazonlinux2-image:5.4-aarch64-{{ tag }}", arch: "aarch64"} # noqa: yaml[line-length] - {name: "fedora-6.2", kernel: "{{ repo }}/fedora-kernel:6.2-aarch64-{{ tag }}", rootfs: "{{ repo }}/fedora-image:6.2-aarch64-{{ tag }}", arch: "aarch64"} # noqa: yaml[line-length] - {name: "oraclelinux-4.14", kernel: "{{ repo }}/oraclelinux-kernel:4.14-aarch64-{{ tag }}", rootfs: "{{ repo }}/oraclelinux-image:4.14-aarch64-{{ tag }}", arch: "aarch64"} # noqa: yaml[line-length] - - {name: "oraclelinux-5.15", kernel: "{{ repo }}/oraclelinux-kernel:5.15-aarch64-{{ tag }}", rootfs: "{{ repo }}/oraclelinux-image:5.15-aarch64-{{ tag }}", arch: "aarch64"} # noqa: yaml[line-length] + - {name: "oraclelinux-5.15", kernel: "{{ repo }}/oraclelinux-kernel:5.15-aarch64-{{ tag }}", rootfs: "{{ repo }}/oraclelinux-image:5.15-aarch64-{{ tag }}", arch: "aarch64", skip_legacy_bpf_tests: true} # noqa: yaml[line-length] - {name: "ubuntu-6.5", kernel: "{{ repo }}/ubuntu-kernel:6.5-aarch64-{{ tag }}", rootfs: "{{ repo }}/ubuntu-image:6.5-aarch64-{{ tag }}", arch: "aarch64"} # noqa: yaml[line-length] builders: diff --git a/ansible-playbooks/roles/scap_open/tasks/main.yml b/ansible-playbooks/roles/scap_open/tasks/main.yml index 4d21617..783b054 100644 --- a/ansible-playbooks/roles/scap_open/tasks/main.yml +++ b/ansible-playbooks/roles/scap_open/tasks/main.yml @@ -32,7 +32,17 @@ - name: Enable old Bpf support ansible.builtin.set_fact: scap_open_bpf_supported: true - when: ansible_kernel is version(scap_open_bpf_minimum_kver[ansible_architecture],'>=') + # Enable legacy BPF support if the minimum kernel version requirement is met and the user didn't explicitly decide + # to skip legacy BPF tests. + when: + - ansible_kernel is version(scap_open_bpf_minimum_kver[ansible_architecture],'>=') + - machines + | selectattr('name', 'equalto', inventory_hostname) + | map(attribute='skip_legacy_bpf_tests') + | map('default', false) + | select('equalto', true) + | list + | length == 0 - name: Prepare the build directory block: From 2cca570fb88efef81ac50d2d2f3cabce26a7fb38 Mon Sep 17 00:00:00 2001 From: Leonardo Di Giovanna Date: Thu, 18 Dec 2025 12:10:27 +0100 Subject: [PATCH 6/7] chore(ansible-playbooks): reintroduce `oraclelinux-3.10` I conducted some tests and this machine seems to correctly work. Reintroduce it. Signed-off-by: Leonardo Di Giovanna --- ansible-playbooks/group_vars/all/vars.yml | 1 + ansible-playbooks/roles/scap_open/tasks/main.yml | 1 + 2 files changed, 2 insertions(+) diff --git a/ansible-playbooks/group_vars/all/vars.yml b/ansible-playbooks/group_vars/all/vars.yml index 952a531..1ea9d14 100644 --- a/ansible-playbooks/group_vars/all/vars.yml +++ b/ansible-playbooks/group_vars/all/vars.yml @@ -35,6 +35,7 @@ machines: - {name: "fedora-5.17", kernel: "{{ repo }}/fedora-kernel:5.17-x86_64-{{ tag }}", rootfs: "{{ repo }}/fedora-image:5.17-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length] - {name: "fedora-5.8", kernel: "{{ repo }}/fedora-kernel:5.8-x86_64-{{ tag }}", rootfs: "{{ repo }}/fedora-image:5.8-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length] - {name: "fedora-6.2", kernel: "{{ repo }}/fedora-kernel:6.2-x86_64-{{ tag }}", rootfs: "{{ repo }}/fedora-image:6.2-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length] + - {name: "oraclelinux-3.10", kernel: "{{ repo }}/oraclelinux-kernel:3.10-x86_64-{{ tag }}", rootfs: "{{ repo }}/oraclelinux-image:3.10-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length] - {name: "oraclelinux-4.14", kernel: "{{ repo }}/oraclelinux-kernel:4.14-x86_64-{{ tag }}", rootfs: "{{ repo }}/oraclelinux-image:4.14-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length] - {name: "oraclelinux-5.15", kernel: "{{ repo }}/oraclelinux-kernel:5.15-x86_64-{{ tag }}", rootfs: "{{ repo }}/oraclelinux-image:5.15-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length] - {name: "oraclelinux-5.4", kernel: "{{ repo }}/oraclelinux-kernel:5.4-x86_64-{{ tag }}", rootfs: "{{ repo }}/oraclelinux-image:5.4-x86_64-{{ tag }}", arch: "x86_64", skip_legacy_bpf_tests: true} # noqa: yaml[line-length] diff --git a/ansible-playbooks/roles/scap_open/tasks/main.yml b/ansible-playbooks/roles/scap_open/tasks/main.yml index 783b054..a118320 100644 --- a/ansible-playbooks/roles/scap_open/tasks/main.yml +++ b/ansible-playbooks/roles/scap_open/tasks/main.yml @@ -38,6 +38,7 @@ - ansible_kernel is version(scap_open_bpf_minimum_kver[ansible_architecture],'>=') - machines | selectattr('name', 'equalto', inventory_hostname) + | selectattr('arch', 'equalto', ansible_architecture) | map(attribute='skip_legacy_bpf_tests') | map('default', false) | select('equalto', true) From ab658f763b326b303c04d04592d745049e7229b4 Mon Sep 17 00:00:00 2001 From: Leonardo Di Giovanna Date: Thu, 18 Dec 2025 16:39:30 +0100 Subject: [PATCH 7/7] chore(ansible-playbooks): revert to v0.3.2 for ubuntu-6.5-aarch64 This is a temporary solution to make ubuntu-6.5 tests available on aarch64. Unfortunately, the newer images don't work, due to the fact that internal VM networking is not properly configured: specifically, the VM is able to ask for networking configuration to the external dnsmasq service, but the configuration is, for some reason, re-set after OS booting. While we investigate this issue, use the working old image. Furtunately, the old image has a recent enough cmake version (3.27.4). Signed-off-by: Leonardo Di Giovanna --- ansible-playbooks/group_vars/all/vars.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible-playbooks/group_vars/all/vars.yml b/ansible-playbooks/group_vars/all/vars.yml index 1ea9d14..01881c0 100644 --- a/ansible-playbooks/group_vars/all/vars.yml +++ b/ansible-playbooks/group_vars/all/vars.yml @@ -46,7 +46,7 @@ machines: - {name: "fedora-6.2", kernel: "{{ repo }}/fedora-kernel:6.2-aarch64-{{ tag }}", rootfs: "{{ repo }}/fedora-image:6.2-aarch64-{{ tag }}", arch: "aarch64"} # noqa: yaml[line-length] - {name: "oraclelinux-4.14", kernel: "{{ repo }}/oraclelinux-kernel:4.14-aarch64-{{ tag }}", rootfs: "{{ repo }}/oraclelinux-image:4.14-aarch64-{{ tag }}", arch: "aarch64"} # noqa: yaml[line-length] - {name: "oraclelinux-5.15", kernel: "{{ repo }}/oraclelinux-kernel:5.15-aarch64-{{ tag }}", rootfs: "{{ repo }}/oraclelinux-image:5.15-aarch64-{{ tag }}", arch: "aarch64", skip_legacy_bpf_tests: true} # noqa: yaml[line-length] - - {name: "ubuntu-6.5", kernel: "{{ repo }}/ubuntu-kernel:6.5-aarch64-{{ tag }}", rootfs: "{{ repo }}/ubuntu-image:6.5-aarch64-{{ tag }}", arch: "aarch64"} # noqa: yaml[line-length] + - {name: "ubuntu-6.5", kernel: "{{ repo }}/ubuntu-kernel:6.5-aarch64-v0.3.2", rootfs: "{{ repo }}/ubuntu-image:6.5-aarch64-v0.3.2", arch: "aarch64"} # noqa: yaml[line-length] builders: - {name: "centos-builder", kernel: "{{ repo }}/ubuntu-kernel:6.5-x86_64-{{ tag }}", rootfs: "{{ repo }}/builder:x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length]