Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[0.40] ansible role in docker/ubuntu failing on install #3494

Open
juju4 opened this issue Feb 15, 2025 · 1 comment
Open

[0.40] ansible role in docker/ubuntu failing on install #3494

juju4 opened this issue Feb 15, 2025 · 1 comment
Labels
kind/bug

Comments

@juju4
Copy link
Contributor

juju4 commented Feb 15, 2025

Describe the bug
Since 0.40 release, my ansible role CI in molecule/docker is failing for ubuntu-24.04 and 22.04 likely because of harder constraint on systemd availability.
As kernel dependent, this test was failing for other distributions but was working for above as likely host kernel same/similar to test container.

fatal: [instance]: FAILED! => {"attempts": 3, "cache_update_time": 1739648035, "cache_updated": false, "changed": false, 
  "msg": "'/usr/bin/apt-get -y -o \"Dpkg::Options::=--force-confdef\" -o \"Dpkg::Options::=--force-confold\"       install 'falco=0.40.0'' failed: E: Sub-process /usr/bin/dpkg returned an error code (1)\n", "rc": 100, 
  "stderr": "E: Sub-process /usr/bin/dpkg returned an error code (1)\n", 
  "stderr_lines": ["E: Sub-process /usr/bin/dpkg returned an error code (1)"], 
  "stdout": "Reading package lists...\nBuilding dependency tree...\nReading state information...\nfalco is already the newest version (0.40.0).\n0 upgraded, 0 newly installed, 0 to remove and 11 not upgraded.\n1 not fully installed or removed.\nAfter this operation, 0 B of additional disk space will be used.\nSetting up falco (0.40.0) ...\r\n[POST-INSTALL] Disable all possible 'falco' services:\r\nSystem has not been booted with systemd as init system (PID 1). Can't operate.\r\r\nFailed to connect to bus: Host is down\r\r\nSystem has not been booted with systemd as init system (PID 1). Can't operate.\r\r\nFailed to connect to bus: Host is down\r\r\nSystem has not been booted with systemd as init system (PID 1). Can't operate.\r\r\nFailed to connect to bus: Host is down\r\r\nSystem has not been booted with systemd as init system (PID 1). Can't operate.\r\r\nFailed to connect to bus: Host is down\r\r\nSystem has not been booted with systemd as init system (PID 1). Can't operate.\r\r\nFailed to connect to bus: Host is down\r\r\n[POST-INSTALL] Configure falcoctl 'auto' driver type:\r\n\u001b[90m2025-02-15 19:34:52\u001b[0m \u001b[1;32m\u001b[1;32mINFO \u001b[0m\u001b[0m Running falcoctl driver config\r\n                      ├ \u001b[1;32m\u001b[1;32mname: \u001b[0m\u001b[0mfalco\r\n                      ├ \u001b[1;32m\u001b[1;32mversion: \u001b[0m\u001b[0m8.0.0+driver\r\n                      ├ \u001b[1;32m\u001b[1;32mtype: \u001b[0m\u001b[0mkmod\r\n                      ├ \u001b[1;32m\u001b[1;32mhost-root: \u001b[0m\u001b[0m/\r\n                      └ \u001b[1;32m\u001b[1;32mrepos: \u001b[0m\u001b[0m[https://download.falco.org/driver\r\n\u001b[90m2025-02-15](https://download.falco.org/driver/r/n/u001b[90m2025-02-15) 19:34:52\u001b[0m \u001b[1;32m\u001b[1;32mINFO \u001b[0m\u001b[0m Committing driver config to specialized configuration\r\n                      │   file under\r\n                      └ \u001b[1;32m\u001b[1;32mdirectory: \u001b[0m\u001b[0m/etc/falco/config.d\r\n\u001b[90m2025-02-15 19:34:52\u001b[0m \u001b[1;32m\u001b[1;32mINFO \u001b[0m\u001b[0m Storing falcoctl driver config \r\nTERM environment variable not set.\r\n[POST-INSTALL] Trigger deamon-reload:\r\nSystem has not been booted with systemd as init system (PID 1). Can't operate.\r\r\nFailed to connect to bus: Host is down\r\r\n[POST-INSTALL] Call 'falcoctl driver install for kmod:\r\n\u001b[90m2025-02-15 19:34:52\u001b[0m \u001b[1;32m\u001b[1;32mINFO \u001b[0m\u001b[0m Running falcoctl driver install\r\n                      ├ \u001b[1;32m\u001b[1;32mdriver version: \u001b[0m\u001b[0m8.0.0+driver\r\n                      ├ \u001b[1;32m\u001b[1;32mdriver type: \u001b[0m\u001b[0mkmod\r\n                      ├ \u001b[1;32m\u001b[1;32mdriver name: \u001b[0m\u001b[0mfalco\r\n                      ├ \u001b[1;32m\u001b[1;32mcompile: \u001b[0m\u001b[0mtrue\r\n                      ├ \u001b[1;32m\u001b[1;32mdownload: \u001b[0m\u001b[0mfalse\r\n                      ├ \u001b[1;32m\u001b[1;32mtarget: \u001b[0m\u001b[0mubuntu-azure\r\n                      ├ \u001b[1;32m\u001b[1;32march: \u001b[0m\u001b[0mx86_64\r\n                      ├ \u001b[1;32m\u001b[1;32mkernel release: \u001b[0m\u001b[0m6.8.0-1021-azure\r\n                      └ \u001b[1;32m\u001b[1;32mkernel version: \u001b[0m\u001b[0m#25-Ubuntu SMP Wed Jan 15 20:45:09 UTC 2025\r\n\r\u001b[39m\u001b[39m⠈⠁\u001b[0m\u001b[0m \u001b[39m\u001b[39mCleaning up existing drivers\u001b[0m\u001b[0m\u001b[90m\u001b[90m (0s)\u001b[0m\u001b[0m\r                                                                                \r\u001b[90m2025-02-15 19:34:52\u001b[0m\u001b[m \u001b[1;32m\u001b[1;32mINFO \u001b[0m\u001b[m\u001b[0m\u001b[m Check if kernel module is still loaded. \r\n\u001b[90m2025-02-15 19:34:52\u001b[0m\u001b[m \u001b[1;32m\u001b[1;32mINFO \u001b[0m\u001b[m\u001b[0m\u001b[m OK! There is no module loaded. \r\n\u001b[90m2025-02-15 19:34:52\u001b[0m\u001b[m \u001b[1;32m\u001b[1;32mINFO \u001b[0m\u001b[m\u001b[0m\u001b[m Skipping dkms remove (dkms not found). \r\n\r\u001b[39m\u001b[39m⠈⠁\u001b[0m\u001b[0m \u001b[39m\u001b[39mTrying to build the driver\u001b[0m\u001b[0m\u001b[90m\u001b[90m (0s)\u001b[0m\u001b[0m\r\u001b[39m\u001b[39m⠈⠑\u001b[0m\u001b[0m \u001b[39m\u001b[39mTrying to build the driver\u001b[0m\u001b[0m\u001b[90m\u001b[90m (0s)\u001b[0m\u001b[0m\r\u001b[39m\u001b[39m⠈⠱\u001b[0m\u001b[0m \u001b[39m\u001b[39mTrying to build the driver\u001b[0m\u001b[0m\u001b[90m\u001b[90m (0s)\u001b[0m\u001b[0m\r\u001b[39m\u001b[39m⠈⡱\u001b[0m\u001b[0m \u001b[39m\u001b[39mTrying to build the driver\u001b[0m\u001b[0m\u001b[90m\u001b[90m (0s)\u001b[0m\u001b[0m\r                                                                                \r\u001b[90m2025-02-15 19:34:52\u001b[0m\u001b[m \u001b[1;32m\u001b[1;32mINFO \u001b[0m\u001b[m\u001b[0m\u001b[m Trying to compile the requested driver \r\n\u001b[90m2025-02-15 19:34:52\u001b[0m\u001b[m \u001b[1;32m\u001b[1;32mINFO \u001b[0m\u001b[m\u001b[0m\u001b[m Trying automatic kernel headers download. \r\n\u001b[90m2025-02-15 19:34:52\u001b[0m\u001b[m \u001b[1;33m\u001b[1;33mWARN \u001b[0m\u001b[m\u001b[0m\u001b[m Failed to download headers. \u001b[31;1m\u001b[31;1merr: \u001b[0m\u001b[m\u001b[0m\u001b[mexit status 1\r\n\u001b[90m2025-02-15 19:34:52\u001b[0m \u001b[1;32m\u001b[1;32mINFO \u001b[0m\u001b[0m Trying to load a pre existent system module, if\r\n                      │   present.\r\n\u001b[90m2025-02-15 19:34:52\u001b[0m \u001b[1;33m\u001b[1;33mWARN \u001b[0m\u001b[0m Consider compiling your own driver and loading it or\r\n                      │   getting in touch with the Falco community.\r\n\u001b[90m2025-02-15 19:34:52\u001b[0m \u001b[1;31m\u001b[1;31mERROR\u001b[0m\u001b[0m failed: exit status 1 \r\ndpkg: error processing package falco (--configure):\r\n installed falco package post-installation script subprocess returned error exit status 1\r\nErrors were encountered while processing:\r\n falco\r\n", 
  "stdout_lines": [
    "Reading package lists...", "Building dependency tree...", "Reading state information...", 
    "falco is already the newest version (0.40.0).", "0 upgraded, 0 newly installed, 0 to remove and 11 not upgraded.", "1 not fully installed or removed.", "After this operation, 0 B of additional disk space will be used.", "Setting up falco (0.40.0) ...", 
    "[POST-INSTALL] Disable all possible 'falco' services:", 
    "System has not been booted with systemd as init system (PID 1). Can't operate.", "", "Failed to connect to bus: Host is down", "", "System has not been booted with systemd as init system (PID 1). Can't operate.", "", "Failed to connect to bus: Host is down", "", "System has not been booted with systemd as init system (PID 1). Can't operate.", "", "Failed to connect to bus: Host is down", "", "System has not been booted with systemd as init system (PID 1). Can't operate.", "", "Failed to connect to bus: Host is down", "", "System has not been booted with systemd as init system (PID 1). Can't operate.", "", "Failed to connect to bus: Host is down", "", "[POST-INSTALL] Configure falcoctl 'auto' driver type:", "\u001b[90m2025-02-15 19:34:52\u001b[0m \u001b[1;32m\u001b[1;32mINFO \u001b[0m\u001b[0m Running falcoctl driver config", "                      ├ \u001b[1;32m\u001b[1;32mname: \u001b[0m\u001b[0mfalco", "                      ├ \u001b[1;32m\u001b[1;32mversion: \u001b[0m\u001b[0m8.0.0+driver", "                      ├ \u001b[1;32m\u001b[1;32mtype: \u001b[0m\u001b[0mkmod", "                      ├ \u001b[1;32m\u001b[1;32mhost-root: \u001b[0m\u001b[0m/", "                      └ \u001b[1;32m\u001b[1;32mrepos: \u001b[0m\u001b[0mhttps://download.falco.org/driver", "\u001b[90m2025-02-15 19:34:52\u001b[0m \u001b[1;32m\u001b[1;32mINFO \u001b[0m\u001b[0m Committing driver config to specialized configuration", "                      │   file under", "                      └ \u001b[1;32m\u001b[1;32mdirectory: \u001b[0m\u001b[0m/etc/falco/config.d", "\u001b[90m2025-02-15 19:34:52\u001b[0m \u001b[1;32m\u001b[1;32mINFO \u001b[0m\u001b[0m Storing falcoctl driver config ", "TERM environment variable not set.", "[POST-INSTALL] Trigger deamon-reload:", "System has not been booted with systemd as init system (PID 1). Can't operate.", "", "Failed to connect to bus: Host is down", "", "[POST-INSTALL] Call 'falcoctl driver install for kmod:", "\u001b[90m2025-02-15 19:34:52\u001b[0m \u001b[1;32m\u001b[1;32mINFO \u001b[0m\u001b[0m Running falcoctl driver install", "                      ├ \u001b[1;32m\u001b[1;32mdriver version: \u001b[0m\u001b[0m8.0.0+driver", "                      ├ \u001b[1;32m\u001b[1;32mdriver type: \u001b[0m\u001b[0mkmod", "                      ├ \u001b[1;32m\u001b[1;32mdriver name: \u001b[0m\u001b[0mfalco", "                      ├ \u001b[1;32m\u001b[1;32mcompile: \u001b[0m\u001b[0mtrue", "                      ├ \u001b[1;32m\u001b[1;32mdownload: \u001b[0m\u001b[0mfalse", "                      ├ \u001b[1;32m\u001b[1;32mtarget: \u001b[0m\u001b[0mubuntu-azure", "                      ├ \u001b[1;32m\u001b[1;32march: \u001b[0m\u001b[0mx86_64", "                      ├ \u001b[1;32m\u001b[1;32mkernel release: \u001b[0m\u001b[0m6.8.0-1021-azure", "                      └ \u001b[1;32m\u001b[1;32mkernel version: \u001b[0m\u001b[0m#25-Ubuntu SMP Wed Jan 15 20:45:09 UTC 2025", "", "\u001b[39m\u001b[39m⠈⠁\u001b[0m\u001b[0m \u001b[39m\u001b[39mCleaning up existing drivers\u001b[0m\u001b[0m\u001b[90m\u001b[90m (0s)\u001b[0m\u001b[0m", "                                                                                ", "\u001b[90m2025-02-15 19:34:52\u001b[0m\u001b[m \u001b[1;32m\u001b[1;32mINFO \u001b[0m\u001b[m\u001b[0m\u001b[m Check if kernel module is still loaded. ", "\u001b[90m2025-02-15 19:34:52\u001b[0m\u001b[m \u001b[1;32m\u001b[1;32mINFO \u001b[0m\u001b[m\u001b[0m\u001b[m OK! There is no module loaded. ", "\u001b[90m2025-02-15 19:34:52\u001b[0m\u001b[m \u001b[1;32m\u001b[1;32mINFO \u001b[0m\u001b[m\u001b[0m\u001b[m Skipping dkms remove (dkms not found). ", "", "\u001b[39m\u001b[39m⠈⠁\u001b[0m\u001b[0m \u001b[39m\u001b[39mTrying to build the driver\u001b[0m\u001b[0m\u001b[90m\u001b[90m (0s)\u001b[0m\u001b[0m", "\u001b[39m\u001b[39m⠈⠑\u001b[0m\u001b[0m \u001b[39m\u001b[39mTrying to build the driver\u001b[0m\u001b[0m\u001b[90m\u001b[90m (0s)\u001b[0m\u001b[0m", "\u001b[39m\u001b[39m⠈⠱\u001b[0m\u001b[0m \u001b[39m\u001b[39mTrying to build the driver\u001b[0m\u001b[0m\u001b[90m\u001b[90m (0s)\u001b[0m\u001b[0m", "\u001b[39m\u001b[39m⠈⡱\u001b[0m\u001b[0m \u001b[39m\u001b[39mTrying to build the driver\u001b[0m\u001b[0m\u001b[90m\u001b[90m (0s)\u001b[0m\u001b[0m", "                                                                                ", "\u001b[90m2025-02-15 19:34:52\u001b[0m\u001b[m \u001b[1;32m\u001b[1;32mINFO \u001b[0m\u001b[m\u001b[0m\u001b[m Trying to compile the requested driver ", "\u001b[90m2025-02-15 19:34:52\u001b[0m\u001b[m \u001b[1;32m\u001b[1;32mINFO \u001b[0m\u001b[m\u001b[0m\u001b[m Trying automatic kernel headers download. ", "\u001b[90m2025-02-15 19:34:52\u001b[0m\u001b[m \u001b[1;33m\u001b[1;33mWARN \u001b[0m\u001b[m\u001b[0m\u001b[m Failed to download headers. \u001b[31;1m\u001b[31;1merr: \u001b[0m\u001b[m\u001b[0m\u001b[mexit status 1", "\u001b[90m2025-02-15 19:34:52\u001b[0m \u001b[1;32m\u001b[1;32mINFO \u001b[0m\u001b[0m Trying to load a pre existent system module, if", "                      │   present.", "\u001b[90m2025-02-15 19:34:52\u001b[0m \u001b[1;33m\u001b[1;33mWARN \u001b[0m\u001b[0m Consider compiling your own driver and loading it or", "                      │   getting in touch with the Falco community.", "\u001b[90m2025-02-15 19:34:52\u001b[0m \u001b[1;31m\u001b[1;31mERROR\u001b[0m\u001b[0m failed: exit status 1 ", "dpkg: error processing package falco (--configure):", " installed falco package post-installation script subprocess returned error exit status 1", "Errors were encountered while processing:", " falco"]}

Did a quick scan of release notes https://github.com/falcosecurity/falco/releases/tag/0.40.0 but nothing tilted me.
note that default mode in role is falco_mode: modern-ebpf

How to reproduce it

  • ansible role CI

Expected behaviour

  • Install should be successful, eventually have an install option/variable to disable kernel module build.

Environment

  • Falco version: 0.40.0
  • System info: ubuntu 24.04 and 22.04 in molecule locally built docker image
  • Cloud provider or hardware configuration: github action/azure
  • OS: ubuntu 24.04 and 22.04
  • Kernel: 6.8.0-1021-azure (6.8.0-1021.25) (24.04)
  • Installation method: Ansible+deb
@juju4 juju4 added the kind/bug label Feb 15, 2025
@FedeDP
Copy link
Contributor

FedeDP commented Feb 20, 2025
edited
Loading

Hi! Thanks for opening this bug report; the issue is indeed not about systemd (since we are bypassing systemctl command failures: https://github.com/falcosecurity/falco/blob/master/scripts/debian/postinst.in#L27).
Instead, the reason why it is failing is that it is trying to use kmod driver:

Call 'falcoctl driver install for kmod
...
exit status 1

and it fails to build it.

I also see

Skipping dkms remove (dkms not found)

Do you have dkms and relevant deps (ie: kernel headers) installed?
We decided to move dkms as suggested package here: 6235e05 since the default driver (modern ebpf) does not require it; but since you are using kmod driver, you need it. You were using kmod driver even in 0.39.2:

falcoctl driver install for kmod

I don't know why falcoctl auto config is choosing kmod ; i think that modern ebpf driver should work fine in your env.

EDIT: anyway, if you wish to enforce the modern_ebpf driver, you need to run the package installation with the FALCO_DRIVER_CHOICE=modern_ebpf env variable set.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@juju4 @FedeDP