From 6541fa3998c58a829a6203be650e5a2559e230e4 Mon Sep 17 00:00:00 2001 From: Dom Del Nano Date: Thu, 24 Jul 2025 20:25:06 +0000 Subject: [PATCH 1/5] Serve script bundle from cloud proxy image for air gapped installs Signed-off-by: Dom Del Nano --- k8s/cloud/base/proxy_nginx_config.yaml | 10 +++++++ src/cloud/proxy/BUILD.bazel | 9 ++++++ src/pxl_scripts/BUILD.bazel | 40 +++++++++++++++++++++++++- src/pxl_scripts/Makefile | 15 +++++++++- src/pxl_scripts/test_script_bundle.sh | 36 +++++++++++++++++++++++ 5 files changed, 108 insertions(+), 2 deletions(-) create mode 100755 src/pxl_scripts/test_script_bundle.sh diff --git a/k8s/cloud/base/proxy_nginx_config.yaml b/k8s/cloud/base/proxy_nginx_config.yaml index 7fbc3c507ba..91fa0889d13 100644 --- a/k8s/cloud/base/proxy_nginx_config.yaml +++ b/k8s/cloud/base/proxy_nginx_config.yaml @@ -267,6 +267,11 @@ data: try_files "/install.sh" =404; } + location /bundle-oss.json { + root /bundle; + try_files "/bundle-oss.json" =404; + } + location / { return 307 https://work.$domain_name$request_uri; } @@ -334,6 +339,11 @@ data: try_files "/install.sh" =404; } + location /bundle-oss.json { + root /bundle; + try_files "/bundle-oss.json" =404; + } + location / { gzip_static off; root /assets; diff --git a/src/cloud/proxy/BUILD.bazel b/src/cloud/proxy/BUILD.bazel index b46d36138ec..7ff92116abf 100644 --- a/src/cloud/proxy/BUILD.bazel +++ b/src/cloud/proxy/BUILD.bazel @@ -33,6 +33,14 @@ container_layer( ], ) +container_layer( + name = "script_bundle", + directory = "/bundle", + files = [ + "//src/pxl_scripts:script_bundle", + ], +) + container_layer( name = "entrypoint", directory = "/scripts", @@ -48,6 +56,7 @@ container_image( layers = [ ":ui_assets", ":installer", + ":script_bundle", ":entrypoint", ], visibility = [ diff --git a/src/pxl_scripts/BUILD.bazel b/src/pxl_scripts/BUILD.bazel index 24132d5bf9e..e287f963980 100644 --- a/src/pxl_scripts/BUILD.bazel +++ b/src/pxl_scripts/BUILD.bazel @@ -14,6 +14,8 @@ # # SPDX-License-Identifier: Apache-2.0 +load("@rules_foreign_cc//foreign_cc:make.bzl", "make") + package(default_visibility = ["//src:__subpackages__"]) filegroup( @@ -21,6 +23,42 @@ filegroup( srcs = glob([ "**/*.pxl", "**/*.json", - ]), + "**/*.yaml", + ], exclude = ["bundle-oss.json"]), + visibility = ["//src:__subpackages__"], +) + +filegroup( + name = "makefile", + srcs = [ + "Makefile", + ], visibility = ["//src:__subpackages__"], ) + +genrule( + name = "script_bundle", + srcs = [ + ":makefile", + ":preset_queries", + ], + outs = ["bundle-oss.json"], + cmd = "export PATH_PREFIX=$$(dirname $(location //src/pxl_scripts:makefile))/; PX_BIN=../../$(location //src/pixie_cli:px) make -C $$PATH_PREFIX bundle-oss.json; cp bundle-oss.json $(@D)/bundle-oss.json", + visibility = ["//src:__subpackages__"], + tools = [ + "//src/pixie_cli:px", + ], +) + +sh_test( + name = "script_bundle_test", + srcs = ["test_script_bundle.sh"], + args = [ + "$(location :script_bundle)", + "$(location @com_github_mikefarah_yq_v4//:v4)", + ], + data = [ + ":script_bundle", + "@com_github_mikefarah_yq_v4//:v4", + ], +) diff --git a/src/pxl_scripts/Makefile b/src/pxl_scripts/Makefile index 2b4a274d4ae..f622ca6d4de 100644 --- a/src/pxl_scripts/Makefile +++ b/src/pxl_scripts/Makefile @@ -22,10 +22,23 @@ EXECUTABLES = px K := $(foreach exec,$(EXECUTABLES),\ $(if $(shell which $(exec)),some string,$(error "No $(exec) in PATH"))) +# Optional path prefix to use for the script_files path. Used by bazel +# to ensure the scripts are in the correct location. +PATH_PREFIX ?= "" +PX_BIN ?= px + all: bundle-oss.json.gz bundle-oss.json: $(script_files) - px create-bundle --search_path $(PWD) $(foreach dir,$(dirs),--base $(dir)) -o $(PWD)/bundle-oss.json + + @# When run in CI, $HOME may not be set. This ensures that the + @# px create-bundle command can run successfully. + @if [ -z "$$HOME" ]; then \ + TMPDIR=$$(mktemp -d); \ + export HOME=$$TMPDIR; \ + trap "rm -rf $$TMPDIR" EXIT; \ + fi; \ + $(PX_BIN) create-bundle --search_path $(PWD) $(foreach dir,$(dirs),--base $(PATH_PREFIX)$(dir)) -o $(PWD)/bundle-oss.json bundle-oss.json.gz: bundle-oss.json gzip -c $< > $@ diff --git a/src/pxl_scripts/test_script_bundle.sh b/src/pxl_scripts/test_script_bundle.sh new file mode 100755 index 00000000000..6c4f954d526 --- /dev/null +++ b/src/pxl_scripts/test_script_bundle.sh @@ -0,0 +1,36 @@ +#!/bin/bash +# Copyright 2018- The Pixie Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 + +set -e + +BUNDLE_FILE="$1" +YQ_BIN="$2" + +if [ ! -f "$BUNDLE_FILE" ]; then + echo "Error: Bundle file not found: $BUNDLE_FILE" + exit 1 +fi + +# Check that scripts object has keys +NUM_SCRIPTS=$("$YQ_BIN" eval '.scripts | keys | length' "$BUNDLE_FILE") + +if [ "$NUM_SCRIPTS" -eq 0 ]; then + echo "Error: No scripts found in bundle" + exit 1 +fi + +echo "Success: Found $NUM_SCRIPTS scripts in bundle" From 07ac589ea735105f449ecd72062757e265904081 Mon Sep 17 00:00:00 2001 From: Dom Del Nano Date: Thu, 24 Jul 2025 21:49:51 +0000 Subject: [PATCH 2/5] Fix linting Signed-off-by: Dom Del Nano --- src/pxl_scripts/BUILD.bazel | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/src/pxl_scripts/BUILD.bazel b/src/pxl_scripts/BUILD.bazel index e287f963980..ae614c4268a 100644 --- a/src/pxl_scripts/BUILD.bazel +++ b/src/pxl_scripts/BUILD.bazel @@ -20,11 +20,14 @@ package(default_visibility = ["//src:__subpackages__"]) filegroup( name = "preset_queries", - srcs = glob([ - "**/*.pxl", - "**/*.json", - "**/*.yaml", - ], exclude = ["bundle-oss.json"]), + srcs = glob( + [ + "**/*.pxl", + "**/*.json", + "**/*.yaml", + ], + exclude = ["bundle-oss.json"], + ), visibility = ["//src:__subpackages__"], ) @@ -44,10 +47,10 @@ genrule( ], outs = ["bundle-oss.json"], cmd = "export PATH_PREFIX=$$(dirname $(location //src/pxl_scripts:makefile))/; PX_BIN=../../$(location //src/pixie_cli:px) make -C $$PATH_PREFIX bundle-oss.json; cp bundle-oss.json $(@D)/bundle-oss.json", - visibility = ["//src:__subpackages__"], tools = [ "//src/pixie_cli:px", ], + visibility = ["//src:__subpackages__"], ) sh_test( From 3e5a8cb28bd0922ad901a4953dd86709dc14b04c Mon Sep 17 00:00:00 2001 From: Dom Del Nano Date: Fri, 25 Jul 2025 13:58:56 +0000 Subject: [PATCH 3/5] Use source built px cli for EXECUTABLES check Signed-off-by: Dom Del Nano --- src/pxl_scripts/BUILD.bazel | 2 +- src/pxl_scripts/Makefile | 5 ++--- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/src/pxl_scripts/BUILD.bazel b/src/pxl_scripts/BUILD.bazel index ae614c4268a..a5d17652b11 100644 --- a/src/pxl_scripts/BUILD.bazel +++ b/src/pxl_scripts/BUILD.bazel @@ -46,7 +46,7 @@ genrule( ":preset_queries", ], outs = ["bundle-oss.json"], - cmd = "export PATH_PREFIX=$$(dirname $(location //src/pxl_scripts:makefile))/; PX_BIN=../../$(location //src/pixie_cli:px) make -C $$PATH_PREFIX bundle-oss.json; cp bundle-oss.json $(@D)/bundle-oss.json", + cmd = "export PATH_PREFIX=$$(dirname $(location //src/pxl_scripts:makefile))/; EXECUTABLES=../../$(location //src/pixie_cli:px) make -C $$PATH_PREFIX bundle-oss.json; cp bundle-oss.json $(@D)/bundle-oss.json", tools = [ "//src/pixie_cli:px", ], diff --git a/src/pxl_scripts/Makefile b/src/pxl_scripts/Makefile index f622ca6d4de..1cca03f4dc5 100644 --- a/src/pxl_scripts/Makefile +++ b/src/pxl_scripts/Makefile @@ -18,14 +18,13 @@ dirs := bpftrace px pxbeta sotw script_files := $(foreach dir,$(dirs),$(wildcard $(dir)/**/*)) -EXECUTABLES = px +EXECUTABLES ?= px K := $(foreach exec,$(EXECUTABLES),\ $(if $(shell which $(exec)),some string,$(error "No $(exec) in PATH"))) # Optional path prefix to use for the script_files path. Used by bazel # to ensure the scripts are in the correct location. PATH_PREFIX ?= "" -PX_BIN ?= px all: bundle-oss.json.gz @@ -38,7 +37,7 @@ bundle-oss.json: $(script_files) export HOME=$$TMPDIR; \ trap "rm -rf $$TMPDIR" EXIT; \ fi; \ - $(PX_BIN) create-bundle --search_path $(PWD) $(foreach dir,$(dirs),--base $(PATH_PREFIX)$(dir)) -o $(PWD)/bundle-oss.json + $(EXECUTABLES) create-bundle --search_path $(PWD) $(foreach dir,$(dirs),--base $(PATH_PREFIX)$(dir)) -o $(PWD)/bundle-oss.json bundle-oss.json.gz: bundle-oss.json gzip -c $< > $@ From 9cf9a2f98fc54fc6c8d1f2acf464bf9f639284c0 Mon Sep 17 00:00:00 2001 From: Dom Del Nano Date: Mon, 28 Jul 2025 03:18:38 +0000 Subject: [PATCH 4/5] Format genrule cmd Signed-off-by: Dom Del Nano --- src/pxl_scripts/BUILD.bazel | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/pxl_scripts/BUILD.bazel b/src/pxl_scripts/BUILD.bazel index a5d17652b11..d5abf9b1797 100644 --- a/src/pxl_scripts/BUILD.bazel +++ b/src/pxl_scripts/BUILD.bazel @@ -46,7 +46,11 @@ genrule( ":preset_queries", ], outs = ["bundle-oss.json"], - cmd = "export PATH_PREFIX=$$(dirname $(location //src/pxl_scripts:makefile))/; EXECUTABLES=../../$(location //src/pixie_cli:px) make -C $$PATH_PREFIX bundle-oss.json; cp bundle-oss.json $(@D)/bundle-oss.json", + cmd = """ + export PATH_PREFIX=$$(dirname $(location //src/pxl_scripts:makefile))/; + EXECUTABLES=../../$(location //src/pixie_cli:px) make -C $$PATH_PREFIX bundle-oss.json; + cp bundle-oss.json $(@D)/bundle-oss.json + """, tools = [ "//src/pixie_cli:px", ], From d1ae2db22defbd545970768755e9a9f0c5c7c4e3 Mon Sep 17 00:00:00 2001 From: Dom Del Nano Date: Mon, 28 Jul 2025 05:50:04 +0000 Subject: [PATCH 5/5] Remove unnecessary filegroup rule Signed-off-by: Dom Del Nano --- src/pxl_scripts/BUILD.bazel | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/src/pxl_scripts/BUILD.bazel b/src/pxl_scripts/BUILD.bazel index d5abf9b1797..d833444c519 100644 --- a/src/pxl_scripts/BUILD.bazel +++ b/src/pxl_scripts/BUILD.bazel @@ -31,23 +31,15 @@ filegroup( visibility = ["//src:__subpackages__"], ) -filegroup( - name = "makefile", - srcs = [ - "Makefile", - ], - visibility = ["//src:__subpackages__"], -) - genrule( name = "script_bundle", srcs = [ - ":makefile", + ":Makefile", ":preset_queries", ], outs = ["bundle-oss.json"], cmd = """ - export PATH_PREFIX=$$(dirname $(location //src/pxl_scripts:makefile))/; + export PATH_PREFIX=$$(dirname $(location //src/pxl_scripts:Makefile))/; EXECUTABLES=../../$(location //src/pixie_cli:px) make -C $$PATH_PREFIX bundle-oss.json; cp bundle-oss.json $(@D)/bundle-oss.json """,