slant icon indicating copy to clipboard operation
slant copied to clipboard

Published 20 hours ago verified publisher icon kristapsdz

[WIP] Linux support

Open Duncaen opened this issue 6 years ago • 5 comments

Opening this PR to maybe get some early feedback on the oconfigure/Makefile setup.

In the initial commit ba731a6 slant-collectd-linux.c supports cpu, mem, inet and files statistics.

I think I'm going to change from fopen etc. to static buffers later because most files are very small and can easily be handled manually.

Duncaen avatar Dec 12 '18 22:12 Duncaen

Just wanted to let you know I'm looking at all of these and will start to work, bit by bit, getting them into these systems! I'm going to put out the multi-line version of slant first, then move into the backing infrastructure.

kristapsdz avatar Dec 13 '18 22:12 kristapsdz

Nice, thank you. Only missing parts for linux are nprocs and rprocs but I think I'm going to add them tomorrow.

After getting some of the dependencies to build with musl I'm running slant-collectd on my raspberry pi for testing purposes.

https://i.imgur.com/AEcY65O.png

Duncaen avatar Dec 13 '18 23:12 Duncaen

Ok, I've put in the scaffolding for all of the other systems and just dropped your Linux collector in place. (For the time being!) I verify it compiles, at least, on a glibc box. Since one of the major focusses is on security, let's start casting a really critical eye on how that collector runs given that it'll probably run with full privilege.

kristapsdz avatar Jan 03 '19 18:01 kristapsdz

Nice thanks.

I'm running the code in master now on two machines, I'll keep an eye on it. With musl ./configure && make just works, for glibc I defined LDADD_SLANT_CGI=-ldl and LDADD_SLANT=-lresolv in Makefile.local.

I'm going to look over it again and here is my todo/considerations list:

  • The big static buffer: I think allocating it and growing the buffer if necessary would be nicer and save some memory.
  • I used int64_t for most if not all numbers read from proc files, for some of them this might be not necessary.
  • Third improvement is missing monitoring specific processes, which is a bit cumbersome with procfs.
  • sandboxing/seccomp is something I can look into, I think it could even run unprivileged as it, some kernel parameters like hidepid=2 which hides pid directories from other users would break it.
  • Network interfaces are a bit unpredictable with linux, names can change and I think indexes too, this would mix up the statistics.

Duncaen avatar Jan 03 '19 23:01 Duncaen

Can the conflicts be resolved or is Linux support not possible right now?

I want to run this on my Void Linux machines but I have trouble packaging it. (see https://github.com/void-linux/void-packages/pull/20093).

Anachron avatar May 31 '22 18:05 Anachron