Add jenkins checks (#584)

* Supporting files to build/test via jenkins

Changes to build/test via jenkins, which also means running all tests in
a container instead of directly on the host:

- Jenkinsfile controls the stages, build.sh does the build and
  run-tests.sh does the regression tests.

- Create a new container falcosecurity/falco-tester that includes the
  dependencies required to run the regression tests. This is a different
  image than falco-builder because it doesn't need to be centos 6 based,
  doesn't install any compiler/etc, and installs the test running
  framework we use (avocado). We now use a newer version of avocado,
  which resulted in some small changes to how it is run and how yaml
  options are parsed.

- Modify run_regression_tests.sh to download trace files to the build
  directory and only if not present. Also honor BUILD_TYPE/BUILD_DIR,
  which is provided via the docker run cmd.

- The package tests are now moved to a separate falco_tests_package.yaml
  file. They will use rpm installs by default instead of debian
  packages. Also add the ability to install rpms in addition to debian
  packages.

- Automate the process of creating the docker local package by: 1)
  Adding CMake rules to copy the Dockerfile, entrypoint to the build
  directory and 2) Copy test trace files and rules into the build
  directory. This allows running the docker build command from
  build/docker/local instead of the source directory.

- Modify the way the container test is run a bit to use the trace
  files/rules copied into the container directly instead of host-mounted
  trace files.

* Use container builder + tester for travis

We'll probably be using jenkins soon, but this will allow switching back
to travis later if we want.

* Use download.draios.com for binutils packages

That way we won't be dependent on snapshot.debian.org.

test/falco_test.py

@@ -34,7 +34,12 @@ class FalcoTest(Test):
         """
         Load the sysdig kernel module if not already loaded.
         """
-        self.falcodir = self.params.get('falcodir', '/', default=os.path.join(self.basedir, '../build'))
+        build_type = "Release"
+        if 'BUILD_TYPE' in os.environ:
+            build_type = os.environ['BUILD_TYPE']
+
+        build_dir = os.path.join('/build', build_type)
+        self.falcodir = self.params.get('falcodir', '/', default=os.path.join(self.basedir, build_dir))
 
         self.stdout_contains = self.params.get('stdout_contains', '*', default='')
 
@@ -67,7 +72,7 @@ class FalcoTest(Test):
         self.trace_file = self.params.get('trace_file', '*', default='')
 
         if self.trace_file and not os.path.isabs(self.trace_file):
-            self.trace_file = os.path.join(self.basedir, self.trace_file)
+            self.trace_file = os.path.join(build_dir, "test", self.trace_file)
 
         self.json_output = self.params.get('json_output', '*', default=False)
         self.json_include_output_property = self.params.get('json_include_output_property', '*', default=True)
@@ -110,8 +115,8 @@ class FalcoTest(Test):
         else:
             detect_counts = {}
             for item in self.detect_counts:
-                for item2 in item:
-                    detect_counts[item2[0]] = item2[1]
+                for key, value in item.items():
+                    detect_counts[key] = value
             self.detect_counts = detect_counts
 
         self.rules_warning = self.params.get('rules_warning', '*', default=False)
@@ -139,15 +144,6 @@ class FalcoTest(Test):
 
         self.package = self.params.get('package', '*', default='None')
 
-        if self.package == 'None':
-            # Doing this in 2 steps instead of simply using
-            # module_is_loaded to avoid logging lsmod output to the log.
-            lsmod_output = process.system_output("lsmod", verbose=False)
-
-            if linux_modules.parse_lsmod_for_module(lsmod_output, 'falco_probe') == {}:
-                self.log.debug("Loading falco kernel module")
-                process.run('insmod {}/driver/falco-probe.ko'.format(self.falcodir), sudo=True)
-
         self.addl_docker_run_args = self.params.get('addl_docker_run_args', '*', default='')
 
         self.copy_local_driver = self.params.get('copy_local_driver', '*', default=False)
@@ -162,10 +158,10 @@ class FalcoTest(Test):
         else:
             outputs = []
             for item in self.outputs:
-                for item2 in item:
+                for key, value in item.items():
                     output = {}
-                    output['file'] = item2[0]
-                    output['line'] = item2[1]
+                    output['file'] = key
+                    output['line'] = value
                     outputs.append(output)
                     filedir = os.path.dirname(output['file'])
                     # Create the parent directory for the trace file if it doesn't exist.
@@ -309,16 +305,15 @@ class FalcoTest(Test):
             # Remove an existing falco-test container first. Note we don't check the output--docker rm
             # doesn't have an -i equivalent.
             res = process.run("docker rm falco-test", ignore_status=True)
+
             rules_dir = os.path.abspath(os.path.join(self.basedir, "./rules"))
             conf_dir = os.path.abspath(os.path.join(self.basedir, "../"))
             traces_dir = os.path.abspath(os.path.join(self.basedir, "./trace_files"))
-            self.falco_binary_path = "docker run -i -t --name falco-test --privileged " \
-                                     "-v {}:/host/rules -v {}:/host/conf -v {}:/host/traces " \
+            self.falco_binary_path = "docker run --rm --name falco-test --privileged " \
                                      "-v /var/run/docker.sock:/host/var/run/docker.sock " \
                                      "-v /dev:/host/dev -v /proc:/host/proc:ro -v /boot:/host/boot:ro " \
                                      "-v /lib/modules:/host/lib/modules:ro -v {}:/root/.sysdig:ro -v " \
                                      "/usr:/host/usr:ro {} {} falco".format(
-                                         rules_dir, conf_dir, traces_dir,
                                          self.module_dir, self.addl_docker_run_args, image)
 
         elif self.package.endswith(".deb"):
@@ -337,11 +332,31 @@ class FalcoTest(Test):
             self.log.debug("Installing debian package via \"{}\"".format(cmdline))
             res = process.run(cmdline, timeout=120, sudo=True)
 
+        elif self.package.endswith(".rpm"):
+            self.falco_binary_path = '/usr/bin/falco';
+
+            package_glob = "{}/{}".format(self.falcodir, self.package)
+
+            matches = glob.glob(package_glob)
+
+            if len(matches) != 1:
+                self.fail("Package path {} did not match exactly 1 file. Instead it matched: {}", package_glob, ",".join(matches))
+
+            package_path = matches[0]
+
+            cmdline = "rpm -i --nodeps --noscripts {}".format(package_path)
+            self.log.debug("Installing centos package via \"{}\"".format(cmdline))
+            res = process.run(cmdline, timeout=120, sudo=True)
+
     def uninstall_package(self):
 
         if self.package.startswith("docker:"):
-            # Remove the falco-test image. Here we *do* check the return value
-            res = process.run("docker rm falco-test")
+            self.log.debug("Nothing to do, docker run with --rm")
+
+        elif self.package.endswith(".rpm"):
+            cmdline = "rpm -e --noscripts --nodeps falco"
+            self.log.debug("Uninstalling centos package via \"{}\"".format(cmdline))
+            res = process.run(cmdline, timeout=120, sudo=True)
 
         elif self.package.endswith(".deb"):
             cmdline = "dpkg --purge falco"