-
Notifications
You must be signed in to change notification settings - Fork 273
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Proposal: support for third party OSS to use otel-ebpf-profiler #192
base: main
Are you sure you want to change the base?
Conversation
Signed-off-by: Amit Schendel <[email protected]>
Signed-off-by: Amit Schendel <[email protected]>
Signed-off-by: Amit Schendel <[email protected]>
Signed-off-by: Amit Schendel <[email protected]>
Signed-off-by: Amit Schendel <[email protected]>
Signed-off-by: Amit Schendel <[email protected]>
Signed-off-by: Amit Schendel <[email protected]>
Signed-off-by: Amit Schendel <[email protected]>
Signed-off-by: Amit Schendel <[email protected]>
Signed-off-by: Amit Schendel <[email protected]>
Signed-off-by: Amit Schendel <[email protected]>
Signed-off-by: Amit Schendel <[email protected]>
Signed-off-by: Amit Schendel <[email protected]>
Signed-off-by: Amit Schendel <[email protected]>
Signed-off-by: Amit Schendel <[email protected]>
Signed-off-by: Amit Schendel <[email protected]>
Feature/integ
|
Nice! Since the project has an enforced squash rule for PRs, it would be useful to have one PR per logical feature instead of one big PR. Could you split this to logical pieces?
I have done earlier some private experiments with something similar. Since we are also looking to support off-cpu profiling (see #144). It would make sense to instead compile the eBPF things twice: once as
The PR looks wrong on this part. There is already support to access the files via the
If something is missing or done wrong, it should be done in the proper abstraction level, and not by adjusting the mappings path.
Let's start by splitting this to logical PRs per feature/thing. And remove the
I believe vendors do different things on this part. @christos68k or @florianl can perhaps comment from elastic / devfiler side on what the roadmap/plan is. |
Signed-off-by: Amit Schendel <[email protected]>
Signed-off-by: Amit Schendel <[email protected]>
Signed-off-by: Amit Schendel <[email protected]>
Signed-off-by: Amit Schendel <[email protected]>
…ce to go tags instead of Makefile Signed-off-by: Amit Schendel <[email protected]>
Signed-off-by: Amit Schendel <[email protected]>
Feature/integ
Thanks @fabled I pushed the changes so that running |
075cc30
to
64c3f2c
Compare
Hey, in addition to the three bullets mentioned by @florianl . Currently, our setup monitors both kprobes and tracepoints, but we need a reliable way to uniquely identify events in our monitoring system for correlation with your trace as enrichment data. To resolve this, we suggest generating unique identifiers for trace events and our events using the following components: Stack pointer: from We would appreciate your feedback on the following: Is our proposed method for generating unique event identifiers effective? Thank you for your insights! |
There is no ETA for #196, there needs to be more feedback and approvals. First #144 needs to get accepted and merged - feedback is very welcomed. With #196 (comment) some discussion around the design of sampling got started, which needs to be resolved first.
The points mentioned in #192 (comment) are just high level points. Being able to distinguish between events that triggered profiling is fundamental, not only for your use case but also for on- vs off-CPU sampling. So there needs to be some way. What information will be used and how it is fetched is up for discussion. |
This is the code that backs open-telemetry#144. It can be reused to add features like requested in open-telemetry#33 and therefore can be an alternative to open-telemetry#192. The idea that enables off CPU profiling is, that perf event and kprobe eBPF programs are quite similar and can be converted. This allows, with the dynamic rewrite of tail call maps, the reuse of existing eBPF programs and concepts. This proposal adds the new flag '-off-cpu-threshold' that enables off CPU profiling and attaches the two additional hooks, as discussed in Option B in open-telemetry#144. Outstanding work: - [ ] Handle off CPU traces in the reporter package - [ ] Handle off CPU traces in the user space side Signed-off-by: Florian Lehner <[email protected]>
…y-ebpf-profiler into open-telemetry-main
This is the code that backs open-telemetry#144. It can be reused to add features like requested in open-telemetry#33 and therefore can be an alternative to open-telemetry#192. The idea that enables off CPU profiling is, that perf event and kprobe eBPF programs are quite similar and can be converted. This allows, with the dynamic rewrite of tail call maps, the reuse of existing eBPF programs and concepts. This proposal adds the new flag '-off-cpu-threshold' that enables off CPU profiling and attaches the two additional hooks, as discussed in Option B in open-telemetry#144. Outstanding work: - [ ] Handle off CPU traces in the reporter package - [ ] Handle off CPU traces in the user space side Signed-off-by: Florian Lehner <[email protected]>
This is the code that backs open-telemetry#144. It can be reused to add features like requested in open-telemetry#33 and therefore can be an alternative to open-telemetry#192. The idea that enables off CPU profiling is, that perf event and kprobe eBPF programs are quite similar and can be converted. This allows, with the dynamic rewrite of tail call maps, the reuse of existing eBPF programs and concepts. This proposal adds the new flag '-off-cpu-threshold' that enables off CPU profiling and attaches the two additional hooks, as discussed in Option B in open-telemetry#144. Outstanding work: - [ ] Handle off CPU traces in the reporter package - [ ] Handle off CPU traces in the user space side Signed-off-by: Florian Lehner <[email protected]>
This is the code that backs open-telemetry#144. It can be reused to add features like requested in open-telemetry#33 and therefore can be an alternative to open-telemetry#192. The idea that enables off CPU profiling is, that perf event and kprobe eBPF programs are quite similar and can be converted. This allows, with the dynamic rewrite of tail call maps, the reuse of existing eBPF programs and concepts. This proposal adds the new flag '-off-cpu-threshold' that enables off CPU profiling and attaches the two additional hooks, as discussed in Option B in open-telemetry#144. Outstanding work: - [ ] Handle off CPU traces in the reporter package - [ ] Handle off CPU traces in the user space side Signed-off-by: Florian Lehner <[email protected]>
Hey, in continue to #33 discussion and work from the IG team, we (Kubescape) took some time to do a POC that we think can align well with the project roadmap.
The goal of this PR is to introduce the option to integrate this awesome project as a pkg in other OSS like Kubescape and Inspektor gadget.
In order to do it we added two main things:
kprobes
instead ofperf_events
in order to have the ability to trigger the unwinding capabilities from a tail call when we want a stack trace (e.g when we see syscall xyz we want the stack to see who triggered it).The flow of a third party OSS project can be:
Grab the
main.go
and modify it to have thefd
of thenative_tracer_entry
and register a custom reporter instead of the default ones. Then we can do:I want stack trace->tail_call (native_tracer_entry)->custom_reporter
.First, we would love to have feedback from you on how we can push this to be part of the project and what is missing/need to be changed.
Second, we don't see any releases and so we added support in the Makefile to compile with the
EXTERNAL
flag which will trigger the compilation of thekprobes
instead of theperf_events
but we are going to need some sort of release process for both methods I assume so I would love to have your thoughts on it.In addition the support for native symbols (C/C++/GO etc...) are implemented in your backend software that we didn't find the code to, and so we wonder whether we can have the protocol to talk to your symbol server in some way to be able to resolve native symbols without using the backend software.
Thanks!