fix password prompt during kmt.launch-stack #37903

brycekahle · 2025-06-12T16:35:52Z

What does this PR do?

Fixes a problem with kmt.launch-stack where the Enter Password: prompt was not visible. This was due to nesting of running an invoke command within an invoke task. Replaced with a direct call instead.

Motivation

Confusing user experience, thinking the command was hanging.

Describe how you validated your changes

Possible Drawbacks / Trade-offs

Additional Notes

agent-platform-auto-pr · 2025-06-12T16:40:56Z

Gitlab CI Configuration Changes

Modified Jobs

.kmt_setup_env

  .kmt_setup_env:
    after_script:
    - DD_API_KEY=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $AGENT_API_KEY_ORG2 token)
      || exit $?; export DD_API_KEY
    - export AWS_PROFILE=agent-qa-ci
    - FILTER_TEAM="Name=tag:team,Values=ebpf-platform"
    - FILTER_MANAGED="Name=tag:managed-by,Values=pulumi"
    - FILTER_STATE="Name=instance-state-name,Values=running"
    - FILTER_PIPELINE="Name=tag:pipeline-id,Values=${CI_PIPELINE_ID}"
    - FILTER_ARCH="Name=tag:arch,Values=${ARCH}"
    - FILTER_INSTANCE_TYPE="Name=tag:instance-type,Values=${INSTANCE_TYPE}"
    - FILTER_TEST_COMPONENT="Name=tag:test-component,Values=${TEST_COMPONENT}"
    - QUERY_INSTANCE_IDS='Reservations[*].Instances[*].InstanceId'
    - QUERY_PRIVATE_IPS='Reservations[*].Instances[*].PrivateIpAddress'
    - mkdir -p $CI_PROJECT_DIR/libvirt/log/$ARCH $CI_PROJECT_DIR/libvirt/xml $CI_PROJECT_DIR/libvirt/qemu
      $CI_PROJECT_DIR/libvirt/dnsmasq
    - INSTANCE_IP=$(aws ec2 describe-instances --filters $FILTER_TEAM $FILTER_MANAGED
      $FILTER_STATE $FILTER_PIPELINE $FILTER_TEST_COMPONENT $FILTER_INSTANCE_TYPE --output
      text --query $QUERY_PRIVATE_IPS)
    - echo "$ARCH-instance-ip" $INSTANCE_IP
    - ssh -o StrictHostKeyChecking=no -i $AWS_EC2_SSH_KEY_FILE "ubuntu@$INSTANCE_IP"
      "sudo virsh list --name | grep -v -E '^$' | xargs -I '{}' sh -c \"sudo virsh dumpxml
      '{}' > /tmp/ddvm-xml-'{}'.txt\""
    - ssh -o StrictHostKeyChecking=no -i $AWS_EC2_SSH_KEY_FILE "ubuntu@$INSTANCE_IP"
      "sudo virsh list --name | xargs -I '{}' sh -c \"sudo cp /var/log/libvirt/qemu/'{}'.log
      /tmp/qemu-ddvm-'{}'.log && sudo chown 1000:1000 /tmp/qemu-ddvm*\""
    - ssh -o StrictHostKeyChecking=no -i $AWS_EC2_SSH_KEY_FILE "ubuntu@$INSTANCE_IP"
      "mkdir /tmp/dnsmasq && sudo cp /var/lib/libvirt/dnsmasq/* /tmp/dnsmasq/ && sudo
      chown 1000:1000 /tmp/dnsmasq/*"
    - scp -o StrictHostKeyChecking=no -i $AWS_EC2_SSH_KEY_FILE "ubuntu@$INSTANCE_IP:/tmp/ddvm-*.log"
      $CI_PROJECT_DIR/libvirt/log
    - scp -o StrictHostKeyChecking=no -i $AWS_EC2_SSH_KEY_FILE "ubuntu@$INSTANCE_IP:/tmp/ddvm-xml-*"
      $CI_PROJECT_DIR/libvirt/xml
    - scp -o StrictHostKeyChecking=no -i $AWS_EC2_SSH_KEY_FILE "ubuntu@$INSTANCE_IP:/tmp/qemu-ddvm-*.log"
      $CI_PROJECT_DIR/libvirt/qemu
    - scp -o StrictHostKeyChecking=no -i $AWS_EC2_SSH_KEY_FILE "ubuntu@$INSTANCE_IP:/tmp/dnsmasq/*"
      $CI_PROJECT_DIR/libvirt/dnsmasq
    - "GO_ARCH=$ARCH\nif [ \"${ARCH}\" == \"x86_64\" ]; then\n  GO_ARCH=amd64\nfi\n"
    - cd test/new-e2e && GOOS=linux GOARCH="${GO_ARCH}" go build system-probe/vm-metrics/vm-metrics.go
    - scp -o StrictHostKeyChecking=no -i $AWS_EC2_SSH_KEY_FILE $CI_PROJECT_DIR/test/new-e2e/vm-metrics
      "ubuntu@$INSTANCE_IP:/home/ubuntu/vm-metrics"
    - ssh -o StrictHostKeyChecking=no -i $AWS_EC2_SSH_KEY_FILE "ubuntu@$INSTANCE_IP"
      "/home/ubuntu/vm-metrics -statsd-host=127.0.0.1 -statsd-port=8125 -libvirt-uri=/var/run/libvirt/libvirt-sock-ro
      --tag \"arch:${ARCH}\" --tag \"test-component:${TEST_COMPONENT}\" --tag \"ci-pipeline-id:${CI_PIPELINE_ID}\"
      --daemon -log-file /home/ubuntu/daemon.log"
    - dda inv -- -e kmt.tag-ci-job
    artifacts:
      paths:
      - $CI_PROJECT_DIR/stack.output
      - $CI_PROJECT_DIR/libvirt
      - $VMCONFIG_FILE
      reports:
        annotations:
        - $EXTERNAL_LINKS_PATH
      when: always
    before_script:
    - DD_API_KEY=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $AGENT_API_KEY_ORG2 token)
      || exit $?; export DD_API_KEY
    - mkdir -p $GOPATH/pkg/mod/cache && tar xJf modcache.tar.xz -C $GOPATH/pkg/mod/cache
      || exit 101
    - rm -f modcache.tar.xz
    - mkdir -p ~/.aws
    - $CI_PROJECT_DIR/tools/ci/fetch_secret.sh $AGENT_QA_E2E profile >> ~/.aws/config
      || exit $?
    - export AWS_PROFILE=agent-qa-ci
    - touch $AWS_EC2_SSH_KEY_FILE && chmod 600 $AWS_EC2_SSH_KEY_FILE
    - $CI_PROJECT_DIR/tools/ci/fetch_secret.sh $AGENT_QA_E2E ssh_key > $AWS_EC2_SSH_KEY_FILE
      || exit $?
    - echo "" >> $AWS_EC2_SSH_KEY_FILE
    - chmod 600 $AWS_EC2_SSH_KEY_FILE
    - dda inv -- -e gitlab.generate-ci-visibility-links --output=$EXTERNAL_LINKS_PATH
      || true
    image: registry.ddbuild.io/ci/test-infra-definitions/runner$TEST_INFRA_DEFINITIONS_BUILDIMAGES_SUFFIX:$TEST_INFRA_DEFINITIONS_BUILDIMAGES
    needs:
    - go_deps
    - go_tools_deps
    script:
    - echo "s3://dd-pulumi-state?region=us-east-1&awssdk=v2&profile=$AWS_PROFILE" >
      $STACK_DIR
    - pulumi login $(cat $STACK_DIR | tr -d '\n')
    - dda inv -- -e kmt.gen-config --ci --arch=$ARCH --output-file=$VMCONFIG_FILE --vmconfig-template=$TEST_COMPONENT
      --memory=12288
-   - dda inv -- -e system-probe.start-microvms --provision-instance --provision-microvms
?                   ^^^ --------
+   - dda inv -- -e kmt.start-microvms --provision-instance --provision-microvms --vmconfig=$VMCONFIG_FILE
?                   ^^                                                          ++++++++++++++++++++++++++
-     --vmconfig=$VMCONFIG_FILE $INSTANCE_TYPE_ARG $AMI_ID_ARG --ssh-key-name=$AWS_EC2_SSH_KEY_NAME
+     $INSTANCE_TYPE_ARG $AMI_ID_ARG --ssh-key-name=$AWS_EC2_SSH_KEY_NAME --ssh-key-path=$AWS_EC2_SSH_KEY_FILE
-     --ssh-key-path=$AWS_EC2_SSH_KEY_FILE --infra-env=$INFRA_ENV --stack-name=kernel-matrix-testing-${TEST_COMPONENT}-${ARCH}-${CI_PIPELINE_ID}
?    -------------------------------------
+     --infra-env=$INFRA_ENV --stack-name=kernel-matrix-testing-${TEST_COMPONENT}-${ARCH}-${CI_PIPELINE_ID}
      --run-agent
    - jq "." $CI_PROJECT_DIR/stack.output
    - pulumi logout
    stage: kernel_matrix_testing_prepare
    tags:
    - arch:amd64
    variables:
      AWS_EC2_SSH_KEY_FILE: $CI_PROJECT_DIR/ssh_key
      AWS_EC2_SSH_KEY_NAME: datadog-agent-ci
      AWS_REGION: us-east-1
      EXTERNAL_LINKS_PATH: external_links_$CI_JOB_ID.json
      INFRA_ENV: aws/agent-qa
      KITCHEN_EC2_REGION: us-east-1
      KITCHEN_EC2_SG_IDS: sg-019917348cb0eb7e7
      KITCHEN_EC2_SUBNET: subnet-05d7c6b1b5cfea811
      KUBERNETES_MEMORY_LIMIT: 16Gi
      KUBERNETES_MEMORY_REQUEST: 12Gi
      PIPELINE_ID: $CI_PIPELINE_ID
      RESOURCE_TAGS: instance-type:${INSTANCE_TYPE},arch:${ARCH},test-component:${TEST_COMPONENT},git-branch:${CI_COMMIT_REF_NAME}
      STACK_DIR: $CI_PROJECT_DIR/stack.dir
      TEAM: ebpf-platform
      VMCONFIG_FILE: ${CI_PROJECT_DIR}/vmconfig-${CI_PIPELINE_ID}-${ARCH}.json

kmt_setup_env_secagent_arm64

  kmt_setup_env_secagent_arm64:
    after_script:
    - DD_API_KEY=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $AGENT_API_KEY_ORG2 token)
      || exit $?; export DD_API_KEY
    - export AWS_PROFILE=agent-qa-ci
    - FILTER_TEAM="Name=tag:team,Values=ebpf-platform"
    - FILTER_MANAGED="Name=tag:managed-by,Values=pulumi"
    - FILTER_STATE="Name=instance-state-name,Values=running"
    - FILTER_PIPELINE="Name=tag:pipeline-id,Values=${CI_PIPELINE_ID}"
    - FILTER_ARCH="Name=tag:arch,Values=${ARCH}"
    - FILTER_INSTANCE_TYPE="Name=tag:instance-type,Values=${INSTANCE_TYPE}"
    - FILTER_TEST_COMPONENT="Name=tag:test-component,Values=${TEST_COMPONENT}"
    - QUERY_INSTANCE_IDS='Reservations[*].Instances[*].InstanceId'
    - QUERY_PRIVATE_IPS='Reservations[*].Instances[*].PrivateIpAddress'
    - mkdir -p $CI_PROJECT_DIR/libvirt/log/$ARCH $CI_PROJECT_DIR/libvirt/xml $CI_PROJECT_DIR/libvirt/qemu
      $CI_PROJECT_DIR/libvirt/dnsmasq
    - INSTANCE_IP=$(aws ec2 describe-instances --filters $FILTER_TEAM $FILTER_MANAGED
      $FILTER_STATE $FILTER_PIPELINE $FILTER_TEST_COMPONENT $FILTER_INSTANCE_TYPE --output
      text --query $QUERY_PRIVATE_IPS)
    - echo "$ARCH-instance-ip" $INSTANCE_IP
    - ssh -o StrictHostKeyChecking=no -i $AWS_EC2_SSH_KEY_FILE "ubuntu@$INSTANCE_IP"
      "sudo virsh list --name | grep -v -E '^$' | xargs -I '{}' sh -c \"sudo virsh dumpxml
      '{}' > /tmp/ddvm-xml-'{}'.txt\""
    - ssh -o StrictHostKeyChecking=no -i $AWS_EC2_SSH_KEY_FILE "ubuntu@$INSTANCE_IP"
      "sudo virsh list --name | xargs -I '{}' sh -c \"sudo cp /var/log/libvirt/qemu/'{}'.log
      /tmp/qemu-ddvm-'{}'.log && sudo chown 1000:1000 /tmp/qemu-ddvm*\""
    - ssh -o StrictHostKeyChecking=no -i $AWS_EC2_SSH_KEY_FILE "ubuntu@$INSTANCE_IP"
      "mkdir /tmp/dnsmasq && sudo cp /var/lib/libvirt/dnsmasq/* /tmp/dnsmasq/ && sudo
      chown 1000:1000 /tmp/dnsmasq/*"
    - scp -o StrictHostKeyChecking=no -i $AWS_EC2_SSH_KEY_FILE "ubuntu@$INSTANCE_IP:/tmp/ddvm-*.log"
      $CI_PROJECT_DIR/libvirt/log
    - scp -o StrictHostKeyChecking=no -i $AWS_EC2_SSH_KEY_FILE "ubuntu@$INSTANCE_IP:/tmp/ddvm-xml-*"
      $CI_PROJECT_DIR/libvirt/xml
    - scp -o StrictHostKeyChecking=no -i $AWS_EC2_SSH_KEY_FILE "ubuntu@$INSTANCE_IP:/tmp/qemu-ddvm-*.log"
      $CI_PROJECT_DIR/libvirt/qemu
    - scp -o StrictHostKeyChecking=no -i $AWS_EC2_SSH_KEY_FILE "ubuntu@$INSTANCE_IP:/tmp/dnsmasq/*"
      $CI_PROJECT_DIR/libvirt/dnsmasq
    - "GO_ARCH=$ARCH\nif [ \"${ARCH}\" == \"x86_64\" ]; then\n  GO_ARCH=amd64\nfi\n"
    - cd test/new-e2e && GOOS=linux GOARCH="${GO_ARCH}" go build system-probe/vm-metrics/vm-metrics.go
    - scp -o StrictHostKeyChecking=no -i $AWS_EC2_SSH_KEY_FILE $CI_PROJECT_DIR/test/new-e2e/vm-metrics
      "ubuntu@$INSTANCE_IP:/home/ubuntu/vm-metrics"
    - ssh -o StrictHostKeyChecking=no -i $AWS_EC2_SSH_KEY_FILE "ubuntu@$INSTANCE_IP"
      "/home/ubuntu/vm-metrics -statsd-host=127.0.0.1 -statsd-port=8125 -libvirt-uri=/var/run/libvirt/libvirt-sock-ro
      --tag \"arch:${ARCH}\" --tag \"test-component:${TEST_COMPONENT}\" --tag \"ci-pipeline-id:${CI_PIPELINE_ID}\"
      --daemon -log-file /home/ubuntu/daemon.log"
    - dda inv -- -e kmt.tag-ci-job
    artifacts:
      paths:
      - $CI_PROJECT_DIR/stack.output
      - $CI_PROJECT_DIR/libvirt
      - $VMCONFIG_FILE
      reports:
        annotations:
        - $EXTERNAL_LINKS_PATH
      when: always
    before_script:
    - DD_API_KEY=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $AGENT_API_KEY_ORG2 token)
      || exit $?; export DD_API_KEY
    - mkdir -p $GOPATH/pkg/mod/cache && tar xJf modcache.tar.xz -C $GOPATH/pkg/mod/cache
      || exit 101
    - rm -f modcache.tar.xz
    - mkdir -p ~/.aws
    - $CI_PROJECT_DIR/tools/ci/fetch_secret.sh $AGENT_QA_E2E profile >> ~/.aws/config
      || exit $?
    - export AWS_PROFILE=agent-qa-ci
    - touch $AWS_EC2_SSH_KEY_FILE && chmod 600 $AWS_EC2_SSH_KEY_FILE
    - $CI_PROJECT_DIR/tools/ci/fetch_secret.sh $AGENT_QA_E2E ssh_key > $AWS_EC2_SSH_KEY_FILE
      || exit $?
    - echo "" >> $AWS_EC2_SSH_KEY_FILE
    - chmod 600 $AWS_EC2_SSH_KEY_FILE
    - dda inv -- -e gitlab.generate-ci-visibility-links --output=$EXTERNAL_LINKS_PATH
      || true
    image: registry.ddbuild.io/ci/test-infra-definitions/runner$TEST_INFRA_DEFINITIONS_BUILDIMAGES_SUFFIX:$TEST_INFRA_DEFINITIONS_BUILDIMAGES
    needs:
    - go_deps
    - go_tools_deps
    rules:
    - allow_failure: true
      if: $CI_COMMIT_BRANCH == "main"
    - if: $CI_COMMIT_BRANCH =~ /^mq-working-branch-/
      when: never
    - if: $RUN_KMT_TESTS == 'on'
    - changes:
        compare_to: $COMPARE_TO_BRANCH
        paths:
        - pkg/ebpf/**/*
        - pkg/security/**/*
        - pkg/eventmonitor/**/*
        - .gitlab/kernel_matrix_testing/security_agent.yml
        - .gitlab/kernel_matrix_testing/common.yml
        - .gitlab/source_test/ebpf.yml
        - test/new-e2e/tests/cws/**/*
        - test/new-e2e/system-probe/**/*
        - test/new-e2e/scenarios/system-probe/**/*
        - test/new-e2e/pkg/runner/**/*
        - test/new-e2e/pkg/utils/**/*
        - test/new-e2e/go.mod
        - tasks/security_agent.py
        - tasks/kmt.py
        - tasks/kernel_matrix_testing/*
    - allow_failure: true
      when: manual
    script:
    - echo "s3://dd-pulumi-state?region=us-east-1&awssdk=v2&profile=$AWS_PROFILE" >
      $STACK_DIR
    - pulumi login $(cat $STACK_DIR | tr -d '\n')
    - dda inv -- -e kmt.gen-config --ci --arch=$ARCH --output-file=$VMCONFIG_FILE --vmconfig-template=$TEST_COMPONENT
      --memory=12288
-   - dda inv -- -e system-probe.start-microvms --provision-instance --provision-microvms
?                   ^^^ --------
+   - dda inv -- -e kmt.start-microvms --provision-instance --provision-microvms --vmconfig=$VMCONFIG_FILE
?                   ^^                                                          ++++++++++++++++++++++++++
-     --vmconfig=$VMCONFIG_FILE $INSTANCE_TYPE_ARG $AMI_ID_ARG --ssh-key-name=$AWS_EC2_SSH_KEY_NAME
+     $INSTANCE_TYPE_ARG $AMI_ID_ARG --ssh-key-name=$AWS_EC2_SSH_KEY_NAME --ssh-key-path=$AWS_EC2_SSH_KEY_FILE
-     --ssh-key-path=$AWS_EC2_SSH_KEY_FILE --infra-env=$INFRA_ENV --stack-name=kernel-matrix-testing-${TEST_COMPONENT}-${ARCH}-${CI_PIPELINE_ID}
?    -------------------------------------
+     --infra-env=$INFRA_ENV --stack-name=kernel-matrix-testing-${TEST_COMPONENT}-${ARCH}-${CI_PIPELINE_ID}
      --run-agent
    - jq "." $CI_PROJECT_DIR/stack.output
    - pulumi logout
    stage: kernel_matrix_testing_prepare
    tags:
    - arch:amd64
    variables:
      AMI_ID_ARG: --arm-ami-id=$KERNEL_MATRIX_TESTING_ARM_AMI_ID
      ARCH: arm64
      AWS_EC2_SSH_KEY_FILE: $CI_PROJECT_DIR/ssh_key
      AWS_EC2_SSH_KEY_NAME: datadog-agent-ci
      AWS_REGION: us-east-1
      EXTERNAL_LINKS_PATH: external_links_$CI_JOB_ID.json
      INFRA_ENV: aws/agent-qa
      INSTANCE_TYPE: m6gd.metal
      INSTANCE_TYPE_ARG: --instance-type-arm=$INSTANCE_TYPE
      KITCHEN_EC2_REGION: us-east-1
      KITCHEN_EC2_SG_IDS: sg-019917348cb0eb7e7
      KITCHEN_EC2_SUBNET: subnet-05d7c6b1b5cfea811
      KUBERNETES_MEMORY_LIMIT: 16Gi
      KUBERNETES_MEMORY_REQUEST: 12Gi
      LibvirtSSHKey: $CI_PROJECT_DIR/libvirt_rsa-arm
      PIPELINE_ID: $CI_PIPELINE_ID
      RESOURCE_TAGS: instance-type:${INSTANCE_TYPE},arch:${ARCH},test-component:${TEST_COMPONENT},git-branch:${CI_COMMIT_REF_NAME}
      STACK_DIR: $CI_PROJECT_DIR/stack.dir
      TEAM: ebpf-platform
      TEST_COMPONENT: security-agent
      VMCONFIG_FILE: ${CI_PROJECT_DIR}/vmconfig-${CI_PIPELINE_ID}-${ARCH}.json

kmt_setup_env_secagent_x64

  kmt_setup_env_secagent_x64:
    after_script:
    - DD_API_KEY=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $AGENT_API_KEY_ORG2 token)
      || exit $?; export DD_API_KEY
    - export AWS_PROFILE=agent-qa-ci
    - FILTER_TEAM="Name=tag:team,Values=ebpf-platform"
    - FILTER_MANAGED="Name=tag:managed-by,Values=pulumi"
    - FILTER_STATE="Name=instance-state-name,Values=running"
    - FILTER_PIPELINE="Name=tag:pipeline-id,Values=${CI_PIPELINE_ID}"
    - FILTER_ARCH="Name=tag:arch,Values=${ARCH}"
    - FILTER_INSTANCE_TYPE="Name=tag:instance-type,Values=${INSTANCE_TYPE}"
    - FILTER_TEST_COMPONENT="Name=tag:test-component,Values=${TEST_COMPONENT}"
    - QUERY_INSTANCE_IDS='Reservations[*].Instances[*].InstanceId'
    - QUERY_PRIVATE_IPS='Reservations[*].Instances[*].PrivateIpAddress'
    - mkdir -p $CI_PROJECT_DIR/libvirt/log/$ARCH $CI_PROJECT_DIR/libvirt/xml $CI_PROJECT_DIR/libvirt/qemu
      $CI_PROJECT_DIR/libvirt/dnsmasq
    - INSTANCE_IP=$(aws ec2 describe-instances --filters $FILTER_TEAM $FILTER_MANAGED
      $FILTER_STATE $FILTER_PIPELINE $FILTER_TEST_COMPONENT $FILTER_INSTANCE_TYPE --output
      text --query $QUERY_PRIVATE_IPS)
    - echo "$ARCH-instance-ip" $INSTANCE_IP
    - ssh -o StrictHostKeyChecking=no -i $AWS_EC2_SSH_KEY_FILE "ubuntu@$INSTANCE_IP"
      "sudo virsh list --name | grep -v -E '^$' | xargs -I '{}' sh -c \"sudo virsh dumpxml
      '{}' > /tmp/ddvm-xml-'{}'.txt\""
    - ssh -o StrictHostKeyChecking=no -i $AWS_EC2_SSH_KEY_FILE "ubuntu@$INSTANCE_IP"
      "sudo virsh list --name | xargs -I '{}' sh -c \"sudo cp /var/log/libvirt/qemu/'{}'.log
      /tmp/qemu-ddvm-'{}'.log && sudo chown 1000:1000 /tmp/qemu-ddvm*\""
    - ssh -o StrictHostKeyChecking=no -i $AWS_EC2_SSH_KEY_FILE "ubuntu@$INSTANCE_IP"
      "mkdir /tmp/dnsmasq && sudo cp /var/lib/libvirt/dnsmasq/* /tmp/dnsmasq/ && sudo
      chown 1000:1000 /tmp/dnsmasq/*"
    - scp -o StrictHostKeyChecking=no -i $AWS_EC2_SSH_KEY_FILE "ubuntu@$INSTANCE_IP:/tmp/ddvm-*.log"
      $CI_PROJECT_DIR/libvirt/log
    - scp -o StrictHostKeyChecking=no -i $AWS_EC2_SSH_KEY_FILE "ubuntu@$INSTANCE_IP:/tmp/ddvm-xml-*"
      $CI_PROJECT_DIR/libvirt/xml
    - scp -o StrictHostKeyChecking=no -i $AWS_EC2_SSH_KEY_FILE "ubuntu@$INSTANCE_IP:/tmp/qemu-ddvm-*.log"
      $CI_PROJECT_DIR/libvirt/qemu
    - scp -o StrictHostKeyChecking=no -i $AWS_EC2_SSH_KEY_FILE "ubuntu@$INSTANCE_IP:/tmp/dnsmasq/*"
      $CI_PROJECT_DIR/libvirt/dnsmasq
    - "GO_ARCH=$ARCH\nif [ \"${ARCH}\" == \"x86_64\" ]; then\n  GO_ARCH=amd64\nfi\n"
    - cd test/new-e2e && GOOS=linux GOARCH="${GO_ARCH}" go build system-probe/vm-metrics/vm-metrics.go
    - scp -o StrictHostKeyChecking=no -i $AWS_EC2_SSH_KEY_FILE $CI_PROJECT_DIR/test/new-e2e/vm-metrics
      "ubuntu@$INSTANCE_IP:/home/ubuntu/vm-metrics"
    - ssh -o StrictHostKeyChecking=no -i $AWS_EC2_SSH_KEY_FILE "ubuntu@$INSTANCE_IP"
      "/home/ubuntu/vm-metrics -statsd-host=127.0.0.1 -statsd-port=8125 -libvirt-uri=/var/run/libvirt/libvirt-sock-ro
      --tag \"arch:${ARCH}\" --tag \"test-component:${TEST_COMPONENT}\" --tag \"ci-pipeline-id:${CI_PIPELINE_ID}\"
      --daemon -log-file /home/ubuntu/daemon.log"
    - dda inv -- -e kmt.tag-ci-job
    artifacts:
      paths:
      - $CI_PROJECT_DIR/stack.output
      - $CI_PROJECT_DIR/libvirt
      - $VMCONFIG_FILE
      reports:
        annotations:
        - $EXTERNAL_LINKS_PATH
      when: always
    before_script:
    - DD_API_KEY=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $AGENT_API_KEY_ORG2 token)
      || exit $?; export DD_API_KEY
    - mkdir -p $GOPATH/pkg/mod/cache && tar xJf modcache.tar.xz -C $GOPATH/pkg/mod/cache
      || exit 101
    - rm -f modcache.tar.xz
    - mkdir -p ~/.aws
    - $CI_PROJECT_DIR/tools/ci/fetch_secret.sh $AGENT_QA_E2E profile >> ~/.aws/config
      || exit $?
    - export AWS_PROFILE=agent-qa-ci
    - touch $AWS_EC2_SSH_KEY_FILE && chmod 600 $AWS_EC2_SSH_KEY_FILE
    - $CI_PROJECT_DIR/tools/ci/fetch_secret.sh $AGENT_QA_E2E ssh_key > $AWS_EC2_SSH_KEY_FILE
      || exit $?
    - echo "" >> $AWS_EC2_SSH_KEY_FILE
    - chmod 600 $AWS_EC2_SSH_KEY_FILE
    - dda inv -- -e gitlab.generate-ci-visibility-links --output=$EXTERNAL_LINKS_PATH
      || true
    image: registry.ddbuild.io/ci/test-infra-definitions/runner$TEST_INFRA_DEFINITIONS_BUILDIMAGES_SUFFIX:$TEST_INFRA_DEFINITIONS_BUILDIMAGES
    needs:
    - go_deps
    - go_tools_deps
    rules:
    - allow_failure: true
      if: $CI_COMMIT_BRANCH == "main"
    - if: $CI_COMMIT_BRANCH =~ /^mq-working-branch-/
      when: never
    - if: $RUN_KMT_TESTS == 'on'
    - changes:
        compare_to: $COMPARE_TO_BRANCH
        paths:
        - pkg/ebpf/**/*
        - pkg/security/**/*
        - pkg/eventmonitor/**/*
        - .gitlab/kernel_matrix_testing/security_agent.yml
        - .gitlab/kernel_matrix_testing/common.yml
        - .gitlab/source_test/ebpf.yml
        - test/new-e2e/tests/cws/**/*
        - test/new-e2e/system-probe/**/*
        - test/new-e2e/scenarios/system-probe/**/*
        - test/new-e2e/pkg/runner/**/*
        - test/new-e2e/pkg/utils/**/*
        - test/new-e2e/go.mod
        - tasks/security_agent.py
        - tasks/kmt.py
        - tasks/kernel_matrix_testing/*
    - allow_failure: true
      when: manual
    script:
    - echo "s3://dd-pulumi-state?region=us-east-1&awssdk=v2&profile=$AWS_PROFILE" >
      $STACK_DIR
    - pulumi login $(cat $STACK_DIR | tr -d '\n')
    - dda inv -- -e kmt.gen-config --ci --arch=$ARCH --output-file=$VMCONFIG_FILE --vmconfig-template=$TEST_COMPONENT
      --memory=12288
-   - dda inv -- -e system-probe.start-microvms --provision-instance --provision-microvms
?                   ^^^ --------
+   - dda inv -- -e kmt.start-microvms --provision-instance --provision-microvms --vmconfig=$VMCONFIG_FILE
?                   ^^                                                          ++++++++++++++++++++++++++
-     --vmconfig=$VMCONFIG_FILE $INSTANCE_TYPE_ARG $AMI_ID_ARG --ssh-key-name=$AWS_EC2_SSH_KEY_NAME
+     $INSTANCE_TYPE_ARG $AMI_ID_ARG --ssh-key-name=$AWS_EC2_SSH_KEY_NAME --ssh-key-path=$AWS_EC2_SSH_KEY_FILE
-     --ssh-key-path=$AWS_EC2_SSH_KEY_FILE --infra-env=$INFRA_ENV --stack-name=kernel-matrix-testing-${TEST_COMPONENT}-${ARCH}-${CI_PIPELINE_ID}
?    -------------------------------------
+     --infra-env=$INFRA_ENV --stack-name=kernel-matrix-testing-${TEST_COMPONENT}-${ARCH}-${CI_PIPELINE_ID}
      --run-agent
    - jq "." $CI_PROJECT_DIR/stack.output
    - pulumi logout
    stage: kernel_matrix_testing_prepare
    tags:
    - arch:amd64
    variables:
      AMI_ID_ARG: --x86-ami-id=$KERNEL_MATRIX_TESTING_X86_AMI_ID
      ARCH: x86_64
      AWS_EC2_SSH_KEY_FILE: $CI_PROJECT_DIR/ssh_key
      AWS_EC2_SSH_KEY_NAME: datadog-agent-ci
      AWS_REGION: us-east-1
      EXTERNAL_LINKS_PATH: external_links_$CI_JOB_ID.json
      INFRA_ENV: aws/agent-qa
      INSTANCE_TYPE: m5d.metal
      INSTANCE_TYPE_ARG: --instance-type-x86=$INSTANCE_TYPE
      KITCHEN_EC2_REGION: us-east-1
      KITCHEN_EC2_SG_IDS: sg-019917348cb0eb7e7
      KITCHEN_EC2_SUBNET: subnet-05d7c6b1b5cfea811
      KUBERNETES_MEMORY_LIMIT: 16Gi
      KUBERNETES_MEMORY_REQUEST: 12Gi
      LibvirtSSHKey: $CI_PROJECT_DIR/libvirt_rsa-x86
      PIPELINE_ID: $CI_PIPELINE_ID
      RESOURCE_TAGS: instance-type:${INSTANCE_TYPE},arch:${ARCH},test-component:${TEST_COMPONENT},git-branch:${CI_COMMIT_REF_NAME}
      STACK_DIR: $CI_PROJECT_DIR/stack.dir
      TEAM: ebpf-platform
      TEST_COMPONENT: security-agent
      VMCONFIG_FILE: ${CI_PROJECT_DIR}/vmconfig-${CI_PIPELINE_ID}-${ARCH}.json

kmt_setup_env_sysprobe_arm64

  kmt_setup_env_sysprobe_arm64:
    after_script:
    - DD_API_KEY=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $AGENT_API_KEY_ORG2 token)
      || exit $?; export DD_API_KEY
    - export AWS_PROFILE=agent-qa-ci
    - FILTER_TEAM="Name=tag:team,Values=ebpf-platform"
    - FILTER_MANAGED="Name=tag:managed-by,Values=pulumi"
    - FILTER_STATE="Name=instance-state-name,Values=running"
    - FILTER_PIPELINE="Name=tag:pipeline-id,Values=${CI_PIPELINE_ID}"
    - FILTER_ARCH="Name=tag:arch,Values=${ARCH}"
    - FILTER_INSTANCE_TYPE="Name=tag:instance-type,Values=${INSTANCE_TYPE}"
    - FILTER_TEST_COMPONENT="Name=tag:test-component,Values=${TEST_COMPONENT}"
    - QUERY_INSTANCE_IDS='Reservations[*].Instances[*].InstanceId'
    - QUERY_PRIVATE_IPS='Reservations[*].Instances[*].PrivateIpAddress'
    - mkdir -p $CI_PROJECT_DIR/libvirt/log/$ARCH $CI_PROJECT_DIR/libvirt/xml $CI_PROJECT_DIR/libvirt/qemu
      $CI_PROJECT_DIR/libvirt/dnsmasq
    - INSTANCE_IP=$(aws ec2 describe-instances --filters $FILTER_TEAM $FILTER_MANAGED
      $FILTER_STATE $FILTER_PIPELINE $FILTER_TEST_COMPONENT $FILTER_INSTANCE_TYPE --output
      text --query $QUERY_PRIVATE_IPS)
    - echo "$ARCH-instance-ip" $INSTANCE_IP
    - ssh -o StrictHostKeyChecking=no -i $AWS_EC2_SSH_KEY_FILE "ubuntu@$INSTANCE_IP"
      "sudo virsh list --name | grep -v -E '^$' | xargs -I '{}' sh -c \"sudo virsh dumpxml
      '{}' > /tmp/ddvm-xml-'{}'.txt\""
    - ssh -o StrictHostKeyChecking=no -i $AWS_EC2_SSH_KEY_FILE "ubuntu@$INSTANCE_IP"
      "sudo virsh list --name | xargs -I '{}' sh -c \"sudo cp /var/log/libvirt/qemu/'{}'.log
      /tmp/qemu-ddvm-'{}'.log && sudo chown 1000:1000 /tmp/qemu-ddvm*\""
    - ssh -o StrictHostKeyChecking=no -i $AWS_EC2_SSH_KEY_FILE "ubuntu@$INSTANCE_IP"
      "mkdir /tmp/dnsmasq && sudo cp /var/lib/libvirt/dnsmasq/* /tmp/dnsmasq/ && sudo
      chown 1000:1000 /tmp/dnsmasq/*"
    - scp -o StrictHostKeyChecking=no -i $AWS_EC2_SSH_KEY_FILE "ubuntu@$INSTANCE_IP:/tmp/ddvm-*.log"
      $CI_PROJECT_DIR/libvirt/log
    - scp -o StrictHostKeyChecking=no -i $AWS_EC2_SSH_KEY_FILE "ubuntu@$INSTANCE_IP:/tmp/ddvm-xml-*"
      $CI_PROJECT_DIR/libvirt/xml
    - scp -o StrictHostKeyChecking=no -i $AWS_EC2_SSH_KEY_FILE "ubuntu@$INSTANCE_IP:/tmp/qemu-ddvm-*.log"
      $CI_PROJECT_DIR/libvirt/qemu
    - scp -o StrictHostKeyChecking=no -i $AWS_EC2_SSH_KEY_FILE "ubuntu@$INSTANCE_IP:/tmp/dnsmasq/*"
      $CI_PROJECT_DIR/libvirt/dnsmasq
    - "GO_ARCH=$ARCH\nif [ \"${ARCH}\" == \"x86_64\" ]; then\n  GO_ARCH=amd64\nfi\n"
    - cd test/new-e2e && GOOS=linux GOARCH="${GO_ARCH}" go build system-probe/vm-metrics/vm-metrics.go
    - scp -o StrictHostKeyChecking=no -i $AWS_EC2_SSH_KEY_FILE $CI_PROJECT_DIR/test/new-e2e/vm-metrics
      "ubuntu@$INSTANCE_IP:/home/ubuntu/vm-metrics"
    - ssh -o StrictHostKeyChecking=no -i $AWS_EC2_SSH_KEY_FILE "ubuntu@$INSTANCE_IP"
      "/home/ubuntu/vm-metrics -statsd-host=127.0.0.1 -statsd-port=8125 -libvirt-uri=/var/run/libvirt/libvirt-sock-ro
      --tag \"arch:${ARCH}\" --tag \"test-component:${TEST_COMPONENT}\" --tag \"ci-pipeline-id:${CI_PIPELINE_ID}\"
      --daemon -log-file /home/ubuntu/daemon.log"
    - dda inv -- -e kmt.tag-ci-job
    artifacts:
      paths:
      - $CI_PROJECT_DIR/stack.output
      - $CI_PROJECT_DIR/libvirt
      - $VMCONFIG_FILE
      reports:
        annotations:
        - $EXTERNAL_LINKS_PATH
      when: always
    before_script:
    - DD_API_KEY=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $AGENT_API_KEY_ORG2 token)
      || exit $?; export DD_API_KEY
    - mkdir -p $GOPATH/pkg/mod/cache && tar xJf modcache.tar.xz -C $GOPATH/pkg/mod/cache
      || exit 101
    - rm -f modcache.tar.xz
    - mkdir -p ~/.aws
    - $CI_PROJECT_DIR/tools/ci/fetch_secret.sh $AGENT_QA_E2E profile >> ~/.aws/config
      || exit $?
    - export AWS_PROFILE=agent-qa-ci
    - touch $AWS_EC2_SSH_KEY_FILE && chmod 600 $AWS_EC2_SSH_KEY_FILE
    - $CI_PROJECT_DIR/tools/ci/fetch_secret.sh $AGENT_QA_E2E ssh_key > $AWS_EC2_SSH_KEY_FILE
      || exit $?
    - echo "" >> $AWS_EC2_SSH_KEY_FILE
    - chmod 600 $AWS_EC2_SSH_KEY_FILE
    - dda inv -- -e gitlab.generate-ci-visibility-links --output=$EXTERNAL_LINKS_PATH
      || true
    image: registry.ddbuild.io/ci/test-infra-definitions/runner$TEST_INFRA_DEFINITIONS_BUILDIMAGES_SUFFIX:$TEST_INFRA_DEFINITIONS_BUILDIMAGES
    needs:
    - go_deps
    - go_tools_deps
    rules:
    - if: $CI_COMMIT_BRANCH == "main"
    - if: $CI_COMMIT_BRANCH =~ /^mq-working-branch-/
      when: never
    - if: $RUN_KMT_TESTS == 'on'
    - changes:
        compare_to: $COMPARE_TO_BRANCH
        paths:
        - cmd/system-probe/**/*
        - pkg/collector/corechecks/ebpf/**/*
        - pkg/collector/corechecks/servicediscovery/module/*
        - pkg/ebpf/**/*
        - pkg/network/**/*
        - pkg/process/monitor/*
        - pkg/util/kernel/**/*
        - pkg/dynamicinstrumentation/**/*
        - pkg/dyninst/**/*
        - pkg/gpu/**/*
        - .gitlab/kernel_matrix_testing/system_probe.yml
        - .gitlab/kernel_matrix_testing/common.yml
        - .gitlab/source_test/ebpf.yml
        - test/new-e2e/system-probe/**/*
        - test/new-e2e/scenarios/system-probe/**/*
        - test/new-e2e/pkg/runner/**/*
        - test/new-e2e/pkg/utils/**/*
        - test/new-e2e/go.mod
        - tasks/system_probe.py
        - tasks/kmt.py
        - tasks/kernel_matrix_testing/*
    script:
    - echo "s3://dd-pulumi-state?region=us-east-1&awssdk=v2&profile=$AWS_PROFILE" >
      $STACK_DIR
    - pulumi login $(cat $STACK_DIR | tr -d '\n')
    - dda inv -- -e kmt.gen-config --ci --arch=$ARCH --output-file=$VMCONFIG_FILE --vmconfig-template=$TEST_COMPONENT
      --memory=12288
-   - dda inv -- -e system-probe.start-microvms --provision-instance --provision-microvms
?                   ^^^ --------
+   - dda inv -- -e kmt.start-microvms --provision-instance --provision-microvms --vmconfig=$VMCONFIG_FILE
?                   ^^                                                          ++++++++++++++++++++++++++
-     --vmconfig=$VMCONFIG_FILE $INSTANCE_TYPE_ARG $AMI_ID_ARG --ssh-key-name=$AWS_EC2_SSH_KEY_NAME
+     $INSTANCE_TYPE_ARG $AMI_ID_ARG --ssh-key-name=$AWS_EC2_SSH_KEY_NAME --ssh-key-path=$AWS_EC2_SSH_KEY_FILE
-     --ssh-key-path=$AWS_EC2_SSH_KEY_FILE --infra-env=$INFRA_ENV --stack-name=kernel-matrix-testing-${TEST_COMPONENT}-${ARCH}-${CI_PIPELINE_ID}
?    -------------------------------------
+     --infra-env=$INFRA_ENV --stack-name=kernel-matrix-testing-${TEST_COMPONENT}-${ARCH}-${CI_PIPELINE_ID}
      --run-agent
    - jq "." $CI_PROJECT_DIR/stack.output
    - pulumi logout
    stage: kernel_matrix_testing_prepare
    tags:
    - arch:amd64
    variables:
      AMI_ID_ARG: --arm-ami-id=$KERNEL_MATRIX_TESTING_ARM_AMI_ID
      ARCH: arm64
      AWS_EC2_SSH_KEY_FILE: $CI_PROJECT_DIR/ssh_key
      AWS_EC2_SSH_KEY_NAME: datadog-agent-ci
      AWS_REGION: us-east-1
      EXTERNAL_LINKS_PATH: external_links_$CI_JOB_ID.json
      INFRA_ENV: aws/agent-qa
      INSTANCE_TYPE: m6gd.metal
      INSTANCE_TYPE_ARG: --instance-type-arm=$INSTANCE_TYPE
      KITCHEN_EC2_REGION: us-east-1
      KITCHEN_EC2_SG_IDS: sg-019917348cb0eb7e7
      KITCHEN_EC2_SUBNET: subnet-05d7c6b1b5cfea811
      KUBERNETES_MEMORY_LIMIT: 16Gi
      KUBERNETES_MEMORY_REQUEST: 12Gi
      LibvirtSSHKey: $CI_PROJECT_DIR/libvirt_rsa-arm
      PIPELINE_ID: $CI_PIPELINE_ID
      RESOURCE_TAGS: instance-type:${INSTANCE_TYPE},arch:${ARCH},test-component:${TEST_COMPONENT},git-branch:${CI_COMMIT_REF_NAME}
      STACK_DIR: $CI_PROJECT_DIR/stack.dir
      TEAM: ebpf-platform
      TEST_COMPONENT: system-probe
      VMCONFIG_FILE: ${CI_PROJECT_DIR}/vmconfig-${CI_PIPELINE_ID}-${ARCH}.json

kmt_setup_env_sysprobe_x64

  kmt_setup_env_sysprobe_x64:
    after_script:
    - DD_API_KEY=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $AGENT_API_KEY_ORG2 token)
      || exit $?; export DD_API_KEY
    - export AWS_PROFILE=agent-qa-ci
    - FILTER_TEAM="Name=tag:team,Values=ebpf-platform"
    - FILTER_MANAGED="Name=tag:managed-by,Values=pulumi"
    - FILTER_STATE="Name=instance-state-name,Values=running"
    - FILTER_PIPELINE="Name=tag:pipeline-id,Values=${CI_PIPELINE_ID}"
    - FILTER_ARCH="Name=tag:arch,Values=${ARCH}"
    - FILTER_INSTANCE_TYPE="Name=tag:instance-type,Values=${INSTANCE_TYPE}"
    - FILTER_TEST_COMPONENT="Name=tag:test-component,Values=${TEST_COMPONENT}"
    - QUERY_INSTANCE_IDS='Reservations[*].Instances[*].InstanceId'
    - QUERY_PRIVATE_IPS='Reservations[*].Instances[*].PrivateIpAddress'
    - mkdir -p $CI_PROJECT_DIR/libvirt/log/$ARCH $CI_PROJECT_DIR/libvirt/xml $CI_PROJECT_DIR/libvirt/qemu
      $CI_PROJECT_DIR/libvirt/dnsmasq
    - INSTANCE_IP=$(aws ec2 describe-instances --filters $FILTER_TEAM $FILTER_MANAGED
      $FILTER_STATE $FILTER_PIPELINE $FILTER_TEST_COMPONENT $FILTER_INSTANCE_TYPE --output
      text --query $QUERY_PRIVATE_IPS)
    - echo "$ARCH-instance-ip" $INSTANCE_IP
    - ssh -o StrictHostKeyChecking=no -i $AWS_EC2_SSH_KEY_FILE "ubuntu@$INSTANCE_IP"
      "sudo virsh list --name | grep -v -E '^$' | xargs -I '{}' sh -c \"sudo virsh dumpxml
      '{}' > /tmp/ddvm-xml-'{}'.txt\""
    - ssh -o StrictHostKeyChecking=no -i $AWS_EC2_SSH_KEY_FILE "ubuntu@$INSTANCE_IP"
      "sudo virsh list --name | xargs -I '{}' sh -c \"sudo cp /var/log/libvirt/qemu/'{}'.log
      /tmp/qemu-ddvm-'{}'.log && sudo chown 1000:1000 /tmp/qemu-ddvm*\""
    - ssh -o StrictHostKeyChecking=no -i $AWS_EC2_SSH_KEY_FILE "ubuntu@$INSTANCE_IP"
      "mkdir /tmp/dnsmasq && sudo cp /var/lib/libvirt/dnsmasq/* /tmp/dnsmasq/ && sudo
      chown 1000:1000 /tmp/dnsmasq/*"
    - scp -o StrictHostKeyChecking=no -i $AWS_EC2_SSH_KEY_FILE "ubuntu@$INSTANCE_IP:/tmp/ddvm-*.log"
      $CI_PROJECT_DIR/libvirt/log
    - scp -o StrictHostKeyChecking=no -i $AWS_EC2_SSH_KEY_FILE "ubuntu@$INSTANCE_IP:/tmp/ddvm-xml-*"
      $CI_PROJECT_DIR/libvirt/xml
    - scp -o StrictHostKeyChecking=no -i $AWS_EC2_SSH_KEY_FILE "ubuntu@$INSTANCE_IP:/tmp/qemu-ddvm-*.log"
      $CI_PROJECT_DIR/libvirt/qemu
    - scp -o StrictHostKeyChecking=no -i $AWS_EC2_SSH_KEY_FILE "ubuntu@$INSTANCE_IP:/tmp/dnsmasq/*"
      $CI_PROJECT_DIR/libvirt/dnsmasq
    - "GO_ARCH=$ARCH\nif [ \"${ARCH}\" == \"x86_64\" ]; then\n  GO_ARCH=amd64\nfi\n"
    - cd test/new-e2e && GOOS=linux GOARCH="${GO_ARCH}" go build system-probe/vm-metrics/vm-metrics.go
    - scp -o StrictHostKeyChecking=no -i $AWS_EC2_SSH_KEY_FILE $CI_PROJECT_DIR/test/new-e2e/vm-metrics
      "ubuntu@$INSTANCE_IP:/home/ubuntu/vm-metrics"
    - ssh -o StrictHostKeyChecking=no -i $AWS_EC2_SSH_KEY_FILE "ubuntu@$INSTANCE_IP"
      "/home/ubuntu/vm-metrics -statsd-host=127.0.0.1 -statsd-port=8125 -libvirt-uri=/var/run/libvirt/libvirt-sock-ro
      --tag \"arch:${ARCH}\" --tag \"test-component:${TEST_COMPONENT}\" --tag \"ci-pipeline-id:${CI_PIPELINE_ID}\"
      --daemon -log-file /home/ubuntu/daemon.log"
    - dda inv -- -e kmt.tag-ci-job
    artifacts:
      paths:
      - $CI_PROJECT_DIR/stack.output
      - $CI_PROJECT_DIR/libvirt
      - $VMCONFIG_FILE
      reports:
        annotations:
        - $EXTERNAL_LINKS_PATH
      when: always
    before_script:
    - DD_API_KEY=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $AGENT_API_KEY_ORG2 token)
      || exit $?; export DD_API_KEY
    - mkdir -p $GOPATH/pkg/mod/cache && tar xJf modcache.tar.xz -C $GOPATH/pkg/mod/cache
      || exit 101
    - rm -f modcache.tar.xz
    - mkdir -p ~/.aws
    - $CI_PROJECT_DIR/tools/ci/fetch_secret.sh $AGENT_QA_E2E profile >> ~/.aws/config
      || exit $?
    - export AWS_PROFILE=agent-qa-ci
    - touch $AWS_EC2_SSH_KEY_FILE && chmod 600 $AWS_EC2_SSH_KEY_FILE
    - $CI_PROJECT_DIR/tools/ci/fetch_secret.sh $AGENT_QA_E2E ssh_key > $AWS_EC2_SSH_KEY_FILE
      || exit $?
    - echo "" >> $AWS_EC2_SSH_KEY_FILE
    - chmod 600 $AWS_EC2_SSH_KEY_FILE
    - dda inv -- -e gitlab.generate-ci-visibility-links --output=$EXTERNAL_LINKS_PATH
      || true
    image: registry.ddbuild.io/ci/test-infra-definitions/runner$TEST_INFRA_DEFINITIONS_BUILDIMAGES_SUFFIX:$TEST_INFRA_DEFINITIONS_BUILDIMAGES
    needs:
    - go_deps
    - go_tools_deps
    rules:
    - if: $CI_COMMIT_BRANCH == "main"
    - if: $CI_COMMIT_BRANCH =~ /^mq-working-branch-/
      when: never
    - if: $RUN_KMT_TESTS == 'on'
    - changes:
        compare_to: $COMPARE_TO_BRANCH
        paths:
        - cmd/system-probe/**/*
        - pkg/collector/corechecks/ebpf/**/*
        - pkg/collector/corechecks/servicediscovery/module/*
        - pkg/ebpf/**/*
        - pkg/network/**/*
        - pkg/process/monitor/*
        - pkg/util/kernel/**/*
        - pkg/dynamicinstrumentation/**/*
        - pkg/dyninst/**/*
        - pkg/gpu/**/*
        - .gitlab/kernel_matrix_testing/system_probe.yml
        - .gitlab/kernel_matrix_testing/common.yml
        - .gitlab/source_test/ebpf.yml
        - test/new-e2e/system-probe/**/*
        - test/new-e2e/scenarios/system-probe/**/*
        - test/new-e2e/pkg/runner/**/*
        - test/new-e2e/pkg/utils/**/*
        - test/new-e2e/go.mod
        - tasks/system_probe.py
        - tasks/kmt.py
        - tasks/kernel_matrix_testing/*
    script:
    - echo "s3://dd-pulumi-state?region=us-east-1&awssdk=v2&profile=$AWS_PROFILE" >
      $STACK_DIR
    - pulumi login $(cat $STACK_DIR | tr -d '\n')
    - dda inv -- -e kmt.gen-config --ci --arch=$ARCH --output-file=$VMCONFIG_FILE --vmconfig-template=$TEST_COMPONENT
      --memory=12288
-   - dda inv -- -e system-probe.start-microvms --provision-instance --provision-microvms
?                   ^^^ --------
+   - dda inv -- -e kmt.start-microvms --provision-instance --provision-microvms --vmconfig=$VMCONFIG_FILE
?                   ^^                                                          ++++++++++++++++++++++++++
-     --vmconfig=$VMCONFIG_FILE $INSTANCE_TYPE_ARG $AMI_ID_ARG --ssh-key-name=$AWS_EC2_SSH_KEY_NAME
+     $INSTANCE_TYPE_ARG $AMI_ID_ARG --ssh-key-name=$AWS_EC2_SSH_KEY_NAME --ssh-key-path=$AWS_EC2_SSH_KEY_FILE
-     --ssh-key-path=$AWS_EC2_SSH_KEY_FILE --infra-env=$INFRA_ENV --stack-name=kernel-matrix-testing-${TEST_COMPONENT}-${ARCH}-${CI_PIPELINE_ID}
?    -------------------------------------
+     --infra-env=$INFRA_ENV --stack-name=kernel-matrix-testing-${TEST_COMPONENT}-${ARCH}-${CI_PIPELINE_ID}
      --run-agent
    - jq "." $CI_PROJECT_DIR/stack.output
    - pulumi logout
    stage: kernel_matrix_testing_prepare
    tags:
    - arch:amd64
    variables:
      AMI_ID_ARG: --x86-ami-id=$KERNEL_MATRIX_TESTING_X86_AMI_ID
      ARCH: x86_64
      AWS_EC2_SSH_KEY_FILE: $CI_PROJECT_DIR/ssh_key
      AWS_EC2_SSH_KEY_NAME: datadog-agent-ci
      AWS_REGION: us-east-1
      EXTERNAL_LINKS_PATH: external_links_$CI_JOB_ID.json
      INFRA_ENV: aws/agent-qa
      INSTANCE_TYPE: m5d.metal
      INSTANCE_TYPE_ARG: --instance-type-x86=$INSTANCE_TYPE
      KITCHEN_EC2_REGION: us-east-1
      KITCHEN_EC2_SG_IDS: sg-019917348cb0eb7e7
      KITCHEN_EC2_SUBNET: subnet-05d7c6b1b5cfea811
      KUBERNETES_MEMORY_LIMIT: 16Gi
      KUBERNETES_MEMORY_REQUEST: 12Gi
      LibvirtSSHKey: $CI_PROJECT_DIR/libvirt_rsa-x86
      PIPELINE_ID: $CI_PIPELINE_ID
      RESOURCE_TAGS: instance-type:${INSTANCE_TYPE},arch:${ARCH},test-component:${TEST_COMPONENT},git-branch:${CI_COMMIT_REF_NAME}
      STACK_DIR: $CI_PROJECT_DIR/stack.dir
      TEAM: ebpf-platform
      TEST_COMPONENT: system-probe
      VMCONFIG_FILE: ${CI_PROJECT_DIR}/vmconfig-${CI_PIPELINE_ID}-${ARCH}.json

Changes Summary

Removed	Modified	Added	Renamed
0	5	0	0

ℹ️ Diff available in the job log.

cit-pr-commenter · 2025-06-12T17:32:40Z

Regression Detector

Regression Detector Results

Metrics dashboard
Target profiles
Run ID: 0fccc2f4-5289-406d-9f63-ac00d88c400a

Baseline: 1b8705a
Comparison: f742812
Diff

Optimization Goals: ✅ No significant changes detected

Fine details of change detection per experiment

perf	experiment	goal	Δ mean %	Δ mean % CI	trials	links
➖	docker_containers_cpu	% cpu utilization	+2.29	[-0.70, +5.28]	1	Logs
➖	uds_dogstatsd_20mb_12k_contexts_20_senders	memory utilization	+1.03	[+0.95, +1.10]	1	Logs
➖	otlp_ingest_logs	memory utilization	+0.52	[+0.39, +0.65]	1	Logs
➖	otlp_ingest_metrics	memory utilization	+0.32	[+0.15, +0.49]	1	Logs
➖	file_to_blackhole_0ms_latency	egress throughput	+0.15	[-0.47, +0.77]	1	Logs
➖	file_to_blackhole_0ms_latency_http2	egress throughput	+0.14	[-0.40, +0.69]	1	Logs
➖	file_to_blackhole_300ms_latency	egress throughput	+0.06	[-0.52, +0.64]	1	Logs
➖	file_to_blackhole_100ms_latency	egress throughput	+0.03	[-0.59, +0.65]	1	Logs
➖	tcp_dd_logs_filter_exclude	ingress throughput	+0.01	[-0.01, +0.03]	1	Logs
➖	uds_dogstatsd_to_api	ingress throughput	+0.00	[-0.27, +0.28]	1	Logs
➖	docker_containers_memory	memory utilization	+0.00	[-0.09, +0.09]	1	Logs
➖	tcp_syslog_to_blackhole	ingress throughput	-0.00	[-0.06, +0.06]	1	Logs
➖	file_to_blackhole_1000ms_latency	egress throughput	-0.01	[-0.61, +0.59]	1	Logs
➖	file_to_blackhole_500ms_latency	egress throughput	-0.02	[-0.60, +0.57]	1	Logs
➖	file_to_blackhole_0ms_latency_http1	egress throughput	-0.03	[-0.66, +0.59]	1	Logs
➖	file_to_blackhole_1000ms_latency_linear_load	egress throughput	-0.04	[-0.27, +0.20]	1	Logs
➖	quality_gate_idle_all_features	memory utilization	-0.19	[-0.30, -0.09]	1	Logs bounds checks dashboard
➖	ddot_metrics	memory utilization	-0.28	[-0.40, -0.16]	1	Logs
➖	ddot_logs	memory utilization	-0.51	[-0.63, -0.40]	1	Logs
➖	quality_gate_idle	memory utilization	-0.88	[-0.96, -0.81]	1	Logs bounds checks dashboard
➖	uds_dogstatsd_to_api_cpu	% cpu utilization	-1.17	[-2.04, -0.30]	1	Logs
➖	quality_gate_logs	% cpu utilization	-2.00	[-4.75, +0.74]	1	Logs bounds checks dashboard
➖	file_tree	memory utilization	-2.38	[-2.56, -2.19]	1	Logs

Bounds Checks: ✅ Passed

perf	experiment	bounds_check_name	replicates_passed	links
✅	docker_containers_cpu	simple_check_run	10/10
✅	docker_containers_memory	memory_usage	10/10
✅	docker_containers_memory	simple_check_run	10/10
✅	file_to_blackhole_0ms_latency	lost_bytes	10/10
✅	file_to_blackhole_0ms_latency	memory_usage	10/10
✅	file_to_blackhole_0ms_latency_http1	lost_bytes	10/10
✅	file_to_blackhole_0ms_latency_http1	memory_usage	10/10
✅	file_to_blackhole_0ms_latency_http2	lost_bytes	10/10
✅	file_to_blackhole_0ms_latency_http2	memory_usage	10/10
✅	file_to_blackhole_1000ms_latency	memory_usage	10/10
✅	file_to_blackhole_1000ms_latency_linear_load	memory_usage	10/10
✅	file_to_blackhole_100ms_latency	lost_bytes	10/10
✅	file_to_blackhole_100ms_latency	memory_usage	10/10
✅	file_to_blackhole_300ms_latency	lost_bytes	10/10
✅	file_to_blackhole_300ms_latency	memory_usage	10/10
✅	file_to_blackhole_500ms_latency	lost_bytes	10/10
✅	file_to_blackhole_500ms_latency	memory_usage	10/10
✅	quality_gate_idle	intake_connections	10/10	bounds checks dashboard
✅	quality_gate_idle	memory_usage	10/10	bounds checks dashboard
✅	quality_gate_idle_all_features	intake_connections	10/10	bounds checks dashboard
✅	quality_gate_idle_all_features	memory_usage	10/10	bounds checks dashboard
✅	quality_gate_logs	intake_connections	10/10	bounds checks dashboard
✅	quality_gate_logs	lost_bytes	10/10	bounds checks dashboard
✅	quality_gate_logs	memory_usage	10/10	bounds checks dashboard

Explanation

Confidence level: 90.00%
Effect size tolerance: |Δ mean %| ≥ 5.00%

Performance changes are noted in the perf column of each table:

✅ = significantly better comparison variant performance
❌ = significantly worse comparison variant performance
➖ = no significant change in performance

A regression test is an A/B test of target performance in a repeatable rig, where "performance" is measured as "comparison variant minus baseline variant" for an optimization goal (e.g., ingress throughput). Due to intrinsic variability in measuring that goal, we can only estimate its mean value for each experiment; we report uncertainty in that value as a 90.00% confidence interval denoted "Δ mean % CI".

For each experiment, we decide whether a change in performance is a "regression" -- a change worth investigating further -- if all of the following criteria are true:

Its estimated |Δ mean %| ≥ 5.00%, indicating the change is big enough to merit a closer look.
Its 90.00% confidence interval "Δ mean % CI" does not contain zero, indicating that if our statistical model is accurate, there is at least a 90.00% chance there is a difference in performance between baseline and comparison variants.
Its configuration does not mark it "erratic".

CI Pass/Fail Decision

✅ Passed. All Quality Gates passed.

quality_gate_idle_all_features, bounds check memory_usage: 10/10 replicas passed. Gate passed.
quality_gate_idle_all_features, bounds check intake_connections: 10/10 replicas passed. Gate passed.
quality_gate_logs, bounds check lost_bytes: 10/10 replicas passed. Gate passed.
quality_gate_logs, bounds check intake_connections: 10/10 replicas passed. Gate passed.
quality_gate_logs, bounds check memory_usage: 10/10 replicas passed. Gate passed.
quality_gate_idle, bounds check intake_connections: 10/10 replicas passed. Gate passed.
quality_gate_idle, bounds check memory_usage: 10/10 replicas passed. Gate passed.

agent-platform-auto-pr · 2025-06-12T18:37:42Z

Static quality checks

✅ Please find below the results from static quality gates
Comparison made with ancestor 1b8705a

Successful checks

Info

	Quality gate	Delta	On disk size (MiB)	Delta	On wire size (MiB)
✅	agent_deb_amd64	$${-0.05}$$	$${696.38}$$ < $${697.37}$$	$${+0.02}$$	$${176.07}$$ < $${177.03}$$
✅	agent_deb_amd64_fips	$${-0.05}$$	$${694.67}$$ < $${695.59}$$	$${+0.02}$$	$${175.57}$$ < $${176.51}$$
✅	agent_heroku_amd64	$${-0.05}$$	$${358.67}$$ < $${359.67}$$	$${-0.01}$$	$${96.52}$$ < $${97.47}$$
✅	agent_msi	$${-0.05}$$	$${958.88}$$ < $${959.86}$$	$${-0.05}$$	$${146.28}$$ < $${147.27}$$
✅	agent_rpm_amd64	$${-0.05}$$	$${696.36}$$ < $${697.36}$$	$${-0}$$	$${177.6}$$ < $${178.56}$$
✅	agent_rpm_amd64_fips	$${-0.05}$$	$${694.66}$$ < $${695.58}$$	$${+0.02}$$	$${177.52}$$ < $${178.43}$$
✅	agent_rpm_arm64	$${-0.05}$$	$${686.38}$$ < $${687.37}$$	$${-0.01}$$	$${161.05}$$ < $${161.99}$$
✅	agent_rpm_arm64_fips	$${-0.05}$$	$${684.79}$$ < $${685.72}$$	$${+0.03}$$	$${160.21}$$ < $${161.11}$$
✅	agent_suse_amd64	$${-0.05}$$	$${696.36}$$ < $${697.36}$$	$${-0}$$	$${177.6}$$ < $${178.56}$$
✅	agent_suse_amd64_fips	$${-0.05}$$	$${694.66}$$ < $${695.58}$$	$${+0.02}$$	$${177.52}$$ < $${178.43}$$
✅	agent_suse_arm64	$${-0.05}$$	$${686.38}$$ < $${687.37}$$	$${-0.01}$$	$${161.05}$$ < $${161.99}$$
✅	agent_suse_arm64_fips	$${-0.05}$$	$${684.79}$$ < $${685.72}$$	$${+0.03}$$	$${160.21}$$ < $${161.11}$$
✅	docker_agent_amd64	$${-0.05}$$	$${780.16}$$ < $${781.16}$$	$${-0}$$	$${268.68}$$ < $${269.63}$$
✅	docker_agent_arm64	$${-0.05}$$	$${793.63}$$ < $${794.62}$$	$${-0}$$	$${256.05}$$ < $${257.0}$$
✅	docker_agent_jmx_amd64	$${-0.05}$$	$${971.36}$$ < $${972.35}$$	$${-0.02}$$	$${337.64}$$ < $${338.6}$$
✅	docker_agent_jmx_arm64	$${-0.05}$$	$${973.42}$$ < $${974.41}$$	$${-0.01}$$	$${320.99}$$ < $${321.97}$$
✅	docker_agent_windows1809	$${-0.07}$$	$${1487.02}$$ < $${1488.0}$$	$${-0.05}$$	$${488.0}$$ < $${488.95}$$
✅	docker_agent_windows1809_core	$${-0.07}$$	$${6216.98}$$ < $${6218.0}$$	$${0}$$	$${2048.0}$$ < $${2049.0}$$
✅	docker_agent_windows1809_core_jmx	$${+22.08}$$	$${6360.9}$$ < $${6361.0}$$	$${0}$$	$${2048.0}$$ < $${2049.0}$$
✅	docker_agent_windows1809_jmx	$${-0.14}$$	$${1608.58}$$ < $${1609.5}$$	$${-0.1}$$	$${530.29}$$ < $${531.32}$$
✅	docker_agent_windows2022	$${+0.13}$$	$${1506.36}$$ < $${1507.0}$$	$${+0.01}$$	$${500.76}$$ < $${501.7}$$
✅	docker_agent_windows2022_core	$${-0.07}$$	$${6190.29}$$ < $${6311.0}$$	$${0}$$	$${2048.0}$$ < $${2049.0}$$
✅	docker_agent_windows2022_core_jmx	$${-0.09}$$	$${6311.92}$$ < $${6313.0}$$	$${0}$$	$${2048.0}$$ < $${2049.0}$$
✅	docker_agent_windows2022_jmx	$${+0.09}$$	$${1628.05}$$ < $${1628.16}$$	$${+0}$$	$${543.03}$$ < $${543.98}$$
✅	docker_cluster_agent_amd64	$${+0}$$	$${212.84}$$ < $${213.79}$$	$${-0}$$	$${72.38}$$ < $${73.33}$$
✅	docker_cluster_agent_arm64	$${0}$$	$${228.68}$$ < $${229.64}$$	$${+0}$$	$${68.65}$$ < $${69.6}$$
✅	docker_cws_instrumentation_amd64	$${0}$$	$${7.08}$$ < $${7.12}$$	$${-0}$$	$${2.95}$$ < $${3.29}$$
✅	docker_cws_instrumentation_arm64	$${0}$$	$${6.69}$$ < $${6.92}$$	$${-0}$$	$${2.7}$$ < $${3.07}$$
✅	docker_dogstatsd_amd64	$${0}$$	$${39.22}$$ < $${39.57}$$	$${+0}$$	$${15.12}$$ < $${15.76}$$
✅	docker_dogstatsd_arm64	$${0}$$	$${37.88}$$ < $${38.2}$$	$${+0}$$	$${14.53}$$ < $${14.83}$$
✅	dogstatsd_deb_amd64	$${0}$$	$${30.45}$$ < $${31.4}$$	$${+0}$$	$${8.0}$$ < $${8.95}$$
✅	dogstatsd_deb_arm64	$${0}$$	$${29.02}$$ < $${29.97}$$	$${-0}$$	$${6.94}$$ < $${7.89}$$
✅	dogstatsd_rpm_amd64	$${0}$$	$${30.45}$$ < $${31.4}$$	$${-0}$$	$${8.01}$$ < $${8.96}$$
✅	dogstatsd_suse_amd64	$${0}$$	$${30.45}$$ < $${31.4}$$	$${-0}$$	$${8.01}$$ < $${8.96}$$
✅	iot_agent_deb_amd64	$${0}$$	$${50.43}$$ < $${51.38}$$	$${-0}$$	$${12.84}$$ < $${13.79}$$
✅	iot_agent_deb_arm64	$${0}$$	$${47.9}$$ < $${48.85}$$	$${+0}$$	$${11.14}$$ < $${12.09}$$
✅	iot_agent_deb_armhf	$${0}$$	$${47.47}$$ < $${48.42}$$	$${-0.01}$$	$${11.2}$$ < $${12.16}$$
✅	iot_agent_rpm_amd64	$${0}$$	$${50.43}$$ < $${51.38}$$	$${-0}$$	$${12.86}$$ < $${13.81}$$
✅	iot_agent_rpm_arm64	$${0}$$	$${47.9}$$ < $${48.85}$$	$${-0}$$	$${11.15}$$ < $${12.11}$$
✅	iot_agent_suse_amd64	$${0}$$	$${50.43}$$ < $${51.38}$$	$${-0}$$	$${12.86}$$ < $${13.81}$$

brycekahle added the changelog/no-changelog label Jun 12, 2025

brycekahle requested a review from a team as a code owner June 12, 2025 16:35

brycekahle added the qa/done QA done before merge and regressions are covered by tests label Jun 12, 2025

github-actions bot added component/system-probe medium review PR review might take time labels Jun 12, 2025

brycekahle added the ask-review Ask required teams to review this PR label Jun 12, 2025

ofek approved these changes Jun 12, 2025

View reviewed changes

usamasaqib approved these changes Jun 13, 2025

View reviewed changes

brycekahle force-pushed the bryce.kahle/kmt-prompt-fix branch from aa33652 to 4b41ea3 Compare June 13, 2025 16:45

brycekahle added 2 commits June 13, 2025 13:29

fix password prompt during kmt.launch-stack

dfb5791

python lint

f742812

brycekahle force-pushed the bryce.kahle/kmt-prompt-fix branch from 4b41ea3 to f742812 Compare June 13, 2025 20:29

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

fix password prompt during kmt.launch-stack #37903

fix password prompt during kmt.launch-stack #37903

Uh oh!

brycekahle commented Jun 12, 2025

Uh oh!

agent-platform-auto-pr bot commented Jun 12, 2025 •

edited

Loading

Uh oh!

cit-pr-commenter bot commented Jun 12, 2025 •

edited

Loading

Fine details of change detection per experiment

Bounds Checks: ✅ Passed

Explanation

Uh oh!

agent-platform-auto-pr bot commented Jun 12, 2025 •

edited

Loading

Info

Uh oh!

Uh oh!

fix password prompt during kmt.launch-stack #37903

Are you sure you want to change the base?

fix password prompt during kmt.launch-stack #37903

Uh oh!

Conversation

brycekahle commented Jun 12, 2025

What does this PR do?

Motivation

Describe how you validated your changes

Possible Drawbacks / Trade-offs

Additional Notes

Uh oh!

agent-platform-auto-pr bot commented Jun 12, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Gitlab CI Configuration Changes

Modified Jobs

Changes Summary

Uh oh!

cit-pr-commenter bot commented Jun 12, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Regression Detector

Regression Detector Results

Optimization Goals: ✅ No significant changes detected

Fine details of change detection per experiment

Bounds Checks: ✅ Passed

Explanation

CI Pass/Fail Decision

Uh oh!

agent-platform-auto-pr bot commented Jun 12, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Static quality checks

Info

Uh oh!

Uh oh!

agent-platform-auto-pr bot commented Jun 12, 2025 •

edited

Loading

cit-pr-commenter bot commented Jun 12, 2025 •

edited

Loading

agent-platform-auto-pr bot commented Jun 12, 2025 •

edited

Loading