Merge pull request #1 from edera-dev/bleggett/preflight-newstuff

Various fixes and reorg

Author: bleggett

Cargo.lock

@@ -2,6 +2,7 @@
 name = "preflight"
 version = "0.1.0"
 edition = "2024"
+description = "CLI to run pre-deployment checks before running workloads."
 
 [dependencies]
 anyhow = "1.0.99"
@@ -12,3 +13,9 @@ log = "0.4.28"
 procfs = "0.18.0"
 sysinfo = "0.36.1"
 tar = "0.4.44"
+tokio = { version = "1", features = ["full"] }
+tokio-util = { version = "0.7" }
+tokio-stream = { version = "0.1", features = ["io-util", "net"] }
+nix = { version= "0.31", features = ["sched"] }
+futures = "0.3"
+async-trait = "0.1"

Cargo.toml

@@ -1,29 +1,35 @@
 # Preflight CLI
 
 Internal CLI to run **pre-deployment checks** before running workloads.  
-Checks are organized into groups (e.g., `System Checks`, `Scripted Checks`) and controlled via environment variables.  
+Checks are organized into groups (e.g., `PVH Checks`, `Kernel Checks`) and controlled via environment variables.
 
 ---
 
 ## Usage
 
-Run inside Docker:
+### Run official release via Docker
 
 ```bash
 docker run \
   --pull always \
   --env RUST_LOG=debug \
   --env EDERA_PREFLIGHT_VERBOSE=true \
-  --env EDERA_PREFLIGHT_TARGET_DIR='/host' \
-  --env EDERA_PREFLIGHT_SKIP_GROUPS='ScriptedChecks;SystemChecks' \
-  --env EDERA_PREFLIGHT_SCRIPTS_DIR=/scripts \
-  --volume /:/host \
+  --env EDERA_PREFLIGHT_SKIP_GROUPS='PVHChecks;KernelChecks' \
   --pid host \
-  --net host \
   --privileged \
   us-central1-docker.pkg.dev/edera-protect/staging/protect-preflight:main
 ```
 
+Podman should also work.
+
+### Run locally from repo root via Docker
+
+Recommended way to run locally and debug/validate, will use local copy of repo.
+
+```bash
+sh hack/debug/local.sh
+```
+
 ---
 
 ## Environment Variables
@@ -32,28 +38,46 @@ docker run \
 | ----------------------------- | ------------------------------------------------------ | ----------------------------- |
 | `RUST_LOG`                    | Log level (`error`, `warn`, `info`, `debug`, `trace`). | `debug`                       |
 | `EDERA_PREFLIGHT_VERBOSE`     | Enable verbose output (`true`/`false`).                | `true`                        |
-| `EDERA_PREFLIGHT_SKIP_GROUPS` | Semicolon-separated list of groups to skip.            | `SystemChecks;ScriptedChecks` |
-| `EDERA_PREFLIGHT_SCRIPTS_DIR` | Directory containing custom shell-script checks.       | `/scripts`                    |
-| `EDERA_PREFLIGHT_TARGET_DIR` | Directory to chroot to before running checks. Needed when running in a container.       | `/host`                    |
+| `EDERA_PREFLIGHT_SKIP_GROUPS` | Semicolon-separated list of groups to skip.            | `PVHChecks;KernelChecks` |
 | `EDERA_PREFLIGHT_REPORT_DIR` | Directory to write a report to. Defaults to tmpdir       | `/tmp`                    |
 
 ---
 
 ## Example Output
 
 ```text
-[2025-09-17T05:05:33Z INFO  preflight] Running Group [System Checks] - System requirement checks
-[2025-09-17T05:05:33Z DEBUG preflight::system] total memory = 66617298944
-[2025-09-17T05:05:33Z ERROR preflight] [System Checks] Errored: group errored
-[2025-09-17T05:05:33Z INFO  preflight] [System Checks] Enough Memory: Passed
-[2025-09-17T05:05:33Z ERROR preflight] [System Checks] Should Error: Errored: Pretending to error
-[2025-09-17T05:05:33Z WARN  preflight] [System Checks] Should Fail: Failed: Pretending to fail
-[2025-09-17T05:05:33Z INFO  preflight] Running Group [Scripted Checks] - Checks composed through small shell scripts
-[2025-09-17T05:05:33Z ERROR preflight] [Scripted Checks] Errored: group errored
-[2025-09-17T05:05:33Z INFO  preflight] [Scripted Checks] Should Pass: Passed
-[2025-09-17T05:05:33Z WARN  preflight] [Scripted Checks] Should Fail: Failed: script returned Some(1)
-[2025-09-17T05:05:33Z ERROR preflight] [Scripted Checks] /totally/fake/script: Errored: No such file or directory (os error 2)
-Error: checks failed
+[2026-02-13T00:28:35Z INFO  preflight] Writing all files to /tmp/protect-preflight-bundle-20260213-002835
+[2026-02-13T00:28:35Z INFO  preflight] Running Group [System Checks] - System requirement checks
+[2026-02-13T00:28:35Z DEBUG preflight::checkers::system] Enough space on disk mounted at / - 617760940032
+[2026-02-13T00:28:35Z DEBUG preflight::checkers::system] Not enough space on disk mounted at /etc/resolv.conf - 9729925120
+[2026-02-13T00:28:35Z DEBUG preflight::checkers::system] Enough space on disk mounted at /etc/hostname - 617760940032
+[2026-02-13T00:28:35Z DEBUG preflight::checkers::system] Enough space on disk mounted at /etc/hosts - 617760940032[2026-02-13T00:28:35Z DEBUG preflight::checkers::system] total memory = 28762972160
+[2026-02-13T00:28:35Z INFO  preflight::helpers] [System Checks] Passed
+[2026-02-13T00:28:35Z INFO  preflight::helpers] [System Checks] Enough Memory: Passed
+[2026-02-13T00:28:35Z INFO  preflight::helpers] [System Checks] Enough Disk: Passed
+[2026-02-13T00:28:35Z INFO  preflight] Running Group [PVH Checks] - PVH capability checks
+[2026-02-13T00:28:35Z DEBUG preflight::checkers::pvh] VM_CR=0x0 (svmdis=0)
+[2026-02-13T00:28:35Z DEBUG preflight::checkers::pvh] EFER=0x200d01 (SVME=0)
+[2026-02-13T00:28:35Z DEBUG preflight::checkers::pvh] AMD-V supported but unavailable under hypervisor
+[2026-02-13T00:28:35Z DEBUG preflight::checkers::pvh] Virtualization is enabled or can be enabled
+[2026-02-13T00:28:35Z DEBUG preflight::helpers] [PVH Checks] Skipped
+[2026-02-13T00:28:35Z INFO  preflight::helpers] [PVH Checks] PVH Support: Passed
+[2026-02-13T00:28:35Z INFO  preflight] Running Group [Kernel Checks] - Kernel requirement checks
+[2026-02-13T00:28:35Z DEBUG preflight::checkers::kernel] module msr
+[2026-02-13T00:28:35Z DEBUG preflight::checkers::kernel] module nf_tables
+[2026-02-13T00:28:35Z INFO  preflight::helpers] [Kernel Checks] Passed
+[2026-02-13T00:28:35Z INFO  preflight::helpers] [Kernel Checks] Host Has Necessary Modules: Passed
+[2026-02-13T00:28:35Z INFO  preflight::helpers] [Kernel Checks] Host Kernel Version Is Good: Passed
+[2026-02-13T00:28:35Z INFO  preflight] Running Group [System Info Recorder] - System requirement and status checks - records for informational purposes
+[2026-02-13T00:28:35Z INFO  preflight::helpers] [System Info Recorder] Passed
+[2026-02-13T00:28:35Z INFO  preflight::helpers] [System Info Recorder] Record lspci -vvv: Passed
+[2026-02-13T00:28:35Z INFO  preflight::helpers] [System Info Recorder] Record dmidecode: Passed
+[2026-02-13T00:28:35Z INFO  preflight::helpers] [System Info Recorder] Record /proc/cpuinfo: Passed
+[2026-02-13T00:28:35Z INFO  preflight::helpers] [System Info Recorder] Record /proc/cmdline: Passed
+[2026-02-13T00:28:35Z INFO  preflight::helpers] [System Info Recorder] Record /boot/grub2/grub.cfg: Passed
+[2026-02-13T00:28:35Z INFO  preflight::helpers] [System Info Recorder] Record boot/config-6.18.6: Passed
+[2026-02-13T00:28:35Z DEBUG preflight] Read 84023 bytes of tar
+[2026-02-13T00:28:35Z INFO  preflight] Wrote to: /tmp/protect-preflight-bundle-20260213-002835.tar.gz
 ```
 
 * **INFO** → check passed or group started
@@ -67,8 +91,11 @@ Exit code is **non-zero** if any check/group fails or errors.
 ## Notes
 
 * Use `EDERA_PREFLIGHT_SKIP_GROUPS` to bypass slow or irrelevant checks.
-* Script-based checks must be **executable** and located in `EDERA_PREFLIGHT_SCRIPTS_DIR`.
 
-## Script Based Checks
+## Dev Notes
+
+* [src/recorders](src/recorders) - Special category of checkers that capture host machine state and generate informational reports.
+* [src/checkers](src/checkers) - All checkers that validate and actively interrogate various aspects of the host machine go here.
+* [src/helpers](src/helpers) - Shared bits.
 
-Check the scripts [README.md](./scripts/README.md)
+By default, everything runs inside the container, and any system tools or binaries or other bits needed by the checkers can be installed or baked inside the container. For checks that need to jump out and touch the host filesystem or state, we use the [src/helpers/host_executor.rs](src/helpers/host_executor.rs).

README.md

@@ -0,0 +1,8 @@
+#!/bin/sh
+set -e
+
+REAL_SCRIPT="$(realpath "${0}")"
+cd "$(dirname "${REAL_SCRIPT}")/../.."
+
+./hack/build/cargo.sh clippy --all --fix --allow-dirty --allow-staged
+./hack/build/cargo.sh fmt --all

hack/code/autofix.sh

@@ -0,0 +1,16 @@
+#!/usr/bin/env sh
+set -e
+
+VER=$(date +%s)
+USERIMG=$(whoami)
+REGISTRY="localhost"
+
+docker build . -f ./images/Containerfile.preflight -t "${REGISTRY}/${USERIMG}-preflight-debug:${VER}"
+
+docker run --privileged --pid="host" \
+  -e RUST_LOG="debug" \
+  -e EDERA_PREFLIGHT_VERBOSE=true \
+  -e EDERA_PREFLIGHT_TARGET_DIR='/host' \
+  -e EDERA_PREFLIGHT_SKIP_GROUPS='' \
+  -e EDERA_PREFLIGHT_SCRIPTS_DIR=/scripts \
+  "${REGISTRY}/${USERIMG}-preflight-debug:${VER}"

hack/debug/local.sh

@@ -1,4 +1,4 @@
-FROM ghcr.io/edera-dev/cross-base-linux-musl:latest@sha256:87ba899ea380bd85c22f194ab2f4f2cf791fc832d27ee20bb00d07ce23771975 AS build
+FROM ghcr.io/edera-dev/cross-base-linux-musl:latest@sha256:a591bb18a5ede06c6e814a4d263dddb172e0b9f998873841163585c286484983 AS build
 
 ENV TARGET_LIBC=musl TARGET_VENDOR=unknown DISABLE_CROSS_RS=1
 
@@ -10,4 +10,3 @@ RUN mv ./target/$(./hack/build/target.sh)/release/preflight /usr/sbin
 FROM cgr.dev/chainguard/wolfi-base:latest
 ENTRYPOINT ["/usr/sbin/preflight"]
 COPY --from=build /usr/sbin/preflight /usr/sbin/preflight
-COPY --from=build /usr/src/app/scripts /scripts