Skip to main content

Inspektor Gadget is available in AzureLinux 3

Francis Laniel
· 2 min read

Last week, the team behind Azure Linux officially released its version 3. Starting with this version, Inspektor Gadget is available in the official repository and can be installed by simply calling tdnf. Let's now deploy an Azure Linux 3 VM to install and use Inspektor Gadget, specifically the trace exec gadget to monitor the corresponding syscalls:

you@home$ resource_group='azure-linux-3'
you@home$ vm='azure-linux-3-vm'
you@home$ admin='testadmin'
you@home$ image='MicrosoftCBLMariner:azure-linux-3:azure-linux-3:3.20240727.01'
you@home$ az group create --name $resource_group --location westeurope
...
you@home$ az vm create --resource-group $resource_group --name $vm --image $image --admin-username ${admin} --generate-ssh-keys --security-type Standard
...
you@home$ ip=$(az vm show --resource-group $resource_group --name $vm -d --query '[privateIps]' --output tsv)
you@home$ ssh $admin@$ip
testadmin@azure-linux-3-vm [ ~ ]$ cat /etc/os-release
NAME="Microsoft Azure Linux"
VERSION="3.0.20240727"
ID=azurelinux
VERSION_ID="3.0"
PRETTY_NAME="Microsoft Azure Linux 3.0"
ANSI_COLOR="1;34"
HOME_URL="https://aka.ms/azurelinux"
BUG_REPORT_URL="https://aka.ms/azurelinux"
SUPPORT_URL="https://aka.ms/azurelinux"
testadmin@azure-linux-3-vm [ ~ ]$ sudo tdnf install -y ig
Installing:
ig x86_64 0.30.0-1.azl3 azurelinux-official-base 69.42M 18.23M

Total installed size: 69.42M
Total download size: 18.23M
ig 19119377 100%
warning: /var/cache/tdnf/azurelinux-official-base/rpms/Packages/i/ig-0.30.0-1.azl3.x86_64.rpm: Header V4 RSA/SHA256 Signature, key ID 3135ce90: NOKEY
importing key from file:///etc/pki/rpm-gpg/MICROSOFT-RPM-GPG-KEY
Testing transaction
Running transaction
Installing/Updating: ig-0.30.0-1.azl3.x86_64
testadmin@azure-linux-3-vm [ ~ ]$ ig version
v30.0.0
testadmin@azure-linux-3-vm [ ~ ]$ while true; do date > /dev/null; sleep 1; done &
[1] 2035
testadmin@azure-linux-3-vm [ ~ ]$ sudo ig trace exec --host
RUNTIME.CONTAINERNAME PID PPID COMM PCOMM RET ARGS
2127 2035 date bash 0 /usr/bin/date
2128 2035 sleep bash 0 /usr/bin/sleep 1
2129 2035 date bash 0 /usr/bin/date
2130 2035 sleep bash 0 /usr/bin/sleep 1
^C
testadmin@azure-linux-3-vm [ ~ ]$ kill 2035

As you can see, ig was able to report the exec() syscalls done to run date and sleep! This way, you can use the tool to diagnose and troubleshoot AzureLinux host processes as well as processes running in containers!

This work would not have been possible without the help from the AzureLinux team, particularly Christopher Co and Muhammad Falak R. Wani! We thank them for making it possible!