fix: tests intégration matrix — procps-ng, varnish h2, hitch ALPN, pgrep→ps

- Ajout de procps-ng dans les 4 Dockerfiles runtime (ps/pgrep disponibles) - Remplacement de pgrep par ps -C dans tous les run-tests.sh - Correction entrypoint nginx-varnish : pgrep nginx → cat nginx.pid (exit 127) - Activation HTTP/2 dans Varnish : ajout de -p feature=+http2 dans les entrypoints nginx-varnish et hitch-varnish - Restauration ALPN h2,http/1.1 dans hitch.conf (varnish supporte maintenant h2) - Correction healthcheck hitch-varnish : curl sans --http1.1 (h2 fonctionnel) - Correction requêtes phase_verify : http_logs_raw → http_logs, colonnes correctes - Correction writer clickhouse.go : noms JSON alignés avec la MV (ip_meta_*, tls_sni…) - Fix toStartOfSecond(DateTime) → toStartOfSecond(toDateTime64(col, 3)) - Retrait du SKIP el8/nginx-varnish (varnish s'installe bien sur AlmaLinux 8) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-04-12 01:29:01 +02:00
parent 3b047b680a
commit dc6ffd6474
25 changed files with 431 additions and 345 deletions
--- a/tests/integration/lib/run-stack-tests.sh
+++ b/tests/integration/lib/run-stack-tests.sh
@ -71,7 +71,10 @@ wait_for_service() {
 phase_build() {
    log "========== Phase 1 : Build =========="
    _dc build --parallel 2>&1 | tail -20
-    [ "$BUILD_ONLY" = true ] && { log "Build terminé (--build-only)."; exit 0; }
+    if [ "${BUILD_ONLY:-false}" = true ]; then
+        log "Build terminé (--build-only)."
+        exit 0
+    fi
 }

 # ---------------------------------------------------------------------------
@ -139,7 +142,7 @@ phase_verify() {

    # 5a. Lignes brutes insérées par ja4ebpf
    local raw_count
-    raw_count=$(ch_query "SELECT count() FROM ja4_logs.http_logs_raw")
+    raw_count=$(ch_query "SELECT count() FROM ja4_logs.http_logs_raw" || echo "0")
    if [ "${raw_count:-0}" -gt 0 ] 2>/dev/null; then
        pass "http_logs_raw : $raw_count lignes insérées par ja4ebpf"
    else
@ -149,25 +152,26 @@ phase_verify() {
    fi

    # 5b. Fingerprints JA4 capturés (hook TC + parsing TLS ClientHello)
+    # Requête sur http_logs (colonnes structurées après le MV)
    local ja4_count ja4_uniq
-    ja4_count=$(ch_query "SELECT count()     FROM ja4_logs.http_logs_raw WHERE ja4 != ''")
-    ja4_uniq=$(ch_query  "SELECT count(DISTINCT ja4) FROM ja4_logs.http_logs_raw WHERE ja4 != ''")
+    ja4_count=$(ch_query "SELECT count()            FROM ja4_logs.http_logs WHERE ja4 != ''" || echo "0")
+    ja4_uniq=$( ch_query "SELECT count(DISTINCT ja4) FROM ja4_logs.http_logs WHERE ja4 != ''" || echo "0")
    if [ "${ja4_count:-0}" -gt 0 ] 2>/dev/null; then
        pass "JA4 : $ja4_count enregistrements, $ja4_uniq fingerprints distincts"
        local ja4_sample
-        ja4_sample=$(ch_query "SELECT ja4 FROM ja4_logs.http_logs_raw WHERE ja4 != '' LIMIT 1")
+        ja4_sample=$(ch_query "SELECT ja4 FROM ja4_logs.http_logs WHERE ja4 != '' LIMIT 1" || echo "")
        log "  Exemple JA4 : $ja4_sample"
    else
        warn "Aucun fingerprint JA4 (hook TC peut-être non chargé — vérifier CAP_BPF)"
    fi

-    # 5c. Données L3/L4 (TTL, MSS, Window)
+    # 5c. Données L3/L4 (TTL, MSS, Window) — colonnes ip_meta_* / tcp_meta_* dans http_logs
    local l34_count
-    l34_count=$(ch_query "SELECT count() FROM ja4_logs.http_logs_raw WHERE ttl > 0")
+    l34_count=$(ch_query "SELECT count() FROM ja4_logs.http_logs WHERE ip_meta_ttl > 0" || echo "0")
    if [ "${l34_count:-0}" -gt 0 ] 2>/dev/null; then
        pass "L3/L4 : $l34_count enregistrements avec TTL (hook TC actif)"
        local ttl_sample
-        ttl_sample=$(ch_query "SELECT ttl, mss, window_size FROM ja4_logs.http_logs_raw WHERE ttl > 0 LIMIT 1 FORMAT TabSeparated")
+        ttl_sample=$(ch_query "SELECT ip_meta_ttl, tcp_meta_mss, tcp_meta_window_size FROM ja4_logs.http_logs WHERE ip_meta_ttl > 0 LIMIT 1 FORMAT TabSeparated" || echo "")
        log "  TTL/MSS/Window sample : $ttl_sample"
    else
        warn "Données L3/L4 absentes (hook TC ingress non attaché)"
@ -175,8 +179,8 @@ phase_verify() {

    # 5d. Requêtes HTTP capturées (uprobe SSL_read)
    local http_count methods
-    http_count=$(ch_query "SELECT count() FROM ja4_logs.http_logs_raw WHERE method != ''")
-    methods=$(ch_query "SELECT groupArray(method) FROM (SELECT DISTINCT method FROM ja4_logs.http_logs_raw WHERE method != '' ORDER BY method)")
+    http_count=$(ch_query "SELECT count() FROM ja4_logs.http_logs WHERE method != ''" || echo "0")
+    methods=$(   ch_query "SELECT groupArray(method) FROM (SELECT DISTINCT method FROM ja4_logs.http_logs WHERE method != '' ORDER BY method)" || echo "")
    if [ "${http_count:-0}" -gt 0 ] 2>/dev/null; then
        pass "L7 HTTP : $http_count requêtes capturées via uprobe SSL_read"
        pass "Méthodes HTTP vues : $methods"
@ -184,22 +188,22 @@ phase_verify() {
        warn "Aucune requête HTTP capturée (uprobe SSL_read non attaché)"
    fi

-    # 5e. HTTP/2 SETTINGS capturés (uprobe + parsing preface H2)
-    local h2_count
-    h2_count=$(ch_query "SELECT count() FROM ja4_logs.http_logs_raw WHERE h2_settings != ''")
-    if [ "${h2_count:-0}" -gt 0 ] 2>/dev/null; then
-        pass "HTTP/2 SETTINGS : $h2_count connexions H2 avec preface capturée"
-        local h2_sample
-        h2_sample=$(ch_query "SELECT h2_settings FROM ja4_logs.http_logs_raw WHERE h2_settings != '' LIMIT 1")
-        log "  Exemple H2 SETTINGS : $h2_sample"
+    # 5e. TLS SNI capturés (hook TC + parsing ClientHello)
+    local sni_count
+    sni_count=$(ch_query "SELECT count() FROM ja4_logs.http_logs WHERE tls_sni != ''" || echo "0")
+    if [ "${sni_count:-0}" -gt 0 ] 2>/dev/null; then
+        pass "TLS SNI : $sni_count enregistrements avec SNI capturé"
+        local sni_sample
+        sni_sample=$(ch_query "SELECT tls_sni FROM ja4_logs.http_logs WHERE tls_sni != '' LIMIT 1" || echo "")
+        log "  Exemple SNI : $sni_sample"
    else
-        warn "Pas de SETTINGS HTTP/2 (trafic h2 absent ou ALPN négociation échouée)"
+        warn "Aucun SNI capturé (trafic TLS sans extension SNI ou hook TC inactif)"
    fi

    # 5f. Corrélation L3/L4 ↔ L7 (flag correlated)
    local corr_total corr_yes corr_pct
-    corr_total=$(ch_query "SELECT count() FROM ja4_logs.http_logs_raw WHERE method != ''")
-    corr_yes=$(ch_query   "SELECT count() FROM ja4_logs.http_logs_raw WHERE correlated = true AND method != ''")
+    corr_total=$(ch_query "SELECT count() FROM ja4_logs.http_logs WHERE method != ''"                    || echo "0")
+    corr_yes=$(  ch_query "SELECT count() FROM ja4_logs.http_logs WHERE correlated = 1 AND method != ''" || echo "0")
    if [ "${corr_total:-0}" -gt 0 ] 2>/dev/null; then
        corr_pct=$(echo "$corr_yes $corr_total" | awk '{printf "%.0f", $1*100/$2}')
        if [ "${corr_pct:-0}" -ge 50 ] 2>/dev/null; then
@ -211,7 +215,7 @@ phase_verify() {

    # 5g. Keep-alives (multiplexage TCP)
    local ka_max
-    ka_max=$(ch_query "SELECT max(maxkeepalives) FROM ja4_logs.http_logs_raw")
+    ka_max=$(ch_query "SELECT max(keepalives) FROM ja4_logs.http_logs" || echo "0")
    if [ "${ka_max:-0}" -gt 1 ] 2>/dev/null; then
        pass "Keep-alives TCP : max $ka_max requêtes sur une même connexion"
    else