Support for Elastic Agent V2 status #1747
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
aleksmaus
force-pushed
the
feature-arch-v2
branch
from
4b6d2b3
to
7a1372a
Compare
💚 Build Succeeded
Expand to view the summary
Build stats
Test stats 🧪
💚 Flaky test reportTests succeeded. 🤖 GitHub commentsTo re-run your PR in the CI, just comment with:
|
|
@kpollich Maybe you review concerning the fields that need to be indexed to correctly report the state of integration. I would assume that the Which Integration are unhealthy? @nimarezainia You may want to take a look at the format above if there is are telemetry that could help us? |
ph
suggested changes
Aug 15, 2022
| // If empty, don't step on existing data | ||
| if reqComponents == nil { | ||
| return nil, nil | ||
| } |
There was a problem hiding this comment.
@aleksmaus We should probably assert the data we are receiving from Elastic Agent before sending that to Elasticsearch? Maybe we should also put some kind of limit, maybe a size based limit on the payload field to reduce the risk or document size explosion?
There was a problem hiding this comment.
This approach is basically copied from parseMeta that is used currently for "local_metadata" handling which is another blob that agent can send whatever to the fleet server.
There is already a limit check on the checking body size, default is defaultCheckinMaxBody = 1024 * 1024.
There is already the parsing of the components happens in the parseComponents which validates that is a parsable JSON. I can add a check if the components is an array.
Do we need to add field by field check? What are guarantees which fields are required vs which fields are optional?
There was a problem hiding this comment.
Will add strongly typed parsing to the "components" property tomorrow, only things that are specified in the V2 at the moment will be stored for the components, and it will need to be extended for anything extra in the future.
There was a problem hiding this comment.
Yes, once everything is V2 we should be able to be more strict on any incoming data, not sure during the transition period we can do this.
There was a problem hiding this comment.
Sounds good. Will leave it as is for now until we stabilize the schema, can tighten validation later.
| if bytes.Equal(req.Components, agent.Components) { | ||
| zlog.Trace().Msg("quick comparing agent components data is equal") | ||
| return nil, nil | ||
| } |
There was a problem hiding this comment.
I always forgot the bytes.Equal does check the len before doing the bytes check, I think.
There was a problem hiding this comment.
This approach is copied from parseMeta, works fine for nils. It seems like the compiler is optimized for this as well
https://cs.opensource.google/go/go/+/refs/tags/go1.19:src/bytes/bytes.go;l=19
blakerouse
approved these changes
Aug 15, 2022
There was a problem hiding this comment.
Looks great.
I think we need to determine what we want to do when the status, message, and components change from the Elastic Agent side. Should it disconnect from the long-poll and reconnect and send updated status, message, and components everytime it changes? At the moment the Elastic Agent only sends it based on time-interval. I think changing it to send it on every change would provide really good observability but the scale and load of that might be high.
Something to think about, but not something that is blocking this to land as it is now. Same with my inline comment to Josh.
| "description": "Last checkin message", | ||
| "type": "string" | ||
| }, | ||
| "components": { |
There was a problem hiding this comment.
@joshdover Do we want to store the status, message, and components as they change across time in a datastream so we can track the changes of an Elastic Agent across time? I think from an alerting standpoint it would be beneficial but from a scalability it would add more data and load.
ph
approved these changes
Aug 16, 2022
ph
approved these changes
Aug 16, 2022
blakerouse
added a commit
that referenced
this pull request
Nov 9, 2022
* Support for Elastic Agent V2 status (#1747) * Support for Elastic Agent V2 status * Make 'make check-ci' happy * Add a check that 'components' is valid array * Rename variable to better reflect it's meaning * [v2] Switch to Elastic Agent v2 control protocol (#1751) * Switch to new client.V2 for communication with Elastic Agent. * Fix tests. * Fix integration tests. * Update go.sum. * Fix some lint issues. * Fix panic with agentInfo. * Fix panic in logger reconfigure. * Fixes for switching units. * updated version (#2014) * Update the elastic-agent-client to latest version. (#2061) * [v2] Merge main as of Nov 7 (#2062) * [Automation] Update elastic stack version to 8.5.0-6b9f92c0 for testing (#1756) Co-authored-by: apmmachine <infra-root-apmmachine@elastic.co> * [Automation] Update elastic stack version to 8.5.0-0616acda for testing (#1760) Co-authored-by: apmmachine <infra-root-apmmachine@elastic.co> * [Automation] Update elastic stack version to 8.5.0-dd6f2bb0 for testing (#1765) Co-authored-by: apmmachine <infra-root-apmmachine@elastic.co> * [Automation] Update elastic stack version to 8.5.0-feb644de for testing (#1768) Co-authored-by: apmmachine <infra-root-apmmachine@elastic.co> * [Automation] Update elastic stack version to 8.5.0-7783a03c for testing (#1776) Co-authored-by: apmmachine <infra-root-apmmachine@elastic.co> * [Automation] Update elastic stack version to 8.5.0-17b8a62d for testing (#1780) Co-authored-by: apmmachine <infra-root-apmmachine@elastic.co> * [Automation] Update elastic stack version to 8.5.0-9aed3b11 for testing (#1784) Co-authored-by: apmmachine <infra-root-apmmachine@elastic.co> * [Automation] Update elastic stack version to 8.5.0-440e0896 for testing (#1788) Co-authored-by: apmmachine <infra-root-apmmachine@elastic.co> * [Automation] Update elastic stack version to 8.5.0-fedc3e60 for testing (#1791) Co-authored-by: apmmachine <infra-root-apmmachine@elastic.co> * [Automation] Update elastic stack version to 8.5.0-b5001a6d for testing (#1795) Co-authored-by: apmmachine <infra-root-apmmachine@elastic.co> * ci: move to fleet-ci (#1199) * Fic path to the packaging (#1806) * Fix gcs credentials for packaging (#1807) * [Automation] Update elastic stack version to 8.5.0-de69302b for testing (#1822) Co-authored-by: apmmachine <infra-root-apmmachine@elastic.co> * [Automation] Update elastic stack version to 8.5.0-1bd77fc1 for testing (#1826) Co-authored-by: apmmachine <infra-root-apmmachine@elastic.co> * [Automation] Update elastic stack version to 8.5.0-167dfc80 for testing (#1831) Co-authored-by: apmmachine <infra-root-apmmachine@elastic.co> * [Automation] Update elastic stack version to 8.5.0-6b7dda2d for testing (#1835) Co-authored-by: apmmachine <infra-root-apmmachine@elastic.co> * Allow multiple ES outputs as long as they are the same ES (#1684) * add 'outputs' field to the ES agent schema to store the API key data and permission hash for each ES output * add output name to API key metadata * add v8.5 migration to migration.go * add migration docs and improve logging * group migration functions per version * [Automation] Update elastic stack version to 8.5.0-4140365c for testing (#1837) Co-authored-by: apmmachine <infra-root-apmmachine@elastic.co> * updating upgrade_status: completed (#1833) * updating upgrade_status: completed * updated schema.json and regenerated schema.go * updated license headers * Fix v8.5.0 migration painless script (#1839) * fix v8.5.0 migration painless script * [Automation] Update elastic stack version to 8.5.0-8e906f9f for testing (#1843) Co-authored-by: apmmachine <infra-root-apmmachine@elastic.co> * ci: rename dra staging for release dra release staging (#1840) * Remove events from agent checkin body. (#1842) Remove the events attribute from the agent checkin body. Note that removal of the attribute will not stop the server from issuing a 400 if the response body is too long. The removal is so that the checkin code on the fleet-server and agent remain comparable. Co-authored-by: Blake Rouse <blake.rouse@elastic.co> * [Automation] Update elastic stack version to 8.5.0-589a4a10 for testing (#1852) Co-authored-by: apmmachine <infra-root-apmmachine@elastic.co> * [Automation] Update elastic stack version to 8.5.0-37418cf3 for testing (#1855) Co-authored-by: apmmachine <infra-root-apmmachine@elastic.co> * [Automation] Update elastic stack version to 8.5.0-fcf3d4c2 for testing (#1862) Co-authored-by: apmmachine <infra-root-apmmachine@elastic.co> * [Automation] Update elastic stack version to 8.5.0-c7913db3 for testing (#1868) Co-authored-by: apmmachine <infra-root-apmmachine@elastic.co> * Add error detail to catch-all HTTP response (#1854) * Make authc log debug and add cache hit field (#1870) * Document Go 1.18 certificate change in changelog. (#1871) * Revert "Fix v8.5.0 migration painless script" (#1878) * Revert "Fix v8.5.0 migration painless script (#1839)" This reverts commit de5d74b. * Revert "Allow multiple ES outputs as long as they are the same ES (#1684)" This reverts commit 63fdcbf. * [Automation] Update elastic stack version to 8.5.0-56d2c52d for testing (#1880) Co-authored-by: apmmachine <infra-root-apmmachine@elastic.co> * Bulk API Keys update (#1779) Bulk API Keys update (#1779) * Fix and reintroduce "Allow multiple ES outputs as long as they are the same ES" (#1879) * Revert "Revert "Fix v8.5.0 migration painless script" (#1878)" This reverts commit ef9ca2b. * Revert "Revert "Allow multiple ES outputs as long as they are the same ES (#1684)"" This reverts commit bb696ac. * avoid new API keys being marked for invalidation Co-authored-by: Michal Pristas <michal.pristas@gmail.com> He fixed the merge conflicts after Bulk API Keys update (#1779), commit 46ac14b, got merged * [Automation] Update elastic stack version to 8.5.0-7dc445a0 for testing (#1888) Co-authored-by: apmmachine <infra-root-apmmachine@elastic.co> * Update pre-sets limits to avoid overlap. (#1891) Update file max limits and env_defaults_test.go running make defaults to generate the new one * [Release] add-backport-next (#1892) * Bump version to 8.6.0 (#1895) * Catch error in waitBulkAction. Add bulk.WithRetryOnConflict(3) in multiple places. (#1896) * Catch error in waitBulkAction. Add bulk.WithRetryOnConflict(3) in multiple places. * Add changelog entry. * Update CHANGELOG.next.asciidoc Co-authored-by: Craig MacKenzie <craig.mackenzie@elastic.co> Co-authored-by: Craig MacKenzie <craig.mackenzie@elastic.co> * Update apikey.cache_hit log field name to match convention (#1900) * [Automation] Update elastic stack version to 8.6.0-21651da3 for testing (#1908) Co-authored-by: apmmachine <infra-root-apmmachine@elastic.co> * LoadLimits does not override existing values (#1912) Fleet-server will use any specified cache or server limit values over whatever is returned by the default/agent number loader. For example, if A max body size is specifically set to a value such as 5MB, and the default returned by the LoadLimits is 1MB, the 5MB value is used. * [Automation] Update elastic stack version to 8.6.0-326f84b0 for testing (#1916) Co-authored-by: apmmachine <infra-root-apmmachine@elastic.co> * [Automation] Update elastic stack version to 8.6.0-df00693f for testing (#1925) Co-authored-by: apmmachine <infra-root-apmmachine@elastic.co> * [Automation] Update elastic stack version to 8.6.0-a2f4f140 for testing (#1928) Co-authored-by: apmmachine <infra-root-apmmachine@elastic.co> * Revert "updating upgrade_status: completed (#1833)" (#1920) * Revert "updating upgrade_status: completed (#1833)" This reverts commit 23be42a. * Leaving in upgrade_status field for retry functionality * Storing checkin message in last_checkin_message (#1932) * Storing checkin message in last_checkin_message * added changelog * fixed tests * Unique limiters for each API listener (#1904) * Unique limiters for each API listener Refactor the limit.Limiter so it can wrap the separate API httprouter endpoints. Limiter.WrapX() calls take the handler and stats incrementer for metrics/error counting. api.Run() replaced with Router.Run(), which will generate an httprouter for each listener in order to be able to associate the httprouter with a unique Limiter. * Add listener address labeled logs to limiter * Review feedback * Apply suggestions from code review Co-authored-by: Anderson Queiroz <me@andersonq.me> * review feedback * fix import * Fix test Co-authored-by: Anderson Queiroz <me@andersonq.me> * Cleanup cmd/fleet/main.go (#1886) * Replace cache.Config with config.Cache * Move server setup from cmd/fleet to new pkg/server * Move constants * Fix imports and integration tests * fix linter * [Automation] Update elastic stack version to 8.6.0-158a13db for testing (#1938) Co-authored-by: apmmachine <infra-root-apmmachine@elastic.co> * [8.6](forwardport) Add extra protection against accessing null fields to 8.5 migration (#1921) (#1926) * [Automation] Update elastic stack version to 8.6.0-aea1c645 for testing (#1942) Co-authored-by: apmmachine <infra-root-apmmachine@elastic.co> * [Automation] Update elastic stack version to 8.6.0-0fca2953 for testing (#1948) Co-authored-by: apmmachine <infra-root-apmmachine@elastic.co> * [Automation] Update elastic stack version to 8.6.0-e4c15f15 for testing (#1954) Co-authored-by: apmmachine <infra-root-apmmachine@elastic.co> * Conditional log level for api key read (#1946) Conditional log level for api key read (#1946) * Updated migration query to match items with deprecated field present (#1959) Co-authored-by: Anderson Queiroz <anderson.queiroz@elastic.co> * Fix fleet.migration.total log key overlap (#1951) Co-authored-by: Anderson Queiroz <anderson.queiroz@elastic.co> * [Automation] Update elastic stack version to 8.6.0-d939cfde for testing (#1964) Co-authored-by: apmmachine <infra-root-apmmachine@elastic.co> * [Automation] Update elastic stack version to 8.6.0-7c9f25a9 for testing (#1969) Co-authored-by: apmmachine <infra-root-apmmachine@elastic.co> * [Automation] Update elastic stack version to 8.6.0-c49fac70 for testing (#1976) Co-authored-by: apmmachine <infra-root-apmmachine@elastic.co> * Update to Go 1.18.7. (#1978) * [Automation] Update elastic stack version to 8.6.0-5a8d757d for testing (#1981) Co-authored-by: apmmachine <infra-root-apmmachine@elastic.co> * [Automation] Update elastic stack version to 8.6.0-40086bc7 for testing (#1987) Co-authored-by: apmmachine <infra-root-apmmachine@elastic.co> * [Automation] Update elastic stack version to 8.6.0-233dc5d4 for testing (#1990) Co-authored-by: apmmachine <infra-root-apmmachine@elastic.co> * [Automation] Update elastic stack version to 8.6.0-54a302f0 for testing (#1995) Co-authored-by: apmmachine <infra-root-apmmachine@elastic.co> * Don't send POLICY_CHANGE actions retrieved from index to agent. (#1963) * Don't send POLICY_CHANGE actions retrieved from index to agent. The fleet-server should not send any policy change actions that are written to the actions index to an agent on checkin. The server will remove these actions in the convert method and emit a warning message. The ack token that is used is not altered in this case. Policy change actions are dynamically generated by the fleet-server when it detects that the agent is not running an up to date version of the policy. * move filtering to its own method * Fix linter, tests, fix file name * [Automation] Update elastic stack version to 8.6.0-cae815eb for testing (#2000) Co-authored-by: apmmachine <infra-root-apmmachine@elastic.co> * [Automation] Update elastic stack version to 8.6.0-6545f2df for testing (#2005) Co-authored-by: apmmachine <infra-root-apmmachine@elastic.co> * [Automation] Update elastic stack version to 8.6.0-055acc83 for testing (#2011) Co-authored-by: apmmachine <infra-root-apmmachine@elastic.co> * [Automation] Update elastic stack version to 8.6.0-baf193e8 for testing (#2016) Co-authored-by: apmmachine <infra-root-apmmachine@elastic.co> * [Automation] Update elastic stack version to 8.6.0-22d60ec9 for testing (#2020) Co-authored-by: apmmachine <infra-root-apmmachine@elastic.co> * Allow upgrade action to signal retry (#1887) * Allow upgrade action to signal retry Allow the ack of an upgrade action to set the upgrade status to retrying. * fix tests set failed state * Fix broken test * nil upgrade status by default * Set agent to healthy in case of upgrade failure * fix upgrade fields * Fix tests * [Automation] Update elastic stack version to 8.6.0-b8b35931 for testing (#2024) Co-authored-by: apmmachine <infra-root-apmmachine@elastic.co> * [Automation] Update elastic stack version to 8.6.0-a892f234 for testing (#2030) Co-authored-by: apmmachine <infra-root-apmmachine@elastic.co> * [Automation] Add GH action to add issues to ingest board Issues in this repo labeled with `Team:Fleet` will be added to the ingest board automatically w/ the `Fleet Server` area. * Update add-issues-to-ingest-board.yml * [Automation] Update elastic stack version to 8.6.0-89d224d2 for testing (#2034) Co-authored-by: apmmachine <infra-root-apmmachine@elastic.co> * [Automation] Update elastic stack version to 8.6.0-949a38d2 for testing (#2039) Co-authored-by: apmmachine <infra-root-apmmachine@elastic.co> * [Automation] Update elastic stack version to 8.6.0-26dc1164 for testing (#2045) Co-authored-by: apmmachine <infra-root-apmmachine@elastic.co> * Add active filter for enrollment key queries. (#2044) * Add active filter for enrollment key queries. Add an active: true filter to enrollment key queries. This allows fleet-server to handle cases where there may be 10+ inactive keys associated with a policy. * review feedback * fix linter * fix tests * Fix test cases * [Automation] Update elastic stack version to 8.6.0-4765d2b0 for testing (#2048) Co-authored-by: apmmachine <infra-root-apmmachine@elastic.co> * [Automation] Update elastic stack version to 8.6.0-8a615646 for testing (#2050) Co-authored-by: apmmachine <infra-root-apmmachine@elastic.co> * [Automation] Update elastic stack version to 8.6.0-3f5f98b7 for testing (#2051) Co-authored-by: apmmachine <infra-root-apmmachine@elastic.co> * [Automation] Update elastic stack version to 8.6.0-f20b7179 for testing (#2056) Co-authored-by: apmmachine <infra-root-apmmachine@elastic.co> * Run mod tidy. * Run make notice. * Fix intergration tests. * Run go mod tidy and make notice. * Fix path to fleet-server.yml in integration test. * Fix race condition. * Fix try 2. * Fix race. * Fix race try 2. Co-authored-by: apmmachine <58790750+apmmachine@users.noreply.github.com> Co-authored-by: apmmachine <infra-root-apmmachine@elastic.co> Co-authored-by: Victor Martinez <victormartinezrubio@gmail.com> Co-authored-by: Anderson Queiroz <anderson.queiroz@elastic.co> Co-authored-by: Julia Bardi <90178898+juliaElastic@users.noreply.github.com> Co-authored-by: Michel Laterman <82832767+michel-laterman@users.noreply.github.com> Co-authored-by: Josh Dover <1813008+joshdover@users.noreply.github.com> Co-authored-by: Craig MacKenzie <craig.mackenzie@elastic.co> Co-authored-by: Michal Pristas <michal.pristas@gmail.com> Co-authored-by: Julien Lind <julien.lind@elastic.co> Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> Co-authored-by: Anderson Queiroz <me@andersonq.me> Co-authored-by: Kyle Pollich <kyle.pollich@elastic.co> Co-authored-by: Aleksandr Maus <aleksandr.maus@elastic.co> Co-authored-by: Michal Pristas <michal.pristas@gmail.com> Co-authored-by: apmmachine <58790750+apmmachine@users.noreply.github.com> Co-authored-by: apmmachine <infra-root-apmmachine@elastic.co> Co-authored-by: Victor Martinez <victormartinezrubio@gmail.com> Co-authored-by: Anderson Queiroz <anderson.queiroz@elastic.co> Co-authored-by: Julia Bardi <90178898+juliaElastic@users.noreply.github.com> Co-authored-by: Michel Laterman <82832767+michel-laterman@users.noreply.github.com> Co-authored-by: Josh Dover <1813008+joshdover@users.noreply.github.com> Co-authored-by: Craig MacKenzie <craig.mackenzie@elastic.co> Co-authored-by: Julien Lind <julien.lind@elastic.co> Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> Co-authored-by: Anderson Queiroz <me@andersonq.me> Co-authored-by: Kyle Pollich <kyle.pollich@elastic.co>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What is the problem this PR solves?
Adds support for Elastic Agent V2 status
How does this PR solve the problem?
Extends the current checkin logic with new payload.
Open question: What fields of any need to be indexed? Need to update the .fleet-agents index mapping with newly added fields, and need to know if any details of the components/units need to be searchable or we should not index it at all.
How to test this PR locally
This needs to be tested along with the corresponding agent changes from elastic/elastic-agent#916
Checklist
Related issues
Screenshots
The fragment of the .fleet-agents document with V2 data.
