Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make the osquery extension and runner separate rungroups #1596

Merged
merged 7 commits into from
Feb 14, 2024
Merged

Make the osquery extension and runner separate rungroups #1596

merged 7 commits into from
Feb 14, 2024

Conversation

RebeccaMahany
Copy link
Contributor

@RebeccaMahany RebeccaMahany commented Feb 9, 2024
edited
Loading

Relates to #1473

Currently, we have an actorQuerier rungroup wrapper around both the extension and the runner, which act as a semi-conjoined single rungroup. They don't need to be coupled like this: the extension doesn't need the runner (since we officially disabled the initial runner), and the runner doesn't need the extension (it just needs a couple opts passed in to register the extension correctly when creating the osquery instance). My hope is that decoupling them will make it easier for us to handle the "unenrolled" state and give us better flexibility for how we want to do that. I also think it'll make rewriting our rungroups easier in the future, too.

This PR makes the following changes:

  • Makes the runner and the extension both adhere to the rungroup actor interface
  • Decouples the runner and the extension
  • Removes support for osquery transport method (we don't really use it and haven't for a while)
  • Removes unused initial runner
  • Gives the runner access to the knapsack
  • Gives the runner access to its own slogger instead of having to reach into the instance to use its logger
Testing notes
  • launcher can start up osquery successfully
  • launcher will restart osquery if the process is manually killed
  • can query kolide_ tables provided by the extension
  • enrollment works
  • logs show up with component osquery_runner and osquery_extension as expected

@RebeccaMahany RebeccaMahany marked this pull request as ready for review February 12, 2024 15:00
James-Pickett
James-Pickett previously approved these changes Feb 12, 2024
View reviewed changes
Copy link
Contributor

@James-Pickett James-Pickett left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nice, this is much cleaner!

zackattack01
zackattack01 previously approved these changes Feb 12, 2024
View reviewed changes
Copy link
Contributor

@zackattack01 zackattack01 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks great! 🔥

@RebeccaMahany
Copy link
Contributor Author

Will merge this after we declare v1.5.3 stable

@RebeccaMahany RebeccaMahany added this pull request to the merge queue Feb 14, 2024
Merged via the queue into kolide:main with commit f36db67 Feb 14, 2024
26 checks passed
@RebeccaMahany RebeccaMahany deleted the becca/runner-rungroup branch February 14, 2024 14:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@James-Pickett James-Pickett James-Pickett approved these changes

@zackattack01 zackattack01 zackattack01 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@RebeccaMahany @James-Pickett @zackattack01