Generate the enrollment details on launcher startup #2045
Conversation
… and update related methods
…rollmentDetails struct to types
| @@ -749,3 +771,40 @@ func (ta *TufAutoupdater) cleanUpOldErrors() { | |||
| ) | |||
| } | |||
| } | |||
|
|
|||
| // collectAndSetEnrollmentDetails collects the runtime enrollment details for the | |||
There was a problem hiding this comment.
Is this duplicated with the one in run?
There was a problem hiding this comment.
I think it'd be reasonable to add a function to pkg/osquery/enrollment_details.go that looks like CollectAndSetEnrollmentDetails(ctx context.Context, k types.Knapsack) so we don't have to duplicate it here + below runLauncher 🙂 . (Or maybe CollectAndSetEnrollmentDetails(ctx context.Context, k types.Knapsack, collectTimeout time.Duration, collectRetryInterval time.Duration)?)
| @@ -528,6 +541,15 @@ func (ta *TufAutoupdater) checkForUpdate(binariesToCheck []autoupdatableBinary) | |||
| if updatedVersion, ok := updatesDownloaded[binaryLauncher]; ok { | |||
| // Only reload if we're not using a localdev path | |||
| if ta.knapsack.LocalDevelopmentPath() == "" { | |||
| ctx := context.Background() | |||
There was a problem hiding this comment.
I'll defer to becca, but I'm not sure this is the right place
There was a problem hiding this comment.
Thinking...we have both LauncherVersion and OsqueryVersion inside the enrollment details, so that's why I'd wanted it updated after autoupdate. If we want to keep it here for that reason, then it probably makes more sense to only update EnrollmentDetails.LauncherVersion and EnrollmentDetails.OsqueryVersion -- we don't need to regenerate the rest of the enrollment details at this time. What do you think?
| @@ -638,3 +648,46 @@ func runOsqueryVersionCheckAndAddToKnapsack(ctx context.Context, slogger *slog.L | |||
| "osqueryd_path", osquerydPath, | |||
| ) | |||
| } | |||
|
|
|||
| func getEnrollmentDetails(ctx context.Context, k types.Knapsack, startupSpan trace.Span, slogger *slog.Logger) service.EnrollmentDetails { | |||
There was a problem hiding this comment.
It is better to create a new child span here rather than passing in the startup span -- it will give us better and more specific timing details, and is more consistent with what we do elsewhere. The ctx that you're passing in here already has information about startupSpan, so you can use it to automatically create a child span that hangs off startupSpan:
ctx, span := traces.StartSpan(ctx)
defer span.End()
| ) | ||
| } | ||
| return err | ||
| }, 30*time.Second, 5*time.Second); err != nil { |
There was a problem hiding this comment.
This can delay launcher startup for up to 30 seconds -- I think we probably don't want to do that. Maybe we should call getEnrollmentDetails in a goroutine so that it doesn't halt startup? (We would probably want to make knapsack.enrollmentDetails nullable -- var enrollmentDetails *types.EnrollmentDetails -- and then have extension.Enroll wait for those details to be available.)
| if os.Getenv("LAUNCHER_DEBUG_ENROLL_DETAILS_REQUIRED") == "true" { | ||
| slogger.Log(ctx, slog.LevelError, | ||
| "enrollment details required but failed to get them", | ||
| "err", err, | ||
| ) | ||
| } |
There was a problem hiding this comment.
@directionless are we able to rip this out? I don't see it in use anywhere in launcher.
There was a problem hiding this comment.
I don't remember what I was debugging with this. Feel free to remove
| Unknown EnrollmentStatus = "unknown" | ||
| ) | ||
|
|
||
| // Move EnrollmentDetails from service package to types |
There was a problem hiding this comment.
I think this comment should be updated to describe the struct
| func (k *knapsack) SetEnrollmentDetails(details types.EnrollmentDetails) error { | ||
| // Only update if there are actual changes | ||
| if details != enrollmentDetails { | ||
| k.slogger.Logger.DebugContext(context.Background(), "updating enrollment details") |
There was a problem hiding this comment.
We prefer to use the Log method with the corresponding level for consistency. Probably useful to also log the old/new details to see what changed?
k.Slogger().Log(context.Background(), slog.LevelDebug,
"updating enrollment details",
"old_details", enrollmentDetails,
"new_details", details,
)
(May need to do fmt.Sprintf("%+v", enrollmentDetails), I forget how well these get stringified inside the logs.)
| @@ -749,3 +771,40 @@ func (ta *TufAutoupdater) cleanUpOldErrors() { | |||
| ) | |||
| } | |||
| } | |||
|
|
|||
| // collectAndSetEnrollmentDetails collects the runtime enrollment details for the | |||
There was a problem hiding this comment.
I think it'd be reasonable to add a function to pkg/osquery/enrollment_details.go that looks like CollectAndSetEnrollmentDetails(ctx context.Context, k types.Knapsack) so we don't have to duplicate it here + below runLauncher 🙂 . (Or maybe CollectAndSetEnrollmentDetails(ctx context.Context, k types.Knapsack, collectTimeout time.Duration, collectRetryInterval time.Duration)?)
| @@ -528,6 +541,15 @@ func (ta *TufAutoupdater) checkForUpdate(binariesToCheck []autoupdatableBinary) | |||
| if updatedVersion, ok := updatesDownloaded[binaryLauncher]; ok { | |||
| // Only reload if we're not using a localdev path | |||
| if ta.knapsack.LocalDevelopmentPath() == "" { | |||
| ctx := context.Background() | |||
There was a problem hiding this comment.
Thinking...we have both LauncherVersion and OsqueryVersion inside the enrollment details, so that's why I'd wanted it updated after autoupdate. If we want to keep it here for that reason, then it probably makes more sense to only update EnrollmentDetails.LauncherVersion and EnrollmentDetails.OsqueryVersion -- we don't need to regenerate the rest of the enrollment details at this time. What do you think?
This pull request introduces new functionality for managing enrollment details and updates several mocks in the
knapsackpackage. The key changes include adding methods for setting and getting enrollment details, movingEnrollmentDetailsto a new location, and updating the mocks accordingly.Open Questions:
New Functionality for Enrollment Details:
cmd/launcher/launcher.go: Added logic to retrieve and set runtime enrollment details, including a retry mechanism with backoff for fetching osquery enrollment details.ee/agent/knapsack/knapsack.go: IntroducedSetEnrollmentDetailsandGetEnrollmentDetailsmethods to manage enrollment details.ee/agent/types/enrollment.go: MovedEnrollmentDetailsstruct from the service package to the types package, and definedEnrollmentStatusconstants.ee/agent/types/knapsack.go: Updated theKnapsackinterface to include methods for managing enrollment details.Updates to Mocks:
ee/agent/types/mocks/knapsack.go: Added mock implementations for the newGetEnrollmentDetailsandSetEnrollmentDetailsmethods. [1] [2]ee/agent/types/mocks/flags.go: Removed several unused mock methods related to osquery endpoints.These changes enhance the functionality and maintainability of the
knapsackpackage by providing a standardized way to handle enrollment details and updating the mocks to reflect the new methods.Updates to Autoupdate:
New Functionality
collectAndSetEnrollmentDetailsmethod to preserve system state during updatesCode Structure
ee/tuf/autoupdate.go:Test Improvements
ee/tuf/autoupdate_test.go:Configuration Options
WithOsquerierBackofffor flexible timing control