Osquerybeat: Add install verification for osquerybeat #30388
Conversation
aleksmaus
added
enhancement
backport-v8.0.0
aleksmaus
requested review from
ph,
scunningham,
blakerouse and
james-elastic
|
Pinging @elastic/elastic-agent-control-plane (Team:Elastic-Agent-Control-Plane) |
botelastic
bot
added
needs_team
|
This pull request doesn't have a |
💚 Build Succeeded
Expand to view the summary
Build stats
Test stats 🧪
💚 Flaky test reportTests succeeded. 🤖 GitHub commentsTo re-run your PR in the CI, just comment with:
|
(cherry picked from commit 1c68693)
(cherry picked from commit 1c68693)
aleksmaus
added
the
backport-7.17
(cherry picked from commit 1c68693) # Conflicts: # x-pack/elastic-agent/pkg/agent/program/supported.go # x-pack/osquerybeat/cmd/root.go
|
Hi @aleksmaus Build details: Steps followed:
Further we attempted to delete all the necessary binaries however none of them re-installed on agent restart. Logs: Please let us know if we are missing anything. |
The backport to 8.1 branch is still open and was not merged yet, see the github links to backports above |
…uerybeat (#30405) * Osquerybeat: Add install verification for osquerybeat (#30388) (cherry picked from commit 1c68693) # Conflicts: # x-pack/elastic-agent/pkg/agent/program/supported.go # x-pack/osquerybeat/cmd/root.go * Resolve conflicts Co-authored-by: Aleksandr Maus <[email protected]>
(cherry picked from commit 1c68693) Co-authored-by: Aleksandr Maus <[email protected]>
…into feature/use-with-kind-k8s-env * 'feature/use-with-kind-k8s-env' of github.com:v1v/beats: (52 commits) ci: home is declared within withBeatsEnv ci: use withKindEnv step ci: use getBranchesFromAliases and support next-patch-8 (elastic#30400) Update fields.yml (elastic#29609) Heartbeat: fix browser metrics and trace mappings (elastic#30258) Apply light edits to 8.0 changelog (elastic#30351) packetbeat/beater: make sure Npcap installation runs before interfaces are needed (elastic#30396) Add a ring-buffer reporter to libbeat (elastic#28750) Osquerybeat: Add install verification for osquerybeat (elastic#30388) update windows matrix support (elastic#30373) Refactor of metricbeat process-gathering metrics and system/process (elastic#30076) adjust next changelog wording (elastic#30371) [Metricbeat] azure: move event report into loop validDim loop (elastic#29945) fix: report GitHub Check before the cache (elastic#30372) Add support for non-unique keys in Kafka output headers (elastic#30369) ci: 6 major branch reached EOL (elastic#30357) reduce Elastic Agent shut down time by stopping processes concurrently (elastic#29650) [Filebeat] Add message to register encode/decode debug logs (elastic#30271) [libbeat] kafka message header support (elastic#29940) Heartbeat: set duration to zero for syntax errors (elastic#30227) ...
|
Hi @aleksmaus
Build details: We will revalidate this on 8.1, once these merges are available. |
(cherry picked from commit 1c68693) Co-authored-by: Aleksandr Maus <[email protected]>
…-29710 * '8.1' of github.com:elastic/beats: (51 commits) refactor pushDockerImages (#30414) (#30624) ci: add windows-2022 in the extended meta-stage (#30528) (#30630) Curate k8s testing versions to only keep the actively maintained (#30619) (#30625) [8.1](backport #30355) Add Beats upgrade docs for 8.0 (#30612) Remove references to gcp from the Functionbeat docs (#30579) (#30609) x-pack/auditbeat/module/system/socket: defend against exec with zero arguments (#30586) (#30597) [MySQL Enterprise] Adding default paths values to manifest.yml (#30598) (#30604) metricbeat - fix elasticsearch and kibana integration tests failures in 8.0 (#30566) (#30594) Install gawk as a replacement for mawk in Docker containers. (#30452) (#30465) [Filebeat] Remove RecordedFuture dataset from Threat Intel module (#30564) (#30568) Adjust the documentation of `backoff` options in filestream input (#30552) (#30557) packetbeat/beater: help the GC clean up the Npcap installer if it's not used (#30513) (#30546) Osquerybeat: Add install verification for osquerybeat (#30388) (#30404) Update docker/distribution to 2.8.0 (#30462) (#30540) Add `parsers` examples to `filestream` reference configuration (#30529) (#30537) [8.1](backport #30068) ZooKeeper module: Adapt to ZooKeeper 3.6+ `mntr` response fields' changes. (#30360) [8.1](backport #30512) Switch skip to use `CI` (#30525) Forward-port 8.0.1 changelog to 8.1 (#30517) packetbeat/beater: don't attempt to install npcap when already installed (#30509) (#30511) Add drop and explicit tests to avoid duplicate ingest of elasticsearch logs (#30440) (#30488) ...
What does this PR do?
Adds
verifycommand to osquerybeatcheck_installspec step. Checks the presence of the essential files that are needed for osquerybeat to function properly. Failed verification indicates to the agent to reinstall osquerybeat.Why is it important?
This should allow the agent with osquerybeat to recover in case if osquerybeat install became corrupted.
Addresses the final changes that allows to close #30067 (comment)
Checklist
Related issues
Use cases
Delete any of the essential osquerybeat binaries leaving osquerybeat install
corrupted.The essential files are osquerybeat, osqueryd, osquery-extension.ext (osquery-extension.exe on windows).
Restart the agent, observe the osquerybeat is reinstalled.