V2 Control Protocol

[blakerouse]

V2 Control Protocol

This is a proposal on the new design of the control protocol.

Features

• A unique state/config per unit (multiple inputs and output per process).
• A similar actions protocol (only added 1 extra field).
• A key-value storage scoped per unit for persistent storage.
• Access to the artifacts API through the control protocol.
• Ability to report name, version and metadata about the program to Elastic Agent.
• Ability to write log messages from processes that are not started as sub-processes.

Backward Compatibility

This adds a new CheckinV2 that is to be used when the Elastic Agent is operating in V2 mode. The original Checkin will be deprecated at some point in the future (once all tools have migrated off).

Closes elastic/elastic-agent#215

[blakerouse]

We need to decide on how we want to merge this into the repository. I was thinking about making it github.com/elastic/elastic-agent-client/v2 keeping the current client as github.com/elastic/elastic-agent-client.

[elasticmachine]

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS

Expand to view the summary

Build stats

• Start Time: 2022-05-19T13:38:20.114+0000

• Duration: 3 min 37 sec

🤖 GitHub comments

To re-run your PR in the CI, just comment with:

• /test : Re-trigger the build.

[ph]

@blakerouse I think we should work the same as our other project, something like:

• create a 1.x branch.
• Tag the current code for v1.0.0 ?
• Update the project to use that version.
• Use main for v2?

[cmacknz]

Use main for v2?

This will work but I've usually seen public proto packages versioned like Go packages, where v1 and v2 coexist together in the tree until one obsoletes the other. Like Go modules, this will make the import path change between versions. You could use package proto; and package proto.v2; for example and do the same on the generated Go modules.

Here is Google Cloud Storage using this approach: https://github.com/googleapis/googleapis/tree/master/google/storage

[ph]

@cmacknz good point, but at the same time we have a limited set of users, so I am not sure having a v2 worth it. I believe this would reduce our flexibility to make changes in repo/testing and so on.

[blakerouse]

I am +1 for using main for v2.

[cmacknz]

@cmacknz good point, but at the same time we have a limited set of users, so I am not sure having a v2 worth it. I believe this would reduce our flexibility to make changes in repo/testing and so on.

Fair point, go with whatever makes development easier.

[blakerouse]

@jlind23 Had a good idea in our 1-1 to instead of making a whole v2, that we instead try to make this work with the existing v1 instead of a hard breaking change.

He had some good points of allowing things like Endpoint Security and APM server to migrate slower to v2. I think this is a valid point and something that we could do in this protocol.

The change only adds 1 field to Actions stream so we can easily add that and pass it to current processes and they will ignore it (which is going to be okay, until they support the v2 protocol anyway).

The new additional functions are not streaming protocols that are even required for processes to even use, so if they don't use them that is fine and not breaking.

The largest change is the Checkin stream, because of how state and configuration is changed. The idea I have is to keep the Checkin stream as it is today and then add a CheckinV2 stream. A newer process will connect to V2 and an older one that has not migrated will continue to connect to old Checkin. We then deprecate the old Checkin and we give a EOL for that Checkin in some future 8.x version.

[ph]

@blakerouse The v1,v2 I am worried to run in a hybrid mode, wouldn't that bring more complexity while debugging?

[jlind23]

@ph we will be aware when agent will be running in V2 mode, we just have to properly log it then.

[blakerouse]

@ph Really we have 2 different ways we could implement it.

1. Run in v2 mode explicitly, so even though the Checkin function is present, we do not allow connection to it over the GRPC. Elastic Agent will error to the client that its in v2 mode and must connect over CheckinV2.
2. Run in hybrid mode that allows a v1 client but it translates to a v2 operating mode. So Elastic Agent runs in v2 mode, it computes the multiple units per process and builds the runtime environment. Then that v2 runtime environment is then merged to send a single configure to a v1 client, where the status is duplicated across the v2 runtime. This gives a temporary translation layer for v1 clients.

The open question is really do we want to support existing v1 clients when operating as v2, if so #2. Or we don't need too and #1 could be the answer. Or option #3, start with #1 and if we see an issue that requires us to do #2 then we implement the translation layer.

[AndersonQ]

Question here: must all the store methods be called within a transaction, or could the Get|Set|Delete be called alone?

[blakerouse]

Must be in a transaction.

[ph]

@blakerouse I think what you are proposing in CheckV2, is the appropriate path. 1 to see if we need to support 2. I am considering that most processes would be fine with the new protocol because they are beats. The endpoint is a bit different, but and they do not need to adopt the Artifact service right away.

Or option 3, start with 1 and if we see an issue that requires us to do 2 then we implement the translation layer.

[aleksmaus]

nit: maybe rename BeginTxn -> BeginTx and other Txns to Txs?
similar to postgres go library for example BeginTx
https://github.com/lib/pq/blob/1ef134dc0e0dcdf8097ca347580c15df72ef786e/conn_go18.go#L58
or mysql
https://github.com/go-sql-driver/mysql/blob/bcc459a906419e2890a50fc2c99ea6dd927a88f2/connection.go#L471

"Tx" is more common abbreviation for transactions in other db libaries

[aleksmaus]

Is there any handling for example for the broken connection after the transaction was started and left uncommitted? @blakerouse

[ph]

@aleksmaus I would expect the method call to return an error when the method is called?

[aleksmaus]

depending on the storage backend/library and transaction implementation details, not closing the transaction could leave the transaction locks on the database/tables/rows. should probably be coded to have transaction in the scope of the connection or something and the connection is broken the transaction should be auto rolled back. thinking if these kind of cases. don't completely know if this is relevant for our particular implementation.

[blakerouse]

@aleksmaus the state of the connection will be tracked on the server-side (aka. Elastic Agent), when the connection is lost then the transaction will be discarded server-side. At that point that transaction is broken and they client will need to handle the error and create a new transaction

I also think Elastic Agent should place a hard timeout on transactions, as it would not be good to keep them open for a long period of time. They really should be short in time.

I will go through and adjust it all from "Txn" abbr. to "Tx".

[aleksmaus]

nit: maybe rename kickChan ->kickCh etc for other chan vars. This naming convention seems to be more common in https://github.com/golang/go

[aleksmaus]

nit: maybe rename unitsLock -> unitsMu. This naming convention seems to be more common in https://github.com/golang/go

[aleksmaus]

Is there any handling for example for the broken connection after the transaction was started and left uncommitted? @blakerouse

[ph]

Good catch, I see a TTL maybe or to indicate single-use key.

[ph]

+1, align with Go's expected behavior.

[pzl]

@blakerouse @ph

What's the procedure look like for additions to this protocol in the future? If the changes are purely additive to the control protocol, can things be added to this spec in, say, 8.4 timeline?

We are still looking to add a new feature/API to Fleet Server for our next use case, but we don't have a full picture of what's being sent over the wire (aside from, its a big file. Not sure if streamed or pre-chunked. Metadata format, etc)

I assume you want this merged without waiting for us? Or is it much preferred to hammer out something on our side and send it in here

[ph]

+1 for forward change.

[ph]

This would fail the linter.

Suggested change

	if err != io.EOF {
	if !errors.Is(err, io.EOF) {

[ph]

Based on our morning discussion this would behavior weirdlky with sleep or hibernate?

[blakerouse]

After looking at the golang I do not believe this to be an issue. The ticker will keep ticking, on hibernate it will just pickup where it left off because it uses the monoclock. The ticker also handles a slow reader so it never adds more than one to the channel so until the next is removed from the channel it will not add another one.

[ph]

Thanks for the verification!

[ph]

Suggested change

	if err != io.EOF {
	if !errors.Is(err, io.EOF) {

[ph]

I've almost missed the resize.

[ph]

+1

[ph]

So this mean that If an agent receive an osquery and it receive an osquery action and the unit isn't runnning we would silently ignore the event?

[ph]

Actually, not we would report back upstream, ok I think its fine.

[ph]

I've added a few questions in the PR, and so far it looks good to me.
I've been having a few difficulties concerning the Keystore API and implementation, but I find it hard without playing in the context of the agent.

Looking at other comments concerning renaming txn to tx I believe is a good thing to do.

[ph]

thanks for adding this, +1 don't trust anything.

[ph]

Should we make the "Healthy", "Stopping", "Stopped" and other a public constant?

[blakerouse]

For testing make it constant? For the library, no I would prefer they provide more detail than that. Like "Connected to elasticsearch(https://localhost:8200)" or something.

[ph]

OK good point.

[ph]

Suggested change

	return fmt.Errorf("server never recieved valid token")
	return fmt.Errorf("server never received a valid token")

[ph]

let's use testing's t.Fatal

[blakerouse]

Its in a seperate goroutine, go vet will not allow this.

call to (*T).Fatal from a non-test goroutine

[ph]

Suggested change

	return fmt.Errorf("server never recieved valid token")
	return fmt.Errorf("server never received valid token")

[ph]

See above discussion concerning hibernation and sleep.

[blakerouse]

Not an issue with the usage of ticker.

[ph]

We should probably have a concrete type implementing MarshalJSON instead of creating JSON fragment, something like:

ActionTypeErr{ error: "action-type unknown" }

[blakerouse]

Will do.

[ph]

t.Fatal

[ph]

Well, we have a full in-memory store :D

[ph]

This would be the string representation of the yaml, this seems asking for having his own type? We we can validate the presence of some fields depending on the unit or that we have valid yaml.

[ph]

Sadly we can have a yaml.RawMessage because of the way indent works and could break the configuration.

[blakerouse]

Is it YAML, JSON, or something else. The point of the client is that it doesn't know and doesn't care. So its best to keep it just as a string representation that could then be decoded.

[ph]

@cmacknz Can you review this too, this directly impact the data plane?

[blakerouse]

@aleksmaus @ph Made the requested changes.

[ph]

LGTM, Let's get another approval from @elastic/elastic-agent-data-plane

[cmacknz]

What is it expected that processes do with the services list? Is the intent that each process checks to make sure the services it needs are actually available?

[blakerouse]

Correct. A process can only use the services that it is given, if it tries to Elastic Agent will return an error back to the caller.

[cmacknz]

Can you document that failing to read Errors() or UnitChanges() will cause the client to block internally?

[blakerouse]

It is documented on the interface.

[cmacknz]

LGTM, I expect we will have more feedback once we actually try to use the new V2 client :)

[ph]

@cmacknz I also change when we try the real world.

[fearful-symmetry]

Agreed on real-world testing, I'm honestly kinda planning with the assumption that a lot of the APIs are gonna change over time as we actually use it.