Comments (6)
ycombinator
commented on June 28, 2024
1
@blakerouse WDYT about replacing the ack'ing mechanism with reporting as part of the check-in payload whether the Agent is running as privileged or not, perhaps as part of the local_metadata field? I'm suggesting this because we've found ack'ing to be unreliable in the past when it came to upgrades and when we implemented upgrade details, we decided to communicate them through the check-in payload and it seems to be working well.
from elastic-agent.
elasticmachine
commented on June 28, 2024
Pinging @elastic/elastic-agent-control-plane (Team:Elastic-Agent-Control-Plane)
from elastic-agent.
ycombinator
commented on June 28, 2024
I think it would be useful to do a bit of technical definition for this feature, covering not just the responsibilities of Agent but also the associated responsibilities of Fleet UI and Fleet Server so we have a holistic design in place before starting to implement this feature.
from elastic-agent.
pierrehilbert
commented on June 28, 2024
⚠️ Important note: Fleet UI users should only be switch Agents from privileged to unprivileged mode, not the other way around.
Switching the other way will technically be impossible but I agree we should make it clear from the UI when we will add this feature there.
from elastic-agent.
blakerouse
commented on June 28, 2024
To add some details on the technical implementation for this work. The flow of this should work as the following:
- Upon receiving the action to switch to unprivileged mode the Elastic Agent should store that action into the state store, but NOT ACK it.
- Then it should perform the
elastic-agent unprivilegedas a sub-process, ensuring to create the process in a way where when the daemon process is stopped that it will not stop or kill the spawnedelastic-agent unprivilegedprocess. elastic-agent unprivilegedshould then perform the work (understand here there is a chance that if something goes wrong the process is not coming back without manual intervention) this needs to be made clear in the UI- Elastic Agent should then restart, read the state store, determine that it has a unprivileged mode action and ACK the action if it is now unprivileged.
from elastic-agent.
blakerouse
commented on June 28, 2024
@ycombinator Actually that would be better.
from elastic-agent.
Related Issues (20)
- Integration tests framework creates more OGC VMs than needed HOT 2
- Extract creating of ESS deployment for integration tests in a separate mage target HOT 5
- Run Elastic Agent in `otel` mode as a service HOT 3
- [Integration Test Framework] Dump process list on first failure HOT 1
- [Flaky Test]: TestActionDispatcher/Dispatch_multiples_events_returns_one_error – Expected error HOT 5
- allow multiple hosts to be passed in --fleet-server-es flag HOT 8
- QA test: State Store migrations HOT 1
- Make `elasticinframetricsprocessor` available in `otel` mode HOT 1
- [windows] move service startup to beginning of run function HOT 1
- Elastic Agent on Windows cannot be stopped or removed if --delay-enroll is retrying HOT 6
- [Fleet]: Multiple logs: `[elastic_agent][info] got checkin with pid 0` are generated for installed agent. HOT 5
- [Windows] Service startup failing on CI with otel dependencies linked HOT 4
- [Windows] - `system.diskio` datastream missing on Kibana for unprivileged mode. HOT 6
- Kubernetes e2e tests HOT 10
- Installing elastic agent on AWS EKS HOT 5
- Development agent gets unhealthy on adding Elastic Defend. when not added to the primary agent. HOT 8
- Retry artifact downloads in the integration test framework (artifact fetcher) HOT 2
- Support hints based autodiscover for Fleet managed Agents HOT 1
- [E2E test] Ingesting data with OTel-based shipper pipeline
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from elastic-agent.