Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Fleet] Ensure policies are not out of sync #175065

Merged
merged 3 commits into from
Jan 18, 2024
Merged

[Fleet] Ensure policies are not out of sync #175065

merged 3 commits into from
Jan 18, 2024

Conversation

nchaulet
Copy link
Member

@nchaulet nchaulet commented Jan 17, 2024
edited
Loading

Summary

Related to https://github.com/elastic/ingest-dev/issues/2120

Re-introduce ensureFleetServerAgentPoliciesExists deleted (by mistake I think) in #121628 .

I made some refacto to avoid retrieving multiple time policies to both verify enrollement token and .fleet-policies

Tests

I added some unit test to cover that, you can manually test that by deleting document in .fleet-policies and verifying that the policy is created again on next setup

For example in the devtools
Screenshot 2024-01-18 at 10 06 29 AM

@nchaulet nchaulet added release_note:skip Skip the PR/issue when compiling release notes Team:Fleet Team label for Observability Data Collection Fleet team labels Jan 17, 2024
@nchaulet nchaulet self-assigned this Jan 17, 2024
@apmmachine
Copy link
Contributor

🤖 GitHub comments

Expand to view the GitHub comments

Just comment with:

  • /oblt-deploy : Deploy a Kibana instance using the Observability test environments.
  • /oblt-deploy-serverless : Deploy a serverless Kibana instance using the Observability test environments.
  • run elasticsearch-ci/docs : Re-trigger the docs validation. (use unformatted text in the comment!)

@nchaulet
Copy link
Member Author

/ci

@nchaulet nchaulet requested a review from juliaElastic January 18, 2024 15:06
@nchaulet nchaulet marked this pull request as ready for review January 18, 2024 15:06
@nchaulet nchaulet requested a review from a team as a code owner January 18, 2024 15:06
@elasticmachine
Copy link
Contributor

Pinging @elastic/fleet (Team:Fleet)

nchaulet
nchaulet commented Jan 18, 2024
View reviewed changes
x-pack/plugins/fleet/server/services/setup/fleet_server_policies_enrollment_keys.ts

if (outdatedAgentPolicyIds.length) {
await agentPolicyService.deployPolicies(soClient, outdatedAgentPolicyIds).catch((error) => {
logger.warn(`Error deploying policies: ${error.message}`, { error });
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think there is no need to crash the setup if this fail, it's why I am swallowing the error here

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: could we add a unit test for the error scenario? I usually combine async-await with try-catch, I suppose it should work with catch too.

kpollich
kpollich approved these changes Jan 18, 2024
View reviewed changes
Copy link
Member

@kpollich kpollich left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This makes sense to me - adding an eventual consistency check for policies to Fleet's setup is sensible 👍

x-pack/plugins/fleet/server/services/agent_policy.ts
// be a bottleneck in environments with several thousand agent policies being deployed here.
(agentPolicyId) => agentPolicyService.getFullAgentPolicy(soClient, agentPolicyId),
{
concurrency: 50,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@juliaElastic
Copy link
Contributor

/ci

juliaElastic
juliaElastic approved these changes Jan 18, 2024
View reviewed changes
Copy link
Contributor

@juliaElastic juliaElastic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good catch!
Added a small comment, otherwise LGTM 🚀

@kibana-ci
Copy link
Collaborator

💛 Build succeeded, but was flaky

Failed CI Steps

Test Failures

  • [job] [logs] FTR Configs #63 / aiops log pattern analysis loads the log pattern analysis page and filters in patterns in discover

Metrics [docs]

✅ unchanged

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @nchaulet

@nchaulet nchaulet merged commit a7ee927 into elastic:main Jan 18, 2024
21 of 22 checks passed
@nchaulet nchaulet deleted the feature-ensure-policies-sync branch January 18, 2024 17:54
@kibanamachine kibanamachine added v8.13.0 backport:skip This commit does not require backporting labels Jan 18, 2024
CoenWarmer pushed a commit to CoenWarmer/kibana that referenced this pull request Feb 15, 2024
@nchaulet @CoenWarmer
[Fleet] Ensure policies are not out of sync (elastic#175065)
99098a5
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@juliaElastic juliaElastic juliaElastic approved these changes

@kpollich kpollich kpollich approved these changes

Assignees

@nchaulet nchaulet

Labels
backport:skip This commit does not require backporting release_note:skip Skip the PR/issue when compiling release notes Team:Fleet Team label for Observability Data Collection Fleet team v8.13.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@nchaulet @apmmachine @elasticmachine @juliaElastic @kibana-ci @kpollich @kibanamachine