From f8544fbcec1b5a4ecca990dac552c7136a7834b6 Mon Sep 17 00:00:00 2001 From: Tiago Queiroz Date: Fri, 7 Jun 2024 12:58:39 -0400 Subject: [PATCH] Update event logger output via Fleet If Fleet sends an event logging output configuration different than the one that's running, save it to the encrypted store and re-exec the Elastic-Agent to use the new configuration. --- .../handlers/handler_action_policy_change.go | 40 ++++++++++++++++--- .../handler_action_policy_change_test.go | 4 +- .../pkg/agent/application/managed_mode.go | 1 + 3 files changed, 37 insertions(+), 8 deletions(-) diff --git a/internal/pkg/agent/application/actions/handlers/handler_action_policy_change.go b/internal/pkg/agent/application/actions/handlers/handler_action_policy_change.go index 3fde2c58477..dc717060a31 100644 --- a/internal/pkg/agent/application/actions/handlers/handler_action_policy_change.go +++ b/internal/pkg/agent/application/actions/handlers/handler_action_policy_change.go @@ -45,6 +45,7 @@ type PolicyChangeHandler struct { ch chan coordinator.ConfigChange setters []actions.ClientSetter policyLogLevelSetter logLevelSetter + coordinator *coordinator.Coordinator // Disabled for 8.8.0 release in order to limit the surface // https://github.com/elastic/security-team/issues/6501 // // Last known valid signature validation key @@ -59,6 +60,7 @@ func NewPolicyChangeHandler( store storage.Store, ch chan coordinator.ConfigChange, policyLogLevelSetter logLevelSetter, + coordinator *coordinator.Coordinator, setters ...actions.ClientSetter, ) *PolicyChangeHandler { return &PolicyChangeHandler{ @@ -68,6 +70,7 @@ func NewPolicyChangeHandler( store: store, ch: ch, setters: setters, + coordinator: coordinator, policyLogLevelSetter: policyLogLevelSetter, } } @@ -258,6 +261,11 @@ func (h *PolicyChangeHandler) handlePolicyChange(ctx context.Context, c *config. h.config.Fleet.Client = *validatedConfig } + loggingHasChanged := h.eventLoggingHasChanged(cfg) + if loggingHasChanged { + h.config.Settings.EventLoggingConfig = cfg.Settings.EventLoggingConfig + } + // persist configuration err = saveConfig(h.agentInfo, h.config, h.store) if err != nil { @@ -270,9 +278,27 @@ func (h *PolicyChangeHandler) handlePolicyChange(ctx context.Context, c *config. return fmt.Errorf("applying FleetClientConfig: %w", err) } + if loggingHasChanged { + // The only way to update the logging configuration + // is to re-start the Elastic-Agent + h.coordinator.ReExec(nil) + } + return nil } +// eventLoggingHasChanged returns true if the output of the event logger has changed +func (p *PolicyChangeHandler) eventLoggingHasChangsed(new *configuration.Configuration) bool { + switch { + case p.config.Settings.EventLoggingConfig.ToFiles != new.Settings.EventLoggingConfig.ToFiles: + return true + case p.config.Settings.EventLoggingConfig.ToStderr != new.Settings.EventLoggingConfig.ToStderr: + return true + default: + return false + } +} + func validateLoggingConfig(cfg *config.Config) (*logger.Config, error) { parsedConfig, err := configuration.NewPartialFromConfigNoDefaults(cfg) @@ -394,12 +420,14 @@ func clientEqual(k1 remote.Config, k2 remote.Config) bool { func fleetToReader(agentID string, headers map[string]string, cfg *configuration.Configuration) (io.Reader, error) { configToStore := map[string]interface{}{ "fleet": cfg.Fleet, - "agent": map[string]interface{}{ - "id": agentID, - "headers": headers, - "logging.level": cfg.Settings.LoggingConfig.Level, - "monitoring.http": cfg.Settings.MonitoringConfig.HTTP, - "monitoring.pprof": cfg.Settings.MonitoringConfig.Pprof, + "agent": map[string]interface{}{ // Add event logging configuration here! + "id": agentID, + "headers": headers, + "logging.level": cfg.Settings.LoggingConfig.Level, + "logging.event_data.to_files": cfg.Settings.EventLoggingConfig.ToFiles, + "logging.event_data.to_stderr": cfg.Settings.EventLoggingConfig.ToStderr, + "monitoring.http": cfg.Settings.MonitoringConfig.HTTP, + "monitoring.pprof": cfg.Settings.MonitoringConfig.Pprof, }, } diff --git a/internal/pkg/agent/application/actions/handlers/handler_action_policy_change_test.go b/internal/pkg/agent/application/actions/handlers/handler_action_policy_change_test.go index 36996023273..1a548f33838 100644 --- a/internal/pkg/agent/application/actions/handlers/handler_action_policy_change_test.go +++ b/internal/pkg/agent/application/actions/handlers/handler_action_policy_change_test.go @@ -53,7 +53,7 @@ func TestPolicyChange(t *testing.T) { cfg := configuration.DefaultConfiguration() - handler := NewPolicyChangeHandler(log, agentInfo, cfg, nullStore, ch, noLogLevelSet(t)) + handler := NewPolicyChangeHandler(log, agentInfo, cfg, nullStore, ch, noLogLevelSet(t), &coordinator.Coordinator{}) err := handler.Handle(context.Background(), action, ack) require.NoError(t, err) @@ -82,7 +82,7 @@ func TestPolicyAcked(t *testing.T) { } cfg := configuration.DefaultConfiguration() - handler := NewPolicyChangeHandler(log, agentInfo, cfg, nullStore, ch, noLogLevelSet(t)) + handler := NewPolicyChangeHandler(log, agentInfo, cfg, nullStore, ch, noLogLevelSet(t), &coordinator.Coordinator{}) err := handler.Handle(context.Background(), action, tacker) require.NoError(t, err) diff --git a/internal/pkg/agent/application/managed_mode.go b/internal/pkg/agent/application/managed_mode.go index a29c89c8ee3..68e2e6c9c49 100644 --- a/internal/pkg/agent/application/managed_mode.go +++ b/internal/pkg/agent/application/managed_mode.go @@ -348,6 +348,7 @@ func (m *managedConfigManager) initDispatcher(canceller context.CancelFunc) *han m.store, m.ch, settingsHandler, + m.coord, ) m.dispatcher.MustRegister(