From eb35ba8ae57f2f866c827394f023d5c884f3112f Mon Sep 17 00:00:00 2001
From: Tiago Queiroz <tiago.queiroz@elastic.co>
Date: Fri, 24 Nov 2023 19:18:00 +0100
Subject: [PATCH] Do not reload the Agent daemon if enrolling from a container

The enroll command would always try to restart the daemon, however
when enrolling as part of the container command, there is no running
daemon to reload.

This commit adds a CLI flag, --skip-daemon-reload, to the enroll
command to skip the reloading step, the container command now makes
use of this flag.
---
 ...-Agent's-enroll-process,-failing-if-any-happens..yaml} | 8 ++++----
 internal/pkg/agent/cmd/container.go                       | 1 +
 internal/pkg/agent/cmd/enroll.go                          | 7 +++++++
 internal/pkg/agent/cmd/enroll_cmd.go                      | 3 ++-
 internal/pkg/agent/install/perms_unix.go                  | 2 +-
 5 files changed, 15 insertions(+), 6 deletions(-)
 rename changelog/fragments/{1693403216-Surface-errors-during-Agent's-enroll.yaml => 1700851577-Surface-errors-during-Agent's-enroll-process,-failing-if-any-happens..yaml} (85%)

diff --git a/changelog/fragments/1693403216-Surface-errors-during-Agent's-enroll.yaml b/changelog/fragments/1700851577-Surface-errors-during-Agent's-enroll-process,-failing-if-any-happens..yaml
similarity index 85%
rename from changelog/fragments/1693403216-Surface-errors-during-Agent's-enroll.yaml
rename to changelog/fragments/1700851577-Surface-errors-during-Agent's-enroll-process,-failing-if-any-happens..yaml
index f8361f99433..916920a83e1 100644
--- a/changelog/fragments/1693403216-Surface-errors-during-Agent's-enroll.yaml
+++ b/changelog/fragments/1700851577-Surface-errors-during-Agent's-enroll-process,-failing-if-any-happens..yaml
@@ -18,15 +18,15 @@ summary: Surface errors during Agent's enroll process, failing if any happens.
 # NOTE: This field will be rendered only for breaking-change and known-issue kinds at the moment.
 #description:
 
-# Affected component; a word indicating the component this changeset affects.
-component: install/enroll
+# Affected component; usually one of "elastic-agent", "fleet-server", "filebeat", "metricbeat", "auditbeat", "all", etc.
+component: elastic-agent
 
 # PR URL; optional; the PR number that added the changeset.
 # If not present is automatically filled by the tooling finding the PR where this changelog fragment has been added.
 # NOTE: the tooling supports backports, so it's able to fill the original PR number instead of the backport PR number.
 # Please provide it if you are adding a fragment for a different PR.
-pr: https://github.com/elastic/elastic-agent/pull/3207
+pr: https://github.com/elastic/elastic-agent/pull/3815/
 
 # Issue URL; optional; the GitHub issue related to this changeset (either closes or is part of).
 # If not present is automatically filled by the tooling with the issue linked to the PR number.
-#issue: https://github.com/owner/repo/1234
+issue: https://github.com/elastic/elastic-agent/issues/3664
diff --git a/internal/pkg/agent/cmd/container.go b/internal/pkg/agent/cmd/container.go
index 321e2fd07b3..7d3fc1df022 100644
--- a/internal/pkg/agent/cmd/container.go
+++ b/internal/pkg/agent/cmd/container.go
@@ -397,6 +397,7 @@ func buildEnrollArgs(cfg setupConfig, token string, policyID string) ([]string,
 		"--path.home", paths.Top(), // --path.home actually maps to paths.Top()
 		"--path.config", paths.Config(),
 		"--path.logs", paths.Logs(),
+		"--skip-daemon-reload",
 	}
 	if paths.Downloads() != "" {
 		args = append(args, "--path.downloads", paths.Downloads())
diff --git a/internal/pkg/agent/cmd/enroll.go b/internal/pkg/agent/cmd/enroll.go
index adaa278f32f..8bc4aa48774 100644
--- a/internal/pkg/agent/cmd/enroll.go
+++ b/internal/pkg/agent/cmd/enroll.go
@@ -75,6 +75,7 @@ func addEnrollFlags(cmd *cobra.Command) {
 	cmd.Flags().BoolP("delay-enroll", "", false, "Delays enrollment to occur on first start of the Elastic Agent service")
 	cmd.Flags().DurationP("daemon-timeout", "", 0, "Timeout waiting for Elastic Agent daemon")
 	cmd.Flags().DurationP("fleet-server-timeout", "", 0, "Timeout waiting for Fleet Server to be ready to start enrollment")
+	cmd.Flags().Bool("skip-daemon-reload", false, "Skip daemon reload after enrolling")
 	cmd.Flags().StringSliceP("tag", "", []string{}, "User set tags")
 }
 
@@ -141,6 +142,7 @@ func buildEnrollmentFlags(cmd *cobra.Command, url string, token string) []string
 	delayEnroll, _ := cmd.Flags().GetBool("delay-enroll")
 	daemonTimeout, _ := cmd.Flags().GetDuration("daemon-timeout")
 	fTimeout, _ := cmd.Flags().GetDuration("fleet-server-timeout")
+	skipDaemonReload, _ := cmd.Flags().GetBool("skip-daemon-reload")
 	fTags, _ := cmd.Flags().GetStringSlice("tag")
 	args := []string{}
 	if url != "" {
@@ -249,6 +251,9 @@ func buildEnrollmentFlags(cmd *cobra.Command, url string, token string) []string
 		args = append(args, "--fleet-server-es-insecure")
 	}
 
+	if skipDaemonReload {
+		args = append(args, "--skip-daemon-reload")
+	}
 	for _, v := range fTags {
 		args = append(args, "--tag", v)
 	}
@@ -338,6 +343,7 @@ func enroll(streams *cli.IOStreams, cmd *cobra.Command) error {
 	delayEnroll, _ := cmd.Flags().GetBool("delay-enroll")
 	daemonTimeout, _ := cmd.Flags().GetDuration("daemon-timeout")
 	fTimeout, _ := cmd.Flags().GetDuration("fleet-server-timeout")
+	skipDaemonReload, _ := cmd.Flags().GetBool("skip-daemon-reload")
 	tags, _ := cmd.Flags().GetStringSlice("tag")
 
 	caStr, _ := cmd.Flags().GetString("certificate-authorities")
@@ -370,6 +376,7 @@ func enroll(streams *cli.IOStreams, cmd *cobra.Command) error {
 		ProxyHeaders:         mapFromEnvList(proxyHeaders),
 		DelayEnroll:          delayEnroll,
 		DaemonTimeout:        daemonTimeout,
+		SkipDaemonRestart:    skipDaemonReload,
 		Tags:                 tags,
 		FleetServer: enrollCmdFleetServerOption{
 			ConnStr:               fServer,
diff --git a/internal/pkg/agent/cmd/enroll_cmd.go b/internal/pkg/agent/cmd/enroll_cmd.go
index e4488fd15c8..7f365b533be 100644
--- a/internal/pkg/agent/cmd/enroll_cmd.go
+++ b/internal/pkg/agent/cmd/enroll_cmd.go
@@ -115,6 +115,7 @@ type enrollCmdOption struct {
 	DelayEnroll          bool                       `yaml:"-"`
 	FleetServer          enrollCmdFleetServerOption `yaml:"-"`
 	SkipCreateSecret     bool                       `yaml:"-"`
+	SkipDaemonRestart    bool                       `yaml:"-"`
 	Tags                 []string                   `yaml:"omitempty"`
 }
 
@@ -277,7 +278,7 @@ func (c *enrollCmd) Execute(ctx context.Context, streams *cli.IOStreams) error {
 		}
 	}()
 
-	if c.agentProc == nil {
+	if c.agentProc == nil && !c.options.SkipDaemonRestart {
 		if err = c.daemonReloadWithBackoff(ctx); err != nil {
 			c.log.Errorf("Elastic Agent might not be running; unable to trigger restart: %v", err)
 			return fmt.Errorf("could not reload agent daemon, unable to trigger restart: %w", err)
diff --git a/internal/pkg/agent/install/perms_unix.go b/internal/pkg/agent/install/perms_unix.go
index c720643e729..8cafc79fe8b 100644
--- a/internal/pkg/agent/install/perms_unix.go
+++ b/internal/pkg/agent/install/perms_unix.go
@@ -34,7 +34,7 @@ func FixPermissions(topPath string, ownership utils.FileOwner) error {
 
 		// remove any world permissions from the file
 		if err := os.Chmod(name, info.Mode().Perm()&0770); err != nil {
-			return fmt.Errorf("could not update permissions of %q: %w:", topPath, err)
+			return fmt.Errorf("could not update permissions of %q: %w", topPath, err)
 		}
 
 		return nil