From 24df603fa6ab8abd293c2684af74d69668c54067 Mon Sep 17 00:00:00 2001 From: Lee E Hinman <57081003+leehinman@users.noreply.github.com> Date: Wed, 12 Jun 2024 16:03:46 -0500 Subject: [PATCH 1/2] [windows] if `elastic-agent run` fails, log error to Application EventLog (#4846) * windows if `elastic-agent run` fails, log error to eventviewer * linter fixes * updated fragment and skip cleaning up registry (cherry picked from commit 6c20730d5cfb75caa8846caff86641c559afd18c) # Conflicts: # internal/pkg/agent/install/install_windows.go --- ...16439-Capture-early-errors-on-Windows.yaml | 32 +++++++++++++++++++ internal/pkg/agent/cmd/run.go | 9 ++++-- internal/pkg/agent/cmd/run_unix.go | 11 +++++++ internal/pkg/agent/cmd/run_windows.go | 24 ++++++++++++++ internal/pkg/agent/install/install_windows.go | 18 +++++++++++ internal/pkg/agent/install/uninstall.go | 1 - 6 files changed, 91 insertions(+), 4 deletions(-) create mode 100644 changelog/fragments/1717516439-Capture-early-errors-on-Windows.yaml create mode 100644 internal/pkg/agent/cmd/run_unix.go create mode 100644 internal/pkg/agent/cmd/run_windows.go diff --git a/changelog/fragments/1717516439-Capture-early-errors-on-Windows.yaml b/changelog/fragments/1717516439-Capture-early-errors-on-Windows.yaml new file mode 100644 index 00000000000..76a40a2c513 --- /dev/null +++ b/changelog/fragments/1717516439-Capture-early-errors-on-Windows.yaml @@ -0,0 +1,32 @@ +# Kind can be one of: +# - breaking-change: a change to previously-documented behavior +# - deprecation: functionality that is being removed in a later release +# - bug-fix: fixes a problem in a previous version +# - enhancement: extends functionality but does not break or fix existing behavior +# - feature: new functionality +# - known-issue: problems that we are aware of in a given version +# - security: impacts on the security of a product or a user’s deployment. +# - upgrade: important information for someone upgrading from a prior version +# - other: does not fit into any of the other categories +kind: enhancement + +# Change summary; a 80ish characters long description of the change. +summary: Capture early errors on Windows in Application eventlog. + +# Long description; in case the summary is not enough to describe the change +# this field accommodate a description without length limits. +# NOTE: This field will be rendered only for breaking-change and known-issue kinds at the moment. +#description: + +# Affected component; a word indicating the component this changeset affects. +component: elastic-agent + +# PR URL; optional; the PR number that added the changeset. +# If not present is automatically filled by the tooling finding the PR where this changelog fragment has been added. +# NOTE: the tooling supports backports, so it's able to fill the original PR number instead of the backport PR number. +# Please provide it if you are adding a fragment for a different PR. +pr: https://github.com/elastic/elastic-agent/pull/4846 + +# Issue URL; optional; the GitHub issue related to this changeset (either closes or is part of). +# If not present is automatically filled by the tooling with the issue linked to the PR number. +issue: https://github.com/elastic/elastic-agent/issues/4627 diff --git a/internal/pkg/agent/cmd/run.go b/internal/pkg/agent/cmd/run.go index 9d431a0ec73..02f8a200ee0 100644 --- a/internal/pkg/agent/cmd/run.go +++ b/internal/pkg/agent/cmd/run.go @@ -60,8 +60,10 @@ const ( fleetInitTimeoutName = "FLEET_SERVER_INIT_TIMEOUT" ) -type cfgOverrider func(cfg *configuration.Configuration) -type awaiters []<-chan struct{} +type ( + cfgOverrider func(cfg *configuration.Configuration) + awaiters []<-chan struct{} +) func newRunCommandWithArgs(_ []string, streams *cli.IOStreams) *cobra.Command { cmd := &cobra.Command{ @@ -78,6 +80,7 @@ func newRunCommandWithArgs(_ []string, streams *cli.IOStreams) *cobra.Command { testingMode, _ := cmd.Flags().GetBool("testing-mode") if err := run(nil, testingMode, fleetInitTimeout); err != nil && !errors.Is(err, context.Canceled) { fmt.Fprintf(streams.Err, "Error: %v\n%s\n", err, troubleshootMessage()) + logExternal(fmt.Sprintf("%s run failed: %s", paths.BinaryName, err)) return err } return nil @@ -132,7 +135,7 @@ func run(override cfgOverrider, testingMode bool, fleetInitTimeout time.Duration // register as a service stop := make(chan bool) ctx, cancel := context.WithCancel(context.Background()) - var stopBeat = func() { + stopBeat := func() { close(stop) } diff --git a/internal/pkg/agent/cmd/run_unix.go b/internal/pkg/agent/cmd/run_unix.go new file mode 100644 index 00000000000..4bbfa66f02c --- /dev/null +++ b/internal/pkg/agent/cmd/run_unix.go @@ -0,0 +1,11 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +//go:build !windows + +package cmd + +// logExternal logs the error to an external log. On non-windows systems this is a no-op. +func logExternal(msg string) { +} diff --git a/internal/pkg/agent/cmd/run_windows.go b/internal/pkg/agent/cmd/run_windows.go new file mode 100644 index 00000000000..94505d87d4b --- /dev/null +++ b/internal/pkg/agent/cmd/run_windows.go @@ -0,0 +1,24 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +//go:build windows + +package cmd + +import ( + "golang.org/x/sys/windows/svc/eventlog" + + "github.com/elastic/elastic-agent/internal/pkg/agent/application/paths" +) + +// logExternal logs the error to an external log. On Windows this is +// the Application EventLog. This is a best effort logger and no +// errors are returned. +func logExternal(msg string) { + eLog, err2 := eventlog.Open(paths.ServiceName) + if err2 != nil { + return + } + _ = eLog.Error(1, msg) +} diff --git a/internal/pkg/agent/install/install_windows.go b/internal/pkg/agent/install/install_windows.go index 3790532b7fa..09e1d757e56 100644 --- a/internal/pkg/agent/install/install_windows.go +++ b/internal/pkg/agent/install/install_windows.go @@ -10,8 +10,10 @@ import ( "fmt" "os" "path/filepath" + "strings" "golang.org/x/sys/windows" + "golang.org/x/sys/windows/svc/eventlog" "github.com/elastic/elastic-agent/internal/pkg/agent/application/paths" "github.com/elastic/elastic-agent/internal/pkg/agent/perms" @@ -79,10 +81,26 @@ func withServiceOptions(username string, groupName string) ([]serviceOpt, error) // // gives user the ability to control the service, needed when installed with --unprivileged or // ReExec is not possible on Windows. +<<<<<<< HEAD func servicePostInstall(ownership utils.FileOwner) error { if ownership.UID == "" { // no user, running with LOCAL SYSTEM (do nothing) return nil +======= +func serviceConfigure(ownership utils.FileOwner) error { + // Modify registry to allow logging to eventlog as "Elastic Agent". + err := eventlog.InstallAsEventCreate(paths.ServiceName, eventlog.Info|eventlog.Warning|eventlog.Error) + if err != nil && !strings.Contains(err.Error(), "registry key already exists") { + return fmt.Errorf("unable to create registry key for logging: %w", err) + } + // https://learn.microsoft.com/en-us/windows-hardware/drivers/kernel/sddl-for-device-objects + sddl := "D:(A;;GA;;;SY)" + // SDDL_LOCAL_SYSTEM -> SDDL_GENERIC_ALL + "(A;;GA;;;BA)" + // SDDL_BUILTIN_ADMINISTRATORS -> SDDL_GENERIC_ALL + "(A;;GR;;;WD)" + // SDDL_EVERYONE -> SDDL_GENERIC_READ + "(A;;GRGX;;;NS)" // SDDL_NETWORK_SERVICE -> SDDL_GENERIC_READ|SDDL_GENERIC_EXECUTE + if ownership.UID != "" { + sddl += fmt.Sprintf("(A;;GA;;;%s)", ownership.UID) // Ownership UID -> SDDL_GENERIC_ALL +>>>>>>> 6c20730d5c ([windows] if `elastic-agent run` fails, log error to Application EventLog (#4846)) } // https://learn.microsoft.com/en-us/windows-hardware/drivers/kernel/sddl-for-device-objects diff --git a/internal/pkg/agent/install/uninstall.go b/internal/pkg/agent/install/uninstall.go index f333e8c49a5..2a980f77de7 100644 --- a/internal/pkg/agent/install/uninstall.go +++ b/internal/pkg/agent/install/uninstall.go @@ -230,7 +230,6 @@ func containsString(str string, a []string, caseSensitive bool) bool { } func uninstallComponents(ctx context.Context, cfgFile string, uninstallToken string, log *logp.Logger, pt *progressbar.ProgressBar, unprivileged bool) error { - platform, err := component.LoadPlatformDetail() if err != nil { return fmt.Errorf("failed to gather system information: %w", err) From 31b8d2868a96425425e7b988cda950e979bb2a12 Mon Sep 17 00:00:00 2001 From: "Lee E. Hinman" Date: Tue, 18 Jun 2024 14:52:45 -0500 Subject: [PATCH 2/2] fix merge conflicts --- internal/pkg/agent/install/install_windows.go | 18 ++++-------------- 1 file changed, 4 insertions(+), 14 deletions(-) diff --git a/internal/pkg/agent/install/install_windows.go b/internal/pkg/agent/install/install_windows.go index 09e1d757e56..a8461053191 100644 --- a/internal/pkg/agent/install/install_windows.go +++ b/internal/pkg/agent/install/install_windows.go @@ -81,26 +81,16 @@ func withServiceOptions(username string, groupName string) ([]serviceOpt, error) // // gives user the ability to control the service, needed when installed with --unprivileged or // ReExec is not possible on Windows. -<<<<<<< HEAD func servicePostInstall(ownership utils.FileOwner) error { - if ownership.UID == "" { - // no user, running with LOCAL SYSTEM (do nothing) - return nil -======= -func serviceConfigure(ownership utils.FileOwner) error { // Modify registry to allow logging to eventlog as "Elastic Agent". err := eventlog.InstallAsEventCreate(paths.ServiceName, eventlog.Info|eventlog.Warning|eventlog.Error) if err != nil && !strings.Contains(err.Error(), "registry key already exists") { return fmt.Errorf("unable to create registry key for logging: %w", err) } - // https://learn.microsoft.com/en-us/windows-hardware/drivers/kernel/sddl-for-device-objects - sddl := "D:(A;;GA;;;SY)" + // SDDL_LOCAL_SYSTEM -> SDDL_GENERIC_ALL - "(A;;GA;;;BA)" + // SDDL_BUILTIN_ADMINISTRATORS -> SDDL_GENERIC_ALL - "(A;;GR;;;WD)" + // SDDL_EVERYONE -> SDDL_GENERIC_READ - "(A;;GRGX;;;NS)" // SDDL_NETWORK_SERVICE -> SDDL_GENERIC_READ|SDDL_GENERIC_EXECUTE - if ownership.UID != "" { - sddl += fmt.Sprintf("(A;;GA;;;%s)", ownership.UID) // Ownership UID -> SDDL_GENERIC_ALL ->>>>>>> 6c20730d5c ([windows] if `elastic-agent run` fails, log error to Application EventLog (#4846)) + + if ownership.UID == "" { + // no user, running with LOCAL SYSTEM (do nothing) + return nil } // https://learn.microsoft.com/en-us/windows-hardware/drivers/kernel/sddl-for-device-objects