From 9e1b2eb0c17e2045617c9350bccf1c102e4c672b Mon Sep 17 00:00:00 2001 From: Tom Kretschmann Date: Wed, 20 Nov 2024 09:24:45 +0100 Subject: [PATCH 1/7] add curl timeout for cloud metadata lookup on unix systems --- providers/os/id/azcompute/azcompute.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/providers/os/id/azcompute/azcompute.go b/providers/os/id/azcompute/azcompute.go index d283731a4e..cc778fc7f8 100644 --- a/providers/os/id/azcompute/azcompute.go +++ b/providers/os/id/azcompute/azcompute.go @@ -57,7 +57,7 @@ func (m *commandInstanceMetadata) Identify() (Identity, error) { var instanceDocument string switch { case m.platform.IsFamily(inventory.FAMILY_UNIX): - cmd, err := m.conn.RunCommand("curl --noproxy '*' -H Metadata:true " + identityUrl) + cmd, err := m.conn.RunCommand("curl --max-time 1 --noproxy '*' -H Metadata:true " + identityUrl) if err != nil { return Identity{}, err } From 14deb101d907080717194050dd5b7cd7591addb5 Mon Sep 17 00:00:00 2001 From: Tom Kretschmann Date: Wed, 20 Nov 2024 10:09:21 +0100 Subject: [PATCH 2/7] add retries and retry-delay to curl command of metadata lookup --- providers/os/id/azcompute/azcompute.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/providers/os/id/azcompute/azcompute.go b/providers/os/id/azcompute/azcompute.go index cc778fc7f8..efbf9568b0 100644 --- a/providers/os/id/azcompute/azcompute.go +++ b/providers/os/id/azcompute/azcompute.go @@ -57,7 +57,7 @@ func (m *commandInstanceMetadata) Identify() (Identity, error) { var instanceDocument string switch { case m.platform.IsFamily(inventory.FAMILY_UNIX): - cmd, err := m.conn.RunCommand("curl --max-time 1 --noproxy '*' -H Metadata:true " + identityUrl) + cmd, err := m.conn.RunCommand("curl --retry 3 --retry-delay 1 --max-time 5 --noproxy '*' -H Metadata:true " + identityUrl) if err != nil { return Identity{}, err } From 4d7f22cc1025b252bb8e796d460f7cc665ae1512 Mon Sep 17 00:00:00 2001 From: Tom Kretschmann Date: Wed, 20 Nov 2024 10:26:29 +0100 Subject: [PATCH 3/7] increase timeout of metadata lookup at windows systems --- providers/os/id/azcompute/azcompute.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/providers/os/id/azcompute/azcompute.go b/providers/os/id/azcompute/azcompute.go index efbf9568b0..bffdb7f9ad 100644 --- a/providers/os/id/azcompute/azcompute.go +++ b/providers/os/id/azcompute/azcompute.go @@ -17,7 +17,7 @@ import ( const ( identityUrl = "http://169.254.169.254/metadata/instance?api-version=2021-02-01" - metadataIdentityScriptWindows = `Invoke-RestMethod -TimeoutSec 1 -Headers @{"Metadata"="true"} -Method GET -URI http://169.254.169.254/metadata/instance?api-version=2021-02-01 -UseBasicParsing | ConvertTo-Json` + metadataIdentityScriptWindows = `Invoke-RestMethod -TimeoutSec 5 -Headers @{"Metadata"="true"} -Method GET -URI http://169.254.169.254/metadata/instance?api-version=2021-02-01 -UseBasicParsing | ConvertTo-Json` ) func MondooAzureInstanceID(instanceID string) string { From 370205a42dac8014e9dac18c844f7e9ce6848033 Mon Sep 17 00:00:00 2001 From: Tom Kretschmann Date: Wed, 20 Nov 2024 10:35:34 +0100 Subject: [PATCH 4/7] add and increase --max-time to 30 --- providers/os/id/azcompute/azcompute.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/providers/os/id/azcompute/azcompute.go b/providers/os/id/azcompute/azcompute.go index bffdb7f9ad..2b6d8aed69 100644 --- a/providers/os/id/azcompute/azcompute.go +++ b/providers/os/id/azcompute/azcompute.go @@ -57,7 +57,7 @@ func (m *commandInstanceMetadata) Identify() (Identity, error) { var instanceDocument string switch { case m.platform.IsFamily(inventory.FAMILY_UNIX): - cmd, err := m.conn.RunCommand("curl --retry 3 --retry-delay 1 --max-time 5 --noproxy '*' -H Metadata:true " + identityUrl) + cmd, err := m.conn.RunCommand("curl --retry 3 --retry-delay 1 --connect-timeout 5 --max-time 30 --noproxy '*' -H Metadata:true " + identityUrl) if err != nil { return Identity{}, err } From bae690e0b9f47641210f71e252c49f3a13f47026 Mon Sep 17 00:00:00 2001 From: Tom Kretschmann Date: Wed, 20 Nov 2024 10:36:14 +0100 Subject: [PATCH 5/7] increase timeout of metadata lookup at windows systems from 5 to 15 seconds --- providers/os/id/azcompute/azcompute.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/providers/os/id/azcompute/azcompute.go b/providers/os/id/azcompute/azcompute.go index 2b6d8aed69..7f039e62b8 100644 --- a/providers/os/id/azcompute/azcompute.go +++ b/providers/os/id/azcompute/azcompute.go @@ -17,7 +17,7 @@ import ( const ( identityUrl = "http://169.254.169.254/metadata/instance?api-version=2021-02-01" - metadataIdentityScriptWindows = `Invoke-RestMethod -TimeoutSec 5 -Headers @{"Metadata"="true"} -Method GET -URI http://169.254.169.254/metadata/instance?api-version=2021-02-01 -UseBasicParsing | ConvertTo-Json` + metadataIdentityScriptWindows = `Invoke-RestMethod -TimeoutSec 15 -Headers @{"Metadata"="true"} -Method GET -URI http://169.254.169.254/metadata/instance?api-version=2021-02-01 -UseBasicParsing | ConvertTo-Json` ) func MondooAzureInstanceID(instanceID string) string { From f3463723b09b9e4740141608122d1c06b076afbb Mon Sep 17 00:00:00 2001 From: Tom Kretschmann Date: Wed, 20 Nov 2024 11:42:08 +0100 Subject: [PATCH 6/7] ajust metadata lookup timeouts to 5 seconds --- providers/os/id/azcompute/azcompute.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/providers/os/id/azcompute/azcompute.go b/providers/os/id/azcompute/azcompute.go index 7f039e62b8..890447a626 100644 --- a/providers/os/id/azcompute/azcompute.go +++ b/providers/os/id/azcompute/azcompute.go @@ -17,7 +17,7 @@ import ( const ( identityUrl = "http://169.254.169.254/metadata/instance?api-version=2021-02-01" - metadataIdentityScriptWindows = `Invoke-RestMethod -TimeoutSec 15 -Headers @{"Metadata"="true"} -Method GET -URI http://169.254.169.254/metadata/instance?api-version=2021-02-01 -UseBasicParsing | ConvertTo-Json` + metadataIdentityScriptWindows = `Invoke-RestMethod -TimeoutSec 5 -Headers @{"Metadata"="true"} -Method GET -URI http://169.254.169.254/metadata/instance?api-version=2021-02-01 -UseBasicParsing | ConvertTo-Json` ) func MondooAzureInstanceID(instanceID string) string { @@ -57,7 +57,7 @@ func (m *commandInstanceMetadata) Identify() (Identity, error) { var instanceDocument string switch { case m.platform.IsFamily(inventory.FAMILY_UNIX): - cmd, err := m.conn.RunCommand("curl --retry 3 --retry-delay 1 --connect-timeout 5 --max-time 30 --noproxy '*' -H Metadata:true " + identityUrl) + cmd, err := m.conn.RunCommand("curl --retry 5 --retry-delay 1 --max-time 5 --noproxy '*' -H Metadata:true " + identityUrl) if err != nil { return Identity{}, err } From 28d0e25bbc14f16d88379338ae13e4a8b9172978 Mon Sep 17 00:00:00 2001 From: Tom Kretschmann Date: Wed, 20 Nov 2024 11:59:40 +0100 Subject: [PATCH 7/7] ensure curl connection timeout of 5 seconds --- providers/os/id/azcompute/azcompute.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/providers/os/id/azcompute/azcompute.go b/providers/os/id/azcompute/azcompute.go index 890447a626..c7fff619ae 100644 --- a/providers/os/id/azcompute/azcompute.go +++ b/providers/os/id/azcompute/azcompute.go @@ -57,7 +57,7 @@ func (m *commandInstanceMetadata) Identify() (Identity, error) { var instanceDocument string switch { case m.platform.IsFamily(inventory.FAMILY_UNIX): - cmd, err := m.conn.RunCommand("curl --retry 5 --retry-delay 1 --max-time 5 --noproxy '*' -H Metadata:true " + identityUrl) + cmd, err := m.conn.RunCommand("curl --retry 5 --retry-delay 1 --connect-timeout 1 --retry-max-time 5 --max-time 10 --noproxy '*' -H Metadata:true " + identityUrl) if err != nil { return Identity{}, err }