Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Ingest Manager] Agent verifies packages before using them #18876

Merged
merged 15 commits into from
Jun 3, 2020
Merged

[Ingest Manager] Agent verifies packages before using them #18876

merged 15 commits into from
Jun 3, 2020

Conversation

michalpristas
Copy link
Contributor

@michalpristas michalpristas commented Jun 1, 2020
edited
Loading

What does this PR do?

This PR enables hash verification of downloaded tar/zip packages and dont proceed with installation if package is corrupted.
In order to do that we have to include sha512 hashes while packaging.

Why is it important?

This is important in case repo contains invalid archive or somebody tempered content of tar package.
We still need to verify signature (will be done in a followup)

Checklist

  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have made corresponding change to the default configuration files
  • I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Fixes: #17915

@michalpristas michalpristas added enhancement review needs_backport PR is waiting to be backported to other branches. Team:Ingest Management Ingest Management:beta1 Group issues for ingest management beta1 labels Jun 1, 2020
@michalpristas michalpristas self-assigned this Jun 1, 2020
@elasticmachine
Copy link
Collaborator

Pinging @elastic/ingest-management (Team:Ingest Management)

@botelastic botelastic bot added needs_team Indicates that the issue/PR needs a Team:* label and removed needs_team Indicates that the issue/PR needs a Team:* label labels Jun 1, 2020
@elasticmachine
Copy link
Collaborator

elasticmachine commented Jun 1, 2020
edited
Loading

💔 Tests Failed

Pipeline View Test View Changes Artifacts preview

Expand to view the summary

Build stats

  • Build Cause: [Pull request #18876 updated]

  • Start Time: 2020-06-03T06:25:27.696+0000

  • Duration: 80 min 6 sec

Test stats 🧪

Test Results
Failed 6
Passed 9153
Skipped 1566
Total 10725

Test errors

Expand to view the tests failures

  • Name: Build and Test / Metricbeat x-pack / Metricbeat x-pack / TestData – channels

    • Age: 1
    • Duration: 61.34
    • Error Details: Failed

  • Name: Build and Test / Metricbeat x-pack / Metricbeat x-pack / TestFetch – channels

    • Age: 1
    • Duration: 10.42
    • Error Details: Failed

  • Name: Build and Test / Metricbeat x-pack / Metricbeat x-pack / TestData – stats

    • Age: 1
    • Duration: 25.17
    • Error Details: Failed

  • Name: Build and Test / Metricbeat x-pack / Metricbeat x-pack / TestFetch – stats

    • Age: 1
    • Duration: 12.79
    • Error Details: Failed

  • Name: Build and Test / Metricbeat x-pack / Metricbeat x-pack / TestData – subscriptions

    • Age: 1
    • Duration: 50.21
    • Error Details: Failed

  • Name: Build and Test / Metricbeat x-pack / Metricbeat x-pack / TestFetch – subscriptions

    • Age: 1
    • Duration: 32.24
    • Error Details: Failed

Steps errors

Expand to view the steps failures

  • Name: Make -C libbeat testsuite

    • Description: make -C libbeat testsuite

    • Duration: 32 min 19 sec

    • Start Time: 2020-06-03T06:52:41.483+0000

    • log

  • Name: Mage build test

    • Description: mage build test

    • Duration: 31 min 1 sec

    • Start Time: 2020-06-03T06:56:28.893+0000

    • log

  • Name: Report to Codecov

    • Description: curl -sSLo codecov https://codecov.io/bash for i in auditbeat filebeat heartbeat libbeat metricbeat packetbeat winlogbeat journalbeat do FILE="${i}/build/coverage/full.cov" if [ -f "${FILE}" ]; then bash codecov -f "${FILE}" fi done

    • Duration: 2 min 22 sec

    • Start Time: 2020-06-03T06:54:29.474+0000

    • log

Log output

Expand to view the last 100 lines of log output 

[2020-06-03T07:44:41.014Z]  Go version:        go1.12.5
[2020-06-03T07:44:41.014Z]  Git commit:        74b1e89
[2020-06-03T07:44:41.014Z]  Built:             Thu Jul 25 21:18:17 2019
[2020-06-03T07:44:41.014Z]  OS/Arch:           darwin/amd64
[2020-06-03T07:44:41.014Z]  Experimental:      false
[2020-06-03T07:44:41.014Z] Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
[2020-06-03T07:44:41.014Z] It requires Docker daemon to be installed and running
[2020-06-03T07:45:04.328Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18876/src/github.com/elastic/beats
[2020-06-03T07:45:04.647Z] + find . -type f -name TEST*.xml -path */build/* -delete
[2020-06-03T07:45:04.660Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18876/src/github.com/elastic/beats/Lint
[2020-06-03T07:45:04.745Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18876/src/github.com/elastic/beats/Winlogbeat-oss
[2020-06-03T07:45:04.815Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18876/src/github.com/elastic/beats/Elastic-Agent-x-pack
[2020-06-03T07:45:04.885Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18876/src/github.com/elastic/beats/Auditbeat-crosscompile
[2020-06-03T07:45:04.956Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18876/src/github.com/elastic/beats/Auditbeat-oss-Mac-OS-X
[2020-06-03T07:45:05.025Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18876/src/github.com/elastic/beats/Dockerlogbeat
[2020-06-03T07:45:05.096Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18876/src/github.com/elastic/beats/Auditbeat-x-pack-Mac-OS-X
[2020-06-03T07:45:05.165Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18876/src/github.com/elastic/beats/Journalbeat-oss
[2020-06-03T07:45:05.239Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18876/src/github.com/elastic/beats/Filebeat-x-pack-Mac-OS-X
[2020-06-03T07:45:05.316Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18876/src/github.com/elastic/beats/Elastic-Agent-Mac-OS-X
[2020-06-03T07:45:05.387Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18876/src/github.com/elastic/beats/Generators-Metricbeat-Linux
[2020-06-03T07:45:05.457Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18876/src/github.com/elastic/beats/Functionbeat-x-pack
[2020-06-03T07:45:05.527Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18876/src/github.com/elastic/beats/Filebeat-Mac-OS-X
[2020-06-03T07:45:05.601Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18876/src/github.com/elastic/beats/Elastic-Agent-x-pack-Windows
[2020-06-03T07:45:05.671Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18876/src/github.com/elastic/beats/Metricbeat-OSS-Unit-tests
[2020-06-03T07:45:05.742Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18876/src/github.com/elastic/beats/Metricbeat-Mac-OS-X
[2020-06-03T07:45:05.809Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18876/src/github.com/elastic/beats/Heartbeat-oss
[2020-06-03T07:45:05.877Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18876/src/github.com/elastic/beats/Metricbeat-crosscompile
[2020-06-03T07:45:05.946Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18876/src/github.com/elastic/beats/Metricbeat-x-pack-Mac-OS-X
[2020-06-03T07:45:06.019Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18876/src/github.com/elastic/beats/Auditbeat-x-pack
[2020-06-03T07:45:06.086Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18876/src/github.com/elastic/beats/Auditbeat-oss-Windows
[2020-06-03T07:45:06.155Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18876/src/github.com/elastic/beats/Libbeat-x-pack
[2020-06-03T07:45:06.232Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18876/src/github.com/elastic/beats/Auditbeat-x-pack-Windows
[2020-06-03T07:45:06.302Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18876/src/github.com/elastic/beats/Winlogbeat-Windows-x-pack
[2020-06-03T07:45:06.369Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18876/src/github.com/elastic/beats/Heartbeat-Mac-OS-X
[2020-06-03T07:45:06.439Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18876/src/github.com/elastic/beats/Filebeat-Windows
[2020-06-03T07:45:06.513Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18876/src/github.com/elastic/beats/Auditbeat-oss-Linux
[2020-06-03T07:45:06.581Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18876/src/github.com/elastic/beats/Packetbeat-oss
[2020-06-03T07:45:06.648Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18876/src/github.com/elastic/beats/Filebeat-x-pack-Windows
[2020-06-03T07:45:06.716Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18876/src/github.com/elastic/beats/Metricbeat-Windows
[2020-06-03T07:45:06.782Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18876/src/github.com/elastic/beats/Functionbeat-Mac-OS-X-x-pack
[2020-06-03T07:45:06.851Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18876/src/github.com/elastic/beats/Winlogbeat-Windows
[2020-06-03T07:45:06.918Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18876/src/github.com/elastic/beats/Metricbeat-x-pack-Windows
[2020-06-03T07:45:06.990Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18876/src/github.com/elastic/beats/Generators-Beat-Linux
[2020-06-03T07:45:07.066Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18876/src/github.com/elastic/beats/Filebeat-x-pack
[2020-06-03T07:45:07.135Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18876/src/github.com/elastic/beats/Heartbeat-Windows
[2020-06-03T07:45:07.205Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18876/src/github.com/elastic/beats/Filebeat-oss
[2020-06-03T07:45:07.275Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18876/src/github.com/elastic/beats/Libbeat-oss
[2020-06-03T07:45:07.343Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18876/src/github.com/elastic/beats/Metricbeat-OSS-Integration-tests
[2020-06-03T07:45:07.415Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18876/src/github.com/elastic/beats/Metricbeat-Python-integration-tests
[2020-06-03T07:45:07.490Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18876/src/github.com/elastic/beats/Metricbeat-x-pack
[2020-06-03T07:45:07.558Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18876/src/github.com/elastic/beats/Generators-Metricbeat-Mac-OS-X
[2020-06-03T07:45:07.626Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18876/src/github.com/elastic/beats/Functionbeat-Windows
[2020-06-03T07:45:07.695Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18876/src/github.com/elastic/beats/Generators-Beat-Mac-OS-X
[2020-06-03T07:45:08.051Z] + cat
[2020-06-03T07:45:08.051Z] + /usr/local/bin/runbld ./runbld-script
[2020-06-03T07:45:08.051Z] Picked up JAVA_TOOL_OPTIONS: -Dfile.encoding=UTF8
[2020-06-03T07:45:16.220Z] runbld>>> runbld started
[2020-06-03T07:45:16.220Z] runbld>>> 1.6.11/a66728ff8f4356963772e6e6d2069392fa06acbe
[2020-06-03T07:45:17.613Z] runbld>>> The following profiles matched the job 'Beats/beats-beats-mbp/PR-18876' in order of occurrence in the config (last value wins).
[2020-06-03T07:45:19.004Z] runbld>>> Debug logging enabled.
[2020-06-03T07:45:19.004Z] runbld>>> Storing result
[2020-06-03T07:45:19.266Z] runbld>>> Store result: created {:total 2, :successful 2, :failed 0} 1
[2020-06-03T07:45:19.266Z] runbld>>> BUILD: https://c150076387b5421f9154dfbf536e5c60.us-west1.gcp.cloud.es.io:9243/build-1587637540455/t/20200603074518-BCD62AA6
[2020-06-03T07:45:19.266Z] runbld>>> Adding system facts.
[2020-06-03T07:45:20.220Z] runbld>>> Adding vcs info for the latest commit:  1271757818aef1beaf5cad9879884103a5c2ddd4
[2020-06-03T07:45:20.220Z] runbld>>> >>>>>>>>>>>> SCRIPT EXECUTION BEGIN >>>>>>>>>>>>
[2020-06-03T07:45:20.220Z] runbld>>> Adding /usr/lib/jvm/java-8-openjdk-amd64/bin to the path.
[2020-06-03T07:45:20.483Z] Processing JUnit reports with runbld...
[2020-06-03T07:45:20.483Z] + echo 'Processing JUnit reports with runbld...'
[2020-06-03T07:45:20.745Z] runbld>>> <<<<<<<<<<<< SCRIPT EXECUTION END <<<<<<<<<<<<
[2020-06-03T07:45:20.745Z] runbld>>> DURATION: 19ms
[2020-06-03T07:45:20.745Z] runbld>>> STDOUT: 40 bytes
[2020-06-03T07:45:20.745Z] runbld>>> STDERR: 49 bytes
[2020-06-03T07:45:20.745Z] runbld>>> WRAPPED PROCESS: SUCCESS (0)
[2020-06-03T07:45:20.745Z] runbld>>> Searching for build metadata in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18876/src/github.com/elastic/beats
[2020-06-03T07:45:22.137Z] runbld>>> Storing build metadata: 
[2020-06-03T07:45:22.137Z] runbld>>> Adding test report.
[2020-06-03T07:45:22.137Z] runbld>>> Searching for junit test output files with the pattern: TEST-.*\.xml$ in: /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18876/src/github.com/elastic/beats
[2020-06-03T07:45:23.529Z] runbld>>> Found 113 test output files
[2020-06-03T07:45:23.791Z] runbld>>> No testsuite node found in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18876/src/github.com/elastic/beats/Metricbeat-OSS-Integration-tests/metricbeat/build/TEST-go-integration-graphite.xml
[2020-06-03T07:45:24.053Z] runbld>>> No testsuite node found in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18876/src/github.com/elastic/beats/Metricbeat-OSS-Integration-tests/metricbeat/build/TEST-go-integration-windows.xml
[2020-06-03T07:45:24.316Z] runbld>>> No testsuite node found in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18876/src/github.com/elastic/beats/Metricbeat-x-pack/x-pack/metricbeat/build/TEST-go-integration-openmetrics.xml
[2020-06-03T07:45:24.316Z] runbld>>> No testsuite node found in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18876/src/github.com/elastic/beats/Metricbeat-x-pack/x-pack/metricbeat/build/TEST-go-integration-cloudfoundry.xml
[2020-06-03T07:45:24.316Z] runbld>>> No testsuite node found in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18876/src/github.com/elastic/beats/Metricbeat-x-pack/x-pack/metricbeat/build/TEST-go-integration-iis.xml
[2020-06-03T07:45:24.316Z] runbld>>> No testsuite node found in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18876/src/github.com/elastic/beats/Metricbeat-x-pack/x-pack/metricbeat/build/TEST-go-integration-istio.xml
[2020-06-03T07:45:24.581Z] runbld>>> No testsuite node found in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18876/src/github.com/elastic/beats/Metricbeat-x-pack/x-pack/metricbeat/build/TEST-go-integration-activemq.xml
[2020-06-03T07:45:24.581Z] runbld>>> No testsuite node found in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18876/src/github.com/elastic/beats/Metricbeat-x-pack/x-pack/metricbeat/build/TEST-go-integration-tomcat.xml
[2020-06-03T07:45:26.505Z] runbld>>> Test output logs contained: Errors: 0 Failures: 6 Tests: 10575 Skipped: 1330
[2020-06-03T07:45:26.505Z] runbld>>> Storing result
[2020-06-03T07:45:26.505Z] runbld>>> FAILURES: 6
[2020-06-03T07:45:27.894Z] runbld>>> Store result: updated {:total 2, :successful 2, :failed 0} 2
[2020-06-03T07:45:27.894Z] runbld>>> BUILD: https://c150076387b5421f9154dfbf536e5c60.us-west1.gcp.cloud.es.io:9243/build-1587637540455/t/20200603074518-BCD62AA6
[2020-06-03T07:45:33.401Z] Running on Jenkins in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18876
[2020-06-03T07:45:33.501Z] [INFO] getVaultSecret: Getting secrets
[2020-06-03T07:45:33.543Z] Masking supported pattern matches of $VAULT_ADDR or $VAULT_ROLE_ID or $VAULT_SECRET_ID
[2020-06-03T07:45:34.297Z] + chmod 755 generate-build-data.sh
[2020-06-03T07:45:34.297Z] + ./generate-build-data.sh https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats-beats-mbp/PR-18876/ https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats-beats-mbp/PR-18876/runs/14 FAILURE 4806340
[2020-06-03T07:45:34.297Z] INFO: curl https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats-beats-mbp/PR-18876/runs/14/steps/?limit=10000 -o steps-info.json
[2020-06-03T07:45:35.640Z] INFO: curl https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats-beats-mbp/PR-18876/runs/14/tests/?status=FAILED -o tests-errors.json
[2020-06-03T07:45:36.551Z] INFO: curl https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats-beats-mbp/PR-18876/runs/14/log/ -o pipeline-log.txt

blakerouse
blakerouse reviewed Jun 1, 2020
View reviewed changes
Copy link
Contributor

@blakerouse blakerouse left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overall code looks good.

Would be nice to get a unit test for both the fs verifier and the http verifier.

@michalpristas
Copy link
Contributor Author

good point @blakerouse we dont have any

blakerouse
blakerouse approved these changes Jun 2, 2020
View reviewed changes
Copy link
Contributor

@blakerouse blakerouse left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the added tests! Looks good.

@michalpristas michalpristas merged commit faf4c5b into elastic:master Jun 3, 2020
michalpristas added a commit to michalpristas/beats that referenced this pull request Jun 3, 2020
@michalpristas
[Ingest Manager] Agent verifies packages before using them (elastic#1…
7f5fa45 
…8876)

[Ingest Manager] Agent verifies packages before using them (elastic#18876)
@michalpristas michalpristas mentioned this pull request Jun 3, 2020
Merged
6 tasks
michalpristas added a commit that referenced this pull request Jun 4, 2020
@michalpristas
[Ingest Manager] Agent verifies packages before using them (#18876) (#…
2d238ff 
…18928)

[Ingest Manager] Agent verifies packages before using them (#18876)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@blakerouse blakerouse blakerouse approved these changes

Assignees

@michalpristas michalpristas

Labels
enhancement Ingest Management:beta1 Group issues for ingest management beta1 needs_backport PR is waiting to be backported to other branches. review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Elastic Agent] Agent should be resilient to gzip errors
3 participants
@michalpristas @elasticmachine @blakerouse