[Ingest Manager] Unroll on unauthorised

[michalpristas]

What does this PR do?

Followup to #19507
This PR detects invalid API token error coming from fleet and after 6 times of retries with backoff in row (should take 5 minutes or so to avoid transient issues). On succ request counter is zeroed.

When unroll is detected (and not coming from fleet) it is not acked but stored in action_store. Removing action store manually will enable agent to ping fleet again. Otherwise it detects it's unrolled on start and prevent talking to fleet

Why is it important?

When API is revoked agent is not notified about this and starts seeing errors. Agent does not know how to handle that and tries to kick fleet periodically

Checklist

• My code follows the style guidelines of this project
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• I have made corresponding change to the default configuration files
• I have added tests that prove my fix is effective or that my feature works
• I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

[elasticmachine]

Pinging @elastic/ingest-management (Team:Ingest Management)

[elasticmachine]

💔 Build Failed

Expand to view the summary

Build stats

• Build Cause: [Pull request #19722 updated]

• Start Time: 2020-07-14T06:10:44.911+0000

• Duration: 71 min 30 sec

Test stats 🧪

Test	Results
Failed	0
Passed	8626
Skipped	1569
Total	10195

Steps errors

Expand to view the steps failures

• Name: Make -C filebeat testsuite

  • Description: make -C filebeat testsuite

  • Duration: 6 min 51 sec

  • Start Time: 2020-07-14T06:34:44.572+0000

  • log

• Name: Mage update build test

  • Description: mage update build test

  • Duration: 5 min 46 sec

  • Start Time: 2020-07-14T06:34:33.913+0000

  • log

• Name: Report to Codecov

  • Description: curl -sSLo codecov https://codecov.io/bash for i in auditbeat filebeat heartbeat libbeat metricbeat packetbeat winlogbeat journalbeat do FILE="${i}/build/coverage/full.cov" if [ -f "${FILE}" ]; then bash codecov -f "${FILE}" fi done

  • Duration: 2 min 22 sec

  • Start Time: 2020-07-14T06:43:39.620+0000

  • log

• Name: Make -C libbeat testsuite

  • Description: make -C libbeat testsuite

  • Duration: 8 min 22 sec

  • Start Time: 2020-07-14T06:34:33.482+0000

  • log

• Name: Report to Codecov

  • Description: curl -sSLo codecov https://codecov.io/bash for i in auditbeat filebeat heartbeat libbeat metricbeat packetbeat winlogbeat journalbeat do FILE="${i}/build/coverage/full.cov" if [ -f "${FILE}" ]; then bash codecov -f "${FILE}" fi done

  • Duration: 2 min 22 sec

  • Start Time: 2020-07-14T06:39:12.097+0000

  • log

• Name: Make -C generator/_templates/metricbeat test-package

  • Description: make -C generator/_templates/metricbeat test-package

  • Duration: 7 min 24 sec

  • Start Time: 2020-07-14T06:41:03.297+0000

  • log

Log output

Expand to view the last 100 lines of log output

[2020-07-14T07:20:48.872Z] + [ -f libbeat/build/coverage/full.cov ]
[2020-07-14T07:20:48.872Z] + FILE=metricbeat/build/coverage/full.cov
[2020-07-14T07:20:48.872Z] + [ -f metricbeat/build/coverage/full.cov ]
[2020-07-14T07:20:48.872Z] + FILE=packetbeat/build/coverage/full.cov
[2020-07-14T07:20:48.872Z] + [ -f packetbeat/build/coverage/full.cov ]
[2020-07-14T07:20:48.872Z] + FILE=winlogbeat/build/coverage/full.cov
[2020-07-14T07:20:48.872Z] + [ -f winlogbeat/build/coverage/full.cov ]
[2020-07-14T07:20:48.872Z] + FILE=journalbeat/build/coverage/full.cov
[2020-07-14T07:20:48.872Z] + [ -f journalbeat/build/coverage/full.cov ]
[2020-07-14T07:20:49.410Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19722/src/github.com/elastic/beats
[2020-07-14T07:20:49.717Z] + find . -type f -name TEST*.xml -path */build/* -delete
[2020-07-14T07:20:49.729Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19722/src/github.com/elastic/beats/Lint
[2020-07-14T07:20:49.813Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19722/src/github.com/elastic/beats/Elastic-Agent-Mac-OS-X
[2020-07-14T07:20:49.891Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19722/src/github.com/elastic/beats/Elastic-Agent-x-pack
[2020-07-14T07:20:49.980Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19722/src/github.com/elastic/beats/Filebeat-x-pack-Mac-OS-X
[2020-07-14T07:20:50.069Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19722/src/github.com/elastic/beats/Winlogbeat-oss
[2020-07-14T07:20:50.145Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19722/src/github.com/elastic/beats/Auditbeat-crosscompile
[2020-07-14T07:20:50.224Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19722/src/github.com/elastic/beats/Metricbeat-Mac-OS-X
[2020-07-14T07:20:50.301Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19722/src/github.com/elastic/beats/Dockerlogbeat
[2020-07-14T07:20:50.378Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19722/src/github.com/elastic/beats/Functionbeat-x-pack
[2020-07-14T07:20:50.454Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19722/src/github.com/elastic/beats/Filebeat-Mac-OS-X
[2020-07-14T07:20:50.534Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19722/src/github.com/elastic/beats/Filebeat-x-pack
[2020-07-14T07:20:50.606Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19722/src/github.com/elastic/beats/Journalbeat-oss
[2020-07-14T07:20:50.688Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19722/src/github.com/elastic/beats/Generators-Metricbeat-Linux
[2020-07-14T07:20:50.770Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19722/src/github.com/elastic/beats/Auditbeat-x-pack-Mac-OS-X
[2020-07-14T07:20:50.894Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19722/src/github.com/elastic/beats/Metricbeat-x-pack-Mac-OS-X
[2020-07-14T07:20:50.983Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19722/src/github.com/elastic/beats/Metricbeat-OSS-Unit-tests
[2020-07-14T07:20:51.075Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19722/src/github.com/elastic/beats/Filebeat-oss
[2020-07-14T07:20:51.169Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19722/src/github.com/elastic/beats/Elastic-Agent-x-pack-Windows
[2020-07-14T07:20:51.258Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19722/src/github.com/elastic/beats/Libbeat-oss
[2020-07-14T07:20:51.353Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19722/src/github.com/elastic/beats/Auditbeat-x-pack
[2020-07-14T07:20:51.455Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19722/src/github.com/elastic/beats/Auditbeat-oss-Windows
[2020-07-14T07:20:51.550Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19722/src/github.com/elastic/beats/Heartbeat-oss
[2020-07-14T07:20:51.661Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19722/src/github.com/elastic/beats/Winlogbeat-Windows-x-pack
[2020-07-14T07:20:51.746Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19722/src/github.com/elastic/beats/Filebeat-x-pack-Windows
[2020-07-14T07:20:51.832Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19722/src/github.com/elastic/beats/Auditbeat-x-pack-Windows
[2020-07-14T07:20:51.921Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19722/src/github.com/elastic/beats/Metricbeat-crosscompile
[2020-07-14T07:20:52.013Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19722/src/github.com/elastic/beats/Filebeat-Windows
[2020-07-14T07:20:52.108Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19722/src/github.com/elastic/beats/Auditbeat-oss-Mac-OS-X
[2020-07-14T07:20:52.208Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19722/src/github.com/elastic/beats/Libbeat-x-pack
[2020-07-14T07:20:52.299Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19722/src/github.com/elastic/beats/Winlogbeat-Windows
[2020-07-14T07:20:52.383Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19722/src/github.com/elastic/beats/Packetbeat-oss
[2020-07-14T07:20:52.493Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19722/src/github.com/elastic/beats/Metricbeat-x-pack-Windows
[2020-07-14T07:20:52.581Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19722/src/github.com/elastic/beats/Auditbeat-oss-Linux
[2020-07-14T07:20:52.673Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19722/src/github.com/elastic/beats/Heartbeat-Mac-OS-X
[2020-07-14T07:20:52.753Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19722/src/github.com/elastic/beats/Metricbeat-Windows
[2020-07-14T07:20:52.853Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19722/src/github.com/elastic/beats/Functionbeat-Mac-OS-X-x-pack
[2020-07-14T07:20:52.939Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19722/src/github.com/elastic/beats/Heartbeat-Windows
[2020-07-14T07:20:53.023Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19722/src/github.com/elastic/beats/Functionbeat-Windows
[2020-07-14T07:20:53.114Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19722/src/github.com/elastic/beats/Metricbeat-OSS-Integration-tests
[2020-07-14T07:20:53.227Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19722/src/github.com/elastic/beats/Metricbeat-Python-integration-tests
[2020-07-14T07:20:53.324Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19722/src/github.com/elastic/beats/Metricbeat-x-pack
[2020-07-14T07:20:53.711Z] + cat
[2020-07-14T07:20:53.711Z] + /usr/local/bin/runbld ./runbld-script
[2020-07-14T07:20:53.711Z] Picked up JAVA_TOOL_OPTIONS: -Dfile.encoding=UTF8
[2020-07-14T07:21:00.327Z] runbld>>> runbld started
[2020-07-14T07:21:00.327Z] runbld>>> 1.6.12/f45d832f2ba0aa2722ab4ec1fda8ad140f027f8b
[2020-07-14T07:21:01.709Z] runbld>>> The following profiles matched the job 'Beats/beats/PR-19722' in order of occurrence in the config (last value wins).
[2020-07-14T07:21:03.129Z] runbld>>> Debug logging enabled.
[2020-07-14T07:21:03.129Z] runbld>>> Storing result
[2020-07-14T07:21:03.129Z] runbld>>> Store result: created {:total 2, :successful 2, :failed 0} 1
[2020-07-14T07:21:03.129Z] runbld>>> BUILD: https://c150076387b5421f9154dfbf536e5c60.us-west1.gcp.cloud.es.io:9243/build-1587637540455/t/20200714072102-B82C07C9
[2020-07-14T07:21:03.129Z] runbld>>> Adding system facts.
[2020-07-14T07:21:04.069Z] runbld>>> Adding vcs info for the latest commit:  1e86314fa6649881e9fd75e8eacd7ad872e1ed88
[2020-07-14T07:21:04.069Z] runbld>>> >>>>>>>>>>>> SCRIPT EXECUTION BEGIN >>>>>>>>>>>>
[2020-07-14T07:21:04.069Z] runbld>>> Adding /usr/lib/jvm/java-8-openjdk-amd64/bin to the path.
[2020-07-14T07:21:04.069Z] Processing JUnit reports with runbld...
[2020-07-14T07:21:04.069Z] + echo 'Processing JUnit reports with runbld...'
[2020-07-14T07:21:04.638Z] runbld>>> <<<<<<<<<<<< SCRIPT EXECUTION END <<<<<<<<<<<<
[2020-07-14T07:21:04.638Z] runbld>>> DURATION: 23ms
[2020-07-14T07:21:04.638Z] runbld>>> STDOUT: 40 bytes
[2020-07-14T07:21:04.638Z] runbld>>> STDERR: 49 bytes
[2020-07-14T07:21:04.638Z] runbld>>> WRAPPED PROCESS: SUCCESS (0)
[2020-07-14T07:21:04.638Z] runbld>>> Searching for build metadata in /var/lib/jenkins/workspace/Beats_beats_PR-19722/src/github.com/elastic/beats
[2020-07-14T07:21:05.580Z] runbld>>> Storing build metadata: 
[2020-07-14T07:21:05.580Z] runbld>>> Adding test report.
[2020-07-14T07:21:05.580Z] runbld>>> Searching for junit test output files with the pattern: TEST-.*\.xml$ in: /var/lib/jenkins/workspace/Beats_beats_PR-19722/src/github.com/elastic/beats
[2020-07-14T07:21:06.522Z] runbld>>> Found 111 test output files
[2020-07-14T07:21:06.783Z] runbld>>> No testsuite node found in /var/lib/jenkins/workspace/Beats_beats_PR-19722/src/github.com/elastic/beats/Metricbeat-x-pack/x-pack/metricbeat/build/TEST-go-integration-istio.xml
[2020-07-14T07:21:06.783Z] runbld>>> No testsuite node found in /var/lib/jenkins/workspace/Beats_beats_PR-19722/src/github.com/elastic/beats/Metricbeat-x-pack/x-pack/metricbeat/build/TEST-go-integration-tomcat.xml
[2020-07-14T07:21:06.783Z] runbld>>> No testsuite node found in /var/lib/jenkins/workspace/Beats_beats_PR-19722/src/github.com/elastic/beats/Metricbeat-x-pack/x-pack/metricbeat/build/TEST-go-integration-iis.xml
[2020-07-14T07:21:06.783Z] runbld>>> No testsuite node found in /var/lib/jenkins/workspace/Beats_beats_PR-19722/src/github.com/elastic/beats/Metricbeat-x-pack/x-pack/metricbeat/build/TEST-go-integration-openmetrics.xml
[2020-07-14T07:21:06.783Z] runbld>>> No testsuite node found in /var/lib/jenkins/workspace/Beats_beats_PR-19722/src/github.com/elastic/beats/Metricbeat-x-pack/x-pack/metricbeat/build/TEST-go-integration-activemq.xml
[2020-07-14T07:21:08.162Z] runbld>>> No testsuite node found in /var/lib/jenkins/workspace/Beats_beats_PR-19722/src/github.com/elastic/beats/Metricbeat-OSS-Integration-tests/metricbeat/build/TEST-go-integration-graphite.xml
[2020-07-14T07:21:08.162Z] runbld>>> No testsuite node found in /var/lib/jenkins/workspace/Beats_beats_PR-19722/src/github.com/elastic/beats/Metricbeat-OSS-Integration-tests/metricbeat/build/TEST-go-integration-windows.xml
[2020-07-14T07:21:08.422Z] runbld>>> Test output logs contained: Errors: 0 Failures: 0 Tests: 10049 Skipped: 1331
[2020-07-14T07:21:08.680Z] runbld>>> Storing result
[2020-07-14T07:21:08.680Z] runbld>>> FAILURES: 0
[2020-07-14T07:21:08.680Z] runbld>>> Store result: updated {:total 2, :successful 2, :failed 0} 2
[2020-07-14T07:21:08.680Z] runbld>>> BUILD: https://c150076387b5421f9154dfbf536e5c60.us-west1.gcp.cloud.es.io:9243/build-1587637540455/t/20200714072102-B82C07C9
[2020-07-14T07:21:08.939Z] runbld>>> Email notification disabled by environment variable.
[2020-07-14T07:21:08.939Z] runbld>>> Slack notification disabled by environment variable.
[2020-07-14T07:21:14.458Z] Running on Jenkins in /var/lib/jenkins/workspace/Beats_beats_PR-19722
[2020-07-14T07:21:14.688Z] [INFO] getVaultSecret: Getting secrets
[2020-07-14T07:21:14.761Z] Masking supported pattern matches of $VAULT_ADDR or $VAULT_ROLE_ID or $VAULT_SECRET_ID
[2020-07-14T07:21:15.545Z] + chmod 755 generate-build-data.sh
[2020-07-14T07:21:15.545Z] + ./generate-build-data.sh https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats/PR-19722/ https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats/PR-19722/runs/6 FAILURE 4230373
[2020-07-14T07:21:15.545Z] INFO: curl https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats/PR-19722/runs/6/steps/?limit=10000 -o steps-info.json
[2020-07-14T07:21:17.407Z] INFO: curl https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats/PR-19722/runs/6/tests/?status=FAILED -o tests-errors.json
[2020-07-14T07:21:18.318Z] INFO: curl https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats/PR-19722/runs/6/log/ -o pipeline-log.txt

[blakerouse]

Question about string matching, but overall this looks really good.

[blakerouse]

Is it not possible to unwrap the error and check for the specific error type?

Would prefer that over string matching.

[michalpristas]

i spent some time trying to achieve that but with no luck, took a different path today , fresh mind helped

[blakerouse]

Nice addition on the errors matching, thanks for that!