Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Security Solution][Endpoint] several refactors of CLI tooling and associated common services #169987

Merged
merged 83 commits into from
Nov 13, 2023
Merged
Changes from 1 commit
Commits
Show all changes
83 commits
Select commit Hold shift + click to select a range
89e2425
Added `getMultipassVmCountNotice()` and `generateVmName()` to VM serv…
paul-tavares Oct 25, 2023
d3ad8ff
Create VM and enroll it with Fleet for the agentless integrations
paul-tavares Oct 25, 2023
0a58c61
General improvements + added `setDefaultLogLevelFromCliFlags()` to `c…
paul-tavares Oct 26, 2023
dbd1e2d
Refactor Run Endpoint Agent to use common fleet server service
paul-tavares Oct 26, 2023
a713078
Added support for Vagrant VMs to `createVm()`
paul-tavares Oct 26, 2023
2922b32
Refactor to use `createVm()` and its "client" creators for all types …
paul-tavares Oct 26, 2023
94a9e95
Make the fleet-server updated entry in fleet the default
paul-tavares Oct 26, 2023
2b48205
Enhanced Agent download service to auto-cleanup after each download
paul-tavares Oct 26, 2023
b7b75db
Refactor endpoint host services to use common utilities and remove du…
paul-tavares Oct 26, 2023
9d9a585
use common `startFleetServer()` from endpoint cypress suite
paul-tavares Oct 26, 2023
c12b0ec
Fix bug in vagrant VM creation
paul-tavares Oct 26, 2023
95a3a01
Fix download/extract of agent package for Vagrant VMs
paul-tavares Oct 27, 2023
6d7a4e6
add `getHostVmClient()` to endpoint host services
paul-tavares Oct 27, 2023
0d1bfea
fix `exec()` for Vagrant vms
paul-tavares Oct 27, 2023
6af9982
fix vagrant commands to execute from the vagrantfile directory
paul-tavares Oct 27, 2023
25624ff
more output of vagrant comments for debug
paul-tavares Oct 27, 2023
9ffef2d
add host name to the virutalbox provider
paul-tavares Oct 28, 2023
90ca9f2
revert change to `Vagrantfile`
paul-tavares Oct 30, 2023
4dfc4ae
adjust createVagrantHOstVmClient()
paul-tavares Oct 30, 2023
0103ecd
Merge remote-tracking branch 'upstream/main' into task/olm-scripts-cl…
paul-tavares Oct 30, 2023
09000cb
Merge remote-tracking branch 'upstream/main' into task/olm-scripts-cl…
paul-tavares Nov 1, 2023
be11402
changes mainly for vagrant
paul-tavares Nov 1, 2023
d9cabe8
fix missingg var
paul-tavares Nov 1, 2023
e2c0b11
still trying vagrant command to be successful
paul-tavares Nov 1, 2023
4df5c38
Fix error when checking fleet-server standalone is registered with ES
paul-tavares Nov 1, 2023
722e473
change cypress setup to ensure fleet server is setup and running
paul-tavares Nov 2, 2023
42da572
Merge remote-tracking branch 'upstream/main' into task/olm-scripts-cl…
paul-tavares Nov 2, 2023
96e5e1e
Add setup of fleet to cypress parallel runner based on env. variable
paul-tavares Nov 2, 2023
aa1d3bd
add log entry to start of fleet server
paul-tavares Nov 2, 2023
d39a3a9
set cypress logging level to debug
paul-tavares Nov 2, 2023
277d4cc
add log statements
paul-tavares Nov 2, 2023
8676d1b
ensure fleet server is started on the port defined in the FTR config
paul-tavares Nov 2, 2023
41a2dfc
more debug messages
paul-tavares Nov 2, 2023
5bf5de9
fix log var not being defined
paul-tavares Nov 2, 2023
af18f09
ensure fleet setup api is called prior to creating fleet server
paul-tavares Nov 2, 2023
e1f475b
fix cy task - ensure `null` is returned
paul-tavares Nov 3, 2023
c4371b2
Remove usages that check for `CI` env. and use `getHostVmClient()` in…
paul-tavares Nov 4, 2023
409759c
Merge remote-tracking branch 'upstream/main' into task/olm-scripts-cl…
paul-tavares Nov 6, 2023
343568f
Add ability for `cy.waitUntil()` to also accept a message for logging
paul-tavares Nov 6, 2023
4bffb1c
some additional logging for debug
paul-tavares Nov 6, 2023
0829eef
correct log text
paul-tavares Nov 6, 2023
e1d3f99
adjustments to `waitUntil()`
paul-tavares Nov 7, 2023
ce991fd
added `logger` task ++ remove fleet server setup cy support file
paul-tavares Nov 7, 2023
7eb7126
update tests for tamper protection
paul-tavares Nov 7, 2023
03d99c3
add log of existing agent policies to
paul-tavares Nov 7, 2023
a7dd5d5
more debug changes for osquery
paul-tavares Nov 7, 2023
f0048a6
osquery - again
paul-tavares Nov 7, 2023
d0a1a95
osquery - again
paul-tavares Nov 7, 2023
04098a8
adjust osquery debug data
paul-tavares Nov 7, 2023
4a38d1c
osquery - capture stack of call to create policy
paul-tavares Nov 7, 2023
03dd9b8
osquery: ensure policy names are unique
paul-tavares Nov 7, 2023
a8aa44d
Merge remote-tracking branch 'upstream/main' into task/olm-scripts-cl…
paul-tavares Nov 7, 2023
4d6f50d
Merge branch 'main' into task/olm-scripts-cleanup
paul-tavares Nov 7, 2023
2570cac
Merge branch 'main' into task/olm-scripts-cleanup
paul-tavares Nov 8, 2023
870dba7
Merge remote-tracking branch 'upstream/main' into task/olm-scripts-cl…
paul-tavares Nov 8, 2023
a2c7402
add `stopNow()` to StartedServer type
paul-tavares Nov 8, 2023
355c07d
Change OSQuery to use common methods for starting fleet-server
paul-tavares Nov 8, 2023
a804ddc
removed `fleet_server` from `endpoint_agent_runner` script
paul-tavares Nov 8, 2023
aa28313
remove fleet server cli options from script
paul-tavares Nov 8, 2023
67e6200
remove poc code
paul-tavares Nov 8, 2023
3df1000
increase timeout for waiting on agents to show up in fleet
paul-tavares Nov 9, 2023
2ae9bfd
capture docker container output after start
paul-tavares Nov 9, 2023
7c3f409
run all fleet serer containers flavors with network `elastic`
paul-tavares Nov 9, 2023
2e575fb
add more debug output
paul-tavares Nov 9, 2023
c62087f
fix bug in retrieving fleet server agent version + log where startFle…
paul-tavares Nov 9, 2023
7eafcb2
Osquery: fetch fleet-server URL from stack for enrolling agents via d…
paul-tavares Nov 9, 2023
666100a
add logging to `waitForHostToEnroll()`
paul-tavares Nov 9, 2023
b5d8b7a
OSQuery: revert back policy names
paul-tavares Nov 9, 2023
31ab9d8
Merge remote-tracking branch 'upstream/main' into task/olm-scripts-cl…
paul-tavares Nov 9, 2023
de52d2e
add prefixes to certain ToolingLog instances
paul-tavares Nov 9, 2023
54fe3d0
osquery: reuse policy if it already exists`
paul-tavares Nov 9, 2023
2582027
fix var name
paul-tavares Nov 9, 2023
e50de72
OsQuery: make policy names unique ++ revert changes to creatAgentPoli…
paul-tavares Nov 9, 2023
7e3c7ac
osquery: fix failing tests
paul-tavares Nov 10, 2023
a9c6861
Fix check of fleet server version when running serverless
paul-tavares Nov 10, 2023
894a32a
osQuery: only attempt to cleanup agent policy if we have ID
paul-tavares Nov 10, 2023
d5902da
osquery: ensure fleet server is setup with correct port
paul-tavares Nov 10, 2023
a3da549
Use fleet port number when starting fleet-server
paul-tavares Nov 10, 2023
ffff6d8
set tooling log level back to `info`
paul-tavares Nov 10, 2023
72c4ca6
Merge remote-tracking branch 'upstream/main' into task/olm-scripts-cl…
paul-tavares Nov 10, 2023
ae2e8f6
osQuery: try backout of unique policy name
paul-tavares Nov 12, 2023
790eee9
Merge remote-tracking branch 'upstream/main' into task/olm-scripts-cl…
paul-tavares Nov 12, 2023
20e7851
OSQuery: Revert changes to tests
paul-tavares Nov 12, 2023
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Added support for Vagrant VMs to createVm()
  • Loading branch information
paul-tavares committed Oct 26, 2023
commit a71307853dc5e7819aad522e9016bfe13e5f782d
2 changes: 1 addition & 1 deletion src/dev/precommit_hook/casing_check_config.js
Original file line number Diff line number Diff line change
@@ -44,7 +44,7 @@ export const IGNORE_FILE_GLOBS = [
'packages/kbn-test/jest-preset.js',
'packages/kbn-test/*/jest-preset.js',
'test/package/Vagrantfile',
'x-pack/plugins/security_solution/scripts/endpoint/endpoint_agent_runner/Vagrantfile',
'x-pack/plugins/security_solution/scripts/endpoint/common/vagrant/Vagrantfile',
'**/test/**/fixtures/**/*',

// Required to match the name in the docs.elastic.dev repo.
Original file line number Diff line number Diff line change
@@ -1,3 +1,7 @@
# ------------------------------------------------------------------------------------
# Vagrant setup for running Elastic agent on the created VM.0
# This setup is mostly used for CI runs, since multipass is not used in that env.
# ------------------------------------------------------------------------------------
hostname = ENV["VMNAME"] || 'ubuntu'
cachedAgentSource = ENV["CACHED_AGENT_SOURCE"] || ''
cachedAgentFilename = ENV["CACHED_AGENT_FILENAME"] || ''
Original file line number Diff line number Diff line change
@@ -9,13 +9,15 @@ import type { ToolingLog } from '@kbn/tooling-log';
import execa from 'execa';
import chalk from 'chalk';
import { userInfo } from 'os';
import { resolve, dirname } from 'path';
import type { DownloadedAgentInfo } from './agent_downloads_service';
import { BaseDataGenerator } from '../../../common/endpoint/data_generators/base_data_generator';
import { createToolingLogger } from '../../../common/endpoint/data_loaders/utils';
import type { HostVm, HostVmExecResponse, SupportedVmManager } from './types';

const baseGenerator = new BaseDataGenerator();

interface BaseVmCreateOptions {
export interface BaseVmCreateOptions {
name: string;
/** Number of CPUs */
cpus?: number;
@@ -25,24 +27,21 @@ interface BaseVmCreateOptions {
memory?: string;
}

interface CreateVmOptions extends BaseVmCreateOptions {
/** The type of VM manager to use when creating the VM host */
type: SupportedVmManager;
log?: ToolingLog;
}
type CreateVmOptions = CreateMultipassVmOptions | CreateVagrantVmOptions;

/**
* Creates a new VM
*/
export const createVm = async ({ type, ...options }: CreateVmOptions): Promise<HostVm> => {
if (type === 'multipass') {
export const createVm = async (options: CreateVmOptions): Promise<HostVm> => {
if (options.type === 'multipass') {
return createMultipassVm(options);
}

throw new Error(`VM type ${type} not yet supported`);
return createVagrantVm(options);
};

interface CreateMultipassVmOptions extends BaseVmCreateOptions {
type: SupportedVmManager & 'multipass';
name: string;
log?: ToolingLog;
}
@@ -159,3 +158,136 @@ ${chalk.red('NOTE:')} ${chalk.bold(

return '';
};

interface CreateVagrantVmOptions extends BaseVmCreateOptions {
type: SupportedVmManager & 'vagrant';

name: string;
/**
* The downloaded agent information. The Agent file will be uploaded to the Vagrant VM and
* made available under the default login home directory (`~/agent-filename`)
*/
agentDownload: DownloadedAgentInfo;
/**
* The path to the Vagrantfile to use to provision the VM. Defaults to Vagrantfile under:
* `x-pack/plugins/security_solution/scripts/endpoint/common/vagrant/Vagrantfile`
*/
vagrantFile?: string;
log?: ToolingLog;
}

/**
* Creates a new VM using `vagrant`
*/
const createVagrantVm = async ({
name,
log = createToolingLogger(),
agentDownload: { fullFilePath: agentFullFilePath, filename: agentFileName },
vagrantFile = resolve('../endpoint_agent_runner/Vagrantfile'),
memory,
cpus,
disk,
}: CreateVagrantVmOptions): Promise<HostVm> => {
log.debug(`Using Vagrantfile: ${vagrantFile}`);

const VAGRANT_CWD = dirname(vagrantFile);

// Destroy the VM running (if any) with the provided vagrant file before re-creating it
try {
await execa.command(`vagrant destroy -f`, {
env: {
VAGRANT_CWD,
},
// Only `pipe` STDERR to parent process
stdio: ['inherit', 'inherit', 'pipe'],
});
// eslint-disable-next-line no-empty
} catch (e) {}

if (memory || cpus || disk) {
log.warning(
`cpu, memory and disk options ignored for creation of vm via Vagrant. These should be defined in the Vagrantfile`
);
}

try {
const vagrantUpResponse = (
await execa.command(`vagrant up`, {
env: {
VAGRANT_DISABLE_VBOXSYMLINKCREATE: '1',
VAGRANT_CWD,
VMNAME: name,
CACHED_AGENT_SOURCE: agentFullFilePath,
CACHED_AGENT_FILENAME: agentFileName,
},
// Only `pipe` STDERR to parent process
stdio: ['inherit', 'inherit', 'pipe'],
})
).stdout;

log.debug(`Vagrant up command response: `, vagrantUpResponse);
} catch (e) {
log.error(e);
throw e;
}

return createVagrantHostVmClient(name, log);
};

/**
* Creates a generic interface (`HotVm`) for interacting with a VM creatd by Vagrant
* @param name
* @param log
*/
export const createVagrantHostVmClient = (
name: string,
log: ToolingLog = createToolingLogger()
): HostVm => {
const exec = async (command: string): Promise<HostVmExecResponse> => {
const execResponse = await execa.command(`vagrant ssh ${name} --command="${command}"`);

log.verbose(execResponse);

return {
stdout: execResponse.stdout,
stderr: execResponse.stderr,
exitCode: execResponse.exitCode,
};
};

const destroy = async (): Promise<void> => {
const destroyResponse = await execa.command(`vagrant destroy ${name} -f`, {
// Only `pipe` STDERR to parent process
stdio: ['inherit', 'inherit', 'pipe'],
});

log.verbose(`VM [${name}] was destroyed successfully`, destroyResponse);
};

const info = () => {
return `VM created using Vagrant.
VM Name: ${name}

Shell access: ${chalk.cyan(`vagrant ssh ${name}`)}
Delete VM: ${chalk.cyan(`vagrant destroy ${name} -f`)}
`;
};

const unmount = async (_: string) => {
throw new Error('VM action `unmount`` not currently supported for vagrant');
};

const mount = async (_: string, __: string) => {
throw new Error('VM action `mount` not currently supported for vagrant');
};

return {
type: 'vagrant',
name,
exec,
destroy,
info,
mount,
unmount,
};
};