Enable independent Elastic Agent if root privileges is set to true #1815
Conversation
mrodm
changed the title
…gent.privileges.root is true
| @@ -1,15 +1,17 @@ | |||
| format_version: 1.0.0 | |||
| format_version: 2.12.0 | |||
There was a problem hiding this comment.
Update manifest to add agent.privileges.root key. This package keeps the custom agent (from servicedeployer).
There was a problem hiding this comment.
Ok, looking at this, we can probably remove the custom agent, and the auditd_manager_independent_agent test package.
There was a problem hiding this comment.
I was wondering if we should keep that package to test the scenario of the custom agents. Although, oracle package is still there in this test folder.
If we remove the custom-agent folder of auditd_manager, we should add the settings into the system configuration file at least to add the capabilities required for the process.
There was a problem hiding this comment.
Ok, I guess we can do that. But as you prefer, having both packages also makes sense.
cmd/testrunner.go
Outdated
| } | ||
|
|
||
| runIndependentElasticAgent := false | ||
| // Enable independent agents if package defines that requires root privileges |
There was a problem hiding this comment.
Maybe we can mention here that this is temporary till independent agents are enabled by default.
| @@ -1,15 +1,17 @@ | |||
| format_version: 1.0.0 | |||
| format_version: 2.12.0 | |||
There was a problem hiding this comment.
Ok, looking at this, we can probably remove the custom agent, and the auditd_manager_independent_agent test package.
|
It needs to take into account that if any package contains a folder to deploy a previous "custom agent" ( Updated the description also with this note. |
| elif [ "${PACKAGE_TEST_TYPE:-other}" == "with-logstash" ] && [ "${package_to_test}" == "system_benchmark" ]; then | ||
| elastic-package benchmark system --benchmark logs-benchmark -v --defer-cleanup 1s | ||
| else | ||
| if [[ "${ELASTIC_PACKAGE_TEST_ENABLE_INDEPENDENT_AGENT}" == "false" && "${package_to_test}" == "auditd_manager_independent_agent" ]]; then |
There was a problem hiding this comment.
Umm, this auditd_manager_independent_agent package could be moved out of the with-custom-agent directory, right? And then maybe renamed back to auditd_manager.
There was a problem hiding this comment.
Ok, moving this package out of this folder 👍
The only custom agent that requires root is the one for |
Yes, that will be honored. |
💚 Build Succeeded
History
cc @mrodm |
|
test integrations |
|
Created or updated PR in integrations repository to test this version. Check elastic/integrations#9783 |
Just tested with this PR elastic/integrations#9783
|
3 participants
Relates #787
Closes #1586
This PR allows to spin up new Elastic agents independents from the Elastic Agent run in the stack (from
elastic-package stack upcommand) for testing, if the packages defined in their manifestagent.privileges.rootkey as true.That action can be overwritten if it is needed by setting the ELASTIC_PACKAGE_TEST_ENABLE_INDEPENDENT_AGENT environment variable. This variable has preference over the manifest file.
NOTE: if packages contain a folder to deploy a previous "custom agent" (
_dev/deploy/agent), elastic-package will not create an independent Elastic Agent with User root. In that scenario, elastic-package will still create the previous custom agents.