osquery worker doesn't restart plugin

[groob]

I think this is a bug. From the logs:

W0825 12:48:55.290359 106020864 watcher.cpp:286] osqueryd worker (60012): Memory limits exceeded: 209854464
E0825 12:49:09.147480 3033838528 init.cpp:568] Cannot activate kolide_grpc config plugin: Unknown registry plugin: kolide_grpc

Looks like the osqueryd worker was killed because of a memory limit, but it came back up without the extension?
The launcher was running (launchd didn't restart it) but the activity stopped.

Maybe we could do some sort of select 1 query every x seconds? Or a custom healthz table?

[terracatta]

This is critical, while developing practices, I hit different "exceeded" messages and each time launcher failed to restart osqueryd. This is definitely a beta release blocker.

[marpaia]

This is resolved for the short-term. The long-term solution is outlined in #107, so I'm closing this in favor of that issue.

[heywoodlh]

Forgive my noob-ness. I'm fairly new to Kolide Fleet but I am running into this same issue and would really appreciate any help.

Despite the solution outlined in #107 I still seem to be having this issue on my Macbook Pro. I have created an install package for deployment and it seems to work on everyone else's devices except for mine.

I am running MacOS Mojave Beta and I wonder if that is somehow related as all my other coworkers don't seem to be running into this issue with the pkg I have created.

Here is the command I have run (the Fleet instance hostname is not really 'kolide.local', I just changed it so as not to disclose the actual hostname):

/usr/local/launcher/bin/osqueryd --pidfile=/var/launcher/kolide.local-8080/osquery.pid --database_path=/var/launcher/kolide.local-8080/osquery.db --extensions_socket=/var/launcher/kolide.local-8080/osquery.sock --extensions_autoload=/var/launcher/kolide.local-8080/osquery.autoload --config_plugin=kolide_grpc --logger_plugin=kolide_grpc --distributed_plugin=kolide_grpc --disable_distributed=false --distributed_interval=5 --pack_delimiter=: --config_refresh=10 --host_identifier=uuid --force=true --disable_watchdog --utc

The output is such:
E0820 09:06:39.124459 161613184 init.cpp:566] Cannot activate kolide_grpc config plugin: Unknown registry plugin: kolide_grpc

Any help or pointers would be appreciated! Thanks.

[zwass]

@heywoodlh It looks like you have installed Kolide Launcher but are then running osqueryd directly. This isn't the intended use. You should either run Launcher (which will start osqueryd for you), or run osqueryd (with flags not including the extensions autoload).

We can probably help you more effectively if you join us on osquery Slack.

[heywoodlh]

I will get more help on Slack. Thanks for the response!