Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Removing osquery-extension #838

Merged
merged 13 commits into from
Jun 28, 2022
Merged

Removing osquery-extension #838

merged 13 commits into from
Jun 28, 2022

Conversation

James-Pickett
Copy link
Contributor

@James-Pickett James-Pickett commented Jun 23, 2022
edited
Loading

Removes the need for an additional osquery-extension.ext file to run launcher. It may have been required in the past in order to force osquery to wait for other extensions to load. However, now we can add the extensions_require flag when launching osquery and it will cause osquery to respect the extensions_timeout flag before loading the rest of the configuration.

Also adds new flag for autoloading extensions.

@James-Pickett James-Pickett changed the title added flags to determine loading of default osquery-extenion.txt Added autoloaded extensions option to launcher flags Jun 23, 2022
directionless
directionless reviewed Jun 23, 2022
View reviewed changes
Copy link
Contributor

@directionless directionless left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So what will actually populate osquery-extension.ext into the options? I had imagined something around

launcher/cmd/launcher/extension.go

Line 215 in fae3d1e

func osqueryRunnerOptions(logger log.Logger, db *bbolt.DB, opts *launcher.Options) ([]runtime.OsqueryInstanceOption, error) {

directionless
directionless reviewed Jun 24, 2022
View reviewed changes
@James-Pickett James-Pickett changed the title Added autoloaded extensions option to launcher flags Removing osquery-extension Jun 27, 2022
@James-Pickett James-Pickett marked this pull request as ready for review June 27, 2022 12:05
directionless
directionless reviewed Jun 27, 2022
View reviewed changes
Copy link
Contributor

@directionless directionless left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is looking pretty nice. Good to remove this stuff.

Could also remove the rosetta install in preinstall-darwin.sh, but probably better in a separate PR.

pkg/osquery/runtime/osqueryinstance.go Outdated
@@ -456,6 +491,7 @@ func (opts *osqueryOptions) createOsquerydCommand(osquerydBinary string, paths *
fmt.Sprintf("--extensions_autoload=%s", paths.extensionAutoloadPath),
"--disable_extensions=false",
"--extensions_timeout=20",
"--extensions_require",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

extensions_require take an argument of which extensions to wait for. Which should probably be set to the union of: autoload, config plugin, logger plugin, distributed plugin

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updated, I should have RTFMed that first. Curious that even passing the option blank caused it to respect the extensions_timeout ... ultimately creating a race condition I suppose. Anyways, I think this is an overall improvement.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would bet there are bugs lurking

directionless
directionless approved these changes Jun 28, 2022
View reviewed changes
Copy link
Contributor

@directionless directionless left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm game for testing this as a nightly!

I don't know if we'll need to exempt tls from the required extensions (and other osquery buildins) But we can test on the nightlies.

@James-Pickett James-Pickett merged commit 6a410b5 into kolide:master Jun 28, 2022
@James-Pickett James-Pickett deleted the james/osquery-extension-removal branch June 28, 2022 14:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@directionless directionless directionless approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@James-Pickett @directionless