Log osquery version (#1893)

kolide · Oct 21, 2024 · 4ebb37d · 4ebb37d
1 parent 7a40279
commit 4ebb37d
Show file tree

Hide file tree

Showing 10 changed files with 166 additions and 75 deletions.
diff --git a/cmd/launcher/launcher.go b/cmd/launcher/launcher.go
@@ -30,6 +30,7 @@ import (
 	"github.com/kolide/launcher/ee/agent/storage"
 	agentbbolt "github.com/kolide/launcher/ee/agent/storage/bbolt"
 	"github.com/kolide/launcher/ee/agent/timemachine"
+	"github.com/kolide/launcher/ee/agent/types"
 	"github.com/kolide/launcher/ee/control"
 	"github.com/kolide/launcher/ee/control/actionqueue"
 	"github.com/kolide/launcher/ee/control/consumers/acceleratecontrolconsumer"
@@ -194,7 +195,7 @@ func runLauncher(ctx context.Context, cancel func(), multiSlogger, systemMultiSl
 	flagController := flags.NewFlagController(slogger, stores[storage.AgentFlagsStore], fcOpts...)
 	k := knapsack.New(stores, flagController, db, multiSlogger, systemMultiSlogger)
 
-	go runOsqueryVersionCheck(ctx, slogger, k.LatestOsquerydPath(ctx))
+	go runOsqueryVersionCheckAndAddToKnapsack(ctx, slogger, k, k.LatestOsquerydPath(ctx))
 	go timemachine.AddExclusions(ctx, k)
 
 	if k.Debug() && runtime.GOOS != "windows" {
@@ -593,15 +594,10 @@ func writePidFile(path string) error {
 	return nil
 }
 
-// runOsqueryVersionCheck execs the osqueryd binary in the background when we're running
-// on darwin. Operating on our theory that some startup delay issues for osquery might
-// be due to the notarization check taking too long, we execute the binary here ahead
-// of time in the hopes of getting the check out of the way. This is expected to be called
+// runOsqueryVersionCheckAndAddToKnapsack execs the osqueryd binary in the background when we're running
+// on to check the version and save it in the Knapsack. This is expected to be called
 // from a goroutine, and thus does not return an error.
-func runOsqueryVersionCheck(ctx context.Context, slogger *slog.Logger, osquerydPath string) {
-	if runtime.GOOS != "darwin" {
-		return
-	}
+func runOsqueryVersionCheckAndAddToKnapsack(ctx context.Context, slogger *slog.Logger, k types.Knapsack, osquerydPath string) {
 
 	slogger = slogger.With("component", "osquery-version-check")
 
@@ -620,27 +616,25 @@ func runOsqueryVersionCheck(ctx context.Context, slogger *slog.Logger, osquerydP
 	versionCtx, versionCancel := context.WithTimeout(ctx, 30*time.Second)
 	defer versionCancel()
 
-	startTime := time.Now().UnixMilli()
-
 	osqErr := osq.RunVersion(versionCtx)
-	executionTimeMs := time.Now().UnixMilli() - startTime
 	outTrimmed := strings.TrimSpace(output.String())
 
 	if osqErr != nil {
 		slogger.Log(ctx, slog.LevelError,
 			"could not check osqueryd version",
 			"output", outTrimmed,
 			"err", err,
-			"execution_time_ms", executionTimeMs,
 			"osqueryd_path", osquerydPath,
 		)
 		return
 	}
 
+	// log the version to the knappsack
+	k.SetCurrentRunningOsqueryVersion(outTrimmed)
+
 	slogger.Log(ctx, slog.LevelDebug,
 		"checked osqueryd version",
 		"osqueryd_version", outTrimmed,
-		"execution_time_ms", executionTimeMs,
 		"osqueryd_path", osquerydPath,
 	)
 }
diff --git a/ee/agent/flags/flag_controller.go b/ee/agent/flags/flag_controller.go
@@ -420,6 +420,14 @@ func (fc *FlagController) OsqueryTlsDistributedWriteEndpoint() string {
 	return fc.cmdLineOpts.OsqueryTlsDistributedWriteEndpoint
 }
 
+func (fc *FlagController) CurrentRunningOsqueryVersion() string {
+	return NewStringFlagValue(WithDefaultString("")).get(fc.getControlServerValue(keys.CurrentRunningOsqueryVersion))
+}
+
+func (fc *FlagController) SetCurrentRunningOsqueryVersion(osqueryversion string) error {
+	return fc.setControlServerValue(keys.CurrentRunningOsqueryVersion, []byte(osqueryversion))
+}
+
 func (fc *FlagController) SetAutoupdate(enabled bool) error {
 	return fc.setControlServerValue(keys.Autoupdate, boolToBytes(enabled))
 }

diff --git a/ee/agent/flags/keys/keys.go b/ee/agent/flags/keys/keys.go
@@ -57,6 +57,7 @@ const (
 	LocalDevelopmentPath            FlagKey = "localdev_path"
 	LauncherWatchdogEnabled         FlagKey = "launcher_watchdog_enabled" // note that this will only impact windows deployments for now
 	SystrayRestartEnabled           FlagKey = "systray_restart_enabled"
+	CurrentRunningOsqueryVersion    FlagKey = "osquery_version"
 )
 
 func (key FlagKey) String() string {

diff --git a/ee/agent/knapsack/knapsack.go b/ee/agent/knapsack/knapsack.go
@@ -161,7 +161,7 @@ func (k *knapsack) LatestOsquerydPath(ctx context.Context) string {
 	if err != nil {
 		return k.OsquerydPath()
 	}
-
+	k.SetCurrentRunningOsqueryVersion(latestBin.Version)
 	return latestBin.Path
 }
 

diff --git a/ee/agent/types/flags.go b/ee/agent/types/flags.go
@@ -145,6 +145,10 @@ type Flags interface {
 	OsqueryTlsDistributedReadEndpoint() string
 	OsqueryTlsDistributedWriteEndpoint() string
 
+	// Osquery Version is the version of osquery that is being used.
+	SetCurrentRunningOsqueryVersion(version string) error
+	CurrentRunningOsqueryVersion() string
+
 	// Autoupdate enables the autoupdate functionality.
 	SetAutoupdate(enabled bool) error
 	Autoupdate() bool

diff --git a/ee/agent/types/mocks/flags.go b/ee/agent/types/mocks/flags.go