Fix pending script execution max age when notifying fleetd (#16001)

ee/server/service/scripts.go

@@ -101,6 +101,9 @@ func (svc *Service) RunHostScript(ctx context.Context, request *fleet.HostScript
 		return nil, fleet.NewInvalidArgumentError("host_id", fleet.RunScriptHostOfflineErrMsg)
 	}
 
+	// it is important that the "ignoreOlder" parameter in this call is the same
+	// everywhere (which is here and in the "get orbit config" endpoint to send
+	// the notification of scripts pending execution to the host).
 	pending, err := svc.ds.ListPendingHostScriptExecutions(ctx, request.HostID, scripts.MaxServerWaitTime)
 	if err != nil {
 		return nil, ctxerr.Wrap(ctx, err, "list host pending script executions")

orbit/changes/15947-fix-pending-script-max-age

@@ -0,0 +1 @@
+* Fix the maximum age of a pending script when notifying fleetd of a script to run so that it matches the duration used elsewhere in Fleet.

orbit/cmd/orbit/orbit.go

@@ -1336,6 +1336,7 @@ func getHostInfo(osqueryPath string, osqueryDBPath string) (*osqueryHostInfo, er
 	log.Debug().Str("query", systemQuery).Msg("running single query")
 	out, err := exec.Command(osqueryPath, args...).Output()
 	if err != nil {
+		log.Debug().Str("output", string(out)).Msg("getHostInfo via osquery")
 		return nil, err
 	}
 	var info []osqueryHostInfo

server/fleet/errors.go

@@ -540,8 +540,8 @@ const (
 	RunScriptHostOfflineErrMsg             = "Script can’t run on offline host."
 	RunScriptHostNotFoundErrMsg            = "Host doesn’t exist. Make sure you provide a valid hostname, UUID, osquery host ID, or node key."
 	RunScriptForbiddenErrMsg               = "You don’t have the right permissions in Fleet to run the script."
-	RunScriptAlreadyRunningErrMsg          = "A script is already running on this host. Please wait about 1 minute to let it finish."
-	RunScriptHostTimeoutErrMsg             = "Fleet hasn’t heard from the host in over 1 minute. Fleet doesn’t know if the script ran because the host went offline."
+	RunScriptAlreadyRunningErrMsg          = "A script is already running on this host. Please wait about 5 minutes to let it finish."
+	RunScriptHostTimeoutErrMsg             = "Fleet hasn’t heard from the host in over 5 minutes. Fleet doesn’t know if the script ran because the host went offline."
 	RunScriptScriptsDisabledGloballyErrMsg = "Running scripts is disabled in organization settings."
 	RunScriptScriptTimeoutErrMsg           = "Timeout. Fleet stopped the script after 5 minutes to protect host performance."
 )

server/service/orbit.go

@@ -6,8 +6,8 @@ import (
 	"errors"
 	"fmt"
 	"net/http"
-	"time"
 
+	"github.com/fleetdm/fleet/v4/pkg/scripts"
 	"github.com/fleetdm/fleet/v4/server"
 	"github.com/fleetdm/fleet/v4/server/contexts/ctxerr"
 	hostctx "github.com/fleetdm/fleet/v4/server/contexts/host"
@@ -169,8 +169,6 @@ func getOrbitConfigEndpoint(ctx context.Context, request interface{}, svc fleet.
 }
 
 func (svc *Service) GetOrbitConfig(ctx context.Context) (fleet.OrbitConfig, error) {
-	const pendingScriptMaxAge = time.Minute
-
 	// this is not a user-authenticated endpoint
 	svc.authz.SkipAuthorization(ctx)
 
@@ -230,7 +228,10 @@ func (svc *Service) GetOrbitConfig(ctx context.Context) (fleet.OrbitConfig, erro
 
 	// load the pending script executions for that host
 	if !appConfig.ServerSettings.ScriptsDisabled {
-		pending, err := svc.ds.ListPendingHostScriptExecutions(ctx, host.ID, pendingScriptMaxAge)
+		// it is important that the "ignoreOlder" parameter in this call is the
+		// same everywhere (which is here and in RunScript to check if there is
+		// already a pending script).
+		pending, err := svc.ds.ListPendingHostScriptExecutions(ctx, host.ID, scripts.MaxServerWaitTime)
 		if err != nil {
 			return fleet.OrbitConfig{}, err
 		}