Now that Mike is not attending all design reviews, we are going to
assign the finished air guitar issue to Noah, and he will bring to a
review session with Mike.
#14779
This PR fixes the deadlock when upserting to `host_batteries`.
Which probably happens because InnoDB uses row-locking.
I was able to reproduce in main with the new test
`TestHosts/ReplaceHostBatteriesDeadlock`.
I refactored `ds.ReplaceHostBatteries` to use the same upsert pattern as
`ds.ReplaceHostDeviceMapping` (given `battery` is assumed to return just
a few rows per host). With such pattern the tests does not fail with
deadlock errors anymore.
Here are some of the techniques MySQL recommends:
https://dev.mysql.com/doc/refman/5.7/en/innodb-deadlocks-handling.html
Basically by changing the upsert pattern the deadlock goes away (It's
hard to know exactly why the original code deadlocks).
Here's the deadlock trace from load test performed in October:
```
2023-10-26T17:19:17.244707Z 0 [Note] [MY-012468] [InnoDB] Transactions deadlock detected, dumping detailed information. (lock0lock.cc:6482)
2023-10-26T17:19:17.244756Z 0 [Note] [MY-012469] [InnoDB] *** (1) TRANSACTION: (lock0lock.cc:6496)
TRANSACTION 3069771944, ACTIVE 0 sec inserting
mysql tables in use 1, locked 1
LOCK WAIT 7 lock struct(s), heap size 1136, 5 row lock(s), undo log entries 1
MySQL thread id 75, OS thread handle 70369297350384, query id 658 10.12.3.201 fleet update
INSERT INTO
host_batteries (
host_id,
serial_number,
cycle_count,
health
)
VALUES
(27472, '0000', 505, 'Good'),(27472, '0001', 730, 'Good')
ON DUPLICATE KEY UPDATE
cycle_count = VALUES(cycle_count),
health = VALUES(health),
updated_at = CURRENT_TIMESTAMP
2023-10-26T17:19:17.244800Z 0 [Note] [MY-012469] [InnoDB] *** (1) HOLDS THE LOCK(S): (lock0lock.cc:6496)
RECORD LOCKS space id 867 page no 320 n bits 280 index PRIMARY of table `fleet`.`host_batteries` trx id 3069771944 lock_mode X locks gap before rec
Record lock, heap no 205 PHYSICAL RECORD: n_fields 9; compact format; info bits 0
0: len 4; hex 00526996; asc Ri ;;
1: len 6; hex 0000b6f900d0; asc ;;
2: len 7; hex 82000033370110; asc 37 ;;
3: len 4; hex 0000d829; asc );;
4: len 4; hex 30303030; asc 0000;;
5: len 4; hex 8000065b; asc [;;
6: len 4; hex 506f6f72; asc Poor;;
7: len 4; hex 653a9f95; asc e: ;;
8: len 4; hex 653a9f95; asc e: ;;
2023-10-26T17:19:17.245027Z 0 [Note] [MY-012469] [InnoDB] *** (1) WAITING FOR THIS LOCK TO BE GRANTED: (lock0lock.cc:6496)
RECORD LOCKS space id 867 page no 320 n bits 280 index PRIMARY of table `fleet`.`host_batteries` trx id 3069771944 lock_mode X locks gap before rec insert intention waiting
Record lock, heap no 205 PHYSICAL RECORD: n_fields 9; compact format; info bits 0
0: len 4; hex 00526996; asc Ri ;;
1: len 6; hex 0000b6f900d0; asc ;;
2: len 7; hex 82000033370110; asc 37 ;;
3: len 4; hex 0000d829; asc );;
4: len 4; hex 30303030; asc 0000;;
5: len 4; hex 8000065b; asc [;;
6: len 4; hex 506f6f72; asc Poor;;
7: len 4; hex 653a9f95; asc e: ;;
2023-10-26T17:19:17.245239Z 0 [Note] [MY-012469] [InnoDB] *** (2) TRANSACTION: (lock0lock.cc:6496)
TRANSACTION 3069771958, ACTIVE 0 sec inserting
mysql tables in use 1, locked 1
LOCK WAIT 7 lock struct(s), heap size 1136, 5 row lock(s), undo log entries 1
MySQL thread id 9, OS thread handle 70369296809712, query id 708 10.12.2.156 fleet update
INSERT INTO
host_batteries (
host_id,
serial_number,
cycle_count,
health
)
VALUES
(59161, '0000', 1384, 'Fair'),(59161, '0001', 396, 'Good')
ON DUPLICATE KEY UPDATE
cycle_count = VALUES(cycle_count),
health = VALUES(health),
updated_at = CURRENT_TIMESTAMP
2023-10-26T17:19:17.245272Z 0 [Note] [MY-012469] [InnoDB] *** (2) HOLDS THE LOCK(S): (lock0lock.cc:6496)
RECORD LOCKS space id 867 page no 320 n bits 280 index PRIMARY of table `fleet`.`host_batteries` trx id 3069771958 lock_mode X locks gap before rec
Record lock, heap no 205 PHYSICAL RECORD: n_fields 9; compact format; info bits 0
0: len 4; hex 00526996; asc Ri ;;
1: len 6; hex 0000b6f900d0; asc ;;
2: len 7; hex 82000033370110; asc 37 ;;
3: len 4; hex 0000d829; asc );;
4: len 4; hex 30303030; asc 0000;;
5: len 4; hex 8000065b; asc [;;
6: len 4; hex 506f6f72; asc Poor;;
7: len 4; hex 653a9f95; asc e: ;;
8: len 4; hex 653a9f95; asc e: ;;
2023-10-26T17:19:17.245504Z 0 [Note] [MY-012469] [InnoDB] *** (2) WAITING FOR THIS LOCK TO BE GRANTED: (lock0lock.cc:6496)
RECORD LOCKS space id 867 page no 320 n bits 280 index PRIMARY of table `fleet`.`host_batteries` trx id 3069771958 lock_mode X locks gap before rec insert intention waiting
Record lock, heap no 205 PHYSICAL RECORD: n_fields 9; compact format; info bits 0
0: len 4; hex 00526996; asc Ri ;;
1: len 6; hex 0000b6f900d0; asc ;;
2: len 7; hex 82000033370110; asc 37 ;;
3: len 4; hex 0000d829; asc );;
4: len 4; hex 30303030; asc 0000;;
5: len 4; hex 8000065b; asc [;;
6: len 4; hex 506f6f72; asc Poor;;
7: len 4; hex 653a9f95; asc e: ;;
8: len 4; hex 653a9f95; asc e: ;;
2023-10-26T17:19:17.245730Z 0 [Note] [MY-012469] [InnoDB] *** WE ROLL BACK TRANSACTION (2) (lock0lock.cc:6496)
```
- [X] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [X] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [X] Added/updated tests
- [X] Manual QA for all new/changed functionality
@lukeheath Could you have a look at the todos in the note? Your call on
when to prioritize these changes, but wanted to get the exceptions
tracked ASAP to stop the sprawl
(i.e. 2 more labels were created this week that don't match the
convention-- addressed separately and not listed here)
Closes: #15415
Changes:
- Updated the documentation and handbook page scripts to navigate users
who visit a URL with a hash link with query parameters attached to the
correct section.
- Remove section about plain osquery and launcher. Using fleetd is best
practice and we want all new Fleet users to follow this best practice.
If they can't we want to learn why.
- Replace "Fleetd configuration options" section with a tip. Easier to
maintain as we add/update flags.
#15168
- [X] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [X] Added/updated tests.
- [X] Manual QA for all new/changed functionality.
The issue can be reproduced by running `osqueryd` with
`--config_plugin=filesystem --config_path=/path/to/config.json`
This means the osquery config is fetched from a file rather than from
Fleet's agent settings.
The `/path/to/config.json` has the agent settings, e.g.:
```
{
"decorators": {
"load": [
"SELECT uuid AS host_uuid FROM system_info;",
"SELECT hostname AS hostname FROM system_info;"
]
},
"options": {
"disable_distributed": false,
"distributed_interval": 10,
"distributed_plugin": "tls",
"distributed_tls_max_attempts": 3,
"logger_tls_endpoint": "/api/osquery/log",
"logger_tls_period": 10,
"pack_delimiter": "/"
},
"schedule": {
"USB devices": {
"query": "SELECT * FROM usb_devices;",
"interval": 15
},
"OS version": {
"query": "SELECT * FROM os_version;",
"interval": 10
}
},
"packs": {
"Elsewhere": {
"queries": {
"Osquery Info": {
"query": "SELECT * FROM osquery_info;",
"interval": 30,
"platform": "",
"version": "",
"snapshot": true
}
}
}
}
}
```
The three queries should be logged to Fleet's configured result logging
destination (default is `filesystem`).
for #15362, this adjusts the query we use to get MDM details for windows
to account for hosts that might have more than one matching value in the
registry for any of the items we query.
Closes: #15255
Changes:
- Added the usage statistics added in
https://github.com/fleetdm/fleet/pull/14216 to the inputs of the
`receive-usage-analytics` webhook.
- Updated the `receive-usage-analytics` webhook to send the new usage
statistics to Datadog.
- Added attributes for the new usage statistics to the
`HistoricalUsageSnapshot` model.
- Removed the `columnName` from the `hostsStatusWebHookEnabled`
attribute of the `HistoricalUsageSnapshot` model, the name of this
column will be changed in the database when the new columns are added to
the databse table.
- Updated the usage statistics documentation to have the new statistics.
This PR requires database migrations. When this is approved and ready to
merge, we will need to:
- [ ] Merge this PR
- [ ] Put fleetdm.com into maintenance mode while the "Deploy Fleet
website" GH action runs.
- [ ] Add the new columns to the database table
- [ ] Change the name of the `hostStatusWebhookEnabled` column to
`hostsStatusWebHookEnabled`
- [ ] Set the default values for the new columns on the existing
records.
- [ ] When the website has finished redeploying, take it out of
maintenance mode.
## Addresses #14970
Command fails for correct reason (no real path provided), instead of
reading it as multiple commands due to line breaks:
<img width="801" alt="Screenshot 2023-11-27 at 4 27 21 PM"
src="https://github.com/fleetdm/fleet/assets/61553566/c30b183a-d8e4-4b90-85be-9097dcd7315c">
- [x] Changes file added for user-visible changes in `changes/`
- [x] Manual QA for all new/changed functionality
---------
Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
relates to #14441
Makes the truncation consistent for the dropdown options on the query
table selector.
- [x] Manual QA for all new/changed functionality
https://github.com/fleetdm/confidential/issues/2118
API doc changes are at: https://github.com/fleetdm/fleet/pull/15092
This change affects Chrome-based and Firefox browsers. I tried Safari,
but it appears that latest Safari extensions simply show up as regular
apps on macOS.
# Checklist for submitter
- [x] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
- Tested detail query changes on macOS, Windows, Ubuntu, and ChromeOS
- Tested Chrome, Edge, Brave, and Firefox browsers
Testing notes:
1. Install some browser extensions.
2. Update fleet to this change.
3. Refresh hosts, and trigger vulnerabilities job (which updates host
software).
4. Do something like `GET
https://localhost:8080/api/v1/fleet/software?query=Password%20Manager`
to see `extension_id` and `browser` for the hosts that have updated.
> Addresses #14851
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Manual QA for all new/changed functionality
---------
Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
for #14426.
In order to prevent import cycles and be able to use some type
definitions/constants I followed the same pattern we did for macOS by
creating a new package named `syncml`. This makes the changelog look
bigger than it actually is, so I split it into two commits to make it
easier to review:
-
[d7c233d](d7c233d54c)
moves the relevant bits to this new package
-
[7531a07](7531a0742b)
implements profile verification
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Documented any permissions changes (docs/Using
Fleet/manage-access.md)
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
