Skip to content

Refactor user change on service #8347

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 26 commits into from
Jul 4, 2025
Merged

Refactor user change on service #8347

merged 26 commits into from
Jul 4, 2025

Conversation

@michalpristas
Copy link
Contributor

@michalpristas michalpristas commented Jun 5, 2025
edited
Loading

This PR refactor the way how we do User change during unprivileged and privileged actions.

Pre-PR we removed and reinstalled service again with new user setup.

Post-PR we rewrite service file directly (linux and darwin) or use syscall to change config (windows). Then we restart service.

This reduces window for interrupt.
While pre-PR could leave us without a service, in this case we haven't won entirely. We can end up with broken service when service manager decides config/user is not valid/enabled. This at least leaves a trace in system logs.

Tests covering switch between privilege modes are already present

Closes: #8268

@michalpristas michalpristas self-assigned this Jun 5, 2025
@michalpristas michalpristas requested a review from a team as a code owner June 5, 2025 10:34
@michalpristas michalpristas added the enhancement New feature or request label Jun 5, 2025
@michalpristas michalpristas requested review from kaanyalti and pchila June 5, 2025 10:34
@michalpristas michalpristas added Team:Elastic-Agent-Control-Plane Label for the Agent Control Plane team skip-changelog backport-active-9 Automated backport with mergify to all the active 9.[0-9]+ branches labels Jun 5, 2025
@elasticmachine
Copy link
Collaborator

elasticmachine commented Jun 5, 2025

Pinging @elastic/elastic-agent-control-plane (Team:Elastic-Agent-Control-Plane)

pchila
pchila reviewed Jun 5, 2025
View reviewed changes
@michalpristas michalpristas requested a review from blakerouse June 6, 2025 08:50
@michalpristas
Copy link
Contributor Author

michalpristas commented Jun 9, 2025
edited
Loading

need to figure out some Server vs Home behavior differences

@mergify
Copy link
Contributor

mergify bot commented Jun 18, 2025

This pull request is now in conflicts. Could you fix it? 🙏
To fixup this pull request, you can check out it locally. See documentation: https://help.github.com/articles/checking-out-pull-requests-locally/

git fetch upstream
git checkout -b feat/replace-svc upstream/feat/replace-svc
git merge upstream/main
git push upstream feat/replace-svc

blakerouse
blakerouse approved these changes Jul 3, 2025
View reviewed changes
Copy link
Contributor

@blakerouse blakerouse left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good. Thanks for working through the code review.

@elastic-sonarqube
Copy link

elastic-sonarqube bot commented Jul 4, 2025

Quality Gate failed Quality Gate failed

Failed conditions
34.1% Coverage on New Code (required ≥ 40%)

See analysis details on SonarQube

@elasticmachine
Copy link
Collaborator

elasticmachine commented Jul 4, 2025

💚 Build Succeeded

History

cc @michalpristas

@michalpristas michalpristas merged commit f942cf9 into elastic:main Jul 4, 2025
18 of 19 checks passed
@github-actions
Copy link
Contributor

github-actions bot commented Jul 4, 2025

@Mergifyio backport 9.0 9.1

@mergify
Copy link
Contributor

mergify bot commented Jul 4, 2025
edited
Loading

backport 9.0 9.1

✅ Backports have been created

mergify bot pushed a commit that referenced this pull request Jul 4, 2025
@michalpristas @mergify
Refactor user change on service (#8347)
858f332 
(cherry picked from commit f942cf9)

# Conflicts:
#	NOTICE-fips.txt
#	go.mod
@mergify mergify bot mentioned this pull request Jul 4, 2025
Closed
mergify bot pushed a commit that referenced this pull request Jul 4, 2025
@michalpristas @mergify
Refactor user change on service (#8347)
7330a93 
(cherry picked from commit f942cf9)
@mergify mergify bot mentioned this pull request Jul 4, 2025
Closed
v1v added a commit that referenced this pull request Jul 6, 2025
@v1v
Merge remote-tracking branch 'upstream' into test/oblt-cli-hosted
dcfd799 
* upstream: (39 commits)
  Fix otel extension status reporting (#8696)
  Refactor user change on service (#8347)
  [AutoOps] Add `autoops-es.yml` to Packages (#8728)
  EDOT collector: include the forward connector. (#8753)
  Revert "ci: pin elastic-agent version (#8736)" (#8754)
  bk: retry Start ESS stack for integration tests (#8553)
  Re-enable TestStandaloneUpgradeRollbackOnRestarts on windows (#8718)
  removed reviewers from dependabot.yml (#8709)
  Pass `--header` enrollment option to fleet-server (#8071)
  Add ability for local output configuration to add to policy configuration (#8766)
  Bump up github.com/go-viper/mapstructure/v2 dependency (#8764)
  [Synthetics] Upgrade node to latest lts v20 (#8712)
  [CI] BK Vault plugin for EC access (#8377)
  feat: singleTest mage target for each integration test package (#8691)
  ci: always include 8.19 LTS release branch in snapshots of test versions (#8761)
  build(deps): bump github.com/elastic/mito from 1.19.0 to 1.20.0 (#8755)
  chore: fix elastic-agent helm chart examples (#8765)
  feat: support onboarding-id for kubernetes (#8692)
  [main][Automation] Bump VM Image version to 1751072471 (#8734)
  ci: revert deployment_csp_configuration.yaml to create_deployment_csp_configuration.yaml (#8746)
  ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pchila pchila pchila left review comments

@blakerouse blakerouse blakerouse approved these changes

@kaanyalti kaanyalti Awaiting requested review from kaanyalti kaanyalti is a code owner automatically assigned from elastic/elastic-agent-control-plane

Assignees

@michalpristas michalpristas

Labels

backport-active-9 Automated backport with mergify to all the active 9.[0-9]+ branches enhancement New feature or request skip-changelog Team:Elastic-Agent-Control-Plane Label for the Agent Control Plane team

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Use config replace logic instead of reinstalling service in switch

4 participants

@michalpristas @elasticmachine @blakerouse @pchila