[Kibana] Upgrading Integrations leads to Saved object [tag/security-solution-default] conflict #166798
Comments
matthiasledergerber
added
the
bug
|
Stilla problem in Kibana version: 8.10.2
|
|
I've tried to remove and reinstall the integreation. I can confirm there are no installed integrations of Cisco ASA but it doesnt let me install the integration. Even after uninstalling the integration from fleet (5 Assets were active according to the uninstall dialogue). It seems as integrations are still stuck somehow
After removing the integration it gets reinstalled into random spaces. Sometimes all objects are created, sometimes not. it is tracked as installed again. however i dont have any assets in the space. trying to reinstall the assets leads to the integration being untracked again
However, the cisco asa integration seems to be stable uninstalled. The Cisco Duo integration seems to be stuck worse. Even after removing everything under saved objects it gets reinstalled again and again. The problem is there is no clear indication of what is wrong as the error message seems to be related to an saved object. Somehow the installation seems to be stuck.
Tyring to add a new Cisco Duo Integration leads to
As an user of many Elastic Integrations with multiple Kibana spaces, this feature needs more stability in order to be used reliably in production. |
jughosta
added
the
Team:Fleet
|
Pinging @elastic/fleet (Team:Fleet) |
|
Thanks for the detailed bug report, @matthiasledergerber - I've pulled this onto our bug board internally and we'll get this looked at in short order. @criamico - I think this is also related to the initial change we made in #152814. cc @P1llus as you might have some insight as well. |
|
@kpollich Hmm it should not be directly related but, I remember a longer time ago, dashboards was exported to integrations including even managed tags. Elastic package was fixed later on, but I feel maybe some dashboards still have their references to managed tags? Its not related to our included tags though. |
|
This seems more spaces related? |
|
Yeah I think you're correct about spaces, just wondered if anything stood out about the default security tag we set up. |
|
My guess is that this is related to the following issues:
What I can tell:
|
|
8.10.3 still exists already tried:
|
|
Fix for this is scheduled for 8.12 as of now. |
|
Solution for this issue that randomly reoccurs: Remove the Tags Security Solution from the default space. Interesting to have them used in the default space despite installing the integration in a different space Somehow they are created multiple times, despite deleting them. |
|
Started taking a look at this today. I have some steps to reproduce:
Screen.Recording.2023-11-07.at.2.13.35.PM.movThe root error in the logs is |
|
I think the issue is that the security solution tag ID is not unique across spaces, so when the integration upgrade/reinstall happens in a space that differs from the initial installation we'll see this conflict. If you attempt to install any integration tagged with the security solution tag in another space after the tag was created elsewhere, you'll see this conflict error. The easiest solution for us to move forward here is to create the Security Solution tag in each space where a security solution integration is installed. This is consistent with how we treat other tags (e.g.
The space on the top is the one I installed @P1llus - Right now, we use |
## Summary Fixes #166798 Appends the current space ID to the ID of the security solution tag. Note: If there are integrations suffering from the above bug (might be "stuck" in `installing` status, showing concurrent installation errors, etc), they should be reinstalled via the API in their corresponding space, e.g. ``` # In Kibana dev tools for the space in which the integration is installed POST kbn:/api/fleet/epm/packages/cisco_asa/2.27.1 { "force": true } ``` --------- Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
## Summary Fixes elastic#166798 Appends the current space ID to the ID of the security solution tag. Note: If there are integrations suffering from the above bug (might be "stuck" in `installing` status, showing concurrent installation errors, etc), they should be reinstalled via the API in their corresponding space, e.g. ``` # In Kibana dev tools for the space in which the integration is installed POST kbn:/api/fleet/epm/packages/cisco_asa/2.27.1 { "force": true } ``` --------- Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com> (cherry picked from commit dd2fda2)
…71034) # Backport This will backport the following commits from `main` to `8.11`: - [[Fleet] Append space ID to security solution tag (#170789)](#170789) <!--- Backport version: 8.9.7 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Kyle Pollich","email":"kyle.pollich@elastic.co"},"sourceCommit":{"committedDate":"2023-11-10T16:01:36Z","message":"[Fleet] Append space ID to security solution tag (#170789)\n\n## Summary\r\n\r\nFixes https://github.com/elastic/kibana/issues/166798\r\n\r\nAppends the current space ID to the ID of the security solution tag.\r\n\r\nNote: If there are integrations suffering from the above bug (might be\r\n\"stuck\" in `installing` status, showing concurrent installation errors,\r\netc), they should be reinstalled via the API in their corresponding\r\nspace, e.g.\r\n\r\n```\r\n# In Kibana dev tools for the space in which the integration is installed\r\nPOST kbn:/api/fleet/epm/packages/cisco_asa/2.27.1\r\n{\r\n \"force\": true\r\n}\r\n```\r\n\r\n---------\r\n\r\nCo-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>","sha":"dd2fda271187f718def78002516861736dc48cf7","branchLabelMapping":{"^v8.12.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:fix","Team:Fleet","backport:prev-minor","v8.12.0"],"number":170789,"url":"https://github.com/elastic/kibana/pull/170789","mergeCommit":{"message":"[Fleet] Append space ID to security solution tag (#170789)\n\n## Summary\r\n\r\nFixes https://github.com/elastic/kibana/issues/166798\r\n\r\nAppends the current space ID to the ID of the security solution tag.\r\n\r\nNote: If there are integrations suffering from the above bug (might be\r\n\"stuck\" in `installing` status, showing concurrent installation errors,\r\netc), they should be reinstalled via the API in their corresponding\r\nspace, e.g.\r\n\r\n```\r\n# In Kibana dev tools for the space in which the integration is installed\r\nPOST kbn:/api/fleet/epm/packages/cisco_asa/2.27.1\r\n{\r\n \"force\": true\r\n}\r\n```\r\n\r\n---------\r\n\r\nCo-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>","sha":"dd2fda271187f718def78002516861736dc48cf7"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v8.12.0","labelRegex":"^v8.12.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/170789","number":170789,"mergeCommit":{"message":"[Fleet] Append space ID to security solution tag (#170789)\n\n## Summary\r\n\r\nFixes https://github.com/elastic/kibana/issues/166798\r\n\r\nAppends the current space ID to the ID of the security solution tag.\r\n\r\nNote: If there are integrations suffering from the above bug (might be\r\n\"stuck\" in `installing` status, showing concurrent installation errors,\r\netc), they should be reinstalled via the API in their corresponding\r\nspace, e.g.\r\n\r\n```\r\n# In Kibana dev tools for the space in which the integration is installed\r\nPOST kbn:/api/fleet/epm/packages/cisco_asa/2.27.1\r\n{\r\n \"force\": true\r\n}\r\n```\r\n\r\n---------\r\n\r\nCo-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>","sha":"dd2fda271187f718def78002516861736dc48cf7"}}]}] BACKPORT--> Co-authored-by: Kyle Pollich <kyle.pollich@elastic.co>
Kibana version: 8.10.0
Elasticsearch version: 8.10.0
Server OS version: Debian 12
Browser version: Google Chrome
Original install method (e.g. download page, yum, from source, etc.): apt
Describe the bug:
Upgrading Integrations
leads to Failed to install MISP package.
{"service":{"node":{"roles":["background_tasks","ui"]}},"ecs":{"version":"8.6.1"},"@timestamp":"2023-09-20T10:32:44.309+02:00","message":"Attempt to update the mappings for the logs-bitwarden.collection-default (write_index_only)","log":{"level":"INFO","logger":"plugins.fleet"},"process":{"pid":2729},"trace":{"id":"cf2ef5057f6c48a8c0fea48625676e08"},"transaction":{"id":"a834775bed672c48"}} {"service":{"node":{"roles":["background_tasks","ui"]}},"ecs":{"version":"8.6.1"},"@timestamp":"2023-09-20T10:32:44.309+02:00","message":"Attempt to update the mappings for the logs-bitwarden.group-default (write_index_only)","log":{"level":"INFO","logger":"plugins.fleet"},"process":{"pid":2729},"trace":{"id":"cf2ef5057f6c48a8c0fea48625676e08"},"transaction":{"id":"a834775bed672c48"}} {"service":{"node":{"roles":["background_tasks","ui"]}},"ecs":{"version":"8.6.1"},"@timestamp":"2023-09-20T10:32:44.310+02:00","message":"Attempt to update the mappings for the logs-bitwarden.policy-default (write_index_only)","log":{"level":"INFO","logger":"plugins.fleet"},"process":{"pid":2729},"trace":{"id":"cf2ef5057f6c48a8c0fea48625676e08"},"transaction":{"id":"a834775bed672c48"}} {"service":{"node":{"roles":["background_tasks","ui"]}},"ecs":{"version":"8.6.1"},"@timestamp":"2023-09-20T10:32:44.311+02:00","message":"Attempt to update the mappings for the logs-bitwarden.event-default (write_index_only)","log":{"level":"INFO","logger":"plugins.fleet"},"process":{"pid":2729},"trace":{"id":"cf2ef5057f6c48a8c0fea48625676e08"},"transaction":{"id":"a834775bed672c48"}} {"service":{"node":{"roles":["background_tasks","ui"]}},"ecs":{"version":"8.6.1"},"@timestamp":"2023-09-20T10:32:44.334+02:00","message":"Failure to install package [bitwarden]: [ConcurrentInstallOperationError: Concurrent installation or upgrade of bitwarden-1.4.0 detected, aborting. Original error: Saved object [tag/security-solution-default] conflict]","log":{"level":"WARN","logger":"plugins.fleet"},"process":{"pid":2729},"trace":{"id":"cf2ef5057f6c48a8c0fea48625676e08"},"transaction":{"id":"a834775bed672c48"}}Steps to reproduce:
Expected behavior:
Updates of the Integrations should be possible without error
Screenshots (if relevant):
Any additional context:
Possible Related elastic/integrations#7789
The text was updated successfully, but these errors were encountered: