fleet icon indicating copy to clipboard operation
fleet copied to clipboard

Published 20 hours ago verified publisher icon fleetdm

only use software collection queries for the approriate distrobutions of Linux

Open kswagler-rh opened this issue 2 years ago • 5 comments

Fleet version: 4.29.1 Operating system: RHEL 8.7

🧑‍💻  Expected behavior

Fleet uses OSQuery to determine which package format table (rpm_packages vs deb_packages) to run on each endpoint.

💥  Actual behavior

When collecting software on Linux endpoints Fleet appears to try and query both rpm_packages and deb_packages. This results in error messages for the opposite packaging manager.

For example on a RHEL endpoint I see.

osqueryd.WARNING.20230516-220048.2565318:E0517 08:59:01.680903 2565457 glog_logger.cpp:26] deb_packages: Failed to open the dpkg database: InvalidAdminDirPath (admindir='/var/lib/dpkg') osqueryd.WARNING.20230516-220048.2565318:E0517 09:19:51.085424 2565457 glog_logger.cpp:26] deb_packages: Failed to open the dpkg database: InvalidAdminDirPath (admindir='/var/lib/dpkg') osqueryd.WARNING.20230516-220048.2565318:E0517 09:40:38.888865 2565457 glog_logger.cpp:26] deb_packages: Failed to open the dpkg database: InvalidAdminDirPath (admindir='/var/lib/dpkg') osqueryd.WARNING.20230516-220048.2565318:E0517 10:01:24.586581 2565457 glog_logger.cpp:26] deb_packages: Failed to open the dpkg database: InvalidAdminDirPath (admindir='/var/lib/dpkg') osqueryd.WARNING.20230516-220048.2565318:E0517 10:22:07.588660 2565457 glog_logger.cpp:26] deb_packages: Failed to open the dpkg database: InvalidAdminDirPath (admindir='/var/lib/dpkg') osqueryd.WARNING.20230516-220048.2565318:E0517 10:42:52.475329 2565457 glog_logger.cpp:26] deb_packages: Failed to open the dpkg database: InvalidAdminDirPath (admindir='/var/lib/dpkg')

👣 Reproduction steps

Enroll a RPM system and watch WARNING log for deb_package errors.

More info

Use the results from os_version to determine which package manager is present on the endpoint and only use that one.

kswagler-rh avatar May 17 '23 14:05 kswagler-rh

@kswagler-rh I apologize for the delay in responding and I thank you for submitting a ticket for this issue.

I was just able to reproduce this locally with a CentOS machine. We'll get this seen by the engineering team and prioritized for a fix.

Reproduce

  • Install a CentOS machine into Fleet.
  • On the CentOS host run tail -f /var/log/messages in a terminal window.
  • Watch the logs for the reported error Failed to open the dpkg database: InvalidAdminDirPath (admindir='var/lib/dpkg')

xpkoala avatar May 24 '23 16:05 xpkoala

https://github.com/osquery/osquery/issues/8055

juan-fdz-hawa avatar Jun 08 '23 15:06 juan-fdz-hawa

This bug has aged out. Moving back to drafting.

lukeheath avatar Aug 01 '23 22:08 lukeheath

Bug has aged out. Moved back to drafting

ireedy avatar Sep 05 '23 14:09 ireedy

https://github.com/osquery/osquery/issues/8055 has been fixed in 5.12.0. Such change fixes the noisy logs in CentOS hosts shown in the description.

PS: As a future optimization Fleet should not send the deb_packages query to CentOS devices.

lucasmrod avatar Mar 04 '24 12:03 lucasmrod