launcher icon indicating copy to clipboard operation
launcher copied to clipboard

Published 20 hours ago verified publisher icon kolide

Launcher is causing duplicate enrollments

Open directionless opened this issue 2 years ago • 1 comments

With the pile of stuff in beta to try addressing enrollment issues, I'm now seeing duplicate enrollments from launcher. Frustrating, I can't see how this was ever supposed to work.

The error manifesting is that if I start launcher up with an existing root directory (eg: contains a populated launcher database), launcher emits an RequestEnrollment, not a RequestConfig. This is because the startup flow is something like:

  1. osquery starts and requests a config refresh
  2. This calls GenerateConfigs
  3. Which immediately calls generateConfigsWithReenroll
  4. Which calls e.serviceClient.RequestConfig, and gets back no config and invalid
  5. That invalid triggers re-enrollment actions.

Digging around a bunch, this appears to be because e.NodeKey is an empty string. Which I think is because it's only set during Enroll, which would have previously happened during the runner startup, but I removed it as superfluous in #819.

If I'm understand this correctly, I sere a pretty simple fix -- We should be setting the node key from the DB during startup. Honestly, this makes more sense anyhow.

directionless avatar Apr 23 '22 20:04 directionless

But there's something I'm not understanding. I have access to the node key from where we create the extension, and from NewExtension, but when I try to access it from Start() it comes up as blank. Which makes me think I'm not understanding something about how the db is managed.

I have a debug branch like https://github.com/kolide/launcher/compare/master...directionless:seph/whyfor-dups and the output seems very odd:

{
  "caller": "extension.go:178",
  "key": "REDACTED",
  "msg": "Initial keyfetch found a key",
  "severity": "debug",
  "ts": "2022-04-23T21:09:25.035007Z"
}
{
  "caller": "extension.go:115",
  "err": null,
  "key": "REDACTED",
  "msg": "createExtensionRuntime keyfetch",
  "severity": "debug",
  "ts": "2022-04-23T21:09:25.035154Z"
}
{
  "caller": "extension.go:174",
  "err": null,
  "key": "",
  "msg": "actor execute keyfetch",
  "severity": "debug",
  "ts": "2022-04-23T21:09:25.501945Z"
}
{
  "caller": "extension.go:216",
  "msg": "Start keyfetch no key. Probably first enroll",
  "severity": "debug",
  "ts": "2022-04-23T21:09:25.515499Z"
}

directionless avatar Apr 23 '22 21:04 directionless

I'm going to close this. The enrollment stuff is undoing changes

directionless avatar Feb 14 '24 20:02 directionless