Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Fleet]: Uninstalling the tamper protection agent without Uninstall token shows error. #4255

Closed
harshitgupta-qasource opened this issue Feb 14, 2024 · 10 comments
Closed

[Fleet]: Uninstalling the tamper protection agent without Uninstall token shows error. #4255

harshitgupta-qasource opened this issue Feb 14, 2024 · 10 comments
Labels
bug Something isn't working impact:medium QA:Validated Validated by the QA Team Team:Elastic-Agent-Control-Plane Label for the Agent Control Plane team

Comments

@harshitgupta-qasource
Copy link

Kibana Build details:

VERSION: 8.13.0 SNAPSHOT
BUILD: 70749
COMMIT: a0f4897f7c04069faf2a86dbda1dabea78c161c1

Host OS and Browser version: All, All

Preconditions:

  1. 8.13.0-SNAPSHOT Kibana Cloud environment should be available.
  2. Policy should be created.
  3. Endpoint Security should be added to policy.
  4. Agent Tamper protection toggle should be enabled.

Steps to reproduce:

  1. Navigate to Fleet Tab.
  2. Uninstall the elastic-agent without Uninstall token
  3. Observe that on Uninstalling the tamper protection agent without Uninstall token shows error.

what's working fine.
Able to uninstall the Agent with the help of Uninstall tokens.

Expected:
Uninstalling the tamper protection agent without Uninstall token shouldn't show any error.

Screenshot:

image
@harshitgupta-qasource harshitgupta-qasource added bug Something isn't working Team:Fleet Label for the Fleet team impact:medium labels Feb 14, 2024
@elasticmachine
Copy link
Contributor

Pinging @elastic/fleet (Team:Fleet)

@harshitgupta-qasource
Copy link
Author

@amolnater-qasource Kindly review

@amolnater-qasource
Copy link

Secondary review for this ticket is Done.

@harshitgupta-qasource harshitgupta-qasource added Team:Elastic-Agent-Control-Plane Label for the Agent Control Plane team and removed Team:Fleet Label for the Fleet team labels Feb 14, 2024
@elasticmachine
Copy link
Contributor

Pinging @elastic/elastic-agent-control-plane (Team:Elastic-Agent-Control-Plane)

@cmacknz
Copy link
Member

cmacknz commented Feb 14, 2024

Can you upload diagnostics after this error occurs?

@harshitgupta-qasource
Copy link
Author

Hi @cmacknz

Thanks for looking into this issue.

Kindly find the attached Agent Diagnostic Logs.

Agent Diagnostic Logs
elastic-agent-diagnostics-2024-02-15T06-09-49Z-00.zip

Please let us know if anything else is required from our end.

Thanks!

@cmacknz
Copy link
Member

cmacknz commented Feb 15, 2024

Thanks I see that agent.protection.enabled is true, but I can't see anything else. All the logs were printed to the console.

I think we'd need to see the full uninstall command line and also ideally where you got the uninstall token from.

Agent thinks the uninstall token is invalid, but I can't tell if that is true or not from the diagnostics alone because the token comes from Kibana and isn't available in the agent logs.

@harshitgupta-qasource
Copy link
Author

Hi @cmacknz

We are getting this error when we are not using uninstall token with uninstallation command when agent tamper protection is enabled.
Please find the attached file that includes the agent logs available in VM Console.

Cli.txt

Please let us know if we missed anything.

Thanks!

@cmacknz
Copy link
Member

cmacknz commented Feb 20, 2024

I may be missing something, but getting an error when attempting to uninstall a tamper protected agent without the uninstall token is the correct behavior. The error below is expected in this case:

PS C:\> & 'C:\Program Files\Elastic\Agent\elastic-agent.exe' uninstall
Elastic Agent will be uninstalled from your system at C:\Program Files\Elastic\Agent. Do you want to continue? [Y/n]:Y
[=== ] Failed to uninstall service  [2s] failed to uninstall component "endpoint-default": error uninstalling service: 2024-02-16 05:12:32: error: InstallLib.cpp:1245 Invalid uninstall token: exit status 284
[=   ] Failed to uninstall agent  [3s] Error uninstalling.  Printing logs

@harshitgupta-qasource
Copy link
Author

Thank you for confirming the expected behavior @cmacknz .
Hence we are closing this issue.

@harshitgupta-qasource harshitgupta-qasource added the QA:Validated Validated by the QA Team label Feb 26, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working impact:medium QA:Validated Validated by the QA Team Team:Elastic-Agent-Control-Plane Label for the Agent Control Plane team
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@cmacknz @elasticmachine @amolnater-qasource @harshitgupta-qasource