Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[8.18](backport #42626) Fixing NPCAP install with agentbeat #42731

Merged
merged 7 commits into from
Feb 18, 2025
Merged

[8.18](backport #42626) Fixing NPCAP install with agentbeat #42731

merged 7 commits into from
Feb 18, 2025
+81 −25

Conversation

mergify[bot]
Copy link
Contributor

@mergify mergify bot commented Feb 17, 2025

For this to test properly we need snapshot build (find snapshot for windows in buildkite pipeline artifacts for agentbeat packaging)
For some reason locally built agentbeats do not have an issue.

How to test

spin up Window Server 2022 VM without npcap
use config packetbeat.yml

packetbeat.interfaces.poll_default_route: 1m
packetbeat.interfaces.internal_networks:
  - private

packetbeat.flows:
  timeout: 30s
  period: 10s


packetbeat.protocols:
- type: dhcpv4
  ports: [67, 68]

- type: dns
  ports: [53]

- type: http
  ports: [80, 8080, 8000, 5000, 8002]

- type: tls
  ports:
    - 443   # HTTPS
    - 993   # IMAPS
    - 995   # POP3S
    - 5223  # XMPP over SSL
    - 8443
    - 8883  # Secure MQTT
    - 9243  # Elasticsearch

- type: sip
  ports: [5060]

setup.template.settings:
  index.number_of_shards: 1

setup.kibana: 
output.elasticsearch:
  # Array of hosts to connect to.
  hosts: ["localhost:9200"]

  # Pipeline to route events to protocol pipelines.
  pipeline: "packetbeat-%{[agent.version]}-routing"


processors:
  - # Add forwarded to tags when processing data from a network tap or mirror.
    if.contains.tags: forwarded
    then:
      - drop_fields:
          fields: [host]
    else:
      - add_host_metadata: ~
  - add_cloud_metadata: ~
  - add_docker_metadata: ~
  - detect_mime_type:
      field: http.request.body.content
      target: http.request.mime_type
  - detect_mime_type:
      field: http.response.body.content
      target: http.response.mime_type

run agentbeat packetbeat run -c packetbeat.yml
no error should be present

Closes elastic/elastic-agent#6108

This is an automatic backport of pull request #42626 done by Mergify.

@michalpristas @mergify
Fixing NPCAP install with agentbeat (#42626)
820d2fd 
* test

* run system tests for agentbeat

* run system tests for agentbeat

* test

* Update pipeline.xpack.agentbeat.yml

* reorder

* try 11

* running from pb context

* running from pb context

* running from pb context

* config file

* config file

* test without any

* test updating for os specific config

* force windows

* filesystem does not save files, urgh

* try copy in test binary

* more info to output

* use abs

* pass wd to npcap getter

* fmt

* revert conf dir

* packaging

* Update packetbeat.yml

* Revert "revert conf dir"

This reverts commit 062cad9.

* packaging

(cherry picked from commit 6763697)

# Conflicts:
#	x-pack/packetbeat/magefile.go
#	x-pack/packetbeat/tests/system/app_run_agentbeat_test.go
@mergify mergify bot added backport conflicts There is a conflict in the backported pull request labels Feb 17, 2025
@mergify mergify bot requested review from a team as code owners February 17, 2025 09:07
@mergify mergify bot requested review from faec and leehinman and removed request for a team February 17, 2025 09:07
@mergify Mergify
Copy link
Contributor Author

mergify bot commented Feb 17, 2025

Cherry-pick of 6763697 has failed:

On branch mergify/bp/8.18/pr-42626
Your branch is up to date with 'origin/8.18'.

You are currently cherry-picking commit 67636970b.
  (fix conflicts and run "git cherry-pick --continue")
  (use "git cherry-pick --skip" to skip this patch)
  (use "git cherry-pick --abort" to cancel the cherry-pick operation)

Changes to be committed:
	modified:   .buildkite/x-pack/pipeline.xpack.agentbeat.yml
	modified:   x-pack/agentbeat/magefile.go
	modified:   x-pack/packetbeat/scripts/mage/pcap.go

Unmerged paths:
  (use "git add <file>..." to mark resolution)
	both modified:   x-pack/packetbeat/magefile.go
	both modified:   x-pack/packetbeat/tests/system/app_run_agentbeat_test.go

To fix up this pull request, you can check it out locally. See documentation: https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/checking-out-pull-requests-locally

@botelastic botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label Feb 17, 2025
@github-actions github-actions bot added :Windows Team:Elastic-Agent-Control-Plane Label for the Agent Control Plane team Team:Elastic-Agent-Data-Plane Label for the Agent Data Plane team labels Feb 17, 2025
@elasticmachine
Copy link
Collaborator

Pinging @elastic/elastic-agent-control-plane (Team:Elastic-Agent-Control-Plane)

@elasticmachine
Copy link
Collaborator

Pinging @elastic/elastic-agent-data-plane (Team:Elastic-Agent-Data-Plane)

@botelastic botelastic bot removed the needs_team Indicates that the issue/PR needs a Team:* label label Feb 17, 2025
dliappis
dliappis reviewed Feb 17, 2025
View reviewed changes
.buildkite/x-pack/pipeline.xpack.agentbeat.yml Outdated
- label: ":windows: x-pack/agentbeat: Win 2022 System Tests"
key: "mandatory-win-2022-system-tests"
command: |
# .buildkite/scripts/gcp_auth.ps1
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@michalpristas is this commented out on purpose?
I see the following failure which might be related: https://buildkite.com/elastic/beats-xpack-agentbeat/builds/7836#0195137e-6ead-45f3-8641-1919a716408b/122-130

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes this file is not here, i need to do some other backports and uncomment this

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

backports done, uncommented

@mergify Mergify
Copy link
Contributor Author

mergify bot commented Feb 18, 2025

This pull request is now in conflicts. Could you fix it? 🙏
To fixup this pull request, you can check out it locally. See documentation: https://help.github.com/articles/checking-out-pull-requests-locally/

git fetch upstream
git checkout -b mergify/bp/8.18/pr-42626 upstream/mergify/bp/8.18/pr-42626
git merge upstream/8.18
git push upstream mergify/bp/8.18/pr-42626

dliappis
dliappis approved these changes Feb 18, 2025
View reviewed changes
Copy link
Contributor

@dliappis dliappis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, provided that CI becomes green

@michalpristas michalpristas merged commit 0788ca8 into 8.18 Feb 18, 2025
27 checks passed
@michalpristas michalpristas deleted the mergify/bp/8.18/pr-42626 branch February 18, 2025 12:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@michalpristas michalpristas michalpristas left review comments

@dliappis dliappis dliappis approved these changes

@faec faec Awaiting requested review from faec faec is a code owner automatically assigned from elastic/elastic-agent-data-plane

@leehinman leehinman Awaiting requested review from leehinman leehinman is a code owner automatically assigned from elastic/elastic-agent-data-plane

Assignees

@michalpristas michalpristas

Labels
backport conflicts There is a conflict in the backported pull request Team:Elastic-Agent-Control-Plane Label for the Agent Control Plane team Team:Elastic-Agent-Data-Plane Label for the Agent Data Plane team :Windows
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@elasticmachine @michalpristas @dliappis