Fix Teleport re-execs on Managed Updates installations of Teleport#54172
Fix Teleport re-execs on Managed Updates installations of Teleport#54172
Conversation
|
Note: this issue may be less severe than originally triaged. Soft reloads appear to use the latest binary. Unfortunately, that means that soft reload depends on |
hugoShaka
left a comment
hugoShaka
left a comment
There was a problem hiding this comment.
Can you add TODOs on the StableExecutable()calls that should be replaced by /prox/self/exe in the next version?
sclevine
force-pushed
the
sclevine/exec-fix
branch
from
a3f7059 to
9458d18
Compare
|
Note that @hugoShaka discovered that all of these cases are already fixed by calls to |
espadolini
left a comment
espadolini
left a comment
There was a problem hiding this comment.
All of those except the scp one are noops on linux, since we ultimately call reexecCommandOSTweaks on all of them. Even if this is mainly for darwin, wouldn't we actually rather reexecute the exact version of the binary rather than some potentially newer version?
|
The issue is that |
That one is covered also -- the
In all of these cases, yes. I opened this as a temporary patch to fix uses of That said, we will likely need a solution for macOS eventually. One option could be to open an fd to We could wait until we need macOS support before deciding which path to take, or we could merge this sooner to avoid the worst-case scenario moving forward. |
4 participants
As part of #54145, we discovered that when Teleport re-execs itself in various scenarios, it may fail to re-exec if the running version has not been restarted or reloaded recently. This is because
os.Executable()resolves symlinks.For example:
Before update:
/opt/teleport/…/v17.4.1/bin/teleport <- /usr/local/bin
/opt/teleport/…/v17.4.0/bin/teleport
os.Executable will return: /opt/teleport/…/v17.4.1/bin/teleport
After an update without a reload:
/opt/teleport/…/v17.4.2/bin/teleport <- /usr/local/bin
/opt/teleport/…/v17.4.1/bin/teleport
os.Executable will return: /opt/teleport/…/v17.4.1/bin/teleport (outdated)
After another update without a reload:
/opt/teleport/…/v17.4.3/bin/teleport <- /usr/local/bin
/opt/teleport/…/v17.4.2/bin/teleport
os.Executable will return: /opt/teleport/…/v17.4.1/bin/teleport (broken)
Various other failure cases are possible if Managed Updates is enabled/disabled while Teleport is running.
Soft reloads are not impacted, as they exec
teleportoff ofPATH.This PR fixes various problematic uses of
os.Executableby switching toautoupdate.StableExecutable.In a future PR, I will introduce a linter rule to prevent this from happening.
The code base contains many other valid usages of
os.Executable. The only other suspect usage I found was:https://github.com/gravitational/teleport/blob/master/lib/auditd/auditd_linux.go#L208
However, I believe auditd should receive the path to the running binary.
Note that the current behavior has a bug unrelated to Managed Updates: some uses of os.Executable should be execing
/proc/self/exedirectly, to ensure they exec the same binary running in memory, and not an updated version that could be incompatible. This should be addressed separately, to avoid too many changes in one release, and to expedite the above fix.changelog: teleport-update: stabilize binary paths on teleport re-exec
The
teleport-updatebinary is used to enable, disable, and trigger automatic Teleport agent updates. The new Managed Updates system manages a local installation of the cluster-specified version of Teleport stored in/opt/teleport.RFD: #47126
Goal (internal): https://github.com/gravitational/cloud/issues/11856