From 55a5d070f588b67dc303cac61210d4a9fb6cfb84 Mon Sep 17 00:00:00 2001 From: Ganga Mahesh Siddem Date: Wed, 21 Jul 2021 09:03:01 -0700 Subject: [PATCH 1/3] fix telegraf telemetry and improve fluentd liveness --- build/linux/installer/scripts/livenessprobe.sh | 18 +++++++++++++++++- source/plugins/go/src/oms.go | 2 ++ 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/build/linux/installer/scripts/livenessprobe.sh b/build/linux/installer/scripts/livenessprobe.sh index 252f471e9..8ecb7fe44 100644 --- a/build/linux/installer/scripts/livenessprobe.sh +++ b/build/linux/installer/scripts/livenessprobe.sh @@ -11,13 +11,29 @@ fi #optionally test to exit non zero value if fluentd is not running #fluentd not used in sidecar container -if [ "${CONTAINER_TYPE}" != "PrometheusSidecar" ]; then +if [ "${CONTAINER_TYPE}" != "PrometheusSidecar" ]; then (ps -ef | grep "fluentd" | grep -v "grep") if [ $? -ne 0 ] then echo "fluentd is not running" > /dev/termination-log exit 1 fi + # fluentd launches by default supervisor and worker process + # so adding the liveness checks individually to handle scenario if any of the process dies + # supervisor process + (ps -ef | grep "fluentd" | grep "supervisor" | grep -v "grep") + if [ $? -ne 0 ] + then + echo "fluentd supervisor is not running" > /dev/termination-log + exit 1 + fi + # worker process + (ps -ef | grep "fluentd" | grep -v "supervisor" | grep -v "grep" ) + if [ $? -ne 0 ] + then + echo "fluentd worker is not running" > /dev/termination-log + exit 1 + fi fi #test to exit non zero value if fluentbit is not running diff --git a/source/plugins/go/src/oms.go b/source/plugins/go/src/oms.go index 0761ef664..026d36d6c 100644 --- a/source/plugins/go/src/oms.go +++ b/source/plugins/go/src/oms.go @@ -959,6 +959,7 @@ func PostTelegrafMetricsToLA(telegrafRecords []map[interface{}]interface{}) int if er != nil { Log("Error::mdsd::Failed to write to mdsd %d records after %s. Will retry ... error : %s", len(msgPackEntries), elapsed, er.Error()) + UpdateNumTelegrafMetricsSentTelemetry(0, 1, 0) if MdsdInsightsMetricsMsgpUnixSocketClient != nil { MdsdInsightsMetricsMsgpUnixSocketClient.Close() MdsdInsightsMetricsMsgpUnixSocketClient = nil @@ -970,6 +971,7 @@ func PostTelegrafMetricsToLA(telegrafRecords []map[interface{}]interface{}) int return output.FLB_RETRY } else { numTelegrafMetricsRecords := len(msgPackEntries) + UpdateNumTelegrafMetricsSentTelemetry(numTelegrafMetricsRecords, 0, 0) Log("Success::mdsd::Successfully flushed %d telegraf metrics records that was %d bytes to mdsd in %s ", numTelegrafMetricsRecords, bts, elapsed) } } From 3df15dde3c4260e9b8715f4e74f2af72420c530d Mon Sep 17 00:00:00 2001 From: Ganga Mahesh Siddem Date: Wed, 21 Jul 2021 12:38:50 -0700 Subject: [PATCH 2/3] address identified vuln with libsystemd0 --- kubernetes/linux/setup.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/kubernetes/linux/setup.sh b/kubernetes/linux/setup.sh index 933c14aed..71b4c7526 100644 --- a/kubernetes/linux/setup.sh +++ b/kubernetes/linux/setup.sh @@ -20,6 +20,9 @@ cp -f $TMPDIR/envmdsd /etc/mdsd.d sudo apt-get update sudo apt-get install inotify-tools -y +#upgrade libsystemd0 to address CVE-2021-33910 +apt-get upgrade libsystemd0 -y + #used to parse response of kubelet apis #ref: https://packages.ubuntu.com/search?keywords=jq sudo apt-get install jq=1.5+dfsg-2 -y From 341e3b5b611777133893401a5d8083b9102a8fc5 Mon Sep 17 00:00:00 2001 From: Ganga Mahesh Siddem Date: Thu, 22 Jul 2021 19:17:43 -0700 Subject: [PATCH 3/3] fix exported image file extension --- ...er.windows.official.all_tag.all_phase.all_config.ci_prod.yml | 2 +- .pipelines/pipeline.user.windows.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.pipelines/pipeline.user.windows.official.all_tag.all_phase.all_config.ci_prod.yml b/.pipelines/pipeline.user.windows.official.all_tag.all_phase.all_config.ci_prod.yml index 8462f8e40..8ae069e90 100644 --- a/.pipelines/pipeline.user.windows.official.all_tag.all_phase.all_config.ci_prod.yml +++ b/.pipelines/pipeline.user.windows.official.all_tag.all_phase.all_config.ci_prod.yml @@ -53,4 +53,4 @@ package: repository_name: 'cdpxwin1809' # only supported ones are cdpx acr repos tag: 'win-ciprod' # OPTIONAL: Defaults to latest. The tag for the built image. Final tag will be 1.0.0alpha, 1.0.0-timestamp-commitID. latest: false # OPTIONAL: Defaults to false. If tag is not set to latest and this flag is set, then tag as latest as well and push latest as well. - export_to_artifact_path: 'agentimage.tar.gz' # path for exported image and use this instead of fixed tag + export_to_artifact_path: 'agentimage.tar.zip' # path for exported image and use this instead of fixed tag diff --git a/.pipelines/pipeline.user.windows.yml b/.pipelines/pipeline.user.windows.yml index 1690ad700..82dd30cd0 100644 --- a/.pipelines/pipeline.user.windows.yml +++ b/.pipelines/pipeline.user.windows.yml @@ -53,4 +53,4 @@ package: repository_name: 'cdpxwin1809' # only supported ones are cdpx acr repos tag: 'win-cidev' # OPTIONAL: Defaults to latest. The tag for the built image. Final tag will be 1.0.0alpha, 1.0.0-timestamp-commitID. latest: false # OPTIONAL: Defaults to false. If tag is not set to latest and this flag is set, then tag as latest as well and push latest as well. - export_to_artifact_path: 'agentimage.tar.gz' # path for exported image and use this instead of fixed tag + export_to_artifact_path: 'agentimage.tar.zip' # path for exported image and use this instead of fixed tag