Fleet check-in should send policy_id and revision #6446
Description
Overview
Currently when the Elastic Agent checks-in with Fleet Server it doesn't send the policy_id or revision of the policy that it is currently running. The Fleet Server stores this information by the fact that the Elastic Agent ACK'd the policy change notification, but there are many cases where this could be come out of sync.
VM Snapshot
- VM is snapshotted
- new policy revision occurs
- ACK'd by Elastic Agent (stored new revision in Fleet)
- VM is rolled back
Now the running Elastic Agent policy is the old version, but to Fleet it is the new version.
Bad Error Case
This is just a weird case but a coding issue could result in this problem.
- New revision is sent to Elastic Agent
- Policy failed to be saved to disk (could be coding issue or just with filesystem problem)
- policy revision is ACK'd anyway (shouldn't happen, but if it does...)
Elastic Agent is now running old version of policy but Fleet Server believes that its the new revision
Backup/restore of fleet.enc
In the case of backup/restore of fleet.enc.
fleet.encis backed up- new policy revision occurs
- ACK'd by Elastic Agent (stored new revision in Fleet)
fleet.encis replaced with backup from 1- Elastic Agent restarted
Elastic Agent is now running old version of policy but Fleet Server believes that its the new revision
How to solve it?
Upon check-in the Elastic Agent should be sending its current policy ID and revision. That is then compared to what Fleet Server expects and if it is not correct then it sends the correct policy.
Activity