Add integration tests for upgrades that include endpoint security
cmacknz opened this issue · comments
We need to add upgrade integration tests where endpoint security is installed. We need to test both the tamper protected and unprotected cases.
As part of this addition, the logging around forwarding the upgrade action to endpoint needs to be increased to the info level.
There have been several recent cases where tamper protected agent upgrades have failed due to invalid uninstall tokens. The root cause is currently unknown, but missing logging and inadequate automated testing are definitely contributing to these problems.
Pinging @elastic/elastic-agent-control-plane (Team:Elastic-Agent-Control-Plane)
It would also help if Agent logged its PID, at least at startup. We can see in the endpoint logs when Agent disconnects and reconnects, and are logging its PID each time it connects, but right now we have to search for matching Agent logs by timestamp only.
We should do that already, the log lines contain "process.pid":25920
and look like:
{"log.level":"info","@timestamp":"2024-04-16T09:33:06.250Z","log.origin":{"file.name":"cmd/run.go","file.line":155},"message":"Elastic Agent started","log":{"source":"elastic-agent"},"process.pid":25920,"agent.version":"8.11.2","ecs.version":"1.6.0"}