Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remotely enable fleetd debug logging #25897

Open
gillespi314 opened this issue Jan 30, 2025 · 5 comments
Open

Remotely enable fleetd debug logging #25897

gillespi314 opened this issue Jan 30, 2025 · 5 comments
Assignees
@noahtalerman
Labels
customer-eponym #g-mdm MDM product group :product Product Design department (shows up on 🦢 Drafting board) story A user story defining an entire feature

Comments

@gillespi314
Copy link
Contributor

Problem

User story
As a IT admin working to debug issues related to Fleet's agent,
I want to dynamically turn on debug logging for a particular host or team
so that I can obtain critical information and collaborate with Fleet engineers in resolving issues.

What have you tried?

Debug logging for Fleet's agent is controlled by command line flags for the fleetd process. Existing processes require building a new fleetd package with the flag enabled or taking ad hoc actions directly on the host (e.g., modifying launch daemons, restarting the fleetd process with the flag enabled, etc.). The process is further complicated in cases where fleetd is deployed using the fleetd-base package, such as installing fleetd via MDM, and especially so when trying to debug issues involving the macOS setup experience.

Potential solutions

Modify fleetd to allow IT admins to dynamically enable debug logging on already deployed hosts. To accomplish this, a new setting would need to be exposed via UI/API. Some ideas:

  • Per host debug logging:
    • Add "Enable debug logging" to the host actions menu, which would be backed by an API endpoint that could be also by called by IT admins outside of the UI
    • Modify fleetd to look for enable_debug as part of the notifications payload
  • Per team debug logging
    • Add "Enable debug logging" to the team settings, which would be backed by an API endpoint that could be also by called by IT admins outside of the UI; alternatively, this setting could be embedded into agent_options (although IMO it would be more user-friendly as a standalone setting).
    • Modify fleetd to look for enable_debug as part of the notifications (alternatively, agent_options) payload

What is the expected workflow as a result of your proposal?

After enabling the setting as described above, the IT admin would then be able to easily access the enhanced debug logs by querying a host's fleetd_logs table or inspecting the logs directly on the host.
@gillespi314 gillespi314 added #g-mdm MDM product group #g-orchestration Orchestration product group #g-software Software product group :product Product Design department (shows up on 🦢 Drafting board) customer-eponym ~engineering-initiated Engineering-initiated story, such as a bug, refactor, or contributor experience improvement. labels Jan 30, 2025
@gillespi314
Copy link
Contributor Author

Related to #25671

@noahtalerman noahtalerman added Epic DO NOT USE. Auto-created by ZenHub, cannot be disabled. and removed Epic DO NOT USE. Auto-created by ZenHub, cannot be disabled. labels Jan 30, 2025
@noahtalerman
Copy link
Member

Just chatted with @georgekarrv, and we think we need to turn on debug loggin in order to solve eponym's bug.

The plan is to add a new debug_logging agent option which turns on debug logging w/o an agent restart.

Image

Scheduled a special design review tomorrow to update this user story and get it moving.

@noahtalerman noahtalerman added P1 Prioritize as critical story A user story defining an entire feature and removed ~engineering-initiated Engineering-initiated story, such as a bug, refactor, or contributor experience improvement. #g-orchestration Orchestration product group #g-software Software product group labels Jan 30, 2025
@noahtalerman
Copy link
Member

@lukeheath heads up, we have this one P1 because it's blocking a workflow blocking bug: #25671

See the plan/next steps here.

@lukeheath
Copy link
Member

@noahtalerman Makes sense, thanks!

@noahtalerman noahtalerman changed the title Dynamically enable fleetd debug logging Remotely enable fleetd debug logging Jan 31, 2025
@noahtalerman noahtalerman removed the P1 Prioritize as critical label Jan 31, 2025
@noahtalerman noahtalerman self-assigned this Jan 31, 2025
@noahtalerman
Copy link
Member

FYI @lukeheath @georgekarrv I removed P1 for this story but left it on the drafting board (prioritized).

It sounds like we're growing confident we have a fix for customer-eponym's bug. More info here in Slack.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@noahtalerman noahtalerman

Labels
customer-eponym #g-mdm MDM product group :product Product Design department (shows up on 🦢 Drafting board) story A user story defining an entire feature
Milestone
No milestone
Development

No branches or pull requests
3 participants
@lukeheath @noahtalerman @gillespi314