Merge branch 'main' into dep-enroll-reference

fleetdm · Jul 10, 2024 · 87e221d · 87e221d
2 parents 5b9ff73 + 303c052
commit 87e221d
Show file tree

Hide file tree

Showing 37 changed files with 1,157 additions and 174 deletions.
diff --git a/changes/19789-serial-number--1 b/changes/19789-serial-number--1
@@ -0,0 +1 @@
+When osquery returns a serial number of -1 (default value), we keep the existing serial number in the database.
diff --git a/changes/20150-no-team b/changes/20150-no-team
@@ -0,0 +1 @@
+* Fixed a bug causing "No Team" os versions to display the wrong number
diff --git a/cmd/fleet/serve.go b/cmd/fleet/serve.go
@@ -50,6 +50,7 @@ import (
 	"github.com/fleetdm/fleet/v4/server/pubsub"
 	"github.com/fleetdm/fleet/v4/server/service"
 	"github.com/fleetdm/fleet/v4/server/service/async"
+	"github.com/fleetdm/fleet/v4/server/service/redis_lock"
 	"github.com/fleetdm/fleet/v4/server/service/redis_policy_set"
 	"github.com/fleetdm/fleet/v4/server/sso"
 	"github.com/fleetdm/fleet/v4/server/version"
@@ -691,6 +692,7 @@ the way that the Fleet server works.
 			}
 
 			var softwareInstallStore fleet.SoftwareInstallerStore
+			var distributedLock fleet.Lock
 			if license.IsPremium() {
 				profileMatcher := apple_mdm.NewProfileMatcher(redisPool)
 				if config.S3.SoftwareInstallersBucket != "" {
@@ -718,6 +720,7 @@ the way that the Fleet server works.
 					}
 				}
 
+				distributedLock = redis_lock.NewLock(redisPool)
 				svc, err = eeservice.NewService(
 					svc,
 					ds,
@@ -730,6 +733,7 @@ the way that the Fleet server works.
 					ssoSessionStore,
 					profileMatcher,
 					softwareInstallStore,
+					distributedLock,
 				)
 				if err != nil {
 					initFatal(err, "initial Fleet Premium service")
@@ -870,7 +874,7 @@ the way that the Fleet server works.
 						} else {
 							config.Calendar.Periodicity = 5 * time.Minute
 						}
-						return cron.NewCalendarSchedule(ctx, instanceID, ds, config.Calendar, logger)
+						return cron.NewCalendarSchedule(ctx, instanceID, ds, distributedLock, config.Calendar, logger)
 					},
 				); err != nil {
 					initFatal(err, "failed to register calendar schedule")

diff --git a/cmd/osquery-perf/agent.go b/cmd/osquery-perf/agent.go
@@ -476,6 +476,7 @@ type agent struct {
 	EnrollSecret          string
 	UUID                  string
 	SerialNumber          string
+	defaultSerialProb     float64
 	ConfigInterval        time.Duration
 	LogInterval           time.Duration
 	QueryInterval         time.Duration
@@ -493,6 +494,13 @@ type agent struct {
 	bufferedResults map[resultLog]int
 }
 
+func (a *agent) GetSerialNumber() string {
+	if rand.Float64() <= a.defaultSerialProb {
+		return "-1"
+	}
+	return a.SerialNumber
+}
+
 type entityCount struct {
 	common int
 	unique int
@@ -530,6 +538,7 @@ func newAgent(
 	orbitProb float64,
 	munkiIssueProb float64, munkiIssueCount int,
 	emptySerialProb float64,
+	defaultSerialProb float64,
 	mdmProb float64,
 	mdmSCEPChallenge string,
 	liveQueryFailProb float64,
@@ -608,6 +617,7 @@ func newAgent(
 		MDMCheckInInterval:            mdmCheckInInterval,
 		UUID:                          hostUUID,
 		SerialNumber:                  serialNumber,
+		defaultSerialProb:             defaultSerialProb,
 
 		softwareQueryFailureProb:         softwareQueryFailureProb,
 		softwareVSCodeExtensionsFailProb: softwareVSCodeExtensionsQueryFailureProb,
@@ -2299,8 +2309,10 @@ func main() {
 		munkiIssueCount             = flag.Int("munki_issue_count", 10, "Number of munki issues reported by hosts identified to have munki issues")
 		// E.g. when running with `-host_count=10`, you can set host count for each template the following way:
 		// `-os_templates=windows_11.tmpl:3,macos_14.1.2.tmpl:4,ubuntu_22.04.tmpl:3`
-		osTemplates     = flag.String("os_templates", "macos_14.1.2", fmt.Sprintf("Comma-separated list of host OS templates to use and optionally their host count separated by ':' (any of %v, with or without the .tmpl extension)", allowedTemplateNames))
-		emptySerialProb = flag.Float64("empty_serial_prob", 0.1, "Probability of a host having no serial number [0, 1]")
+		osTemplates       = flag.String("os_templates", "macos_14.1.2", fmt.Sprintf("Comma-separated list of host OS templates to use and optionally their host count separated by ':' (any of %v, with or without the .tmpl extension)", allowedTemplateNames))
+		emptySerialProb   = flag.Float64("empty_serial_prob", 0.1, "Probability of a host having no serial number [0, 1]")
+		defaultSerialProb = flag.Float64("default_serial_prob", 0.05,
+			"Probability of osquery returning a default (-1) serial number. See: #19789")
 
 		mdmProb          = flag.Float64("mdm_prob", 0.0, "Probability of a host enrolling via Fleet MDM (applies for macOS and Windows hosts, implies orbit enrollment on Windows) [0, 1]")
 		mdmSCEPChallenge = flag.String("mdm_scep_challenge", "", "SCEP challenge to use when running macOS MDM enroll")
@@ -2451,6 +2463,7 @@ func main() {
 			*munkiIssueProb,
 			*munkiIssueCount,
 			*emptySerialProb,
+			*defaultSerialProb,
 			*mdmProb,
 			*mdmSCEPChallenge,
 			*liveQueryFailProb,

diff --git a/cmd/osquery-perf/windows_11.tmpl b/cmd/osquery-perf/windows_11.tmpl
@@ -44,7 +44,7 @@
           "cpu_subtype": "-1",
           "cpu_type": "x86_64",
           "hardware_model": "Surface Laptop 2",
-          "hardware_serial": "{{ .SerialNumber }}",
+          "hardware_serial": "{{ .GetSerialNumber }}",
           "hardware_vendor": "Microsoft Corporation",
           "hardware_version": "-1",
           "hostname": "{{ .CachedString "hostname" }}",
@@ -150,7 +150,7 @@
     "cpu_subtype": "-1",
     "cpu_type": "x86_64",
     "hardware_model": "Surface Laptop 2",
-    "hardware_serial": "{{ .SerialNumber }}",
+    "hardware_serial": "{{ .GetSerialNumber }}",
     "hardware_vendor": "Microsoft Corporation",
     "hardware_version": "-1",
     "local_hostname": "{{ .CachedString "hostname" }}",

diff --git a/cmd/osquery-perf/windows_11_22H2_2861.tmpl b/cmd/osquery-perf/windows_11_22H2_2861.tmpl
@@ -44,7 +44,7 @@
           "cpu_subtype": "-1",
           "cpu_type": "x86_64",
           "hardware_model": "Surface Laptop 2",
-          "hardware_serial": "{{ .SerialNumber }}",
+          "hardware_serial": "{{ .GetSerialNumber }}",
           "hardware_vendor": "Microsoft Corporation",
           "hardware_version": "-1",
           "hostname": "{{ .CachedString "hostname" }}",
@@ -150,7 +150,7 @@
     "cpu_subtype": "-1",
     "cpu_type": "x86_64",
     "hardware_model": "Surface Laptop 2",
-    "hardware_serial": "{{ .SerialNumber }}",
+    "hardware_serial": "{{ .GetSerialNumber }}",
     "hardware_vendor": "Microsoft Corporation",
     "hardware_version": "-1",
     "local_hostname": "{{ .CachedString "hostname" }}",

diff --git a/cmd/osquery-perf/windows_11_22H2_3007.tmpl b/cmd/osquery-perf/windows_11_22H2_3007.tmpl
@@ -44,7 +44,7 @@
           "cpu_subtype": "-1",
           "cpu_type": "x86_64",
           "hardware_model": "Surface Laptop 2",
-          "hardware_serial": "{{ .SerialNumber }}",
+          "hardware_serial": "{{ .GetSerialNumber }}",
           "hardware_vendor": "Microsoft Corporation",
           "hardware_version": "-1",
           "hostname": "{{ .CachedString "hostname" }}",
@@ -150,7 +150,7 @@
     "cpu_subtype": "-1",
     "cpu_type": "x86_64",
     "hardware_model": "Surface Laptop 2",
-    "hardware_serial": "{{ .SerialNumber }}",
+    "hardware_serial": "{{ .GetSerialNumber }}",
     "hardware_vendor": "Microsoft Corporation",
     "hardware_version": "-1",
     "local_hostname": "{{ .CachedString "hostname" }}",