Osquery checkup returns "failed to run" on Windows even when successful
RebeccaMahany opened this issue · 4 comments
On Windows, doctor output looks like this for the osquery checkup:
Osquery: failed to run: running launcher interactive: running C:\ProgramData\Kolide\Launcher-kolide-k2\data\updates\launcher\1.11.2\launcher.exe interactive: err exit status 1, output +-------+--------------------------------------+--------------------------------------+---------+------------------------------------------+--------------+------------+----------------+--------------+------------+---------+---------------+
| pid | uuid | instance_id | version | config_hash
| config_valid | extensions | build_platform | build_distro | start_time | watcher | platform_mask |
+-------+--------------------------------------+--------------------------------------+---------+------------------------------------------+--------------+------------+----------------+--------------+------------+---------+---------------+
| redacted | redacted | redacted | 5.13.1 | redacted | 1 | active | windows | 10 | 1729106122 | -1 | 2 |
+-------+--------------------------------------+--------------------------------------+---------+------------------------------------------+--------------+------------+----------------+--------------+------------+---------+---------------+
I think the interactive query is running successfully, but then the interactive process remains running, and eventually we hit the timeout?
We did launcher interactive over something like runsimple to test launcher <=> osquery communication, but if there's no other way to fix this, we should just switch to runsimple.
Yeah -- my memory is that we did it this way to test 3 things. (Which is a little clever, but it's a bit of a e2e test)
- Does interactive work?
- Does launcher - osquery socket work?
- Record the output, make sure it finds the right osquery, etc
Of those, I think the first two are more important, and run simple won't test those.
I was thinking that if we're having issues with 2), we'd see that reflected in the logs anyway -- but true re: interactive. I'll see if I can get it figured out!
I assume this is weird fallout from that whole shift to windowsgui
We fixed the timeout issue, but I see a new one on v1.12.3 of launcher -- reopened.