Open Borgquite opened 7 months ago
justinytchen
commented
3 months ago This change is probably fine, though do note that our agent doesn't allow for downgrades. The only way to install an earlier version of our agent is by completely uninstalling the current newer version
Borgquite
commented
3 months ago @justinytchen Indeed - what I am warning you about is that the script, as it stands, does attempt to downgrade an later version to whatever is distributed in the deployment share.
The pull request I have created resolves this issue - the script will not attempt to (re)install over the top if the installed version > the deployment script version.
douglasimcabral
commented
1 month ago I have a second point...
If a higher version is already installed and therefore doesn't match, the Network Shared download will occur, generating unnecessary traffic. This is because when proceeding with the installation, it will verify that the version present on the server is newer than the one being installed.
In a recent case, we had over 200 servers downloading the approximately 90MB agent every moment, as they all had the latest version of the Arc agent which had updated automatically. I had to include this change in my script so that the download only occurs when needed.
I recommend including this pull request to optimize the agent download only when necessary.
The script will downgrade an install of Azure Connected Machine Agent to the network share version, preventing updates from taking place.
This could re-open security vulnerabilities per bug report.