elasticmachine
commented
2 hours ago Pinging @elastic/elastic-agent-control-plane (Team:Elastic-Agent-Control-Plane)
Open cmacknz opened 2 hours ago
elasticmachine
commented
2 hours ago Pinging @elastic/elastic-agent-control-plane (Team:Elastic-Agent-Control-Plane)
Filing a bug from an internal report of this error.
C:\Program Files\Elastic\Agent\fleet.enc: rename C:\ProgramFiles\Elastic\Agent\fleet.enc.tmp C:\ProgramFiles\Elastic\Agent\fleet.enc: Access is deniedhttps://github.com/elastic/elastic-agent-libs/blob/4babafd5ed1e5079acf74212ed3da01740b22de7/file/helper_windows.go#L26-L49
The SafeFileRotate implementation on Windows makes a call to
os.Removethat can fail with an Access is Denied error if a process still has the file open when the removal is attempted. It is unclear what process has the file open, potentially there is AV software performing a periodic scan of the file system.We could add retries like we did for the uninstall command that used to hit this error more frequently: https://github.com/elastic/elastic-agent/blob/30688d4eb86315906ccebb21ff10c945e813ffca/internal/pkg/agent/install/uninstall.go#L246-L253
We could also switch to using Win32 calls directly. Then we could use the MoveFileExA directly with the MoveOnReboot flag. We would have to check what happens if you have multiple moves scheduled on reboot.