launcher runs, instead of immediately shutting down, if it doesn't have an enroll secret
lay groundwork for platform-specific ways of reading the enrollment secret in the future and for exposing enrollment status to localserver
attempt enrollment immediately, before rungroups even start
Details
Before, the osquery extension rungroup could not be created if the enroll secret wasn't present, preventing launcher from starting up at all. Now, if the secret isn't present, launcher will still start, and will just return an empty config to osquery. Whenever the secret becomes available, it will perform enrollment.
I pulled out reading the secret into the knapsack, with the idea being that in the future we could a) expose enrollment status from localserver, and b) have per-platform implementations of this function that would allow us to e.g. read the key from the Windows registry.
This PR also adds an attempt at immediate enrollment in the background, before the rungroups even start. This should hopefully make first-time launcher startup faster.
In here
Force reenrollment and remove access to enrollment secret:
```
sudo launchctl unload /Library/LaunchDaemons/com.kolide-k2.launcher.plist
sudo mv /etc/kolide-k2/secret /etc/kolide-k2/secret.bak
sudo rm -rf /var/kolide-k2/k2device-preprod.kolide.com
sudo mkdir /var/kolide-k2/k2device-preprod.kolide.com
sudo chmod -R 0755 /var/kolide-k2/*
sudo launchctl load /Library/LaunchDaemons/com.kolide-k2.launcher.plist
```
Confirm that launcher starts up and that the osquery process starts up.
Eventually, make the secret available:
```
sudo mv /etc/kolide-k2/secret.bak /etc/kolide-k2/secret
```
Observe launcher immediately complete enrollment.
Changes
Details
Before, the osquery extension rungroup could not be created if the enroll secret wasn't present, preventing launcher from starting up at all. Now, if the secret isn't present, launcher will still start, and will just return an empty config to osquery. Whenever the secret becomes available, it will perform enrollment.
I pulled out reading the secret into the knapsack, with the idea being that in the future we could a) expose enrollment status from localserver, and b) have per-platform implementations of this function that would allow us to e.g. read the key from the Windows registry.
This PR also adds an attempt at immediate enrollment in the background, before the rungroups even start. This should hopefully make first-time launcher startup faster.
Relates to https://github.com/kolide/launcher/issues/1473.
Testing notes
In here
Force reenrollment and remove access to enrollment secret: ``` sudo launchctl unload /Library/LaunchDaemons/com.kolide-k2.launcher.plist sudo mv /etc/kolide-k2/secret /etc/kolide-k2/secret.bak sudo rm -rf /var/kolide-k2/k2device-preprod.kolide.com sudo mkdir /var/kolide-k2/k2device-preprod.kolide.com sudo chmod -R 0755 /var/kolide-k2/* sudo launchctl load /Library/LaunchDaemons/com.kolide-k2.launcher.plist ``` Confirm that launcher starts up and that the osquery process starts up. Eventually, make the secret available: ``` sudo mv /etc/kolide-k2/secret.bak /etc/kolide-k2/secret ``` Observe launcher immediately complete enrollment.