search

threatstack / threatstack-ansible

Ansible for installing Threatstack Agent
https://www.threatstack.com
MIT License
23 stars 17 forks source link

Upgrading from threatstack-agent 1.8->2.2 fails #67

Closed timho-cn closed 3 years ago

timho-cn commented 4 years ago

I am running this ansible-galaxy role against servers that are already running threatstack-agent v1.8.0.0

Here is the ansible output: fatal: [xxxxxxxxxxxxx]: FAILED! => {"changed": false, "cmd": ["tsagent", "setup", "-url", "https://app.threatstack.com", "-deploy-key", "****", "-ruleset", "Base Rule Set,PCI Rule Set"], "delta": "0:00:00.705518", "end": "2020-04-23 22:36:06.062602", "msg": "non-zero return code", "rc": 1, "start": "2020-04-23 22:36:05.357084", "stderr": "", "stderr_lines": [], "stdout": "DEPRECATION: support for single dash flags will be dropped in a future version of tsagent. Please update your usage to specify --deploy-key instead of -deploy-key\nDEPRECATION: support for single dash flags will be dropped in a future version of tsagent. Please update your usage to specify --ruleset instead of -ruleset\nDEPRECATION: support for single dash flags will be dropped in a future version of tsagent. Please update your usage to specify --url instead of -url\nUnable to open agent database. Please stop any running tsagentd processes and try again", "stdout_lines": ["DEPRECATION: support for single dash flags will be dropped in a future version of tsagent. Please update your usage to specify --deploy-key instead of -deploy-key", "DEPRECATION: support for single dash flags will be dropped in a future version of tsagent. Please update your usage to specify --ruleset instead of -ruleset", "DEPRECATION: support for single dash flags will be dropped in a future version of tsagent. Please update your usage to specify --url instead of -url", "Unable to open agent database. Please stop any running tsagentd processes and try again"]}

Seems like when I stop the threatstack service before running the 'Agent setup' task, things work:

- name: Stop tsagent
  service: name=threatstack state=stopped
  when: setup_file.changed or config_file.changed

- name: Agent setup
  command: "{{ setup_string }}"
  register: setup_result
  changed_when: False

Here are the logs from /opt/threatstack/log/tsagent.log {"level":30,"time":"2020-04-23T22:36:05Z","src":"tsagent/main.go:64","msg":"Running command: [tsagent setup -url https://app.threatstack.com -deploy-key xxxx -ruleset xxxxx,xxxxx]","name":"tsagent","hostname":"xxxxxxxxxx","pid":17473,"v":0} {"level":50,"time":"2020-04-23T22:36:05Z","src":"cli/setup.go:159","msg":"Unable to access datastore: Unable to open agent database. Please stop any running tsagentd processes and try again","name":"tsagent","hostname":"xxxxxx","pid":17473,"v":0}

olhado commented 3 years ago

Hi @timho-cn !

Apologies for the lack of response. Upgrading the Threat Stack agent from 1.8 to 2.x is not officially supported. While generally the recommendation is to uninstall and install fresh, going from 1.9 to 2.x is supported. See https://threatstack.zendesk.com/hc/en-us/articles/360027501852 :

Threat Stack recommends uninstalling a 1.x series Agent and installing a 2.x series Agent. However, Threat Stack supports the upgrade path from Agent 1.9 to the Agent 2.x series.

I am going to close this issue, but feel free to reopen or reach out to Threat Stack Support if you believe this is in error.

Thanks!