Auto-assessment (#75)

Author: kjohn-msft

.gitignore

@@ -135,3 +135,4 @@ dmypy.json
 
 # Linux Patch Extension specific
 /src/core/tests/scratch/
+/src/extension/tests/MsftLinuxPatchAutoAssess.sh

CONTRIBUTING.md

@@ -76,5 +76,3 @@ Ubuntu Server | 16.04-LTS, 18.04-LTS, 20.04-LTS
 Red Hat Enterprise Linux | 6 (x86/x64), 7 (x64), 8 (x64)
 CentOS | 6 (x86/x64), 7 (x64), 8 (x64)
 SUSE Linux Enterprise Server | 11 (x86/x64), 12 (x64), 15 (x64)
-
-NOTE: Code is pending validation on Ubuntu Server 20.04-LTS, Red Hat Enterprise Linux 8 (x64), CentOS 8 (x64), SUSE Linux Enterprise Server 15 (x64), but will be supported when done.

README.md

@@ -13,7 +13,7 @@ and resiliency standards are met.
 
 Configurations expected in the request:
 
-* `operation`: the operation expected to occur (Assessment/Installation/NoOperation). 
+* `operation`: the operation expected to occur (Assessment/Installation/ConfigurePatching/NoOperation). 
 NoOperation can be used to cancel an ongoing assess or patch operation. (**required for all 3 operations**) 
 * `activityId`: GUID used to track the operation end to end (**required for all 3 operations**) 
 * `startTime`: the expected start time of the operation in UTC (**required for all 3 operations**)
@@ -25,20 +25,27 @@ NoOperation can be used to cancel an ongoing assess or patch operation. (**requi
 (**optional for all operations**)
 * `patchesToExclude`: packages to exclude during the operation. Package names and versions are supported (both with wildcards) 
 (**optional for all operations**)
-* `patchMode`: is a setting that will be used to configure the automatic update by OS. Acceptable values: "ImageDefault" or "AutomaticByPlatform"
+* `patchMode`: is the setting used to configure the automatic update by OS. Acceptable values: "ImageDefault" or "AutomaticByPlatform"
+* `assessmentMode`: is the setting used to configure automatic assessment if desired. Acceptable values: "ImageDefault" or "AutomaticByPlatform"
+* `maximumAssessmentInterval`: the expected maximum time interval expected between automatic assessments, if configured.
 
 > Example:
 >
 > ```json
 > {
 >   "operation": "Assessment",
->   "activityId": "1612-2327-1334-23245-32112",
->   "startTime": "2019-09-26T23:37:14Z",
+>   "activityId": "def820db-ec3c-4ecd-9d6c-cb95e6fd5231",
+>   "startTime": "2021-08-10T23:37:14Z",
 >   "maximumDuration": "PT2H",
 >   "rebootSetting": "IfRequired",
 >   "classificationsToInclude":["Critical","Security"],
 >   "patchesToInclude": ["mysql-server", "snapd"],
->   "patchesToExclude": ["kernel*"]
+>   "patchesToExclude": ["kernel*"],
+>   "internalSettings": "test",
+>   "maintenanceRunId": "2021-08-10T12:12:14Z",
+>   "patchMode": "AutomaticByPlatform",
+>   "assessmentMode": "AutomaticByPlatform",
+>   "maximumAssessmentInterval": "PT3H"
 > }
 > ```
 
@@ -56,11 +63,11 @@ and add this file into the configFolder path from HandlerEnvironment.json
 
 ## 3. Troubleshooting
 
-Within Azure VM, you can find logs/config files at these locations:
+Within your Azure VM, you can find logs/config files at these locations:
 
 * Agent log: `/var/log/waagent.log`
-* Extension logs: `under /var/log/azure/Microsoft.CPlat.Core.Edp.LinuxPatchExtension/`
-* Other Extension files (such as status blob, config file, etc): `/var/lib/waagent/Microsoft.CPlat.Core.Edp.LinuxPatchExtension-<version>/`
+* Extension logs: `under /var/log/azure/Microsoft.CPlat.Core.LinuxPatchExtension/`
+* Other Extension files (such as status blob, config file, etc): `/var/lib/waagent/Microsoft.CPlat.Core.LinuxPatchExtension-<version>/`
 
 Please open an issue on this GitHub repository if you encounter problems that
 you could not debug with these log files.

src/core/src/CoreMain.py

@@ -33,7 +33,6 @@ def __init__(self, argv):
         patch_operation_requested = Constants.UNKNOWN
         configure_patching_successful = False
         patch_assessment_successful = False
-        patch_installation_successful = False
         overall_patch_installation_operation_successful = False
 
         try:
@@ -65,9 +64,11 @@ def __init__(self, argv):
             package_manager = container.get('package_manager')
             configure_patching_processor = container.get('configure_patching_processor')
 
-            configure_patching_successful = configure_patching_processor.start_configure_patching()
+            # Configure patching always runs first, except if it's AUTO_ASSESSMENT
+            if patch_operation_requested != Constants.AUTO_ASSESSMENT.lower():
+                configure_patching_successful = configure_patching_processor.start_configure_patching()
 
-            # Assessment happens if operation requested is not Configure Patching
+            # Assessment happens if operation requested is not Configure Patching [i.e. AUTO_ASSESSMENT, ASSESSMENT, INSTALLATION]
             if patch_operation_requested != Constants.CONFIGURE_PATCHING.lower():
                 patch_assessment_successful = patch_assessor.start_assessment()
 

src/core/src/bootstrap/Bootstrapper.py

@@ -43,6 +43,7 @@ def __init__(self, argv, capture_stdout=True):
         self.env_layer = self.container.get('env_layer')
 
         # Logging initializations
+        self.reset_auto_assessment_log_file_if_needed()
         self.file_logger = self.container.get('file_logger')
         if capture_stdout:
             self.stdout_file_mirror = StdOutFileMirror(self.env_layer, self.file_logger)
@@ -67,11 +68,18 @@ def get_path_to_log_files_and_telemetry_dir(self, argv):
         sequence_number = self.get_value_from_argv(argv, Constants.ARG_SEQUENCE_NUMBER)
         environment_settings = json.loads(base64.b64decode(self.get_value_from_argv(argv, Constants.ARG_ENVIRONMENT_SETTINGS).replace("b\'", "")))
         log_folder = environment_settings[Constants.EnvSettings.LOG_FOLDER]  # can throw exception and that's okay (since we can't recover from this)
-        log_file_path = os.path.join(log_folder, str(sequence_number) + ".core.log")
-        real_rec_path = os.path.join(log_folder, str(sequence_number) + ".core.rec")
+        exec_demarcator = ".aa" if bool(self.get_value_from_argv(argv, Constants.ARG_AUTO_ASSESS_ONLY, False)) else ""
+        log_file_path = os.path.join(log_folder, str(sequence_number) + exec_demarcator + ".core.log")
+        real_rec_path = os.path.join(log_folder, str(sequence_number) + exec_demarcator + ".core.rec")
         events_folder = environment_settings[Constants.EnvSettings.EVENTS_FOLDER]  # can throw exception and that's okay (since we can't recover from this)
         return log_file_path, real_rec_path, events_folder
 
+    def reset_auto_assessment_log_file_if_needed(self):
+        """ Deletes the auto assessment log file when needed to prevent excessive growth """
+        if bool(self.get_value_from_argv(self.argv, Constants.ARG_AUTO_ASSESS_ONLY, False)) and os.path.exists(self.log_file_path) \
+                and os.path.getsize(self.log_file_path) > Constants.MAX_AUTO_ASSESSMENT_LOGFILE_SIZE_IN_BYTES:
+            os.remove(self.log_file_path)
+
     def get_recorder_emulator_flags(self, argv):
         """ Determines if the recorder or emulator flags need to be changed from the defaults """
         recorder_enabled = False
@@ -84,13 +92,17 @@ def get_recorder_emulator_flags(self, argv):
         return recorder_enabled, emulator_enabled
 
     @staticmethod
-    def get_value_from_argv(argv, key):
+    def get_value_from_argv(argv, key, default_value=Constants.DEFAULT_UNSPECIFIED_VALUE):
         """ Discovers the value assigned to a given key based on the core contract on arguments """
         for x in range(1, len(argv)):
             if x % 2 == 1:  # key checker
                 if str(argv[x]).lower() == key.lower() and x < len(argv):
                     return str(argv[x+1])
-        raise Exception("Unable to find key {0} in core arguments: {1}.".format(key, str(argv)))
+
+        if default_value == Constants.DEFAULT_UNSPECIFIED_VALUE:
+            raise Exception("Unable to find key {0} in core arguments: {1}.".format(key, str(argv)))
+        else:
+            return default_value
 
     def build_out_container(self):
         # First output in a positive bootstrap
@@ -152,7 +164,7 @@ def check_sudo_status(self, raise_if_not_sudo=True):
                 raise Exception("Unexpected sudo check result. Output: " + " ".join(output.split("\n")))
         except Exception as exception:
             self.composite_logger.log_error("Sudo status check failed. Please ensure the computer is configured correctly for sudo invocation. " +
-                  "Exception details: " + str(exception))
+                                            "Exception details: " + str(exception))
             if raise_if_not_sudo:
                 raise
 

src/core/src/bootstrap/ConfigurationFactory.py

@@ -28,6 +28,10 @@
 from core.src.core_logic.PatchAssessor import PatchAssessor
 from core.src.core_logic.PatchInstaller import PatchInstaller
 
+from core.src.core_logic.ServiceManager import ServiceManager
+from core.src.core_logic.ServiceManager import ServiceInfo
+from core.src.core_logic.TimerManager import TimerManager
+
 from core.src.local_loggers.FileLogger import FileLogger
 from core.src.local_loggers.CompositeLogger import CompositeLogger
 
@@ -191,9 +195,28 @@ def new_prod_configuration(self, package_manager_name, package_manager_component
                 'component_args': ['env_layer', 'execution_config', 'composite_logger', 'telemetry_writer', 'status_handler', 'lifecycle_manager', 'package_manager', 'package_filter', 'maintenance_window', 'reboot_manager'],
                 'component_kwargs': {}
             },
+            'service_info': {
+                'component': ServiceInfo,
+                'component_args': [],
+                'component_kwargs': {
+                    'service_name': Constants.AUTO_ASSESSMENT_SERVICE_NAME,
+                    'service_desc': Constants.AUTO_ASSESSMENT_SERVICE_DESC,
+                    'service_exec_path': os.path.join(os.path.dirname(os.path.realpath(__file__)), Constants.CORE_AUTO_ASSESS_SH_FILE_NAME)
+                }
+            },
+            'auto_assess_service_manager': {
+                'component': ServiceManager,
+                'component_args': ['env_layer', 'execution_config', 'composite_logger', 'telemetry_writer', 'service_info'],
+                'component_kwargs': {}
+            },
+            'auto_assess_timer_manager': {
+                'component': TimerManager,
+                'component_args': ['env_layer', 'execution_config', 'composite_logger', 'telemetry_writer', 'service_info'],
+                'component_kwargs': {}
+            },
             'configure_patching_processor': {
                 'component': ConfigurePatchingProcessor,
-                'component_args': ['env_layer', 'execution_config', 'composite_logger', 'telemetry_writer', 'status_handler', 'package_manager'],
+                'component_args': ['env_layer', 'execution_config', 'composite_logger', 'telemetry_writer', 'status_handler', 'package_manager', 'auto_assess_service_manager', 'auto_assess_timer_manager'],
                 'component_kwargs': {}
             },
             'maintenance_window': {

src/core/src/bootstrap/Constants.py

@@ -42,10 +42,17 @@ def __iter__(self):
     ARG_SEQUENCE_NUMBER = '-sequenceNumber'
     ARG_ENVIRONMENT_SETTINGS = "-environmentSettings"
     ARG_CONFIG_SETTINGS = "-configSettings"
+    ARG_AUTO_ASSESS_ONLY = "-autoAssessOnly"
     ARG_PROTECTED_CONFIG_SETTINGS = "-protectedConfigSettings"
     ARG_INTERNAL_RECORDER_ENABLED = "-recorderEnabled"
     ARG_INTERNAL_EMULATOR_ENABLED = "-emulatorEnabled"
 
+    # Max values
+    MAX_AUTO_ASSESSMENT_LOGFILE_SIZE_IN_BYTES = 5*1024*1024
+
+    class Paths(EnumBackport):
+        SYSTEMD_ROOT = "etc/systemd/system/"
+
     class EnvSettings(EnumBackport):
         LOG_FOLDER = "logFolder"
         CONFIG_FOLDER = "configFolder"
@@ -63,14 +70,23 @@ class ConfigSettings(EnumBackport):
         PATCHES_TO_EXCLUDE = 'patchesToExclude'
         MAINTENANCE_RUN_ID = 'maintenanceRunId'
         PATCH_MODE = 'patchMode'
+        ASSESSMENT_MODE = 'assessmentMode'
+        MAXIMUM_ASSESSMENT_INTERVAL = 'maximumAssessmentInterval'
 
     # File to save default settings for auto OS updates
     IMAGE_DEFAULT_PATCH_CONFIGURATION_BACKUP_PATH = "ImageDefaultPatchConfiguration.bak"
 
+    # Auto assessment shell script name
+    CORE_AUTO_ASSESS_SH_FILE_NAME = "MsftLinuxPatchAutoAssess.sh"
+    AUTO_ASSESSMENT_SERVICE_NAME = "MsftLinuxPatchAutoAssess"
+    AUTO_ASSESSMENT_SERVICE_DESC = "Microsoft Azure Linux Patch Extension - Auto Assessment"
+
     # Operations
+    AUTO_ASSESSMENT = 'AutoAssessment'
     ASSESSMENT = "Assessment"
     INSTALLATION = "Installation"
     CONFIGURE_PATCHING = "ConfigurePatching"
+    CONFIGURE_PATCHING_AUTO_ASSESSMENT = "ConfigurePatching_AutoAssessment"     # only used internally
     PATCH_ASSESSMENT_SUMMARY = "PatchAssessmentSummary"
     PATCH_INSTALLATION_SUMMARY = "PatchInstallationSummary"
     PATCH_METADATA_FOR_HEALTHSTORE = "PatchMetadataForHealthStore"
@@ -80,16 +96,30 @@ class ConfigSettings(EnumBackport):
     PATCH_VERSION_UNKNOWN = "UNKNOWN"
 
     # Patch Modes for Configure Patching
-    IMAGE_DEFAULT = "ImageDefault"
-    AUTOMATIC_BY_PLATFORM = "AutomaticByPlatform"
+    class PatchModes(EnumBackport):
+        IMAGE_DEFAULT = "ImageDefault"
+        AUTOMATIC_BY_PLATFORM = "AutomaticByPlatform"
+
+    class AssessmentModes(EnumBackport):
+        IMAGE_DEFAULT = "ImageDefault"
+        AUTOMATIC_BY_PLATFORM = "AutomaticByPlatform"
 
     # automatic OS patch states for configure patching
-    PATCH_STATE_UNKNOWN = "Unknown"
-    PATCH_STATE_DISABLED = "Disabled"
-    PATCH_STATE_ENABLED = "Enabled"
+    class AutomaticOsPatchStates(EnumBackport):
+        UNKNOWN = "Unknown"
+        DISABLED = "Disabled"
+        ENABLED = "Enabled"
+
+    # auto assessment states
+    class AutoAssessmentStates(EnumBackport):
+        UNKNOWN = "Unknown"
+        ERROR = "Error"
+        DISABLED = "Disabled"
+        ENABLED = "Enabled"
 
     # wait time after status updates
     WAIT_TIME_AFTER_HEALTHSTORE_STATUS_UPDATE_IN_SECS = 20
+    AUTO_ASSESSMENT_MAXIMUM_DURATION = "PT1H"
 
     # Status file states
     STATUS_TRANSITIONING = "Transitioning"
@@ -212,4 +242,3 @@ class EnvLayer(EnumBackport):
         PRIVILEGED_OP_MARKER = "Privileged_Op_e6df678d-d09b-436a-a08a-65f2f70a6798"
         PRIVILEGED_OP_REBOOT = PRIVILEGED_OP_MARKER + "Reboot_Exception"
         PRIVILEGED_OP_EXIT = PRIVILEGED_OP_MARKER + "Exit_"
-

src/core/src/bootstrap/Container.py

@@ -65,7 +65,7 @@ def register(self, component_id, component, *component_args, **component_kwargs)
         self.components[component_id] = component, component_args, component_kwargs
 
     def get(self, component_id):
-        """Lookups the given property name in context.
+        """Looks up the given property name in context.
         Raises KeyError when no such property is found.
         """
         if component_id not in self.components:

src/core/src/bootstrap/EnvLayer.py

@@ -384,7 +384,7 @@ def datetime_utcnow(self):
         def timestamp(self):
             operation = "DATETIME_TIMESTAMP"
             if not self.__emulator_enabled:
-                value = datetime.datetime.utcnow().strftime("%Y-%m-%d %H:%M:%S")
+                value = datetime.datetime.utcnow().strftime("%Y-%m-%dT%H:%M:%SZ")
                 self.__write_record(operation, code=0, output=value, delay=0)
                 return value
             else:
@@ -402,6 +402,11 @@ def total_minutes_from_time_delta(time_delta):
         def utc_to_standard_datetime(utc_datetime):
             """ Converts string of format '"%Y-%m-%dT%H:%M:%SZ"' to datetime object """
             return datetime.datetime.strptime(utc_datetime.split(".")[0], "%Y-%m-%dT%H:%M:%S")
+
+        @staticmethod
+        def standard_datetime_to_utc(std_datetime):
+            """ Converts datetime object to string of format '"%Y-%m-%dT%H:%M:%SZ"' """
+            return std_datetime.strftime("%Y-%m-%dT%H:%M:%SZ")
 # endregion - DateTime emulator and extensions
 
 # region - Core Emulator support functions