Fimeg/Redflag
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

Fix version tracking deadlock - allow old agents to check in for updates

Browse Source 
Problem: Version check middleware blocked old agents from checking in to receive
update commands, creating a deadlock where agents couldn't upgrade because they
were blocked from checking in.

Solution: Modified MachineBindingMiddleware to allow old agents checking in for
commands to proceed IF they have a pending update_agent command. This allows
agents to receive the update command even when below minimum version.

Changes:
- Added grace period logic in middleware for command endpoints
- Check if agent has pending update command before blocking
- If update pending, allow check-in and log it
- Added HasPendingUpdateCommand() to AgentQueries for checking pending updates
- Also added same method to CommandQueries for completeness

This prevents the version tracking deadlock while maintaining security for
agents without pending updates.

NOTE: Need to test that old agents can actually receive and execute update
commands when allowed through this path.
This commit is contained in:
Fimeg
2025-12-13 10:55:11 -05:00
parent 40598c2203
commit f792ab23c7
3 changed files with 137 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
aggregator-server/internal/api/middleware/machine_binding.go
View File

@@ -91,6 +91,23 @@ func MachineBindingMiddleware(agentQueries *queries.AgentQueries, minAgentVersio
// Check minimum version (hard cutoff for legacy de-support)
if agent.CurrentVersion != "" && minAgentVersion != "" {
if !utils.IsNewerOrEqualVersion(agent.CurrentVersion, minAgentVersion) {
// Allow old agents to check in if they have pending update commands
// This prevents deadlock where agent can't check in to receive the update
if c.Request.Method == "GET" && strings.HasSuffix(c.Request.URL.Path, "/commands") {
// Check if agent has pending update command
hasPendingUpdate, err := agentQueries.HasPendingUpdateCommand(agentID.String())
if err != nil {
log.Printf("[MachineBinding] Error checking pending updates for agent %s: %v", agentID, err)
}
if hasPendingUpdate {
log.Printf("[MachineBinding] Allowing old agent %s (%s) to check in for update delivery (v%s < v%s)",
agent.Hostname, agentID, agent.CurrentVersion, minAgentVersion)
c.Next()
return
}
}
log.Printf("[MachineBinding] Agent %s version %s below minimum %s - rejecting",
agent.Hostname, agent.CurrentVersion, minAgentVersion)
c.JSON(http.StatusUpgradeRequired, gin.H{