Revert "Agent MSI support (elastic#212)"

This reverts commit ffffea6.

.buildkite/pipeline.yml

@@ -2,22 +2,22 @@
 ### The following environment variables can be set for testing purposes via the buildkite UI or CLI
 ###  RUN_SNAPSHOT: "true" - will run the snapshot workflow
 ###  RUN_STAGING: "true" - will run the staging workflow
-###  ONLY_AGENT: "true" - will build only the elastic-agent msi artifact
+###  DBRANCH: "main" - will override the dra branch param. Default is $BUILDKITE_BRANCH
 ###
 
 steps:
-  - group: ":package: Stack installers Snapshot"
+  - group: ":beats: Stack installers Snapshot"
     key: "dra-snapshot"
     steps:
-      - label: ":construction_worker: Build stack installers / Snapshot"
+      - label: ":hammer: Build stack installers Snapshot"
         command: ".buildkite/scripts/build.ps1"
         key: "build-snapshot"
-        artifact_paths: "c:/users/buildkite/esi/bin/out/**/*.msi"
+        artifact_paths: "bin/out/**/*.msi"
         agents:
           provider: gcp
           image: family/ci-windows-2022
         env:
-          DRA_WORKFLOW: "snapshot"
+          WORKFLOW: "snapshot"
       - label: ":package: DRA Publish Snapshot"
         if: build.branch == 'main' || build.branch =~ /^[0-9]+\.[0-9]+\$/ || build.env("RUN_SNAPSHOT") == "true"
         command: ".buildkite/scripts/dra-publish.sh"
@@ -26,20 +26,20 @@ steps:
         agents:
           provider: gcp
         env:
-          DRA_WORKFLOW: "snapshot"
-  - group: ":package: Stack installers Staging"
+          WORKFLOW: "snapshot"
+  - group: ":beats: Stack installers Staging :beats:"
     key: "dra-staging"
     steps:
-      - label: ":construction_worker: Build stack installers / Staging"
+      - label: ":hammer: Build stack installers staging"
         if: build.branch =~ /^[0-9]+\.[0-9]+\$/ || build.env("RUN_STAGING") == "true"
         command: ".buildkite/scripts/build.ps1"
         key: "build-staging"
-        artifact_paths: "c:/users/buildkite/esi/bin/out/**/*.msi"
+        artifact_paths: "bin/out/**/*.msi"
         agents:
           provider: gcp
           image: family/ci-windows-2022
         env:
-          DRA_WORKFLOW: "staging"
+          WORKFLOW: "staging"
       - label: ":package: DRA Publish staging"
         if: build.branch =~ /^[0-9]+\.[0-9]+\$/ || build.env("RUN_STAGING") == "true"
         command: ".buildkite/scripts/dra-publish.sh"
@@ -48,7 +48,7 @@ steps:
         agents:
           provider: gcp
         env:
-          DRA_WORKFLOW: "staging"
+          WORKFLOW: "staging"
 
 notify:
   - slack: "#ingest-notifications"

.buildkite/scripts/build.ps1

@@ -1,93 +1,72 @@
-$ErrorActionPreference = "Stop"
-Set-Strictmode -version 3
-
-if (-not (Test-Path env:MANIFEST_URL)) {
-    $errorMessage = "Error: Required environment variable [MANIFEST_URL] is missing."
-    Write-Host $errorMessage
-    throw $errorMessage
-}
-
-# workaround path limitation for max 248 characters
-# example: https://buildkite.com/elastic/elastic-stack-installers/builds/3104#018c5e1b-23a7-4330-ad5d-4acc69157822/74-180
-cd ..
-# we can't use Rename-Item because this script runs from within the existing checkout resulting in
-# Rename-Item : The process cannot access the file because it is being used by another process.
-Copy-Item -Path .\elastic-stack-installers -Destination c:\users\buildkite\esi -Recurse
-cd c:\users\buildkite\esi
-
 # Read the stack version from build properties
 [xml]$xml = Get-Content -Path "Directory.Build.props"
 $ns = New-Object Xml.XmlNamespaceManager($xml.NameTable)
 $ns.AddNamespace("ns", "http://schemas.microsoft.com/developer/msbuild/2003")
 $stack_version = $xml.SelectSingleNode("//ns:PropertyGroup/ns:StackVersion", $ns).InnerText
-$workflow = ${env:DRA_WORKFLOW}
-if ($workflow -eq "snapshot") {
-    $version = $stack_version + "-" + $workflow.ToUpper()
-} else {
-    $version = $stack_version
-}
+Write-Host "Building Stack version: $stack_version"
 
-Write-Host "~~~ Building Stack version: $stack_version"
-
-Write-Output "~~~ Installing dotnet-sdk"
+echo "~~~ Installing dotnet-sdk"
 & "./tools/dotnet-install.ps1" -NoPath -JSonFile global.json -Architecture "x64" -InstallDir c:/dotnet-sdk
 ${env:PATH} = "c:\dotnet-sdk;" + ${env:PATH}
 Get-Command dotnet | Select-Object -ExpandProperty Definition
 
+echo "~~~ Reading msi certificate from vault"
+$MsiCertificate=& vault read -field=cert secret/ci/elastic-elastic-stack-installers/signing_cert
+$MsiPassword=& vault read -field=password secret/ci/elastic-elastic-stack-installers/signing_cert
+Remove-Item Env:VAULT_TOKEN
+
+$cert_home="C:/.cert"
+New-Item $cert_home -Type Directory -Force
+[IO.File]::WriteAllBytes("$cert_home/msi_certificate.p12", [Convert]::FromBase64String($MsiCertificate))
+[IO.File]::WriteAllText("$cert_home/msi_password.txt", $MsiPassword)
+echo "Certificate successfully written to $cert_home"
+
 $client = new-object System.Net.WebClient
 $currentDir = $(Get-Location).Path
 $beats = @('auditbeat', 'filebeat', 'heartbeat', 'metricbeat', 'packetbeat', 'winlogbeat')
 $ossBeats = $beats | ForEach-Object { $_ + "-oss" }
+$workflow = ${env:WORKFLOW}
 
-# TODO remove (and all references/conditionals below) after testing; this just helps to speed up elastic-agent specific build tests
-$onlyAgent = $env:ONLY_AGENT -as [string]
-
+echo "~~~ downloading beat $workflow dependencies"
 Remove-Item bin/in -Recurse -Force -ErrorAction Ignore
 New-Item bin/in -Type Directory -Force
-
-$manifestUrl = ${env:MANIFEST_URL}
-$response = Invoke-WebRequest -UseBasicParsing -Uri $manifestUrl
-$json = $response.Content | ConvertFrom-Json
-
-Write-Output "~~~ Downloading $workflow dependencies"
-
-$urls = @()
-
-try {
-    $packageName = "elastic-agent"
-    $projectName = "$packageName-package"
-    $urls += $json.projects.$projectName.packages."$packageName-$version-windows-x86_64.zip".url
-
-    if ($onlyAgent -eq "true") {
-        Write-Output "Skipping beats because env var ONLY_AGENT is set to [$env:ONLY_AGENT]"
-    }
-    else {
-        $projectName = "beats"
-        foreach ($packageName in ($beats + $ossBeats)) {
-            $urls += $json.projects.$projectName.packages."$packageName-$version-windows-x86_64.zip".url
-        }
-    }
-    foreach ($url in $urls) {
-        $destFile = [System.IO.Path]::GetFileName($url)
-        Write-Output "Downloading from $url to $currentDir/bin/in/$destFile"
+if ($workflow -eq "snapshot") {
+    $version = $stack_version + "-" + $workflow.ToUpper()
+    $hostname = "artifacts-snapshot.elastic.co"
+    $response = Invoke-WebRequest -UseBasicParsing -Uri "https://$hostname/beats/latest/$version.json"
+    $json = $response.Content | ConvertFrom-Json
+    $buildId = $json.build_id
+    $prefix = "$hostname/beats/$buildId"
+} else {
+    $version = $stack_version
+    $hostname = "artifacts-staging.elastic.co"
+    $response = Invoke-WebRequest -UseBasicParsing -Uri "https://$hostname/beats/latest/$version.json"
+    $json = $response.Content | ConvertFrom-Json
+    $buildId = $json.build_id
+    $prefix = "$hostname/beats/$buildId"
+}
+foreach ($beat in ($beats + $ossBeats)) {
+    try {
+        $beatName = $beat.Replace("-oss", "")
+        $url = "https://$prefix/downloads/beats/$beatName/$beat-$version-windows-x86_64.zip"
+        echo "Downloading from $url"
         $client.DownloadFile(
             $url,
-            "$currentDir\bin\in\$destFile"
+            "$currentDir/bin/in/$beat-$version-windows-x86_64.zip"
         )
     }
-} catch [System.Net.WebException] {
-    if ($_.Exception.InnerException) {
-        Write-Error $_.Exception.InnerException.Message
-    } else {
-        Write-Error $_.Exception.Message
+    catch [System.Net.WebException] {
+        if ($_.Exception.InnerException) {
+            Write-Error $_.Exception.InnerException.Message
+        } else {
+            Write-Error $_.Exception.Message
+        }
+        throw "An error was encountered while downloading dependencies, aborting."
     }
-    throw "An error was encountered while downloading dependencies, aborting."
 }
 
-Remove-Item bin/out -Recurse -Force -ErrorAction Ignore
-
-Write-Output "--- Building $workflow msi"
-$cliArgs = @(
+echo "--- Building $workflow msi"
+$args = @(
     "run",
     "--project",
     "src\build\ElastiBuild.csproj",
@@ -96,41 +75,25 @@ $cliArgs = @(
     "--",
     "build",
     "--cid",
-    $version
+    $version,
+    "--cert-file",
+    "$cert_home/msi_certificate.p12",
+    "--cert-pass",
+    "$cert_home/msi_password.txt"
 )
-$cliArgs += "elastic-agent"
-if ($onlyAgent -ne "true") {
-    $cliArgs += ($beats + $ossBeats)
-}
-
-&dotnet $cliArgs
+$args += ($beats + $ossBeats)
+&dotnet $args
 if ($LastExitcode -ne 0) {
-    Write-Error "Build $workflow failed with exit code $LastExitcode"
+    Write-Error "Build$workflow failed with exit code $LastExitcode"
     exit $LastExitcode
 } else {
-    Write-Output "Build $workflow completed with exit code $LastExitcode"
+    echo "Build$workflow completed with exit code $LastExitcode"
 }
 
-Write-Output "--- Checking that all artifacts are there"
+echo "--- Checking that all artefacts are there"
 $msiCount = Get-ChildItem bin/out -Include "*.msi" -Recurse | Measure-Object | Select-Object -ExpandProperty Count
-
-$expected = 1
-if ($onlyAgent -ne "true") {
-    $expected += (2 * $beats.Length)
-}
-
+$expected = 2 * $beats.Length
 if ($msiCount -ne $expected) {
-    Write-Error "Failed: expected $expected msi executables to be produced, but $msiCount were found."
+    Write-Error "Expected $expected msi executable to be produced, but $msiCount were"
     exit 1
-} else {
-    Write-Output "Success, found $msiCount artifacts in bin/out."
 }
-
-try {
-    & (Join-Path $PSScriptRoot "test.ps1")
-    write-host "Testing Completed"
-} catch {
-    write-host "Testing Failed"
-    write-error $_
-    exit 1
-}

.gitignore

@@ -63,6 +63,4 @@ src/*.cmd
 # Executable Artifacts
 src/*.exe
 src/*.pdb
-src/*.dll
-pwsh
-pwsh.zip
+src/*.dll

README.md

@@ -43,28 +43,3 @@ Update version in `Directory.Build.props` in the branch for the related minor ve
       - Add a new daily schedule for the new minor branch
       - Remove the daily schedule for the previous minor branch
     ex: https://github.com/elastic/elastic-stack-installers/pull/156 and https://github.com/elastic/elastic-stack-installers/pull/172
-
----
-## Agent
-
-In case of problems during install / uninstall of agent, please refer to the [Capturing Logs](https://github.com/elastic/elastic-stack-installers/blob/agent_support/README.md#capturing-logs) section which will enable troubleshooting.
-
-### Install
-During the install flow, The MSI installer will unpack the contents of the MSI to a temp folder and then will call the `elastic-agent install` in order to:
-1. copy the files to the final destination at `c:\Program Files\Elastic\Agent`
-2. register the agent as a windows service
-3. enroll the agent into fleet
-
-In order to complete step 3 above, the MSI installer shall receive command line arguments, passed with INSTALLARGS command line switch followed by `"`, for example:
-```
-elastic-agent.msi INSTALLARGS="--url=<fleet_url_with_port> --enrollment-token=<token>"
-```
-
-Note that the MSI will call the `elastic-agent install` command with `-f` (force) to avoid user interaction.
-
-### Uninstall
-Similarly to the install flow (described above), the MSI will call the `elastic-agent uninstall` command, and it's possible to pass arguments using `INSTALLARGS`. One common use case is uninstalling an agent which has tamper protection enabled.
-
-### Upgrade
-The Agent MSI doesn't support upgrade. Since the agents are fleet managed, upgrades shall be done using fleet (UI / API).
-

catalog-info.yaml

@@ -53,6 +53,11 @@ spec:
         publish_commit_status: true
         publish_commit_status_per_step: false
       repository: elastic/elastic-stack-installers
+      schedules:
+        Daily main:
+          branch: main
+          cronline: "@daily"
+          message: Builds daily `main` stack-installers dra
       teams:
         everyone:
           access_level: BUILD_AND_READ