carverauto/serviceradar
1
1
Fork 0
Code Issues 190 Pull requests 16 Projects Releases 173 Packages Wiki Activity Actions

E2E edge onboarding with docker poller/agent #633

New issue
Closed
opened 2026-03-28 04:26:41 +00:00 by mfreeman451 · 10 comments
mfreeman451 commented 2026-03-28 04:26:41 +00:00
Owner
Copy link

Imported from GitHub.

Original GitHub issue: #1911
Original author: @mfreeman451
Original URL: https://github.com/carverauto/serviceradar/issues/1911
Original created: 2025-10-30T23:36:36Z

Summary

Exercise the edge onboarding flow end-to-end by issuing packages from the demo namespace and bootstrapping docker-compose poller/agent workloads locally.

Details

  • Use the API key from the demo namespace secrets to authenticate against /api/admin/edge-packages.
  • Issue a poller package, consume it from a local docker poller, and confirm successful activation.
  • Issue an agent package tied to the docker poller and onboard it as well.
  • Verify serviceradar-core surfaces both docker poller/agent entries in device inventory; investigate registry merge/clobber behavior when multiple services share the same IP.
  • Expect follow-up changes in the device registry if inventory records are overwritten.

Resolves bd: serviceradar-56

Imported from GitHub. Original GitHub issue: #1911 Original author: @mfreeman451 Original URL: https://github.com/carverauto/serviceradar/issues/1911 Original created: 2025-10-30T23:36:36Z --- ## Summary Exercise the edge onboarding flow end-to-end by issuing packages from the demo namespace and bootstrapping docker-compose poller/agent workloads locally. ## Details - Use the API key from the `demo` namespace secrets to authenticate against `/api/admin/edge-packages`. - Issue a poller package, consume it from a local docker poller, and confirm successful activation. - Issue an agent package tied to the docker poller and onboard it as well. - Verify `serviceradar-core` surfaces both docker poller/agent entries in device inventory; investigate registry merge/clobber behavior when multiple services share the same IP. - Expect follow-up changes in the device registry if inventory records are overwritten. Resolves bd: serviceradar-56
mfreeman451 commented 2026-03-28 04:26:42 +00:00
Author
Owner
Copy link

Imported GitHub comment.

Original author: @mfreeman451
Original URL: https://github.com/carverauto/serviceradar/issues/1911#issuecomment-3470980300
Original created: 2025-10-31T01:44:22Z

Update: refreshed the demo-issued poller/agent packages and rebuilt the docker stack with the new edge-poller setup tweaks (POLLERS_POLLER_ID + kv disabled). The poller now registers with core as \ and gRPC health checks against the local agent succeed, but both packages are still stuck in \delivered. Core never flips to \activated\ because the agent is serving the poller SPIFFE ID so the TLS authorizer accepts it, while the package metadata still claims \spiffe://carverauto.dev/services/agent. Next step is to reconcile the SPIFFE IDs (either regenerate the agent package with the poller SVID or relax the client expectation) so activation events fire and device inventory can be revalidated.

Imported GitHub comment. Original author: @mfreeman451 Original URL: https://github.com/carverauto/serviceradar/issues/1911#issuecomment-3470980300 Original created: 2025-10-31T01:44:22Z --- Update: refreshed the demo-issued poller/agent packages and rebuilt the docker stack with the new edge-poller setup tweaks (POLLERS_POLLER_ID + kv disabled). The poller now registers with core as \ and gRPC health checks against the local agent succeed, but both packages are still stuck in \delivered\. Core never flips to \activated\ because the agent is serving the poller SPIFFE ID so the TLS authorizer accepts it, while the package metadata still claims \spiffe://carverauto.dev/services/agent\. Next step is to reconcile the SPIFFE IDs (either regenerate the agent package with the poller SVID or relax the client expectation) so activation events fire and device inventory can be revalidated.
mfreeman451 commented 2026-03-28 04:26:42 +00:00
Author
Owner
Copy link

Imported GitHub comment.

Original author: @mfreeman451
Original URL: https://github.com/carverauto/serviceradar/issues/1911#issuecomment-3470980549
Original created: 2025-10-31T01:44:33Z

Update: refreshed the demo-issued poller/agent packages and rebuilt the docker stack with the new edge-poller setup tweaks (POLLERS_POLLER_ID + KV disabled). The poller now registers with core as docker-poller-e2e-01 and gRPC health checks against the local agent succeed, but both packages are still stuck in delivered. Core never flips to activated because the agent is serving the poller SPIFFE ID so the TLS authorizer accepts it, while the package metadata still claims spiffe://carverauto.dev/services/agent. Next step is to reconcile the SPIFFE IDs (either regenerate the agent package with the poller SVID or relax the client expectation) so activation events fire and device inventory can be revalidated.

Imported GitHub comment. Original author: @mfreeman451 Original URL: https://github.com/carverauto/serviceradar/issues/1911#issuecomment-3470980549 Original created: 2025-10-31T01:44:33Z --- Update: refreshed the demo-issued poller/agent packages and rebuilt the docker stack with the new edge-poller setup tweaks (POLLERS_POLLER_ID + KV disabled). The poller now registers with core as `docker-poller-e2e-01` and gRPC health checks against the local agent succeed, but both packages are still stuck in `delivered`. Core never flips to `activated` because the agent is serving the poller SPIFFE ID so the TLS authorizer accepts it, while the package metadata still claims `spiffe://carverauto.dev/services/agent`. Next step is to reconcile the SPIFFE IDs (either regenerate the agent package with the poller SVID or relax the client expectation) so activation events fire and device inventory can be revalidated.
mfreeman451 commented 2026-03-28 04:26:42 +00:00
Author
Owner
Copy link

Imported GitHub comment.

Original author: @mfreeman451
Original URL: https://github.com/carverauto/serviceradar/issues/1911#issuecomment-3471074531
Original created: 2025-10-31T02:31:31Z

Dug into the "delivered" state on docker poller/agent packages (fc348035-9092-4903-aaa6-c3e9105ce719 and bce4363a-da28-43bd-afce-9aa68f365b04). Even though the poller is reporting to core, we never mark the packages as activated – the core service only persisted the issued/delivered states. Added an activation hook in core that runs during device registration so the first poller/agent heartbeat promotes the package to activated, captures the source IP, and emits an audit event. Also added unit coverage in pkg/core to exercise the new flow. Once we cut a fresh serviceradar-core build and roll it into demo we should see both packages flip to activated in the admin UI.

Imported GitHub comment. Original author: @mfreeman451 Original URL: https://github.com/carverauto/serviceradar/issues/1911#issuecomment-3471074531 Original created: 2025-10-31T02:31:31Z --- Dug into the "delivered" state on docker poller/agent packages (fc348035-9092-4903-aaa6-c3e9105ce719 and bce4363a-da28-43bd-afce-9aa68f365b04). Even though the poller is reporting to core, we never mark the packages as activated – the core service only persisted the issued/delivered states. Added an activation hook in core that runs during device registration so the first poller/agent heartbeat promotes the package to activated, captures the source IP, and emits an audit event. Also added unit coverage in pkg/core to exercise the new flow. Once we cut a fresh serviceradar-core build and roll it into demo we should see both packages flip to activated in the admin UI.
mfreeman451 commented 2026-03-28 04:26:42 +00:00
Author
Owner
Copy link

Imported GitHub comment.

Original author: @mfreeman451
Original URL: https://github.com/carverauto/serviceradar/issues/1911#issuecomment-3471285022
Original created: 2025-10-31T04:19:28Z

  • Re-issued demo edge packages via Core admin API after revoking legacy poller/agent IDs; new package ids: poller 0f61dd1e-bfc7-4448-8461-bb65e9f71509, agent 5bd01c6d-91a2-4821-8154-bdce639ae894.
  • Reset compose stack (wiped volumes, refreshed nested SPIRE creds) and replayed edge-poller-restart.sh using the new artifacts. Poller successfully enrolls once upstream join token is refreshed.
  • Agent bootstrap was blocked by KV SPIFFE validation (invalid server SPIFFE ID). Temporarily cleared KV_ADDRESS/KV_SPIFFE_ID to get the container to come up; agent now serves gRPC (serviceradar-agent broadcasts ready state) but runs without KV linkage.
  • Poller↔agent handshake still fails: downstream TLS reports transport: authentication handshake failed: unexpected ID "spiffe://carverauto.dev/services/poller" during /grpc.health.v1.Health/Check. Package metadata currently stamps the agent server SPIFFE ID as spiffe://carverauto.dev/ns/edge/docker-agent-e2e-01; need to reconcile what the agent actually expects versus what the poller presents.
  • Because of the handshake failure both packages remain status:"delivered"; core never records activation. Device inventory still missing the docker agent entry.
  • Next step: decide whether to adjust package metadata (agent server/parent SPIFFE IDs) or relax the agent-side client allowlist so the poller’s spiffe://carverauto.dev/services/poller caller is accepted. Also need a follow-up pass to re-enable KV once the SPIFFE mismatch is sorted.
Imported GitHub comment. Original author: @mfreeman451 Original URL: https://github.com/carverauto/serviceradar/issues/1911#issuecomment-3471285022 Original created: 2025-10-31T04:19:28Z --- - Re-issued demo edge packages via Core admin API after revoking legacy poller/agent IDs; new package ids: poller `0f61dd1e-bfc7-4448-8461-bb65e9f71509`, agent `5bd01c6d-91a2-4821-8154-bdce639ae894`. - Reset compose stack (wiped volumes, refreshed nested SPIRE creds) and replayed `edge-poller-restart.sh` using the new artifacts. Poller successfully enrolls once upstream join token is refreshed. - Agent bootstrap was blocked by KV SPIFFE validation (`invalid server SPIFFE ID`). Temporarily cleared `KV_ADDRESS`/`KV_SPIFFE_ID` to get the container to come up; agent now serves gRPC (`serviceradar-agent` broadcasts ready state) but runs without KV linkage. - Poller↔agent handshake still fails: downstream TLS reports `transport: authentication handshake failed: unexpected ID "spiffe://carverauto.dev/services/poller"` during `/grpc.health.v1.Health/Check`. Package metadata currently stamps the agent server SPIFFE ID as `spiffe://carverauto.dev/ns/edge/docker-agent-e2e-01`; need to reconcile what the agent actually expects versus what the poller presents. - Because of the handshake failure both packages remain `status:"delivered"`; core never records activation. Device inventory still missing the docker agent entry. - Next step: decide whether to adjust package metadata (agent server/parent SPIFFE IDs) or relax the agent-side client allowlist so the poller’s `spiffe://carverauto.dev/services/poller` caller is accepted. Also need a follow-up pass to re-enable KV once the SPIFFE mismatch is sorted.
mfreeman451 commented 2026-03-28 04:26:42 +00:00
Author
Owner
Copy link

Imported GitHub comment.

Original author: @mfreeman451
Original URL: https://github.com/carverauto/serviceradar/issues/1911#issuecomment-3471316742
Original created: 2025-10-31T04:39:48Z

Update: Edge package tooling now threads the nested SPIRE IDs all the way through. Fresh archives include NESTED_SPIRE_PARENT_ID/NESTED_SPIRE_DOWNSTREAM_SPIFFE_ID/NESTED_SPIRE_AGENT_SPIFFE_ID, the compose setup script rewrites poller-spire/env to match, and docker compose passes NESTED_SPIRE_AGENT_SPIFFE_ID into the poller entrypoint so it provisions the right workload entries. Once the demo packages are reissued we can rerun setup-edge-poller.sh, restore KV in edge-poller.env, bring the stack back up, and validate that both poller and agent packages reach and appear in device inventory.

Imported GitHub comment. Original author: @mfreeman451 Original URL: https://github.com/carverauto/serviceradar/issues/1911#issuecomment-3471316742 Original created: 2025-10-31T04:39:48Z --- **Update:** Edge package tooling now threads the nested SPIRE IDs all the way through. Fresh archives include NESTED_SPIRE_PARENT_ID/NESTED_SPIRE_DOWNSTREAM_SPIFFE_ID/NESTED_SPIRE_AGENT_SPIFFE_ID, the compose setup script rewrites poller-spire/env to match, and docker compose passes NESTED_SPIRE_AGENT_SPIFFE_ID into the poller entrypoint so it provisions the right workload entries. Once the demo packages are reissued we can rerun setup-edge-poller.sh, restore KV in edge-poller.env, bring the stack back up, and validate that both poller and agent packages reach and appear in device inventory.
mfreeman451 commented 2026-03-28 04:26:43 +00:00
Author
Owner
Copy link

Imported GitHub comment.

Original author: @mfreeman451
Original URL: https://github.com/carverauto/serviceradar/issues/1911#issuecomment-3471316961
Original created: 2025-10-31T04:39:57Z

Update: Edge package tooling now threads the nested SPIRE IDs end-to-end. Fresh archives include NESTED_SPIRE_PARENT_ID/NESTED_SPIRE_DOWNSTREAM_SPIFFE_ID/NESTED_SPIRE_AGENT_SPIFFE_ID, the compose setup script rewrites poller-spire/env to match, and docker compose passes NESTED_SPIRE_AGENT_SPIFFE_ID into the poller entrypoint so it provisions the right workload entries. Next step: reissue the demo packages, rerun setup-edge-poller.sh with the new env, restore KV in edge-poller.env, bring the stack back up, and verify both poller and agent packages transition to activated and appear in device inventory.

Imported GitHub comment. Original author: @mfreeman451 Original URL: https://github.com/carverauto/serviceradar/issues/1911#issuecomment-3471316961 Original created: 2025-10-31T04:39:57Z --- **Update:** Edge package tooling now threads the nested SPIRE IDs end-to-end. Fresh archives include NESTED_SPIRE_PARENT_ID/NESTED_SPIRE_DOWNSTREAM_SPIFFE_ID/NESTED_SPIRE_AGENT_SPIFFE_ID, the compose setup script rewrites poller-spire/env to match, and docker compose passes NESTED_SPIRE_AGENT_SPIFFE_ID into the poller entrypoint so it provisions the right workload entries. Next step: reissue the demo packages, rerun setup-edge-poller.sh with the new env, restore KV in edge-poller.env, bring the stack back up, and verify both poller and agent packages transition to activated and appear in device inventory.
mfreeman451 commented 2026-03-28 04:26:43 +00:00
Author
Owner
Copy link

Imported GitHub comment.

Original author: @mfreeman451
Original URL: https://github.com/carverauto/serviceradar/issues/1911#issuecomment-3471461156
Original created: 2025-10-31T06:06:03Z

Edge onboarding compose stack is now running cleanly with the new packages. I revoked the previous artifacts and reissued poller ce492405-a4ed-404d-bece-7044a0bb7798 and agent 91bcd977-11da-4fc4-bf01-213d4c9a549b, adding dedicated unix:path selectors so the nested SPIRE server hands different SVIDs to the poller and agent processes. After downloading the archives and replaying docker/compose/edge-poller-restart.sh, the poller gRPC checks started passing (docker logs serviceradar-poller shows the agent service check completing successfully) and both packages report status:"activated" via /api/admin/edge-packages/*. Device inventory now surfaces default:172.19.0.2 with poller_id docker-poller-e2e-02, so the docker agent is visible in the UI. I left KV disabled in edge-poller.env for the moment: re-enabling it still crashes the agent with "invalid server SPIFFE ID" when it builds the KV client; we should follow up on that mismatch separately.

Imported GitHub comment. Original author: @mfreeman451 Original URL: https://github.com/carverauto/serviceradar/issues/1911#issuecomment-3471461156 Original created: 2025-10-31T06:06:03Z --- Edge onboarding compose stack is now running cleanly with the new packages. I revoked the previous artifacts and reissued poller ce492405-a4ed-404d-bece-7044a0bb7798 and agent 91bcd977-11da-4fc4-bf01-213d4c9a549b, adding dedicated unix:path selectors so the nested SPIRE server hands different SVIDs to the poller and agent processes. After downloading the archives and replaying docker/compose/edge-poller-restart.sh, the poller gRPC checks started passing (docker logs serviceradar-poller shows the agent service check completing successfully) and both packages report status:"activated" via /api/admin/edge-packages/*. Device inventory now surfaces default:172.19.0.2 with poller_id docker-poller-e2e-02, so the docker agent is visible in the UI. I left KV disabled in edge-poller.env for the moment: re-enabling it still crashes the agent with "invalid server SPIFFE ID" when it builds the KV client; we should follow up on that mismatch separately.
mfreeman451 commented 2026-03-28 04:26:43 +00:00
Author
Owner
Copy link

Imported GitHub comment.

Original author: @mfreeman451
Original URL: https://github.com/carverauto/serviceradar/issues/1911#issuecomment-3471868791
Original created: 2025-10-31T08:33:01Z

Status update (edge onboarding validation)

  • Fixed the SPIFFE normalization bug in pkg/grpc/security.go; mixed-case server IDs (SPIFFE://…) now parse correctly. go test ./pkg/grpc/... passes.
  • Reissued poller ce492405-a4ed-404d-bece-7044a0bb7798 and agent 91bcd977-11da-4fc4-bf01-213d4c9a549b packages. Once the compose stack is stable both show status:"activated", and /api/devices lists docker-poller-e2e-02 plus docker-agent-e2e-02.
  • Tried to hot-swap the agent binary with docker cp bin/serviceradar-agent …. That diverged from the GHCR image we deploy in demo and left the container restarting. We will not hand-copy binaries again.
  • Going forward we rebuild/push images only via Bazel: bazel build --config=remote //docker/images:agent_image_amd64 then bazel run --config=remote //docker/images:agent_image_amd64_push, followed by docker/compose/edge-poller-restart.sh --env-file edge-poller.env so compose pulls the pushed digest.
  • Manual package issuance playbook (documented in bd serviceradar-56 as well):
    1. kubectl port-forward svc/serviceradar-core -n demo 18090:8090
    2. API_KEY=$(kubectl -n demo get secret serviceradar-secrets -o jsonpath='{.data.edge_api_key}' | base64 -d)
    3. ADMIN_PASS=$(kubectl -n demo get secret serviceradar-secrets -o jsonpath='{.data.admin_password}' | base64 -d)
    4. TOKEN=$(curl -s -X POST http://localhost:18090/auth/login -d '{"username":"admin","password":"'"$ADMIN_PASS"'"}' | jq -r .token)
    5. Issue poller: curl -s -X POST http://localhost:18090/api/admin/edge-packages -H "Authorization: Bearer $TOKEN" -H "X-Edge-Api-Key: $API_KEY" -H 'Content-Type: application/json' -d '{"label":"Docker E2E Poller 03","poller_id":"docker-poller-e2e-02"}'
    6. Issue agent tied to the poller: curl -s -X POST http://localhost:18090/api/admin/edge-packages -H ... -d '{"poller_id":"docker-poller-e2e-02","component_type":"agent","metadata":{"agent_spiffe_id":"spiffe://carverauto.dev/ns/edge/docker-agent-e2e-02"}}'
    7. Download archives: curl -s -X POST http://localhost:18090/api/admin/edge-packages/$PACKAGE_ID/download -H ... -d '{"download_token":"..."}' --output edge-package.tar.gz
    8. Extract and run docker/compose/edge-poller-restart.sh --env-file edge-poller.env to bootstrap.
  • Next: rebuild + push agent image via Bazel, restart compose to pick up the digest, and re-enable KV once the stock container is green so we can confirm /api/admin/edge-packages/$AGENT_ID stays activated while KV sweeps run.
Imported GitHub comment. Original author: @mfreeman451 Original URL: https://github.com/carverauto/serviceradar/issues/1911#issuecomment-3471868791 Original created: 2025-10-31T08:33:01Z --- **Status update (edge onboarding validation)** - Fixed the SPIFFE normalization bug in `pkg/grpc/security.go`; mixed-case server IDs (`SPIFFE://…`) now parse correctly. `go test ./pkg/grpc/...` passes. - Reissued poller `ce492405-a4ed-404d-bece-7044a0bb7798` and agent `91bcd977-11da-4fc4-bf01-213d4c9a549b` packages. Once the compose stack is stable both show `status:"activated"`, and `/api/devices` lists `docker-poller-e2e-02` plus `docker-agent-e2e-02`. - Tried to hot-swap the agent binary with `docker cp bin/serviceradar-agent …`. That diverged from the GHCR image we deploy in demo and left the container restarting. We will not hand-copy binaries again. - Going forward we rebuild/push images only via Bazel: `bazel build --config=remote //docker/images:agent_image_amd64` then `bazel run --config=remote //docker/images:agent_image_amd64_push`, followed by `docker/compose/edge-poller-restart.sh --env-file edge-poller.env` so compose pulls the pushed digest. - Manual package issuance playbook (documented in bd `serviceradar-56` as well): 1. `kubectl port-forward svc/serviceradar-core -n demo 18090:8090` 2. `API_KEY=$(kubectl -n demo get secret serviceradar-secrets -o jsonpath='{.data.edge_api_key}' | base64 -d)` 3. `ADMIN_PASS=$(kubectl -n demo get secret serviceradar-secrets -o jsonpath='{.data.admin_password}' | base64 -d)` 4. `TOKEN=$(curl -s -X POST http://localhost:18090/auth/login -d '{"username":"admin","password":"'"$ADMIN_PASS"'"}' | jq -r .token)` 5. Issue poller: `curl -s -X POST http://localhost:18090/api/admin/edge-packages -H "Authorization: Bearer $TOKEN" -H "X-Edge-Api-Key: $API_KEY" -H 'Content-Type: application/json' -d '{"label":"Docker E2E Poller 03","poller_id":"docker-poller-e2e-02"}'` 6. Issue agent tied to the poller: `curl -s -X POST http://localhost:18090/api/admin/edge-packages -H ... -d '{"poller_id":"docker-poller-e2e-02","component_type":"agent","metadata":{"agent_spiffe_id":"spiffe://carverauto.dev/ns/edge/docker-agent-e2e-02"}}'` 7. Download archives: `curl -s -X POST http://localhost:18090/api/admin/edge-packages/$PACKAGE_ID/download -H ... -d '{"download_token":"..."}' --output edge-package.tar.gz` 8. Extract and run `docker/compose/edge-poller-restart.sh --env-file edge-poller.env` to bootstrap. - Next: rebuild + push agent image via Bazel, restart compose to pick up the digest, and re-enable KV once the stock container is green so we can confirm `/api/admin/edge-packages/$AGENT_ID` stays activated while KV sweeps run.
mfreeman451 commented 2026-03-28 04:26:43 +00:00
Author
Owner
Copy link

Imported GitHub comment.

Original author: @mfreeman451
Original URL: https://github.com/carverauto/serviceradar/issues/1911#issuecomment-3474787185
Original created: 2025-10-31T20:28:15Z

Additional Edge Onboarding Improvements

Following up on the initial E2E validation, we've made significant improvements to the edge onboarding process:

🎯 Completed Work

1. Organized Edge E2E Structure

  • Created /docker/compose/edge-e2e/ directory structure
  • Moved all edge onboarding tools to organized location
  • Created comprehensive documentation suite

2. Idempotent Setup Script

Created docker/compose/edge-e2e/setup-edge-e2e.sh:

  • Fully automated edge deployment from package ID
  • Handles downloads, extraction, configuration, and deployment
  • Automatic DNS to LoadBalancer IP conversion
  • Automatic readable poller ID extraction from SPIFFE IDs
  • Supports clean restarts and credential refresh
  • Usage: ./setup-edge-e2e.sh --package-id <uuid>

3. Package Management Utility

Created docker/compose/edge-e2e/manage-packages.sh:

  • CLI tool for package operations: list, create, revoke, delete, activate
  • Fixed API paths from /api/admin/edge/packages to /api/admin/edge-packages
  • Automatic authentication handling

4. Critical Bug Fixes

SQL DELETE Syntax Error (pkg/db/pollers.go:195):

  • Fixed ClickHouse DELETE syntax causing Core crashes
  • Changed from DELETE FROM table(pollers) to ALTER TABLE pollers DELETE
  • Built and ready for deployment

Linting Errors:

  • Fixed exhaustive switch cases for component types and package statuses
  • Refactored RecordActivation() function to reduce cyclomatic complexity (31 → <15)
  • Extracted helper methods: findPackageForActivation(), updatePackageActivation(), recordActivationEvent()
  • All linting checks now pass: 0 issues

5. Comprehensive Documentation

Created three documentation files:

  • README.md - Quick reference and troubleshooting
  • SETUP_GUIDE.md - Complete setup process with all configuration details
  • FRICTION_POINTS.md - Detailed analysis of issues and proposed solutions

🔍 Friction Points Identified

Critical (Fixed):

  • SQL DELETE syntax error - Fixed, awaiting deployment
  • Linting errors - All resolved

Critical (Needs Implementation):

  • Manual poller registration - Pollers must be manually added to Core's known_pollers ConfigMap
  • API authentication complexity - Hard to create packages programmatically

Medium (Automated):

  • DNS resolution from Docker - Automated in setup script
  • UUID poller IDs - Automated extraction of readable IDs

Low Priority:

  • SPIRE SQLite usage - Actually correct for edge deployments (no change needed)
  • Join token expiration - Documented, easy to regenerate

📁 Files Created/Modified

docker/compose/edge-e2e/
├── setup-edge-e2e.sh NEW - Idempotent setup automation
├── manage-packages.sh NEW - Package management CLI
├── README.md NEW - Quick reference
├── SETUP_GUIDE.md NEW - Complete documentation
├── FRICTION_POINTS.md NEW - Detailed friction analysis
└── docker-compose.edge-e2e.yml MOVED - From project root

pkg/db/pollers.go FIXED - SQL DELETE syntax
pkg/core/edge_onboarding.go FIXED - Linting errors

🎯 Recommended Next Steps

  1. Deploy Core with fixes - Update k8s deployment with SQL DELETE fix
  2. Implement auto-registration - Add allowed_poller_id to edge_packages table to eliminate manual ConfigMap updates
  3. Create CLI commands - Add serviceradar-cli edge commands for package management
  4. Test full flow - Validate complete onboarding process with new automation

What Works Now

  • Package download and extraction
  • SPIRE credential bootstrap
  • Configuration generation (automated)
  • Network namespace sharing
  • Agent-poller communication
  • SPIFFE/mTLS authentication
  • Status reporting to Core (after manual registration)
  • Idempotent deployments via setup script

The edge onboarding process is now well-organized, documented, and largely automated!

Imported GitHub comment. Original author: @mfreeman451 Original URL: https://github.com/carverauto/serviceradar/issues/1911#issuecomment-3474787185 Original created: 2025-10-31T20:28:15Z --- ## Additional Edge Onboarding Improvements Following up on the initial E2E validation, we've made significant improvements to the edge onboarding process: ### 🎯 Completed Work #### 1. Organized Edge E2E Structure - Created `/docker/compose/edge-e2e/` directory structure - Moved all edge onboarding tools to organized location - Created comprehensive documentation suite #### 2. Idempotent Setup Script Created `docker/compose/edge-e2e/setup-edge-e2e.sh`: - Fully automated edge deployment from package ID - Handles downloads, extraction, configuration, and deployment - Automatic DNS to LoadBalancer IP conversion - Automatic readable poller ID extraction from SPIFFE IDs - Supports clean restarts and credential refresh - Usage: `./setup-edge-e2e.sh --package-id <uuid>` #### 3. Package Management Utility Created `docker/compose/edge-e2e/manage-packages.sh`: - CLI tool for package operations: list, create, revoke, delete, activate - Fixed API paths from `/api/admin/edge/packages` to `/api/admin/edge-packages` - Automatic authentication handling #### 4. Critical Bug Fixes **SQL DELETE Syntax Error** (pkg/db/pollers.go:195): - Fixed ClickHouse DELETE syntax causing Core crashes - Changed from `DELETE FROM table(pollers)` to `ALTER TABLE pollers DELETE` - Built and ready for deployment **Linting Errors**: - Fixed exhaustive switch cases for component types and package statuses - Refactored `RecordActivation()` function to reduce cyclomatic complexity (31 → <15) - Extracted helper methods: `findPackageForActivation()`, `updatePackageActivation()`, `recordActivationEvent()` - All linting checks now pass: 0 issues #### 5. Comprehensive Documentation Created three documentation files: - `README.md` - Quick reference and troubleshooting - `SETUP_GUIDE.md` - Complete setup process with all configuration details - `FRICTION_POINTS.md` - Detailed analysis of issues and proposed solutions ### 🔍 Friction Points Identified **Critical (Fixed)**: - ✅ SQL DELETE syntax error - Fixed, awaiting deployment - ✅ Linting errors - All resolved **Critical (Needs Implementation)**: - ❌ Manual poller registration - Pollers must be manually added to Core's `known_pollers` ConfigMap - ❌ API authentication complexity - Hard to create packages programmatically **Medium (Automated)**: - ✅ DNS resolution from Docker - Automated in setup script - ✅ UUID poller IDs - Automated extraction of readable IDs **Low Priority**: - SPIRE SQLite usage - Actually correct for edge deployments (no change needed) - Join token expiration - Documented, easy to regenerate ### 📁 Files Created/Modified docker/compose/edge-e2e/ ├── setup-edge-e2e.sh ✅ NEW - Idempotent setup automation ├── manage-packages.sh ✅ NEW - Package management CLI ├── README.md ✅ NEW - Quick reference ├── SETUP_GUIDE.md ✅ NEW - Complete documentation ├── FRICTION_POINTS.md ✅ NEW - Detailed friction analysis └── docker-compose.edge-e2e.yml ✅ MOVED - From project root pkg/db/pollers.go ✅ FIXED - SQL DELETE syntax pkg/core/edge_onboarding.go ✅ FIXED - Linting errors ### 🎯 Recommended Next Steps 1. Deploy Core with fixes - Update k8s deployment with SQL DELETE fix 2. Implement auto-registration - Add `allowed_poller_id` to edge_packages table to eliminate manual ConfigMap updates 3. Create CLI commands - Add `serviceradar-cli edge` commands for package management 4. Test full flow - Validate complete onboarding process with new automation ### ✅ What Works Now - Package download and extraction - SPIRE credential bootstrap - Configuration generation (automated) - Network namespace sharing - Agent-poller communication - SPIFFE/mTLS authentication - Status reporting to Core (after manual registration) - Idempotent deployments via setup script The edge onboarding process is now well-organized, documented, and largely automated!
mfreeman451 commented 2026-03-28 04:26:43 +00:00
Author
Owner
Copy link

Imported GitHub comment.

Original author: @mfreeman451
Original URL: https://github.com/carverauto/serviceradar/issues/1911#issuecomment-3474876153
Original created: 2025-10-31T20:55:35Z

E2E validation completed successfully.

Follow-up work to eliminate edge onboarding friction points is tracked in:

  • bd issue: serviceradar-57
  • GitHub issue: #1915

Closing this issue as the validation work is complete.

Imported GitHub comment. Original author: @mfreeman451 Original URL: https://github.com/carverauto/serviceradar/issues/1911#issuecomment-3474876153 Original created: 2025-10-31T20:55:35Z --- ✅ E2E validation completed successfully. Follow-up work to eliminate edge onboarding friction points is tracked in: - bd issue: serviceradar-57 - GitHub issue: #1915 Closing this issue as the validation work is complete.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
staging
2406-feat-agent-fleet-management-secure-self-update-system
bug/k8s-helm-deployments
chore/k8s-arc-update
rust-fix
2371-analytics-stats-cards-should-abbreviate-numbers
chore/perl-cleanup
2942-featweb-ng-add-logs-tab-to-device-details-page
192-feat-tftp-server
mikemiles-dev/feature/netflow_collection
testing
dependabot/cargo/hostname-0.4.1
dependabot/cargo/redis-1.0.1
dependabot/cargo/bb8-0.9.0
dependabot/cargo/rcgen-0.14.6
dependabot/cargo/hyper-1.8.1
dependabot/cargo/hyper-util-0.1.19
dependabot/cargo/clap-4.5.51
dependabot/cargo/thiserror-2.0.17
dependabot/cargo/time-tz-2.0.0
dependabot/cargo/tonic-build-0.14.2
main
dependabot/npm_and_yarn/docs/mdast-util-to-hast-13.2.1
815-feat-support-win32-for-agentpoller
gh-pages
v1.2.5
v1.2.4
v1.2.3
v1.2.2
v1.2.1
v1.2.0
v1.1.2
v1.1.0
v1.0.92
v1.0.91
v1.0.90
v1.0.89
v1.0.88
v1.0.87
v1.0.86
v1.0.85
v1.0.84
v1.0.83
v1.0.82
v1.0.81
v1.0.78
v1.0.77
v1.0.76
v1.0.70
v1.0.69
v1.0.68
v1.0.67
v1.0.66
v1.0.65
v1.0.64
v1.0.63
v1.0.62
v1.0.61
v1.0.60
v1.0.59
v1.0.58
1.0.57
v1.0.56
v1.0.55
v1.0.54-pre5
v1.0.53
v1.0.53-pre19
v1.0.53-pre18
v1.0.53-pre17
v1.0.53-pre15
1.0.53-pre10
1.0.53-pre9
1.0.53-pre8
1.0.53-pre7
1.0.53-pre6
1.0.53-pre5
1.0.53-pre4
1.0.53-pre3
1.0.53-pre2
1.0.53-pre1
1.0.52
1.0.51
1.0.50
1.0.49
1.0.49-pre5
1.0.49-pre4
1.0.49-pre3
1.0.49-pre2
1.0.48
1.0.48-rc2
1.0.48-rc1
1.0.48-pre8
1.0.48-pre7
1.0.48-pre6
1.0.48-pre5
1.0.48-pre4
1.0.48-pre3
1.0.48-pre2
1.0.48-pre1
1.0.47
1.0.47-pre8
1.0.47-pre7
1.0.47-pre6
1.0.47-pre5
1.0.47-pre4
1.0.47-pre3
1.0.47-pre2
1.0.47-pre1
1.0.46
1.0.46-pre9
1.0.46-pre8
1.0.46-pre7
1.0.46-pre6
1.0.46-pre5
1.0.46-pre4
1.0.46-pre3
1.0.46-pre2
1.0.46-pre1
1.0.45
1.0.44
1.0.44-pre12
1.0.44-pre11
1.0.44-pre10
1.0.44-pre9
1.0.44-pre8
1.0.44-pre7
1.0.44-pre6
1.0.44-pre5
1.0.44-pre4
1.0.44-pre3
1.0.44-pre2
1.0.44-pre1
1.0.43
1.0.42
1.0.41
1.0.41-pre1
1.0.40
1.0.40-pre11
1.0.40-pre10
1.0.40-pre9
1.0.40-pre8
1.0.40-pre7
1.0.40-pre6
1.0.40-pre5
1.0.40-pre4
1.0.40-pre3
1.0.40-pre2
1.0.40-pre1
1.0.39
1.0.38
1.0.37
1.0.36
1.0.36-pre5
1.0.36-pre4
1.0.36-pre3
1.0.36-pre2
1.0.35
1.0.35-pre3
1.0.35-pre2
1.0.35-pre
1.0.34-pre3
1.0.34-pre2
1.0.34-pre1
1.0.33
1.0.33-pre2
1.0.33-pre
1.0.32
1.0.31
1.0.30
1.0.29
1.0.28
1.0.27
1.0.26
1.0.25
1.0.24
1.0.23
1.0.22
1.0.21
1.0.20
1.0.19
1.0.18
1.0.17
1.0.16
1.0.15
1.0.14
1.0.13
1.0.11
1.0.10
1.0.9
1.0.8
1.0.7
1.0.6
1.0.5
1.0.4
1.0.3
1.0.2
1.0.1
1.0.0
Labels
Clear labels   
1week

   
2weeks

   
Failed compliance check

   
IP cameras

   
NATS

NATS JetStream

  
Possible security concern

   
Review effort 1/5

   
Review effort 2/5

   
Review effort 3/5

   
Review effort 4/5

   
Review effort 5/5

   
UI

   
aardvark

   
accessibility

   
amd64

   
api

   
arm64

   
auth

   
back-end

   
bgp

   
blog

   
bug

Something isn't working

  
build

   
checkers

   
ci-cd

continuous integration-continuous deployments

  
cleanup

   
cnpg

cloud-native postgres

  
codex

   
core

core service

  
dependencies

Pull requests that update a dependency file

  
device-management

   
documentation

Improvements or additions to documentation

  
duplicate

This issue or pull request already exists

  
dusk

   
ebpf

   
enhancement

New feature or request

  
eta 1d

   
eta 1hr

   
eta 3d

   
eta 3hr

   
feature

   
fieldsurvey

   
github_actions

Pull requests that update GitHub Actions code

  
go

Pull requests that update Go code

  
good first issue

Good for newcomers

  
help wanted

Extra attention is needed

  
invalid

This doesn't seem right

  
javascript

Pull requests that update Javascript code

  
k8s

   
log-collector

   
mapper

   
mtr

multi traceroute

  
needs-triage

   
netflow

   
network-sweep

   
observability

   
oracle

Oracle Linux related issues

  
otel

opentelemetry logs, traces, metrics

  
plug-in

   
proton

timeplus proton streaming database

  
python

   
question

Further information is requested

  
reddit

   
redhat

   
research

   
rperf

   
rperf-checker

   
rust

Pull requests that update rust code

  
sdk

   
security

   
serviceradar-agent

   
serviceradar-agent-gateway

   
serviceradar-web

   
serviceradar-web-ng

   
siem

   
snmp

   
sysmon

   
topology

   
ubiquiti

   
wasm

   
wontfix

This will not be worked on

  
zen-engine
No labels
1week
2weeks
Failed compliance check
IP cameras
NATS
Possible security concern
Review effort 1/5
Review effort 2/5
Review effort 3/5
Review effort 4/5
Review effort 5/5
UI
aardvark
accessibility
amd64
api
arm64
auth
back-end
bgp
blog
bug
build
checkers
ci-cd
cleanup
cnpg
codex
core
dependencies
device-management
documentation
duplicate
dusk
ebpf
enhancement
eta 1d
eta 1hr
eta 3d
eta 3hr
feature
fieldsurvey
github_actions
go
good first issue
help wanted
invalid
javascript
k8s
log-collector
mapper
mtr
needs-triage
netflow
network-sweep
observability
oracle
otel
plug-in
proton
python
question
reddit
redhat
research
rperf
rperf-checker
rust
sdk
security
serviceradar-agent
serviceradar-agent-gateway
serviceradar-web
serviceradar-web-ng
siem
snmp
sysmon
topology
ubiquiti
wasm
wontfix
zen-engine
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
carverauto/serviceradar#633
No description provided.