steve/restic-manager
1
0
Fork 0
Code Issues Pull Requests Actions Projects Releases 1 Wiki Activity

agent: log accept/complete on backup jobs; audit: populate host.enrolled payload
CI / Test (linux/amd64) (push) Has been cancelled
Details
CI / Lint (push) Has been cancelled
Details
CI / Build (windows/amd64) (push) Has been cancelled
Details
CI / Build (linux/amd64) (push) Has been cancelled
Details
CI / Build (linux/arm64) (push) Has been cancelled
Details

Browse Source 
Two warts surfaced during the smoke run:

- Agent was silent between "config.update applied" and "job
  finished" — operators tailing journalctl saw no acknowledgement
  that a command.run had landed. Adds Info logs at job-accept
  ({job_id, paths}) and at successful completion.

- The host.enrolled audit row had an empty {} payload. Now
  carries {hostname, os, arch, has_repo_creds} so an audit-log
  reader can answer "what got enrolled and did the operator
  bundle creds with the token" without joining back to hosts.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Steve Cliff
2026-05-01 18:24:56 +01:00
parent 2418e585db
commit b6cfa99413
2 changed files with 16 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
cmd/agent/main.go
+4
View File
@@ -250,10 +250,14 @@ func (d *dispatcher) runJob(ctx context.Context, p api.CommandRunPayload, tx wsc
case api.JobBackup: case api.JobBackup:
// Agent.Args carries [paths...]. Excludes/tags are not yet // Agent.Args carries [paths...]. Excludes/tags are not yet
// surfaced over the wire; they come with P2 schedule support. // surfaced over the wire; they come with P2 schedule support.
slog.Info("agent: accepting backup job",
"job_id", p.JobID, "paths", p.Args)
go func() { go func() {
if err := r.RunBackup(ctx, p.JobID, p.Args, nil, nil); err != nil { if err := r.RunBackup(ctx, p.JobID, p.Args, nil, nil); err != nil {
slog.Warn("agent: backup job failed", "job_id", p.JobID, "err", err) slog.Warn("agent: backup job failed", "job_id", p.JobID, "err", err)
return
} }
slog.Info("agent: backup job complete", "job_id", p.JobID)
}() }()
default: default:
return fmt.Errorf("kind %q not implemented yet (Phase 2 lands the rest)", p.Kind) return fmt.Errorf("kind %q not implemented yet (Phase 2 lands the rest)", p.Kind)
internal/server/http/enrollment.go
+12
View File
@@ -146,6 +146,17 @@ func (s *Server) handleAgentEnroll(w stdhttp.ResponseWriter, r *stdhttp.Request)
} }
} }
auditPayload, _ := json.Marshal(struct {
Hostname string `json:"hostname"`
OS string `json:"os"`
Arch string `json:"arch"`
HasRepoCreds bool `json:"has_repo_creds"`
}{
Hostname: host.Name,
OS: host.OS,
Arch: host.Arch,
HasRepoCreds: encForHost != "",
})
_ = s.deps.Store.AppendAudit(r.Context(), store.AuditEntry{ _ = s.deps.Store.AppendAudit(r.Context(), store.AuditEntry{
ID: ulid.Make().String(), ID: ulid.Make().String(),
Actor: "system", Actor: "system",
@@ -153,6 +164,7 @@ func (s *Server) handleAgentEnroll(w stdhttp.ResponseWriter, r *stdhttp.Request)
TargetKind: ptr("host"), TargetKind: ptr("host"),
TargetID: &hostID, TargetID: &hostID,
TS: host.EnrolledAt, TS: host.EnrolledAt,
Payload: auditPayload,
}) })
writeJSON(w, stdhttp.StatusCreated, enrollResponse{ writeJSON(w, stdhttp.StatusCreated, enrollResponse{