8000 Temporarily disable windows defender updates by jsturtevant · Pull Request #550 · kubernetes-sigs/image-builder · GitHub
[go: up one dir, main page]
Skip to content

Temporarily disable windows defender updates #550

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Mar 16, 2021
Merged

Temporarily disable windows defender updates #550

merged 1 commit into from
Mar 16, 2021

Conversation

jsturtevant
Copy link
Contributor
@jsturtevant jsturtevant commented Mar 16, 2021
edited
Loading

What this PR does / why we need it:

Make windows defender best effort during build. Defender is running on the host so the updates will be run periodically once the machine is running.

Which issue(s) this PR fixes (optional, in fixes #(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):

Mitigates #549

Additional context
Add any other context for the reviewers

I am going to connect with the Windows defender team to figure out why it might be failing occasionally and will follow up.

@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Mar 16, 2021
@jsturtevant jsturtevant changed the title Update windows defender to not fail Update windows defender to be best effort Mar 16, 2021
@jsturtevant
Copy link
Contributor Author

/assign @codenrhoden @CecileRobertMichon

@CecileRobertMichon
Copy link
Contributor

looks like it still failed with

�[0;32m    vhd-windows-2019: fatal: [default]: FAILED! => {"changed": true, "cmd": "# Updating windows defender signatures sometimes fails\n# These will be updated periodically on the host once running so should be ok if fails during build\n# https://github.com/kubernetes-sigs/image-builder/issues/549\n$service = Get-Service \"Windefend\"\n$service.WaitForStatus(\"Running\",\"00:5:00\")\ntry {\n    Update-MpSignature\n}\ncatch {\n    Write-Host \"Error occurred during signature update $_\"\n}", "delta": "0:00:13.001779", "end": "2021-03-16 08:54:51.007838", "msg": "non-zero return code", "rc": 1, "start": "2021-03-16 08:54:38.006059", "stderr": "Update-MpSignature : The remote procedure call failed. \r\nAt line:7 char:5\r\n+     Update-MpSignature\r\n+     ~~~~~~~~~~~~~~~~~~\r\n    + CategoryInfo          : NotSpecified: (MSFT_MpSignature:ROOT\\Microsoft\\...SFT_MpSignature) [Update-MpSignature], \r\n    CimException\r\n    + FullyQualifiedErrorId : HRESULT 0x800706be,Update-MpSignature", "stderr_lines": ["Update-MpSignature : The remote procedure call failed. ", "At line:7 char:5", "+     Update-MpSignature", "+     ~~~~~~~~~~~~~~~~~~", "    + CategoryInfo          : NotSpecified: (MSFT_MpSignature:ROOT\\Microsoft\\...SFT_MpSignature) [Update-MpSignature], ", "    CimException", "    + FullyQualifiedErrorId : HRESULT 0x800706be,Update-MpSignature"], "stdout": "", "stdout_lines": []}�[0m

@jsturtevant
Copy link
Contributor Author

That's got me confused... The try/catch should handle that error and move on. Looking into it

@jsturtevant jsturtevant force-pushed the windows-defender-updates branch from a7c212f to a11663e Compare March 16, 2021 21:55
@jsturtevant
Copy link
Contributor Author

I need to look into the try catch issue which might be related to: PowerShell/PowerShell#4613

Disabling this temporarily to unblock other PRs while I connect with the defender team on the errors.

@jsturtevant jsturtevant force-pushed the windows-defender-updates branch from a11663e to 20db9b9 Compare March 16, 2021 21:58
@jsturtevant jsturtevant changed the title Update windows defender to be best effort Temporarily disable windows defender updates Mar 16, 2021
@codenrhoden
Copy link
Contributor

okay, if this passes let's merge it in to unblock others. Though let's also edit the PR description to remove the Fixes: part so it doesn't close the open issue.

Thanks for investigating James!

@CecileRobertMichon
Copy link
Contributor

lgtm

@jsturtevant
Copy link
Contributor Author

@codenrhoden updated to Mitigates #549

@CecileRobertMichon
Copy link
Contributor

/lgtm
/approve

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Mar 16, 2021
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: CecileRobertMichon, jsturtevant

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Mar 16, 2021
@k8s-ci-robot k8s-ci-robot merged commit 9203ed9 into kubernetes-sigs:master Mar 16, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@CecileRobertMichon CecileRobertMichon Awaiting requested review from CecileRobertMichon

@detiber detiber Awaiting requested review from detiber

Assignees

@codenrhoden codenrhoden

@CecileRobertMichon CecileRobertMichon

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. size/S Denotes a PR that changes 10-29 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@jsturtevant @CecileRobertMichon @codenrhoden @k8s-ci-robot
0