Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Enable Fleet Server #279

Merged
merged 30 commits into from
Apr 7, 2021
Merged
Show file tree
Hide file tree
Changes from 25 commits
Commits
Show all changes
30 commits
Select commit Hold shift + click to select a range
ae3f99b
Enable Fleet Server
Mar 8, 2021
3054a28
Add FLEET_SERVER_INSECURE_HTTP
Mar 9, 2021
95008aa
Merge branch 'master' into 278-support-fleet-server
mtojek Mar 9, 2021
abfc3c2
Merge branch 'master' into 278-support-fleet-server
mtojek Mar 9, 2021
8474486
Merge branch 'master' into 278-support-fleet-server
ycombinator Mar 9, 2021
3d38884
Merge branch 'master' into 278-support-fleet-server
mtojek Mar 10, 2021
1010dba
Merge branch 'master' into 278-support-fleet-server
mtojek Mar 16, 2021
9e82f14
Fix: connect to the Fleet Server
Mar 16, 2021
909673e
Merge branch 'master' into 278-support-fleet-server
mtojek Mar 23, 2021
d6e4f8e
Merge branch 'master' into 278-support-fleet-server
mtojek Mar 24, 2021
b1bd3f7
More vars
Mar 25, 2021
9cf2ede
Merge branch 'master' into 278-support-fleet-server
mtojek Mar 25, 2021
5b2311e
Use vars defined in beats/container.go
Mar 25, 2021
3e2b85f
WIP
Mar 25, 2021
c1fa538
Merge branch 'master' into 278-support-fleet-server
mtojek Mar 26, 2021
e069db0
Revert
Mar 26, 2021
f1d5135
Try with two agent instances
Mar 26, 2021
5088df3
Clean variables
Mar 26, 2021
706ce73
Increase retry
Mar 26, 2021
9f68f0d
Retries
Mar 26, 2021
69ecf9b
Try: increase healthcheck interval
Mar 29, 2021
fc1037e
Merge branch 'master' into 278-support-fleet-server
mtojek Mar 31, 2021
58c47e0
Dump fleet-server logs
Mar 31, 2021
a62148b
Merge branch 'master' into 278-support-fleet-server
Apr 6, 2021
c46a537
Fix: bad merge
Apr 6, 2021
649e2f1
Merge branch 'master' into 278-support-fleet-server
mtojek Apr 7, 2021
50ece51
Latest fixes
Apr 7, 2021
fc412cb
Revert FLEET_SERVER_HOST
Apr 7, 2021
9ee732c
Fix
Apr 7, 2021
0f53750
FLEET_SERVER_HOST is required
Apr 7, 2021
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion internal/install/static_kibana_config_yml.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,8 @@ xpack.fleet.enabled: true
xpack.fleet.registryUrl: "http://package-registry:8080"
xpack.fleet.agents.enabled: true
xpack.fleet.agents.elasticsearch.host: "http://elasticsearch:9200"
xpack.fleet.agents.kibana.host: "http://kibana:5601"
xpack.fleet.agents.fleetServerEnabled: true
xpack.fleet.agents.kibana.host: "http://fleet-server:8220"
xpack.fleet.agents.tlsCheckDisabled: true
xpack.encryptedSavedObjects.encryptionKey: "12345678901234567890123456789012"
`
6 changes: 1 addition & 5 deletions internal/install/static_kubernetes_elastic_agent_yml.go
Original file line number Diff line number Diff line change
Expand Up @@ -30,14 +30,10 @@ spec:
env:
- name: FLEET_ENROLL
value: "1"
- name: FLEET_ENROLL_INSECURE
value: "1"
- name: FLEET_INSECURE
value: "1"
- name: FLEET_URL
value: "http://kibana:5601"
- name: KIBANA_HOST
value: "http://kibana:5601"
value: "http://fleet-server:8220"
- name: NODE_NAME
valueFrom:
fieldRef:
Expand Down
28 changes: 22 additions & 6 deletions internal/install/static_snapshot_yml.go
Original file line number Diff line number Diff line change
Expand Up @@ -75,25 +75,41 @@ services:
package-registry:
condition: service_healthy

elastic-agent:
fleet-server:
image: ${ELASTIC_AGENT_IMAGE_REF}
depends_on:
elasticsearch:
condition: service_healthy
kibana:
condition: service_healthy
healthcheck:
test: "curl -f http://127.0.0.1:8220/api/status | grep HEALTHY 2>&1 >/dev/null"

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can add --insecure to the curl command and change to https if you remove the FLEET_SERVER_INSECURE_HTTP below.

retries: 12
interval: 5s
hostname: docker-fleet-server
environment:
- "FLEET_SERVER_ENABLE=1"
- "FLEET_SERVER_INSECURE_HTTP=1"

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would rather see you run it without this flag. Why run it insecurely?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For debugging purposes we can sniff network traffic and see requests/responses. It's not a production setup.

- "KIBANA_FLEET_SETUP=1"
- "KIBANA_FLEET_HOST=http://kibana:5601"
ruflin marked this conversation as resolved.
Show resolved Hide resolved
- "FLEET_SERVER_HOST=0.0.0.0"

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You should not need this anymore. By default Elastic Agent will start Fleet Server with it bound to 0.0.0.0.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed

Copy link
Contributor Author

@mtojek mtojek Apr 7, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Something doesn't work (connectivity issue), I will try to revert this one. Seems to be correct.

Unfortunately this one is also required, otherwise the fleet server is not reachable anymore. Maybe something hasn't been backported here?

ports:
- "127.0.0.1:8220:8220"

elastic-agent:
image: ${ELASTIC_AGENT_IMAGE_REF}
depends_on:
fleet-server:
condition: service_healthy
healthcheck:
test: "sh -c 'grep \"Agent is starting\" -r . --include=elastic-agent-json.log'"

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The status command landed, so it would be better to run that instead of this type of check.

test: "./elastic-agent status"

Should be enough, as it returns exit code 0 when the agent is healthy.

Copy link
Contributor Author

@mtojek mtojek Apr 7, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed

Unfortunately it fails with:

bash-4.2$ ./elastic-agent status
Error: failed to communicate with Elastic Agent daemon: rpc error: code = Unavailable desc = connection error: desc = "transport: Error while dialing dial unix /usr/share/elastic-agent/data/tmp/elastic-agent-control.sock: connect: no such file or directory"

I opened issue for this: elastic/beats#24956

retries: 30
retries: 90
interval: 1s
hostname: docker-fleet-agent
environment:
- "FLEET_ENROLL=1"
- "FLEET_ENROLL_INSECURE=1"
- "FLEET_INSECURE=1"
ruflin marked this conversation as resolved.
Show resolved Hide resolved
- "FLEET_SETUP=1"
- "FLEET_URL=http://kibana:5601"
- "KIBANA_HOST=http://kibana:5601"
- "FLEET_URL=http://fleet-server:8220"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wonder how in this scenario the elastic-agent will get the right enrollment token. We might still have to read it from Kibana.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would prefer the usage of https here as well. But you will still need the FLEET_INSECURE=1 so it sets ssl.verification_mode: none.

volumes:
- type: bind
source: ../tmp/service_logs/
Expand Down
2 changes: 1 addition & 1 deletion internal/stack/dump.go
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ import (
"github.com/elastic/elastic-package/internal/logger"
)

var observedServices = []string{"elasticsearch", "elastic-agent", "kibana", "package-registry"}
var observedServices = []string{"elasticsearch", "elastic-agent", "fleet-server", "kibana", "package-registry"}

// DumpOptions defines dumping options for Elatic stack data.
type DumpOptions struct {
Expand Down
1 change: 0 additions & 1 deletion internal/testrunner/runners/system/runner.go
Original file line number Diff line number Diff line change
Expand Up @@ -300,7 +300,6 @@ func (r *runner) runTest(config *testConfig, ctxt servicedeployer.ServiceContext
}

logger.Debug("adding package data stream to test policy...")

ds := createPackageDatastream(*policy, *pkgManifest, *dataStreamManifest, *config)
if err := kib.AddPackageDataStreamToPolicy(ds); err != nil {
return result.WithError(errors.Wrap(err, "could not add data stream config to policy"))
Expand Down