diff --git a/x-pack/plugins/ingest_manager/README.md b/x-pack/plugins/ingest_manager/README.md index 9641c56097422..f0c2466b25b04 100644 --- a/x-pack/plugins/ingest_manager/README.md +++ b/x-pack/plugins/ingest_manager/README.md @@ -10,6 +10,17 @@ - [Integration tests](server/integration_tests/router.test.ts) - Both EPM and Fleet require `ingestManager` be enabled. They are not standalone features. +## Fleet Requirements + +Fleet needs to have Elasticsearch API keys enabled, and also to have TLS enabled on kibana, (if you want to run Kibana without TLS you can provide the following config flag `--xpack.ingestManager.fleet.tlsCheckDisabled=false`) + +Also you need to configure the hosts your agent is going to use to comunication with Elasticsearch and Kibana (Not needed if you use Elastic cloud). You can use the following flags: + +``` +--xpack.ingestManager.fleet.elasticsearch.host=http://localhost:9200 +--xpack.ingestManager.fleet.kibana.host=http://localhost:5601 +``` + ## Development ### Getting started diff --git a/x-pack/plugins/ingest_manager/dev_docs/api_keys.md b/x-pack/plugins/ingest_manager/dev_docs/api_keys.md index 95d7ba1963531..2143c585f5a15 100644 --- a/x-pack/plugins/ingest_manager/dev_docs/api_keys.md +++ b/x-pack/plugins/ingest_manager/dev_docs/api_keys.md @@ -2,11 +2,11 @@ Fleet uses 3 types of API Keys: -1. Enrollment API Keys - A long lived token with optional rules around assignment of policy when enrolling. It is used to enroll N agents. +1. Enrollment Token - A long lived token with optional rules around assignment of policy when enrolling. It is used to enroll N agents. -2. Access API Keys - Generated during enrollment and hidden from the user. This token is used to communicate with Kibana and is unique to each agent. This allows a single agent to be revoked without affecting other agents or their data ingestion ability. +2. Access Token - Generated during enrollment and hidden from the user. This token is used to communicate with Kibana and is unique to each agent. This allows a single agent to be revoked without affecting other agents or their data ingestion ability. -3. Output API Keys - This is used by the agent to ship data to ES. At the moment this is one token per unique output cluster per policy due to the scale needed from ES tokens not currently being supported. Once ES can accept the levels of scale needed, we would like to move to one token per agent. +3. Output API Keys - This is used by the agent to ship data to ES. This token is unique per agent. ### FAQ diff --git a/x-pack/plugins/ingest_manager/dev_docs/fleet_agents_interactions_detailed.md b/x-pack/plugins/ingest_manager/dev_docs/fleet_agents_interactions_detailed.md index ac7005063da9d..d563712fdf0a6 100644 --- a/x-pack/plugins/ingest_manager/dev_docs/fleet_agents_interactions_detailed.md +++ b/x-pack/plugins/ingest_manager/dev_docs/fleet_agents_interactions_detailed.md @@ -4,7 +4,7 @@ Fleet workflow: -- an agent enroll to fleet using an enrollmentAPiKey +- an agent enroll to fleet using an enrollment token. - Every n seconds agent is polling the checkin API to send events and check for new configuration ### Agent enrollment @@ -12,7 +12,7 @@ Fleet workflow: An agent must enroll using the REST Api provided by fleet. When an agent enroll Fleet: -- verify the API Key is a valid ES API key +- verify the Enrollment token is a valid ES API key - retrieve the Saved Object (SO) associated to this api key id (this SO contains the configuration|policy id) - create an ES ApiKey unique to the agent for accessing kibana during checkin - create an ES ApiKey per output to send logs and metrics to the output @@ -26,7 +26,7 @@ Agent are going to poll the checkin API to send events and check for new configr When an agent checkin fleet: -- verify the access API Key is a valid ES API key +- verify the access token is a valid ES API key - retrieve the agent (SO associated to this api key id) - Insert events SO - If the Agent configuration has been updated since last checkin