Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[DOCS] Fleet and Endpoint Security require a Transform, appropriate configuration is needed #608

Closed
kevinlog opened this issue Apr 7, 2021 · 1 comment
Closed

[DOCS] Fleet and Endpoint Security require a Transform, appropriate configuration is needed #608

kevinlog opened this issue Apr 7, 2021 · 1 comment
Assignees
@caitlinbetz @kevinlog @jmikell821 @nastasha-solomon
Labels
Team: Docs Team: EDR Workflows Formerly Defend Workflows, Onboarding and Lifecycle Management v7.13.0

Comments

@kevinlog
Copy link
Contributor

kevinlog commented Apr 7, 2021

Description

There have been some sdh issues that have come in where users have custom node and cluster configurations which disallow transforms from running. Right now, this is a problem because Endpoint security requires a transform to operate and since Endpoint is a required package, Fleet also requires that this transform is installed properly. I will prioritize that we fix this situation before the end of 7.last, however for the time being, we should make this restraint more clear in documentation.

We should list a set of requirements for the Security solution to ensure that users have their node roles and clusters configured correctly in order to use Endpoint security.

Node roles

Users must have at least one node have a transform role.

By default, node roles will include this role. As soon as a user customizes their roles, they will need to ensure that at least one has the transform role.

More information here on Node roles: https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-node.html

Cluster settings

Users must have their Cluster settings setup so that it will allow persistent tasks.

By default, the Cluster settings will allow these persistent tasks, however if users customize them, it is possible to turn it off.

If the user runs GET /_cluster/settings in dev tools and finds the below setting, transforms will not be allowed to install:

{
  "transient": {
    "cluster.persistent_tasks.allocation.enable": "none"
  }
}

They will need to ensure this is set to (the default setting):

{
  "transient": {
    "cluster.persistent_tasks.allocation.enable": "all"
  }
}

More information on Cluster settings: https://www.elastic.co/guide/en/elasticsearch/reference/current/cluster-update-settings.html
relevant SDH: https://github.com/elastic/sdh-kibana/issues/1398

Acceptance Test Criteria

  • As a user, I should ensure that I have at least one node.role with a transform role
  • As a user, I should ensure that my cluster settings allow for persistent_tasks allocation

Notes

  • Add the "Team:Docs" label to new issues.
  • Be sure to add the version number label.
  • Be sure to add any necessary screenshots for clarity.
  • Include any conditions or caveats that may affect customers.
@kevinlog kevinlog mentioned this issue Apr 16, 2021
Closed
@kevinlog kevinlog mentioned this issue Apr 29, 2021
Closed
@jmikell821 jmikell821 added the Team: EDR Workflows Formerly Defend Workflows, Onboarding and Lifecycle Management label Apr 30, 2021
@nastasha-solomon nastasha-solomon mentioned this issue May 20, 2021
Merged
@jmikell821
Copy link
Contributor

Merged #693.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@caitlinbetz caitlinbetz

@kevinlog kevinlog

@jmikell821 jmikell821

@nastasha-solomon nastasha-solomon

Labels
Team: Docs Team: EDR Workflows Formerly Defend Workflows, Onboarding and Lifecycle Management v7.13.0
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@caitlinbetz @kevinlog @jmikell821 @nastasha-solomon