Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Elastic Agent] Add the ability to run the Fleet Server #23736

Merged
merged 3 commits into from
Feb 1, 2021
Merged

[Elastic Agent] Add the ability to run the Fleet Server #23736

merged 3 commits into from
Feb 1, 2021

Conversation

blakerouse
Copy link
Contributor

@blakerouse blakerouse commented Jan 28, 2021
edited
Loading

What does this PR do?

Adds the ability for Fleet Server to be started by Elastic Agent.

This just adds the basics for Fleet Server to be ran by Elastic Agent. This does not handle the enrollment piece of starting Fleet Server to perform the enrollment for the running Elastic Agent parent. That work will be present in a follow up branch.

This provides enough for the Fleet Server to be started by the Elastic Agent and for the release manager build of Elastic Agent to include the Fleet Server.

The Fleet Server requires a custom output configuration for elasticsearch because Fleet Server requires custom permissions and connection information before Elastic Agent has even enrolled into Fleet. This can currently be set manually in the fleet.yml once the Elastic Agent is enrolled in the current Kibana.

id: d9abff40-60bf-11eb-96c5-a7508ca0826b
fleet:
  enabled: true
  access_api_key: RHRuQlJIY0JXd3N4Q3A3TmZRbW46RVpPbHp1czVRY21zVzJXQlYtZzZhZw==
  kibana:
    protocol: http
    host: localhost:5601
    hosts:
    - localhost:5601
    timeout: 5m0s
    ssl:
      verification_mode: none
      renegotiation: never
  reporting:
    threshold: 10000
    check_frequency_sec: 30
  agent:
    id: ""
  server:
    output:
      elasticsearch:
        hosts: '${ELASTICSEARCH_HOSTS:localhost:9200}'
        username: '${ELASTICSEARCH_USERNAME:elastic}'
        password: '${ELASTICSEARCH_PASSWORD:changeme}'

The follow up branch will handle writing the fleet.server.output.elasticsearch into the fleet.yml.

Why is it important?

Needed so Elastic Agent can run the Fleet server.

Checklist

  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • [ ] I have made corresponding changes to the documentation
  • [ ] I have made corresponding change to the default configuration files
  • I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Related issues

Logs

2021-01-28T09:14:23.382-0500    INFO    operation/operator.go:245       operation 'operation-install' skipped for fleet-server.8.0.0
2021-01-28T09:14:23.772-0500    INFO    log/reporter.go:40      2021-01-28T09:14:23-05:00: type: 'STATE': sub_type: 'STARTING' message: Application: fleet-server--8.0.0[d9abff40-60bf-11eb-96c5-a7508ca0826b]: State changed to STARTING: Starting
2021-01-28T09:14:23.780-0500    INFO    operation/monitoring.go:39      operator.handleStartSidecar: monitoring is not running and disabled, no action taken
2021-01-28T09:14:24.806-0500    INFO    log/reporter.go:40      2021-01-28T09:14:24-05:00: type: 'STATE': sub_type: 'STARTING' message: Application: fleet-server--8.0.0[d9abff40-60bf-11eb-96c5-a7508ca0826b]: State changed to STARTING: Waiting on default policy with Fleet Server integration

@blakerouse blakerouse added the Team:Elastic-Agent Label for the Agent team label Jan 28, 2021
@blakerouse blakerouse self-assigned this Jan 28, 2021
@botelastic botelastic bot added needs_team Indicates that the issue/PR needs a Team:* label and removed needs_team Indicates that the issue/PR needs a Team:* label labels Jan 28, 2021
@blakerouse blakerouse marked this pull request as ready for review January 28, 2021 17:00
@elasticmachine
Copy link
Collaborator

Pinging @elastic/agent (Team:Agent)

@elasticmachine
Copy link
Collaborator

Pinging @elastic/ingest-management (Team:Ingest Management)

@ruflin ruflin mentioned this pull request Jan 29, 2021
Closed
13 tasks
ruflin
ruflin reviewed Jan 29, 2021
View reviewed changes
x-pack/elastic-agent/spec/fleet-server.yml
- remove_key:
key: output

- select_into:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Having the output directly as part of the input would also simplify the spec file here?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It would still need to be moved because the output is a top-level key to Fleet Server.

I also don't think we want that, because we do not want to send username/password from the input. That also would have a chicken-n-egg problem of getting that information initially.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This goes back to a previous discussion. I think the fleet-server config should be designed and optimised for what is needed for Elastic Agent. So either it directly supports input as the default or it maps it internally. But the translation should not be up to the Elastic Agent. It can be a temporary solution for now.

Not sure I follow the chicken-egg part around username / password? Can you elaborate?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fleet Server does all of that. It has a top level inputs just like Elastic Agent. The issue is the output, which is also top level output and matches Elastic Agent.

The issue is on start-up there is no output, because Elastic Agent has not enrolled but Fleet Server needs to connect to an output so that the Elastic Agent can enroll.

x-pack/elastic-agent/spec/fleet-server.yml
- remove_key:
key: server

- map:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In general I would expect this spec file to only require the input routing to fleet-server. Why is this needed? Is this something we just add for every input automatically and because of this need to remove it?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes every input automatically gets these items from Elastic Agent, so they need to be removed.

michalpristas
michalpristas approved these changes Jan 29, 2021
View reviewed changes
Copy link
Contributor

@michalpristas michalpristas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

change looks ok

x-pack/elastic-agent/CHANGELOG.next.asciidoc Outdated
@@ -64,3 +64,4 @@
- Log level reloadable from fleet {pull}22690[22690]
- Push log level downstream {pull}22815[22815]
- Add metrics collection for Agent {pull}22793[22793]
- Add support for Fleet Server {pull}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

please fill in PR number

@elasticmachine
Copy link
Collaborator

elasticmachine commented Jan 29, 2021
edited by jenkins-beats-ci bot
Loading

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview

Expand to view the summary

Build stats

  • Build Cause: blakerouse commented: /test

    • Start Time: 2021-02-01T13:04:22.953+0000

  • Duration: 90 min 37 sec

  • Commit: 4c3b6ee

Test stats 🧪

Test Results
Failed 0
Passed 45151
Skipped 4737
Total 49888

💚 Flaky test report

Tests succeeded.

Expand to view the summary

Test stats 🧪

Test Results
Failed 0
Passed 45151
Skipped 4737
Total 49888

@blakerouse
Copy link
Contributor Author

/test

@blakerouse blakerouse merged commit d59f780 into elastic:master Feb 1, 2021
@blakerouse blakerouse deleted the run-fleet-server branch February 1, 2021 15:11
@blakerouse blakerouse mentioned this pull request Feb 1, 2021
Merged
4 tasks
@mdelapenya mdelapenya mentioned this pull request Feb 3, 2021
Closed
@michalpristas michalpristas mentioned this pull request Feb 4, 2021
Merged
6 tasks
blakerouse added a commit to blakerouse/beats that referenced this pull request Feb 8, 2021
@blakerouse
[Elastic Agent] Add the ability to run the Fleet Server (elastic#23736)
40caadd 
* Add the ability to run the Fleet Server.

* Add test and changelog.

* Fix changelog.

(cherry picked from commit d59f780)
blakerouse added a commit that referenced this pull request Feb 10, 2021
@blakerouse @michalpristas
Cherry-pick #23736 to 7.x: [Elastic Agent] Add the ability to run the…
2fab9a8 
… Fleet Server (#23785)

* [Elastic Agent] Add the ability to run the Fleet Server (#23736)

* Add the ability to run the Fleet Server.

* Add test and changelog.

* Fix changelog.

(cherry picked from commit d59f780)

* Fixed monitoring filebeat and metricbeat not connecting to Agent over GRPC (#23843)

Fixed monitoring filebeat and metricbeat not connecting to Agent over GRPC (#23843)

Co-authored-by: Michal Pristas <michal.pristas@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ruflin ruflin ruflin left review comments

@michalpristas michalpristas michalpristas approved these changes

Assignees

@blakerouse blakerouse

Labels
Team:Elastic-Agent Label for the Agent team v7.12.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Elastic Agent] Embed Fleet Server as part of the Elastic Agent
4 participants
@blakerouse @elasticmachine @ruflin @michalpristas