[Elastic Agent] Fix Docker container to allow state to properly be handled #24817
Conversation
botelastic
bot
added
needs_team
|
Pinging @elastic/agent (Team:Agent) |
|
/package |
💚 Build Succeeded
Expand to view the summary
Build stats
Test stats 🧪
Trends 🧪💚 Flaky test reportTests succeeded. Expand to view the summary
Test stats 🧪
|
|
/package |
There was a problem hiding this comment.
Log path defaults to $STATE_PATH/logs but that can also log to a completely different path by setting LOG_PATH environment.
Providing LOGS_PATH=/myapp/logs when starting the container does not log anything at this directory. All logs are always logged under $STATE_PATH/data/logs.
| return fmt.Errorf("syncing download directory to STATE_PATH(%s) failed: %s", pathCfg.State, err) | ||
| } | ||
| paths.SetTop(filepath.Join(pathCfg.State, "data")) | ||
| paths.SetConfig(pathCfg.State) |
There was a problem hiding this comment.
Can you make this configurable independently of the pathCfg.State?
There was a problem hiding this comment.
We could? What is the use case? Don't like to add an ENV unless it is useful.
There was a problem hiding this comment.
We have a usecase with an existing directory structure:
/app
/app/config
/app/logs
/app/data
When setting STATE_PATH=/app the agent expects the configuration at /app/.
| var err error | ||
| var client *kibana.Client | ||
| executable, err := os.Executable() | ||
| if err != nil { | ||
| return err | ||
| } | ||
|
|
||
| // set paths early so all action below use the defined paths | ||
| err = handlePaths(cfg.Agent.Paths) |
There was a problem hiding this comment.
The APM Server is extracted from the Elastic Agent's download folder. At the moment this is done before the Elastic Agent gets started (https://github.com/elastic/beats/pull/24817/files#diff-1f8e1e2079524931fa8f3cf121667a25baa2b998557136500d5e7596b46e9187R159), so also before you are setting the path variables here. The path variables need to be set as the very first action.
If you prefer I can change the order to make this work with the cloud mode after your PR gets merged.
There was a problem hiding this comment.
I think because of me pushing an update I broke the link your provided. Can you provide it again so I can see what you are talking about. Would be happy to fix it in this branch.
There was a problem hiding this comment.
Yes I question if the But for a container it should write to stdout, which is how it is setup now. That way a log collector for docker or kubernetes will automatically pick up the logs. |
Adding more to this the Elastic Agent expects that logs exists at Why doesn't setting |
* unify ENV for home, logs, config, data * add CONFIG_PATH * set paths and copy downloads before extracting APM Server * restrict path config to ENV
| @@ -77,3 +77,4 @@ | |||
| - Add TLS support for Fleet Server {pull}24142[24142] | |||
| - Add support for Fleet Server running under Elastic Agent {pull}24220[24220] | |||
| - Add CA support to Elastic Agent docker image {pull}24486[24486] | |||
| - Add STATE_PATH to Elastic Agent docker image {pull}24817[24817] | |||
There was a problem hiding this comment.
also add LOGS_PATH and CONFIG_PATH
…nroll to exit when Elastic Agent crashes.
…ndled (elastic#24817) * Adjust paths to allow setting data path when running in container mode. * Fix ability for elastic-agent to have proper state in Docker. * Add changelog entry. * Fix lint. * Fix issue with bootstrapping with Fleet Server. * Fix lint. * additional fixes * unify ENV for home, logs, config, data * add CONFIG_PATH * set paths and copy downloads before extracting APM Server * restrict path config to ENV * Cleanup some issues with cloud mode. * Fix issue with CONFIG_PATH when empty. Improve sub-process agent in enroll to exit when Elastic Agent crashes. * Cleanup the paths to be correct. * Update changelog. * Fix unit tests. Co-authored-by: simitt <silvia.mitter@elastic.co> (cherry picked from commit 1f1fae5)
…ndled (#24817) (#24879) * Adjust paths to allow setting data path when running in container mode. * Fix ability for elastic-agent to have proper state in Docker. * Add changelog entry. * Fix lint. * Fix issue with bootstrapping with Fleet Server. * Fix lint. * additional fixes * unify ENV for home, logs, config, data * add CONFIG_PATH * set paths and copy downloads before extracting APM Server * restrict path config to ENV * Cleanup some issues with cloud mode. * Fix issue with CONFIG_PATH when empty. Improve sub-process agent in enroll to exit when Elastic Agent crashes. * Cleanup the paths to be correct. * Update changelog. * Fix unit tests. Co-authored-by: simitt <silvia.mitter@elastic.co> (cherry picked from commit 1f1fae5)
Due to some changes in elastic-agent (elastic/beats#24817), injection of the apm-server binary became ineffective and we have been running system tests with the published artifacts. Artifacts (such as the apm-server) are now unpacked into state/data/install/<artifact>. The state/data/install directory is expected to be owned by the elastic-agent user, so we can no longer bind mount the apm-server binary. Instead, we now create a custom Docker image and copy in the apm-server and apm-server.yml files.
Due to some changes in elastic-agent (elastic/beats#24817), injection of the apm-server binary became ineffective and we have been running system tests with the published artifacts. Artifacts (such as the apm-server) are now unpacked into state/data/install/<artifact>. The state/data/install directory is expected to be owned by the elastic-agent user, so we can no longer bind mount the apm-server binary. Instead, we now create a custom Docker image and copy in the apm-server and apm-server.yml files.
Due to some changes in elastic-agent (elastic/beats#24817), injection of the apm-server binary became ineffective and we have been running system tests with the published artifacts. Artifacts (such as the apm-server) are now unpacked into state/data/install/<artifact>. The state/data/install directory is expected to be owned by the elastic-agent user, so we can no longer bind mount the apm-server binary. Instead, we now create a custom Docker image and copy in the apm-server and apm-server.yml files. (cherry picked from commit 301caed)
Due to some changes in elastic-agent (elastic/beats#24817), injection of the apm-server binary became ineffective and we have been running system tests with the published artifacts. Artifacts (such as the apm-server) are now unpacked into state/data/install/<artifact>. The state/data/install directory is expected to be owned by the elastic-agent user, so we can no longer bind mount the apm-server binary. Instead, we now create a custom Docker image and copy in the apm-server and apm-server.yml files.
Due to some changes in elastic-agent (elastic/beats#24817), injection of the apm-server binary became ineffective and we have been running system tests with the published artifacts. Artifacts (such as the apm-server) are now unpacked into state/data/install/<artifact>. The state/data/install directory is expected to be owned by the elastic-agent user, so we can no longer bind mount the apm-server binary. Instead, we now create a custom Docker image and copy in the apm-server and apm-server.yml files. (cherry picked from commit 301caed) Co-authored-by: Andrew Wilkins <axw@elastic.co>
What does this PR do?
This fixes the Elastic Agent Docker image to allow a proper state to be stored for the image. Previously this was not possible for the state to be placed into a volume which prevent restarts of the container to maintain its previous state.
This changes the Elastic Agent to not version its directory when running under Docker. This is key to allowing the state to be storable and being that an Elastic Agent container cannot be self-upgraded it is acceptable that it is not versioned.
Because of how the Elastic Agent ships with the builds in the download directory the state could not mount over that directory of Elastic Agent would need to re-download those files. This changes the container sub-command to rsync the builds download directory into the state directory before actually running. This allows new downloads to stay in the state directory and allows the running Elastic Agent to use the binaries that shipped with the image.
By default the state of the Docker container goes to
/usr/share/elastic-agent/state. This can changed withSTATE_PATHenvironment. Elastic Agent logs now default to output stderr so they can be collected by the container runtime. In the case thatLOGS_PATHvariable is set then the Elastic Agent will log to$LOGS_PATH/elastic-agent.loginstead of stderr.Other fixes include using the
$STATE_PATH/data/tmpinstead of/tmpfor the unix sockets as the container cannot write to/tmp.Why is it important?
Critical to allow the state of the Elastic Agent to persist restarts of the Elastic Agent Docker image.
Checklist
[ ] I have made corresponding changes to the documentation[ ] I have made corresponding change to the default configuration filesCHANGELOG.next.asciidocorCHANGELOG-developer.next.asciidoc.Author's Checklist
/usr/share/elastic-agent/state.STATE_PATH.How to test this PR locally
Related issues
--path.home#24801