diff --git a/docs/en/ingest-management/fleet/add-fleet-server-mixed.asciidoc b/docs/en/ingest-management/fleet/add-fleet-server-mixed.asciidoc index 38261db65..f65185a7a 100644 --- a/docs/en/ingest-management/fleet/add-fleet-server-mixed.asciidoc +++ b/docs/en/ingest-management/fleet/add-fleet-server-mixed.asciidoc @@ -12,7 +12,7 @@ To deploy a self-managed {fleet-server} on-premises to work with a hosted {ess}, you need to: * Satisfy all <> and <> -* Add <> +//* Add <> * Create a <> * <> by installing an {agent} and enrolling it in an agent policy containing the {fleet-server} integration @@ -74,21 +74,21 @@ You may need to allow access to these ports. See the following table for default NOTE: If you do not specify the port for {es} as 443, the {agent} defaults to 9200. -[discrete] -[[fleet-server-add-hosts]] -= Add {fleet-server} hosts +//[discrete] +//[[fleet-server-add-hosts]] +//= Add {fleet-server} hosts -include::add-fleet-server-on-prem.asciidoc[tag=fleet-server-host-prereq] +//include::add-fleet-server-on-prem.asciidoc[tag=fleet-server-host-prereq] -include::add-fleet-server-on-prem.asciidoc[tag=add-fleet-server-host] +//include::add-fleet-server-on-prem.asciidoc[tag=add-fleet-server-host] -. Save and apply the settings. +//. Save and apply the settings. [discrete] [[fleet-server-create-policy]] = Create a {fleet-server} policy -Next, you'll create a {fleet-server} policy. The {fleet-server} policy manages +First, create a {fleet-server} policy. The {fleet-server} policy manages and configures the {agent} running on the {fleet-server} host to launch a {fleet-server} process. @@ -120,13 +120,14 @@ and ensure a smooth operation in a bursty environment. = Add {fleet-server}s Now that the policy exists, you can add {fleet-server}s. + A {fleet-server} is an {agent} that is enrolled in a {fleet-server} policy. The policy configures the agent to operate in a special mode to serve as a {fleet-server} in your deployment. To add a {fleet-server}: +. In {kib}, go to *Management* -> *{fleet}* . Click the **Agents** tab. - . Click *Add {fleet-server}*. . This will open in-product instructions for adding a {fleet-server} using @@ -136,23 +137,34 @@ one of two options. Choose *Advanced*. image::images/add-fleet-server-advanced.png[In-product instructions for adding a {fleet-server} in advanced mode] . Follow the in-product instructions to add a {fleet-server}. -.. Choose the policy name for this deployment. +.. Select the agent policy that you created for this deployment. .. Choose **Production** as your deployment mode. + Production mode is the fully secured mode where TLS certificates ensure a secure communication between {fleet-server} and {es}. -.. Select the {fleet-server} host that was identified earlier. Click **Add host**. +.. Open the *{fleet-server} Hosts* dropdown and select *Add new {fleet-server} Hosts*. +Specify one or more host URLs your {agent}s will use to connect to {fleet-server}. +For example, `https://192.0.2.1:8220`, where `192.0.2.1` is the host IP where you will install {fleet-server}. .. A **Service Token** is required so the {fleet-server} can write data to the connected {es} instance. Click **Generate service token** and copy the generated token. .. Copy the installation instructions provided in {kib}, which include some of the known deployment parameters. .. Replace the value of the `--certificate-authorities` parameter with your <>. +. If installation is successful, a confirmation indicates that {fleet-server} +is set up and connected. -After {fleet-server} is installed and enrolled in {fleet}, -the newly created {fleet-server} policy is applied. -You can see this on the {fleet-server} policy page. +After {fleet-server} is installed and enrolled in {fleet}, the newly created +{fleet-server} policy is applied. You can see this on the {fleet-server} policy page. The {fleet-server} agent will also show up on the main {fleet} page as another agent whose life-cycle can be managed (like other agents in the deployment). +You can update your {fleet-server} configuration in {kib} at any time +by going to: *Management* -> *{fleet}* -> *Settings*. From there you can: + +** Update the {fleet-server} host URL. +** Configure additional outputs where agents will send data. +** Specify the location from where agents will download binaries. +** Specify proxy URLs to use for {fleet-server} or {agent} outputs. + [discrete] [[fleet-server-install-agents]] = Next steps diff --git a/docs/en/ingest-management/fleet/add-fleet-server-on-prem.asciidoc b/docs/en/ingest-management/fleet/add-fleet-server-on-prem.asciidoc index 16184bb92..114abaf2d 100644 --- a/docs/en/ingest-management/fleet/add-fleet-server-on-prem.asciidoc +++ b/docs/en/ingest-management/fleet/add-fleet-server-on-prem.asciidoc @@ -10,9 +10,8 @@ image::images/fleet-server-on-prem-deployment.png[{fleet-server} on-premises dep To deploy a self-managed {fleet-server}, you need to: -* Satisfy all <> and <> -* Add hosts including <> -* <> by installing an {agent} and enrolling it in an agent policy containing the {fleet-server} integration +* Satisfy all <> and <>. +* <> by installing an {agent} and enrolling it in an agent policy containing the {fleet-server} integration. NOTE: You can install only a single {agent} per host, which means you cannot run {fleet-server} and another {agent} on the same host unless you deploy a @@ -72,7 +71,7 @@ NOTE: This is not required when testing and iterating using the *Quick start* op == Default port assignments When {es} or {fleet-server} are deployed, components communicate over well-defined, pre-allocated ports. -You may need to allow access to these ports. See the following table for default port assignments: +You may need to allow access to these ports. Refer to the following table for default port assignments: |=== | Component communication | Default port @@ -85,9 +84,11 @@ You may need to allow access to these ports. See the following table for default | {fleet-server} → {es} | 9200 |=== -[discrete] -[[add-fleet-server-on-prem-hosts]] -= Add {fleet-server} hosts +//[discrete] +//[[add-fleet-server-on-prem-hosts]] +//= Add {fleet-server} hosts + +////// // tag::fleet-server-host-prereq[] Start by adding one or more {fleet-server} hosts. @@ -133,6 +134,8 @@ NOTE: Skip this step if you've started the {stack} with security enabled . Save and apply the settings. +////// + [discrete] [[add-fleet-server-on-prem-add-server]] = Add {fleet-server} @@ -142,9 +145,10 @@ The policy configures the agent to operate in a special mode to serve as a {flee To add a {fleet-server}: -. Click the **Agents** tab. +. In {kib}, go to *Management* -> *{fleet}* +. Click the **Agents** tab if it isn't already selected. . Click *Add {fleet-server}*. -. This will open in-product instructions to add a {fleet-server} using +. This opens in-product instructions to add a {fleet-server} using one of two options: *Quick Start* or *Advanced*. * Use *Quick Start* if you want {fleet} to generate a {fleet-server} policy and enrollment token for you. The {fleet-server} policy @@ -179,25 +183,44 @@ generate the certificate specified by `--fleet-server-cert`. [role="screenshot"] image::images/add-fleet-server-advanced.png[In-product instructions for adding a {fleet-server} in advanced mode] -. Then, use the in-product instructions to install the {agent}. +. Step through the in-product instructions to configure and install {fleet-server}. + [NOTE] ==== -The `install` command installs the {agent} as a managed service and enrolls it -in a {fleet-server} policy. For more {fleet-server} commands, see -{fleet-guide}/elastic-agent-cmd-options.html[{agent} command reference]. +* The fields to configure {fleet-server} hosts are not available if the hosts +are already configured outside of {fleet}. For more information, refer to +{kibana-ref}/fleet-settings-kb.html[{fleet} settings in {kib}]. +* When using the *Advanced* option, it's recommended to generate a unique service +token for each {fleet-server}. For other ways to generate service tokens, refer to +{ref}/service-tokens-command.html[`elasticsearch-service-tokens`]. +* If you've configured a non-default port for {fleet-server} in the +{fleet-server} integration, you need to include the `--fleet-server-host` and +`--fleet-server-port` options in the `elastic-agent install` command. Refer to the +{fleet-guide}/elastic-agent-cmd-options.html#elastic-agent-install-command[install command documentation] +for details. ==== ++ +At the *Install Fleet Server to a centralized host* step, +the `elastic-agent install` command installs an {agent} as a managed service +and enrolls it in a {fleet-server} policy. For more {fleet-server} commands, refer +to the {fleet-guide}/elastic-agent-cmd-options.html[{agent} command reference]. ++ +. If installation is successful, a confirmation indicates that {fleet-server} +is set up and connected. -. If installation is successful, you'll see confirmation that {fleet-server} -connected. Click **Continue enrolling {agent}** to begin enrolling your -agents in {fleet-server}. +After {fleet-server} is installed and enrolled in {fleet}, the newly created +{fleet-server} policy is applied. You can see this on the {fleet-server} policy page. -[NOTE] -==== -It's recommended you generate a unique service token for each -{fleet-server}. For other ways to generate service tokens, see -{ref}/service-tokens-command.html[`elasticsearch-service-tokens`]. -==== +The {fleet-server} agent also shows up on the main {fleet} page as another agent +whose life-cycle can be managed (like other agents in the deployment). + +You can update your {fleet-server} configuration in {kib} at any time +by going to: *Management* -> *{fleet}* -> *Settings*. From there you can: + +** Update the {fleet-server} host URL. +** Configure additional outputs where agents should send data. +** Specify the location from where agents should download binaries. +** Specify proxy URLs to use for {fleet-server} or {agent} outputs. [discrete] [[add-fleet-server-on-prem-troubleshoot]] diff --git a/docs/en/ingest-management/fleet/images/add-fleet-server-advanced.png b/docs/en/ingest-management/fleet/images/add-fleet-server-advanced.png index 8dfc5c39f..d43b3dc3b 100644 Binary files a/docs/en/ingest-management/fleet/images/add-fleet-server-advanced.png and b/docs/en/ingest-management/fleet/images/add-fleet-server-advanced.png differ diff --git a/docs/en/ingest-management/fleet/images/add-fleet-server.png b/docs/en/ingest-management/fleet/images/add-fleet-server.png index 226582aca..6158bf5b5 100644 Binary files a/docs/en/ingest-management/fleet/images/add-fleet-server.png and b/docs/en/ingest-management/fleet/images/add-fleet-server.png differ diff --git a/docs/en/ingest-management/images/kibana-agent-flyout.png b/docs/en/ingest-management/images/kibana-agent-flyout.png index e2e4e7cfd..ab0a72b77 100644 Binary files a/docs/en/ingest-management/images/kibana-agent-flyout.png and b/docs/en/ingest-management/images/kibana-agent-flyout.png differ