-
Notifications
You must be signed in to change notification settings - Fork 8.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Fleet] Add agent policy API to add settings not yet supported by UI #158699
Comments
Pinging @elastic/fleet (Team:Fleet) |
I think they also need to be visible at the bottom of the "settings" tab of the Agent policy. It's relevant there because these settings could override other things in the policy and create issues. I'd even argue they should be shown in a yellow callout banner w/ a link to API documentation on how to remove them.
Looking at this again I think the API should be
I think we should make this API quite flexible so it can be used to workaround any bugs in Fleet. If we restrict this too much it will lose it's value. That said, I think it may make sense to not support any keys with the |
cc @cmacknz |
Do you mean as a read only box or as a textarea to update? The latter increases the scope slightly to add yaml validation, something like we have in Fleet Server integration policy "Advanced YAML settings" |
Readonly is fine IMO |
I would even prefer we break this into two phases and do 0 UI changes in the first phase. Most important thing is to unblock fixing customer deployments. Next most important thing is helping users know when they're still using these overrides. |
Do we need a new API for that could it be an extra property on the existing agent policy API? POST /agent_policies |
We could, though perhaps the intention was to keep the overrides as an escape hatch and not include in the main API as it is not intended for normal use. |
I think with or without a new API this should be pointed in the API doc. I do not have a strong argument for a new API or reuse the policy API for that. Reusing the policy API is maybe a little simpler to implement/maintains. |
I agree with that.
Aren't we mixing things here? I would rather add a new experimental API, that could lately be removed if needed. Experimental will also avoid us officially supporting it. |
One reason we were thinking that it should be a separate API is to prevent accidental removals of any custom settings. For example, if we use the existing API we have to make sure that I do agree it would be more straightforward though to not handle this as a special case with a separate API. Another option could be to use the existing API but require that clients explicitly set an |
Actually all of the PUT API fleet API are in fact PATCH so if the user do not explicitly send a null value it will not be cleared. |
To improve supportability:
|
Custom settings will be set the same way as standard settings so i'm not sure this is something we should highlight. However we might probably want to create an audit log entry for this. We should probably pull @kilfoyle and @karenzone to discuss the docs options here. |
Yes, but those settings are not getting validated (at least from what I understood from the issue) and they can break the behavior (we will not test any possible combination of them + they will possibly override some defaults we are using). E.g. if a user adds:
What will happen?
|
If a user adds If elastic/beats#35615 is implemented as planned, then in theory they could try to configure the disk queue before it is supported properly (sharing the queue across upgrades for example), and the agent should probably refuse to configure it in that case. In general if someone puts valid YAML into the agent policy for a feature or directive that isn't supported it will be silently ignored. This is the same behavior Beats has. This probably isn't ideal but fixing this is challenging, ideally we would generate an error or warning when this happens. |
Thank you @cmacknz I agree - I am aware the queue settings are ignored at the moment. But if we implement this feature - we are opening the door to users possibly expecting any setting which is injected via the YAML section will work. We already had situations where:
That's why I would like to make it clear in the diagnostics and Elastic Agent policy the custom settings added by the user are visible as it might be crucial to spot if the user injected some "unsupported" setting in the freeform YAML. |
Regarding the docs:
As far as I know the only API docs we have currently are these generated API docs which will include the newly added API descriptions, but when the settings UI is updated we can certainly also add some warning text to the corresponding Fleet UI settings page. |
Would it be possible to get the full list of what possible configuration can be applied here? My initial gut feel is that this is only a tool for Support/Engineering to resolve customer issues and not something that we want to publicize too much in our documentation. I would like to avoid unintended consequences of users applying a config to the policy. |
One use case to use this API is to configure the agent download timeout: elastic/elastic-agent#4580 To set download timeout:
![]()
|
To increase supportability, Fleet should support a way to add custom settings to agent policies.
This will enable unblocking clients when a policy change is required to fix agents managed by Fleet.
Today this is not easy because Fleet UI/API only enables updating certain fields in agent policy.
Use cases:
Global parameters on the agent policy (monitoring, timeout settings)
Tasks:
View policy
UI as yamlOpen question:
cc @joshdover
The text was updated successfully, but these errors were encountered: