New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Fleet] Configure Fleet packages and integrations through config file #88956
Comments
Pinging @elastic/ingest-management (Team:Ingest Management) |
Pinging @elastic/fleet (Feature:Fleet) |
cc\ @pzl - could help in the future with our Endpoint Package upgrade process |
@ruflin Can you clarify the use case:
Today we ship Kibana with a set of integrations that need to be installed by default during setup, do you expect that theses new settings to replace that behavior or complement that behavior? For Permission Challenge, we have been pushing this forward a long time, we need to prioritize and formalize where we want to go. |
@ph Complement. There might be packages which we need to hardcode as disabling could break the setup. |
For reference, here is a Kibana issue that discusses about dynamic config reloading: #52756 |
Discussed over zoom:
|
How should this config file relate to the default policies? I can think of a few options:
|
policies:
- name: nginx-policy
id: 1234
I'm also noticing there's no value for |
For the default config, good question. I would go with the option, that the default policy has a unique id / name (3). If it should be overwritten, this specific id must be overwritten. This leaves us with the issue, what if someone does not want to have it all? For the Don't take the yaml example I put in as "the way it should be", this was more to show the concept. |
Isn't a policy name required to be unique? Then we could use the policy
@ruflin could you elaborate what you mean by this? |
integrations:
- integration: nginx:1.7.2/logs Do we want the semver to be required here, or optional? e.g. if no semver is specified, should it just install the latest available version? |
Need some guidance on how to add a package in the form of |
Update: I'm realizing that |
So far I have preconfigured packages working, and preconfigured policies using the default settings of the specified integrations. Where I'm stuck is on being able to preconfigure anything beyond the default integration settings. - integration: nginx:1.7.2/logs
name: nginx-logs
paths: /foo/bar/nginx.log*
- integration: nginx:1.7.2/metrics
name: nginx-metrics
hosts: 127.0.0.1 This is a very simple representation of what seems to be represented in code as: "inputs": [
{
"type": "logfile",
"enabled": true,
"streams": [
{
"enabled": true,
"data_stream": {
"type": "logs",
"dataset": "nginx.access"
},
"vars": {
"paths": {
"value": [
"/var/log/nginx/access.log*"
],
"type": "text"
}
},
"id": "logfile-nginx.access-fca53a35-e013-490c-b3f5-03e6c68ec4be"
},
{
"enabled": true,
"data_stream": {
"type": "logs",
"dataset": "nginx.error"
},
"vars": {
"paths": {
"value": [
"/var/log/nginx/error.log*"
],
"type": "text"
}
},
"id": "logfile-nginx.error-fca53a35-e013-490c-b3f5-03e6c68ec4be"
}
]
},
{
"type": "nginx/metrics",
"enabled": true,
"vars": {
"hosts": {
"value": [
"http://127.0.0.1:80"
],
"type": "text"
}
},
"streams": [
{
"enabled": true,
"data_stream": {
"type": "metrics",
"dataset": "nginx.stubstatus"
},
"vars": {
"period": {
"value": "10s",
"type": "text"
},
"server_status_path": {
"value": "/nginx_status",
"type": "text"
}
},
"id": "nginx/metrics-nginx.stubstatus-fca53a35-e013-490c-b3f5-03e6c68ec4be"
}
]
}
] There's a lot of specificity to translate, here. Is there a predictable way for us to know which key/value pairs to translate into a It's possible this task will be complex enough to warrant a second PR. |
@simitt For #88956 (comment), my perspective is that a @Zacqary You will need to specify vars for each input / stream in the schema. Lets try to find some time to sync up an talk through it. I think overall you are on the right track. @jen-huang Would be great if you could also chime in here. For the versions of the packages, I would stick to require a version for now and not support latest. We can still add these features later. |
I think we could use ids for integrations it will make things a lot easier, there is no technical limitation to not do it. |
What does the |
I do not think we should enable the |
A question was raised on the draft PR about what should happen if the user:
Should Kibana delete that policy? (If no agents are assigned) Speaking of which, if the user removes something from |
My suggestion for now to keep things simple is, that removal is not supported. We can add this later. |
After a conversation with @Zacqary I realised for the policy part we might need to take a step back and also think a bit on where policy configs might be in the future. Elastic Agent policyThere are ongoing discussions around the Elastic Agent policy format, especially the part inside inputs. One of the main discussions is: Do we need the In the following an example that in theory, all 3 should be indentical. 1 and 2 work today, 3 doesn't but this could be changed:
Kibana policy generationI showed all the above to explain why the stream nesting is there but in the end it is a nesting that might not be required or partially can be ignored in the discussion. On the Kibana side, we need a format that supports the following things:
Here an potential example which might work:
The important part in here is that there must be some way to tell Kibana which data_stream_path it should use for filling in each input and use defaults for it. I don't know if Kibana today has an validation against packages if a policy is submitted. But if for example the above would contain any data stream path twice, non existing variables or anything similar, it should be rejected. Note: The above is not mean as the final format, it is just meant to provide an example. |
@Zacqary @ruflin Leaving the gist here instead since it's more related to the above ^ comment. We discussed making the shape of the YAML more similar to what Kibana stores internally in its agent policy SOs and package policy SOs, here is a gist with that structure and notes around what Kibana should do for various fields: https://gist.github.com/jen-huang/c39232dfa59d7f97327f5af7909dc5f4 |
@jen-huang Should the YAML field be |
@Zacqary Good point, let's go with |
It's very verbose :D You could say it like this to tighten up the wording, but we can ping our wonderful tech writers during PR review for real wordsmithing: If you don't have it already, I would add a similar message to logging via Another thing is that it is strange that running into error with setting up preconfigured policies blocks the entire Fleet UI, but this is a larger issue with the |
Nit on the naming: In the Agent Policy itself we currently don't use any camelCase but always On the |
For the config naming, most kibana.yml settings are camelcase, including most existing ones for Fleet. I thought it a little strange to have one non-camelcase one for this, but agree that everything else in the policy itself is snakecase ( I may have misunderstood on our call but I thought this initialization was being run as part of |
Running into a problem: vars:
system.hostfs:
type: text
value: home/test YAML interprets this as: {
"vars": {
"system": {
"hostfs": {
"value": "home/test"
}
}
} Wrapping it in quotes like |
Hmm, is that the JSON output after running it through |
Could be. It's how |
Looks like https://github.com/elastic/kibana/blob/master/packages/kbn-config/src/raw/ensure_deep_object.ts is the culprit. Not sure how to disable this for a particular YAML blob, but I'm checking with the core team |
Okay so it turns out I know the API is the first priority, but I assume we want to preserve compatibility with |
👍🏻 Should be pretty easy to change the vars to an array of var objects that include a |
@jen-huang What do you think of vars:
- key: system.hostfs
value: home/test |
I don't feel strongly one way or another, so that works for me. |
For key vs name: Even though I kind of agree that key might be better, we also have to keep in mind there are some existing values already for this: https://github.com/elastic/package-storage/blob/production/packages/apache/0.3.4/manifest.yml#L38 So not sure if we should introduce new "meanings" if they are better. As we don't use the |
I'd say it's still an issue, we shouldn't have one schema for JSON and a different schema for YAML, if we can help it. |
So as of today, my draft PR actually has this working through BOTH an API and plugin setup through |
I would prefer to remove |
Today to install packages and setup integrations, either the UI has to be used or Kibana API calls. In some cases it would be more convenient to specify the state through configuration files, for example in k8s. This issue is to discuss / brainstorm on how this could be achieved and is not meant as a proposal for the implementation.
Basic idea
There are 2 parts which normally happen through API calls to Fleet:
Instead of doing this through an API call, a
yml
file could be used to configure the state this should be in. This config file should be dynamic reloadable so that in case a new package is needed, no restart of Kibana is required but it can be reloaded.Config
The config could be either inside the
kibana.yml
file or a separate config file. The important part is that it would be possible to reload the content and act on it. As package installation and integration configuration is different, also different configs would be needed.Package setup config
The config to setup a package would have to indicate the package name and which version. It could look like the following:
This would install the nginx and apache package. It could likely also be used to upgrade a package to a certain version. So if nginx:1.7.1 is installed, it would be upgraded to 1.7.2
Policies and integrations config
The second part would define the policies with the integrations inside and variables. As each integration must define which package it belongs to, the package installation could be skipped if integrations are configured.
For the policies that are created through a config file, it should be defined if these can also be modified manually or not.
NOTE: This is only an indication for discussion of the config file and not the final format.
Permission challenge
One challenge around package installation is that
kibana_system
lacks the permissions to install Elasticsearch Index Templates and other assets. A user with more permissions (currently superuser) is required. Two ideas on how to solve this problem:/fleet/refresh
that can be called to trigger a reload of the config file and setup the packages / integrationsThe text was updated successfully, but these errors were encountered: