Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cherry-pick #23865 to 7.x: [Elastic Agent] Enroll with Fleet Server #24064

Merged
merged 1 commit into from
Feb 16, 2021
Merged

Cherry-pick #23865 to 7.x: [Elastic Agent] Enroll with Fleet Server #24064

merged 1 commit into from
Feb 16, 2021

Conversation

blakerouse
Copy link
Contributor

@blakerouse blakerouse commented Feb 16, 2021
edited by zube bot
Loading

Cherry-pick of PR #23865 to 7.x branch. Original message:

What does this PR do?

This adds the ability to enroll the Elastic Agent with Fleet Server executed locally on the same machine. To get this work a few things needed to be added to Elastic Agent.

  • Wire in the status.Controller to the socket control protocol.
  • Add new bootstrap operating mode that just runs a Fleet Server.
  • Add a new bootstrap of Fleet Server before the start of the Fleet Gateway (in managed mode w/ Fleet Server)

Note: This has a breaking change in the parameters to enroll. kibana_url and enrollment_token move to being parameters instead of positional arguments. This makes install and enroll take the same parameters, and closes #21897.

Why is it important?

So that Fleet Server can be bootstrapped on a machine with Fleet Server also running on that same machine.

How does it work?

The enroll command handles the coordination of controlling the running Elastic Agent daemon. The install command proxies to the enroll command so this can be ran from the install or from the DEB/RPM.

Breakdown of the steps that are completed to handle the bootstrap:

  1. Enroll must be executed with --fleet-server parameter. This parameter is a connection string for Fleet Server to communicate to elasticsearch. (Example: --fleet-server http://elastic:changeme@localhost:9200)
  2. Enroll ensures that it can communicate with a running Elastic Agent. (This requires that Elastic Agent to be running).
  3. Enroll writes the fleet.yml with fleet.server configuration, with fleet.server.bootstrap: true.
  4. Enroll triggers the Elastic Agent to restart (causing re-execution)
  5. Elastic Agent is re-executed into the Fleet Server bootstrap mode.
  6. Elastic Agent starts the Fleet Server passing it the configuration.
  7. Enroll polls the status GRPC of the Elastic Agent until Fleet Server is started and is in degraded state (should be degraded, because the Elastic Agent is not enrolled yet).
  8. Enroll performs the enrollment against newly running Fleet Server.
  9. Enroll writes a new fleet.yml with enrollment information and the fleet.server information. The fleet.server.bootstrap is removed (aka. False).
  10. Enroll triggers the Elastic Agent to restart (causing re-execution)
  11. Elastic Agent is re-executed into the Fleet mode.
  12. Elastic Agent starts up the Fleet Server before starting the Fleet Gateway communication (because fleet.server is set in the fleet.yml).
  13. Elastic Agent then starts the Fleet Gateway communication
  14. Elastic Agent is now executing and being controlled through the locally running Fleet Server.

Checklist

  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • [ ] I have made corresponding changes to the documentation
  • [ ] I have made corresponding change to the default configuration files
  • I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Author's Checklist

  • Normall enrollment without Fleet Server works as expected
  • Enrollment with --fleet-server works.

How to test this PR locally

Run the latest 8.0.0-SNAPSHOT of elasticsearch and Kibana. Start Kibana with the xpack.fleet.agents.fleetServerEnabled: true.

Add the Fleet Server integration to a policy.

Look up the policy ID (as this is currently needed until a default policy for Fleet Server is added to Kibana).

Start Elastic Agent.

Run the following command to bootstrap and enroll the Elastic Agent.

./elastic-agent enroll --insecure --url http://localhost:8000 --enrollment-token {token} --fleet-server http://elastic:changeme@localhost:9200 --fleet-server-policy {policy_id}

Related issues

@blakerouse
[Elastic Agent] Enroll with Fleet Server (elastic#23865)
37d2fa6 
* Add test and changelog.

* Add ability to enroll through a local Fleet Server started by the running Elastic Agent daemon.

* Fix tests.

* Fix changelog.

* Fixes from code review.

* Cleanup from merge into master.

(cherry picked from commit ae0f29e)
@elasticmachine
Copy link
Collaborator

Pinging @elastic/ingest-management (Team:Ingest Management)

@elasticmachine
Copy link
Collaborator

Pinging @elastic/agent (Team:Agent)

@botelastic botelastic bot added needs_team Indicates that the issue/PR needs a Team:* label and removed needs_team Indicates that the issue/PR needs a Team:* label labels Feb 16, 2021
@elasticmachine
Copy link
Collaborator

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview

Expand to view the summary

Build stats

  • Build Cause: Pull request #24064 opened

  • Start Time: 2021-02-16T15:05:00.161+0000

  • Duration: 59 min 0 sec

  • Commit: 37d2fa6

Test stats 🧪

Test Results
Failed 0
Passed 6486
Skipped 24
Total 6510

Trends 🧪

Image of Build Times

Image of Tests

💚 Flaky test report

Tests succeeded.

Expand to view the summary

Test stats 🧪

Test Results
Failed 0
Passed 6486
Skipped 24
Total 6510

michalpristas
michalpristas approved these changes Feb 16, 2021
View reviewed changes
Copy link
Contributor

@michalpristas michalpristas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Backport looks good

@blakerouse blakerouse merged commit 7170ee4 into elastic:7.x Feb 16, 2021
@blakerouse blakerouse deleted the backport_23865_7.x branch February 16, 2021 18:04
@zube zube bot removed the [zube]: Done label May 18, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@michalpristas michalpristas michalpristas approved these changes

Assignees
No one assigned
Labels
backport Team:Elastic-Agent Label for the Agent team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@blakerouse @elasticmachine @michalpristas