Cannot Enroll Elastic Agent to Fleet hosted on Elastic Cloud Enterprise

Hi All,

I am trying to test Elastic Agent on my PC Windows laptop but when I run command to enroll it to Fleet I got below message error.

.\elastic-agent enroll https://ef13ea6b551540938cccfb4c482b50a0.10.30.30.204.ip.es.io:9243 MzdKVFJIUUJxT0k1UURMbzh1NGQ6NzJJRjBPYzVRaU9mMFNwcjVxVWNZdw==

fail to enroll: fail to execute request to Kibana: Post "https://ef13ea6b551540938cccfb4c482b50a0.10.30.30.204.ip.es.io:9243/api/ingest_manager/fleet/agents/enroll?": x509: certificate signed by unknown authority

For info my Elasticsearch and Kibana are deployed in ECE.

Thanks for your support.

Hamid

Hi, it looks like you have the same issue as others with the self signed certificates. Have a look at this thread here: [Ingest management] Use insecure elasticsearch output managed in fleet mode for elastic agent

Hi Ruflin,

Thanks for your reply but in the thread you mentioned I cannot find any solution to my issue. I even tried the Standalone mode but not data shown in Datasets tab of Ingest Manager.
Any detailed procedure please to follow to make it working ?

Thanks for your support.
Hamid

Could you share by chance the config you used in standalone mode? Under data you can find error logs for metricbeat / filebeat, could you share these as they might contain more information on what didn't work.

Hi Ruflin,

Thanks again for your support.

The configuration I used is the one given by Ingest Manager and you can find it below.

For the logs please find them attached to this message.

elastic-agent.yml:

id: 5fd56a50-eb7e-11ea-87cd-11a6a05e64d9
revision: 1
outputs:
default:
type: elasticsearch
hosts:

  • '' username: elastic password: 05b7jz5qldMlRX5tUAQnV8ff agent: monitoring: enabled: true use_output: default logs: true metrics: true inputs: - id: 6bce72c0-eb7e-11ea-87cd-11a6a05e64d9 name: system-1 type: logfile use_output: default meta: package: name: system version: 0.5.3 data_stream: namespace: default streams: - id: logfile-system.auth data_stream: dataset: system.auth type: logs paths: - /var/log/auth.log* - /var/log/secure* exclude_files: - .gz$ multiline: pattern: ^\s match: after processors: - add_locale: null - add_fields: target: '' fields: ecs.version: 1.5.0 - id: logfile-system.syslog data_stream: dataset: system.syslog type: logs paths: - /var/log/messages* - /var/log/syslog* exclude_files: - .gz$ multiline: pattern: ^\s match: after processors: - add_locale: null - add_fields: target: '' fields: ecs.version: 1.5.0 - id: 6bce72c0-eb7e-11ea-87cd-11a6a05e64d9 name: system-1 type: system/metrics use_output: default meta: package: name: system version: 0.5.3 data_stream: namespace: default streams: - id: system/metrics-system.cpu data_stream: dataset: system.cpu type: metrics metricsets: - cpu cpu.metrics: - percentages - normalized_percentages period: 10s - id: system/metrics-system.diskio data_stream: dataset: system.diskio type: metrics metricsets: - diskio diskio.include_devices: null period: 10s - id: system/metrics-system.load data_stream: dataset: system.load type: metrics metricsets: - load period: 10s - id: system/metrics-system.memory data_stream: dataset: system.memory type: metrics metricsets: - memory period: 10s - id: system/metrics-system.network data_stream: dataset: system.network type: metrics metricsets: - network period: 10s network.interfaces: null - id: system/metrics-system.process data_stream: dataset: system.process type: metrics metricsets: - process period: 10s process.include_top_n.by_cpu: 5 process.include_top_n.by_memory: 5 process.cmdline.cache.enabled: true process.cgroups.enabled: true processes: - .* - id: system/metrics-system.process_summary data_stream: dataset: system.process_summary type: metrics metricsets: - process_summary period: 10s - id: system/metrics-system.socket_summary data_stream: dataset: system.socket_summary type: metrics metricsets: - socket_summary period: 10s - id: system/metrics-system.uptime data_stream: dataset: system.uptime type: metrics metricsets: - uptime period: 10s

Thanks & Regards,

Hamid

(Attachment logs.tar.gz is missing)

Please find attached metricbeat / filebeat logs.

Thanks

(Attachment filebeat-json.log-2020-09-02-12-1 is missing)

(Attachment metricbeat-json.log-2020-09-02-12-2 is missing)

Apparently I cannot upload the logs files to the thread. Is there another way to share the logs?

Thanks.

Could you try to use ticks (`) around the pasted yaml so it is formatted correctly? I couldn't see a host specified in there. Under what hostname is Elasticsearch running.

For the logs, you could try a gist.

id: 5fd56a50-eb7e-11ea-87cd-11a6a05e64d9
revision: 1
outputs:
  default:
    type: elasticsearch
    hosts:
      - 'https://45cd934da9d443b187c79007c5bcb586.10.30.30.204.ip.es.io:9243'
    username: elastic
    password: 05b7jz5qldMlRX5tUAQnV8ff
agent:
  monitoring:
    enabled: true
    use_output: default
    logs: true
    metrics: true
inputs:
  - id: 6bce72c0-eb7e-11ea-87cd-11a6a05e64d9
    name: system-1
    type: logfile
    use_output: default
    meta:
      package:
        name: system
        version: 0.5.3
    data_stream:
      namespace: default
    streams:
      - id: logfile-system.auth
        data_stream:
          dataset: system.auth
          type: logs
        paths:
          - /var/log/auth.log*
          - /var/log/secure*
        exclude_files:
          - .gz$
        multiline:
          pattern: ^\s
          match: after
        processors:
          - add_locale: null
          - add_fields:
              target: ''
              fields:
                ecs.version: 1.5.0
      - id: logfile-system.syslog
        data_stream:
          dataset: system.syslog
          type: logs
        paths:
          - /var/log/messages*
          - /var/log/syslog*
        exclude_files:
          - .gz$
        multiline:
          pattern: ^\s
          match: after
        processors:
          - add_locale: null
          - add_fields:
              target: ''
              fields:
                ecs.version: 1.5.0
  - id: 6bce72c0-eb7e-11ea-87cd-11a6a05e64d9
    name: system-1
    type: system/metrics
    use_output: default
    meta:
      package:
        name: system
        version: 0.5.3
    data_stream:
      namespace: default
    streams:
      - id: system/metrics-system.cpu
        data_stream:
          dataset: system.cpu
          type: metrics
        metricsets:
          - cpu
        cpu.metrics:
          - percentages
          - normalized_percentages
        period: 10s
      - id: system/metrics-system.diskio
        data_stream:
          dataset: system.diskio
          type: metrics
        metricsets:
          - diskio
        diskio.include_devices: null
        period: 10s
      - id: system/metrics-system.load
        data_stream:
          dataset: system.load
          type: metrics
        metricsets:
          - load
        period: 10s
      - id: system/metrics-system.memory
        data_stream:
          dataset: system.memory
          type: metrics
        metricsets:
          - memory
        period: 10s
      - id: system/metrics-system.network
        data_stream:
          dataset: system.network
          type: metrics
        metricsets:
          - network
        period: 10s
        network.interfaces: null
      - id: system/metrics-system.process
        data_stream:
          dataset: system.process
          type: metrics
        metricsets:
          - process
        period: 10s
        process.include_top_n.by_cpu: 5
        process.include_top_n.by_memory: 5
        process.cmdline.cache.enabled: true
        process.cgroups.enabled: true
        processes:
          - .*
      - id: system/metrics-system.process_summary
        data_stream:
          dataset: system.process_summary
          type: metrics
        metricsets:
          - process_summary
        period: 10s
      - id: system/metrics-system.socket_summary
        data_stream:
          dataset: system.socket_summary
          type: metrics
        metricsets:
          - socket_summary
        period: 10s
      - id: system/metrics-system.uptime
        data_stream:
          dataset: system.uptime
          type: metrics
        metricsets:
          - uptime
        period: 10s

For the logs please find them in below gist:

Thanks for your support.

Thanks for all the details. I found the following entry in your log files:

{"log.level":"debug","@timestamp":"2020-09-02T12:57:27.817+0300","log.logger":"esclientleg","log.origin":{"file.name":"eslegclient/connection.go","file.line":294},"message":"Ping request failed with: Get \"https://45cd934da9d443b187c79007c5bcb586.10.30.30.204.ip.es.io:9243\": x509: certificate signed by unknown authority","ecs.version":"1.5.0"}

Where are you running your ES cluster? It seems like a certificate issue.

Hi Ruflin,

Thanks for your support.

My ES is running in ECE deployed on remote linux machines and the Agent is running on my laptop.

Thanks.

Hamid

I think we have a certificate issue here. Unfortunately its an issue quite a few users are hitting at the moment and we are working on fixing it. For an intermediate solution, have a look at these threads here: https://discuss.elastic.co/search?q=certificate%20tag%3Astack-ingest-management

Hi Ruflin,

Thank you for your support, by waiting your fix I will have a look at the threads you shared and see if it can help to fix my issue.

Thanks,
Hamid

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.