Cannot Install Fleet Server

Elastic Security Endpoint Security
1

Hello there,

Server info:
1 - I´m running ubuntu server 18.04
2 - Elk stack running on 7.13 version

I´m trying to add a fleet server on a self managed host but no luck. Following the kibana instructions this is what I´m getting so far:

1 - From kibana screen, I´m trying to add the fleet server
2 - Downloaded the elastic agent to the same elk server (DEB x64 version)
3 - Generated the token
4 - Followed the instructions for the commands to be used

Then, I receive a lot of X509 errors. So my question is, I´m doing something wrong?

root@elk:/opt/Elastic# ll
total 170876
drwxr-xr-x 2 root root      4096 Jun  2 13:49 ./
drwxr-xr-x 4 root root      4096 Jun  2 13:49 ../
-rw-r--r-- 1 root root 174967550 May 25 10:29 elastic-agent-7.13.0-amd64.deb
root@elk:/opt/Elastic# dpkg -i elastic-agent-7.13.0-amd64.deb
Selecting previously unselected package elastic-agent.
(Reading database ... 131027 files and directories currently installed.)
Preparing to unpack elastic-agent-7.13.0-amd64.deb ...
Unpacking elastic-agent (7.13.0) ...
Setting up elastic-agent (7.13.0) ...
Processing triggers for systemd (237-3ubuntu10.47) ...
Processing triggers for ureadahead (0.100.0-21) ...
root@elk:/opt/Elastic#

root@elk:/# elastic-agent version
Binary: 7.13.0 (build: 054e224d226b42a1dd7c72dcf48c3f18de452e22 at 2021-05-20 00:57:04 +0000 UTC)
Daemon: 7.13.0 (build: 054e224d226b42a1dd7c72dcf48c3f18de452e22 at 2021-05-20 00:57:04 +0000 UTC)

root@elk:/# sudo elastic-agent enroll -i -f --fleet-server-es=https://XX.XX.X.XX:9200 --fleet-server-service-token=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
The Elastic Agent is currently in BETA and should not be used in production

2021-06-02T14:05:57.512Z        INFO    cmd/enroll_cmd.go:300   Generating self-signed certificate for Fleet Server
2021-06-02T14:05:59.181Z        INFO    cmd/enroll_cmd.go:610   Waiting for Elastic Agent to start Fleet Server
2021-06-02T14:06:01.187Z        INFO    cmd/enroll_cmd.go:643   Fleet Server - Starting
2021-06-02T14:06:02.190Z        INFO    cmd/enroll_cmd.go:643   Fleet Server - Error - x509: certificate signed by unknown authority
2021-06-02T14:06:08.202Z        INFO    cmd/enroll_cmd.go:648   Fleet Server - Error - x509: certificate signed by unknown authority

Can anyone help?

Thanks!

2

Hi Francesco

From what I see you are hosting Elasticsearch with a custom CA, in this scenario you probably will have to add the argument
--fleet-server-es-ca=<Path to certificate authority to use to communicate with Elasticsearch.>

1 Like
3

Hi there,
First I would like to thank you!!! You are the best!!!

Following your instructions, I could enroll without any issues the fleet server using the command bellow:

sudo elastic-agent enroll -f --fleet-server-es=https://XX.XX.X.XX:9200 --fleet-server-es-ca=cert.crt --fleet-server-service-token=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

And the expected results:

The Elastic Agent is currently in BETA and should not be used in production

2021-06-02T17:10:41.724Z        INFO    cmd/enroll_cmd.go:300   Generating self-signed certificate for Fleet Server
2021-06-02T17:10:44.020Z        INFO    cmd/enroll_cmd.go:643   Fleet Server - Stopped
2021-06-02T17:10:50.037Z        INFO    cmd/enroll_cmd.go:648   Fleet Server - Stopped
2021-06-02T17:10:56.055Z        INFO    cmd/enroll_cmd.go:648   Fleet Server - Stopped
2021-06-02T17:11:02.065Z        INFO    cmd/enroll_cmd.go:648   Fleet Server - Stopped
2021-06-02T17:11:08.080Z        INFO    cmd/enroll_cmd.go:648   Fleet Server - Stopped
2021-06-02T17:11:13.088Z        INFO    cmd/enroll_cmd.go:593   Waiting for Elastic Agent to start
2021-06-02T17:11:15.092Z        INFO    cmd/enroll_cmd.go:643   Fleet Server - Starting
2021-06-02T17:11:17.095Z        INFO    cmd/enroll_cmd.go:624   Fleet Server - Running on default policy with Fleet Server integration; missing config fleet.agent.id (expected during bootstrap process)
2021-06-02T17:11:19.657Z        INFO    cmd/enroll_cmd.go:203   Successfully triggered restart on running Elastic Agent.
Successfully enrolled the Elastic Agent.

Best regards,

Franthesco Ferrari

1 Like
4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.