Can't enroll an agent to create Fleet Server (no error shown in log)

Im following all the steps in the process to create a fleet server in my own cluster.
Logstash, elastic and kibana are working fine in https mode.

But im not able to install a fleet.
Im trying to enroll the agent in the same server that everything else (logstash, kibana and elastic) is working.
I've check the iptables and everything seems fine.

No error in the log, it just ends without creating the Fleet Server.
Any idea is welcomed.

USER@HOSTNAME:/etc/elasticsearch/certs# sudo elastic-agent enroll \
  --url=https://MY_PUBLIC_IP:8220 \
  --fleet-server-es=https://ELASTIC_PRIVATE_IP:9200 \
  --fleet-server-service-token=MY_TOKEN \
  --fleet-server-policy=30dbd470-7df7-11ec-aa0b-c561ab134766 \
  --certificate-authorities=/etc/elasticsearch/certs/elastic-ca.pem \
  --fleet-server-es-ca=/etc/elasticsearch/certs/elastic-ca.pem \
  --fleet-server-cert=/etc/elasticsearch/certs/fleet.server.crt \
  --fleet-server-cert-key=/etc/elasticsearch/certs/fleet.server.key

This will replace your current settings. Do you want to continue? [Y/n]:Y

2022-01-25T17:23:44.894+0100	INFO	cmd/enroll_cmd.go:571	Spawning Elastic Agent daemon as a subprocess to complete bootstrap process.
2022-01-25T17:23:45.078+0100	INFO	application/application.go:67	Detecting execution mode
2022-01-25T17:23:45.080+0100	INFO	application/application.go:88	Agent is in Fleet Server bootstrap mode
2022-01-25T17:23:45.203+0100	INFO	[api]	api/server.go:62	Starting stats endpoint
2022-01-25T17:23:45.205+0100	INFO	[api]	api/server.go:64	Metrics endpoint listening on: /var/lib/elastic-agent/data/tmp/elastic-agent.sock (configured: unix:///var/lib/elastic-agent/data/tmp/elastic-agent.sock)
2022-01-25T17:23:45.205+0100	INFO	application/fleet_server_bootstrap.go:130	Agent is starting
2022-01-25T17:23:45.207+0100	INFO	application/fleet_server_bootstrap.go:140	Agent is stopped
2022-01-25T17:23:45.217+0100	INFO	stateresolver/stateresolver.go:48	New State ID is _XFjzPDu
2022-01-25T17:23:45.217+0100	INFO	stateresolver/stateresolver.go:49	Converging state requires execution of 1 step(s)
2022-01-25T17:23:45.282+0100	INFO	operation/operator.go:284	operation 'operation-install' skipped for fleet-server.7.16.3
2022-01-25T17:23:45.612+0100	INFO	log/reporter.go:40	2022-01-25T17:23:45+01:00 - message: Application: fleet-server--7.16.3[ ]: State changed to STARTING: Starting - type: 'STATE' - sub_type: 'STARTING'
2022-01-25T17:23:45.614+0100	INFO	stateresolver/stateresolver.go:66	Updating internal state
2022-01-25T17:23:45.901+0100	INFO	cmd/enroll_cmd.go:776	Fleet Server - Starting
2022-01-25T17:23:47.225+0100	WARN	status/reporter.go:236	Elastic Agent status changed to: 'degraded'
2022-01-25T17:23:47.226+0100	INFO	log/reporter.go:40	2022-01-25T17:23:47+01:00 - message: Application: fleet-server--7.16.3[]: State changed to DEGRADED: Running on policy with Fleet Server integration: 30dbd470-7df7-11ec-aa0b-c561ab134766; missing config fleet.agent.id (expected during bootstrap process) - type: 'STATE' - sub_type: 'RUNNING'
2022-01-25T17:23:47.903+0100	INFO	cmd/enroll_cmd.go:757	Fleet Server - Running on policy with Fleet Server integration: 30dbd470-7df7-11ec-aa0b-c561ab134766; missing config fleet.agent.id (expected during bootstrap process)
2022-01-25T17:23:48.509+0100	INFO	cmd/enroll_cmd.go:454	Starting enrollment to URL: https://MY_PUBLIC_IP:8220/
2022-01-25T17:23:49.321+0100	INFO	cmd/enroll_cmd.go:258	Elastic Agent has been enrolled; start Elastic Agent
Successfully enrolled the Elastic Agent.
2022-01-25T17:23:49.321+0100	INFO	cmd/run.go:184	Shutting down Elastic Agent and sending last events...
2022-01-25T17:23:49.321+0100	INFO	operation/operator.go:216	waiting for installer of pipeline 'default' to finish
2022-01-25T17:23:49.321+0100	INFO	process/app.go:176	Signaling application to stop because of shutdown: fleet-server--7.16.3
2022-01-25T17:23:50.823+0100	INFO	status/reporter.go:236	Elastic Agent status changed to: 'online'
2022-01-25T17:23:50.824+0100	INFO	log/reporter.go:40	2022-01-25T17:23:50+01:00 - message: Application: fleet-server--7.16.3[]: State changed to STOPPED: Stopped - type: 'STATE' - sub_type: 'STOPPED'
2022-01-25T17:23:50.824+0100	INFO	cmd/run.go:192	Shutting down completed.
2022-01-25T17:23:50.824+0100	INFO	[api]	api/server.go:66	Stats endpoint (/var/lib/elastic-agent/data/tmp/elastic-agent.sock) finished: accept unix /var/lib/elastic-agent/data/tmp/elastic-agent.sock: use of closed network connection

The fact that I see a Successfully enrolled the Elastic Agent. message, makes me think i have surpassed the certificate hell successfully, but i cant see the fleet engaged in kibana.

Hi,

could you please post screenshots of Fleet UI? I'm wondering what does it report there.

The web is just waiting for the fleet server to be enrolled

Screenshot from 2022-01-26 17-20-551455×1033 254 KB

I've tried using also the public ip in both sides 9200 and 8220, same result. 1

Based on the log messages that I am seeing it doesn't seem that the install command is actually communicating with an Elastic Agent but instead starting its own Elastic Agent to perform the enrollment.

Can you provide the output of the following command:

systemctl status elastic-agent

Hi Blake, the elastic-agent was inactive (dead).
That's the reason it could be enroll.
I have turn up the elastic-agent and enroll command worked charmly.

Thanks for your time. Amazing team and product.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.