Hi all!
Unfortunately, I didn't find suitable topics!
I have these configs:
-
Fleet settings
-
Tried to enroll and install elastic agent two ways:
sudo ./elastic-agent install -f --url=https://10.2.5.2:8220 --fleet-server-es=https://ELK_SRV:9200 --fleet-server-es-ca=/root/ca/elastic.pem --fleet-server-service-token=XXXXXXXXXXXXXXXXXX
sudo ./elastic-agent enroll -f --fleet-server-es=https://ELK_SRV:9200 --fleet-server-es-ca=/root/ca/elastic.pem --fleet-server-service-token=XXXXXXXXXXXXXXXXXX
Anyway, I got this message:
Error: fail to enroll: fail to execute request to fleet-server: fail to decode enrollment response: context canceled
And it is infinitely updating of Elastic Agents with Fleet Server policies.
Also, I tried to use the default way:
sudo ./elastic-agent install --url=https://10.2.5.2:8220 \
-f \
--fleet-server-es=https://ELK_SRV:9200 \
--fleet-server-service-token=XXXXXXXXXXXXXXXXXX \
--fleet-server-policy=XXXXXXXXXXXXXXXXXX \
--certificate-authorities=/root/ca/elastic.pem \
--fleet-server-es-ca=/root/ca/elastic.pem \
--fleet-server-cert=/root/ca/server.crt \
--fleet-server-cert-key=/root/ca/server.key
But got
Error: fail to enroll: fail to execute request to fleet-server: x509: certificate signed by unknown authority
The full error is below:
2021-10-14T14:17:16.533Z INFO cmd/enroll_cmd.go:701 Fleet Server - Starting
2021-10-14T14:17:22.548Z INFO cmd/enroll_cmd.go:706 Fleet Server - Starting
2021-10-14T14:17:28.557Z INFO cmd/enroll_cmd.go:706 Fleet Server - Starting
2021-10-14T14:17:34.567Z INFO cmd/enroll_cmd.go:706 Fleet Server - Starting
2021-10-14T14:17:40.576Z INFO cmd/enroll_cmd.go:706 Fleet Server - Starting
2021-10-14T14:17:46.589Z INFO cmd/enroll_cmd.go:706 Fleet Server - Starting
2021-10-14T14:17:49.595Z INFO cmd/enroll_cmd.go:682 Fleet Server - Running on policy with Fleet Server integration: 856f4eb0-122f-11ec-8308-176e4cb272f3; missing config fleet.agent.id (expected during bootstrap process)
2021-10-14T14:17:49.601Z INFO cmd/enroll_cmd.go:414 Starting enrollment to URL: https://10.2.5.2:8220/
Error: fail to enroll: fail to execute request to fleet-server: x509: certificate signed by unknown authority
Error: enroll command failed with exit code: 1
The server.crt and server.key were issued by the OpenSSL tool on the host where I'm trying to install the Fleet Server.
Thank you for any help!