Hi All,
Hope you can help wit the following.
I installed Elasticsearch and Kibana version 8.4. both are up and running.
I'm trying to install Fleet to manage the elastic-agents, how ever i hit a road block.
the elastic-agent shows as healthy in the Fleet dashboard, how ever no logs are coming in.
During my analysis i checked the log files:
/opt/Elastic/Agent/data/elastic-agent-d3eb3e/logs/default/metricbeat-20221003-2.ndjson
and
/opt/Elastic/Agent/data/elastic-agent-d3eb3e/logs/default/filebeat-20221003-2.ndjson
i find:
Error dialing x509: certificate signed by unknown authority
during the setup of Fleet i created the certificates to use. the es-ca certificate was auto-generated.
when i check the es-ca end point via:
curl --cacert /etc/pki/elasticsearch/elasticsearch-ca.crt -u elastic https://machine-host-name:9200
i get correct output:
{
"name" : "machine-host-name",
"cluster_name" : "elasticsearch",
"cluster_uuid" : "T7Ed8T7BQUm0pIXOFBxTlw",
"version" : {
"number" : "8.4.2",
"build_flavor" : "default",
"build_type" : "deb",
"build_hash" : "89f8c6d8429db93b816403ee75e5c270b43a940a",
"build_date" : "2022-09-14T16:26:04.382547801Z",
"build_snapshot" : false,
"lucene_version" : "9.3.0",
"minimum_wire_compatibility_version" : "7.17.0",
"minimum_index_compatibility_version" : "7.0.0"
},
"tagline" : "You Know, for Search"
}
the command i use to enroll the Fleetserver is:
/elastic-agent install --url=https://ip-adress-of-other-server:8220
--fleet-server-es=https://machine-host-name:9200
--fleet-server-service-token=token
--fleet-server-policy=fleet-server-policy
--fleet-server-es-ca=/etc/pki/elasticsearch/elasticsearch-ca.crt
--certificate-authorities=/etc/pki/elasticsearch/ca.crt
--fleet-server-cert=/etc/pki/elasticsearch/fleet-server.crt
--fleet-server-cert-key=/etc/pki/elasticsearch/fleet-server.key
where elasticsearch-ca.crt is the same as generated by elasticsearch on setup,
location =
/etc/elasticsearch/certs/http_ca.crt
what am i doing wrong? I'm kinda lost here.
any help will be greatly appreciated!