Elastic Agent install rosetta error

Elastic Stack Elastic Agent
1

hey there,
I have to be honest and admit that I have several doubt about Elastic Agent and Fleet so I was trying to monitor a production-fake Elasticsearch cluster using Elastic Agent enrolled by Fleet Server.
I follow this repo and its blog article.
Since I want to monitor another Elasticsearch cluster I was trying to add the proper integration but when I have to execute the following command on one node

curl -L -O https://artifacts.elastic.co/downloads/beats/elastic-agent/elastic-agent-8.16.1-linux-x86_64.tar.gz 
tar xzvf elastic-agent-8.16.1-linux-x86_64.tar.gz
cd elastic-agent-8.16.1-linux-x86_64
sudo ./elastic-agent install --url=https://ecp-fleet-server:8220 --enrollment-token=xxxxxxx

I got this error:

rosetta error: failed to open elf at /lib64/ld-linux-x86-64.so.2
 Trace/breakpoint trap

I cannot understand how to move on. any suggest?

The whole systems (monitoring and production-fake) are based on 8.16.1

2

What operating system are you using?

If I'm not wrong Rosetta is related to MacOS, but you are trying to install a package built for Linux and X86_64 architecture.

If you are on a mac you need the correct package.

I think for newer macs with Apple Silicon is this one elastic-agent-8.16.1-darwin-aarch64

3

You are right, my OS is MacOS and I am using every component with Docker.
If I use *-darwin-aarch64 I got this error:

bash: ./elastic-agent: cannot execute binary file: Exec format error

4

You are probably darwin X86_64

https://artifacts.elastic.co/downloads/beats/elastic-agent/elastic-agent-8.16.1-darwin-x86_64.tar.gz

5

Same error :confused:

6

Run name -a and share the results.

As far as I understand, if you have a new Mac you should just use

*-darwin-aarch64

Rosetta should not be involved at all as far as I understand... Plenty of people running Elastic agent on Apple silicone.

Please run the command above and show the output.

7

I suppose you mean uname -a on my mac, right?

Darwin MacBook.local 23.6.0 Darwin Kernel Version 23.6.0: Mon Jul 29 21:14:04 PDT 2024; root:xnu-10063.141.2~1/RELEASE_ARM64_T8122 arm64

furthermore:

bash: sudo: command not found

8

arm64

Means run

*-darwin-aarch64

Clean everything out. Download fresh.

You can check the agent executable with

file -b ./elastic-agent

You also need to check if you tried to do something like change your default architecture ... You should not need to.

As far as I understand Rosetta should not be involved

Did you do something like this

Close the terminal. Open the terminal reboot the Mac. Whatever you need to do, but the arm aarch64 should run on your machine assuming you have not modified it in some way.

Wait now I reread you're trying to use the agent with docker?

Is that correct?

What exactly are you trying to do run the agent as a binary install or as a docker container.

9

I am still on this issue, even if I restart everything, destroyed the original container (and volume) and created it again.

Anyway, inside the elasticsearch container (where I should install the Elastic Agent with my Elasticsearch policy) I cannot use sudo command. Really tricky since not every step is really clear.

10

Can you give more context on what you are trying to do, which commands you are running and where?

You do not install an Elastic Agent inside the Elasticsearch container.

If you want to run Elastic Agent as docker container, you do not install it, you need to follow this documentation to run an Agent container.

If you want this agent to get logs from your Elasticsearch containers, then you would need to configure the Elasticsearch containers to save the logs on a persistent bind volume and also mount this same volume inside the Agent container.

11

I have a monitoring cluster and a production cluster. Every cluster uses container technology.
I want to monitor the production cluster using Elastic Agent, so I have started an Elastic Agent with the Fleet Server inside enabled. Then I have configured Fleet Server using Kibana UI and created an Integration (Elasticsearch).
Then, I have to add an Elastic Agent, so I have to execute the commands posted 3-4 messages above.

I am following these articles:
this one, in theory I could also skip it and use the immortal elastic:xxx :smile:

and this one to create policy/integration/agent

The monitoring stack is based on this project

What would I like to get? To monitor my production cluster with Elastic Agents, in a specific way the metrics. As far as I understood, using Elastic Agent rather than Beats should be more easy and efficient.

12

As @leandrojmp indicated, it is against best practice to install additional software inside of containers. Instead, we deploy an additional container running our additional software (sometimes called a sidecar).

We then configure the sidecar container to connect to the Elasticsearch container to perform monitoring.

So the next step would be to follow the instructions @leandrojmp pointed to here: Run Elastic Agent in a container | Fleet and Elastic Agent Guide [8.16] | Elastic to deploy an Elastic Agent on the docker host that is running your production Elasticsearch cluster.

Once the Agent is deployed you can configure the Agent Policy to monitor the production Elasticsearch and forward the data to your monitoring cluster.

13

Ok, so let me try to summarise the correct scenario.
Machine 1: elasticsearch (monitoring cluster) - kibana - elastic agent (fleet server role).
Machine 2: elasticsearch (production cluster) - elastic agent (to deploy the agent with elasticsearch integration)

Every component, both machines, are containerised.
Is this scenario correct?

14

Yes.

On Machine 1:
Container 1,2,3: Elasticsearch
Container 4: Kibana
Container 5: Elastic Agent with Fleet

On Machine 2:
Container 1,2,3: Elasticsearch
Container 4: Kibana
Container 5: Elastic Agent enrolled in Fleet from Machine 1; Container 5

15

Elastic agent will work in pull mode or will Fleet Server send policies to agents?

16

Elastic Agent maintains a persistent connection to the fleet server (initiated by Elastic Agent) to receive policy updates. Almost like a persistent/continuous pull mode.

17

Thank you. I have a lot of doubts about Agent since I used everytime Beats.

1 Like
18

Well, we love Beats and Elastic Agent over here at Elastic so as you have questions or concerns feel free to post them here on the forum!