This one has me mystified. I'm trying to set up a simple dev environment with elastic-agent shipping logs to a single-node Docker instance of Elasticsearch. All on my local machine.
But when I try to start up elastic-agent as the fleet server, it somehow decides to change the fleet server url from https://127.0.0.1:8220 to https://laptopname:8220. Then, to rub it in, it grabs the dns ip address from our internal dns server and tries to connect to that ip address.
(Note, that dns entry is only accurate when I'm in the office, so agent times out when trying to connect to it. Plus, I don't have 8220 open on my firewall.)
It does the same thing if I use localhost or set a blah.local value in /etc/hosts.
# ./elastic-agent install \
> --fleet-server-es-ca=/var/lib/docker/volumes/es_config/_data/certs/elasticsearch-ca.pem \
> --fleet-server-es=https://127.0.0.1:4704 \
> --fleet-server-service-token=token \
> --fleet-server-policy=fleet-server-policy
Elastic Agent will be installed at /opt/Elastic/Agent and will run as a service. Do you want to continue? [Y/n]:y
{"log.level":"info","@timestamp":"2022-08-23T12:09:04.596-0700","log.origin":{"file.name":"cmd/enroll_cmd.go","file.line":403},"message":"Generating self-signed certificate for Fleet Server","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-08-23T12:09:06.499-0700","log.origin":{"file.name":"cmd/enroll_cmd.go","file.line":759},"message":"Waiting for Elastic Agent to start Fleet Server","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-08-23T12:09:08.501-0700","log.origin":{"file.name":"cmd/enroll_cmd.go","file.line":792},"message":"Fleet Server - Starting","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-08-23T12:09:12.504-0700","log.origin":{"file.name":"cmd/enroll_cmd.go","file.line":773},"message":"Fleet Server - Running on policy with Fleet Server integration: fleet-server-policy; missing config fleet.agent.id (expected during bootstrap process)","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-08-23T12:09:13.114-0700","log.origin":{"file.name":"cmd/enroll_cmd.go","file.line":471},"message":"Starting enrollment to URL: https://laptopname:8220/","ecs.version":"1.6.0"}
Error: fail to enroll: fail to execute request to fleet-server: dial tcp < internal dns ip address >:8220: connect: connection timed out
For help, please see our troubleshooting guide at https://www.elastic.co/guide/en/fleet/8.3/fleet-troubleshooting.html
Error: enroll command failed with exit code: 1
For help, please see our troubleshooting guide at https://www.elastic.co/guide/en/fleet/8.3/fleet-troubleshooting.html
Anyone have any ideas what is going on? This is not expected behavior. When presented with localhost, I expect any tool to just stop and use it. So it's really really weird that elastic-agent is grabbing my hostname and resolving it.
This is elastic-agent version 8.3.3. On PopOS 20.04.
Thanks in advance!