I'm having an issue where my Elastic Agents are unable to update. The following error occurs:
[elastic_agent][warn] unable to download package: 2 errors occurred:
* package '/opt/Elastic/Agent/data/elastic-agent-cdc5ba/downloads/elastic-agent-8.14.1-linux-x86_64.tar.gz' not found: open /opt/Elastic/Agent/data/elastic-agent-cdc5ba/downloads/elastic-agent-8.14.1-linux-x86_64.tar.gz: no such file or directory
* fetching package failed: Get "https://artifacts.elastic.co/downloads/beats/elastic-agent/elastic-agent-8.14.1-linux-x86_64.tar.gz": dial tcp 34.120.127.130:443: connect: network is unreachable
Our servers are behind a zScaler proxy. I can manually download and update via Curl from https://artifacts.elastic.co without any problems. The Elastic Agents also connect to the Fleet Server successfully. Our cluster is self-hosted and runs on Ubuntu.
We've already configured the proxy in the Agent Binary Download Settings (Beta setting) but the error message persists.
Are there any additional settings where we can specify the proxy URL for the Elastic Agents to use for downloads? The environment variables HTTP_PROXY and HTTPS_PROXY are set in the Linux environment settings.
Is there a way to enable a verbose mode to determine if the proxy is being used and if the issue lies elsewhere? Similar to using curl -v, which we can execute from one of the agent hosts against https://artifacts.elastic.co to confirm that the zScaler proxy is correctly utilized from the environment variables.
Unfortunately, we haven't found any solutions. We've migrated most of the agents and the fleet server to Windows Server, which allowed us to work around the issue. For the few Linux servers, we have shell scripts that manually remove and reinstall the agent.
Same issue here with Elastic-Agent 8.19.4.
Seems my agents totally ignore my proxi config in Kibana/Fleet. I juste need the proxy to downlaod the agent update:
In my proxie I added one:
Name: MyProxy
URL: myproxy url with http
No need other stuff to connect to it.
And then in Agent Binary Download:
Name: Elastic Artifacts
Host: (the elastic download default url, I cannot post it seems)
Proxy: MyProxy
It is the default and only one…
When I click upgrade agent in kibana, it clearly do not go through the proxy to try to download the update…
Also have this on 8.19.16
I'm pretty sure I had this working nicely,
last update I can see was 8.18.8
last manual install seems to have been 8.13.4.
So for the stretch in between those two I think the feature was OK.
I can't imagine how it works somewhere in the Elastic QA process. Probably they don't notice because the end result (unless you properly firewall the test sys) stays the same even if the download bypasses the proxy.
So it'll only come up in secured/production envs?
anyway, I'm so glad you all posted about it, I would have kept searching for ages, tbh I already spent a few hours, I just thought it has to be me problem...
interesting detail - if you look at the "add agent" dialog, it automatically adds --proxy, and the config shown with ./elastic-agent inspect also has it. so the error likely really is in the process that is spawned to do the upgrade.
and I just noticed I have at least one DMZ system where the process worked.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
