How would one achieve this?
My current setup is as follows:
- 3-node Elasticsearch cluster (7.15.0)
- Kibana (7.15.0)
Fleet server URL:
A separate hosted environment consisting of two servers:
- Server-A (Static NAT with ACLs permitting
tcp/8220 to above URLs)
- Server-B (Dynamic PAT with no access to above URLs)
A Demo policy has been configured with integration for:
- Elastic Endpoint Security
Server-A has been enrolled successfully to the above policy and can see this under both, Fleet > Agents and Security > Endpoints. The agent statuses show as 'Healthy'.
Server-A also has reverse proxy configuration in place for the above mentioned ports and I am able to hit these from Server-B.
When I attempt to enroll Server-B using below install command, the enrollment is successful:
sudo ./elastic-agent install -f --url=https://Server-A-internal-IP:8220 --enrollment-token=xxxxxxx
2021-09-24T07:28:53.704+0100 INFO cmd/enroll_cmd.go:414 Starting enrollment to URL: https://192.168.15.1:8220/
2021-09-24T07:28:55.227+0100 INFO cmd/enroll_cmd.go:252 Successfully triggered restart on running Elastic Agent.
Successfully enrolled the Elastic Agent.
Elastic Agent has been successfully installed.
After a couple of minutes, the status of Server-B changes from Healthy to Unhealthy and looking in the logs, I see this attempting to connect to the non-proxy URL which it cannot access (hence the reverse proxy config).
"message":"failed to dispatch actions, error: fail to communicate with updated API client hosts: Get \"https://kibana-dev.mydomain.com:8220/api/status?\": context deadline exceeded",
Am I doing something wrong or is this not achievable?
Appreciate your input.