How would one achieve this?
My current setup is as follows:
- Self-hosted
- 3-node Elasticsearch cluster (7.15.0)
- Kibana (7.15.0)
Fleet server URL: https://kibana-dev.mydomain.com:8220
Elasticsearch URL: https://kibana-dev.mydomain.com:9220
A separate hosted environment consisting of two servers:
- Server-A (Static NAT with ACLs permitting
tcp/9200andtcp/8220to above URLs) - Server-B (Dynamic PAT with no access to above URLs)
A Demo policy has been configured with integration for:
- Elastic Endpoint Security
- System
Server-A has been enrolled successfully to the above policy and can see this under both, Fleet > Agents and Security > Endpoints. The agent statuses show as 'Healthy'.
Server-A also has reverse proxy configuration in place for the above mentioned ports and I am able to hit these from Server-B.
When I attempt to enroll Server-B using below install command, the enrollment is successful:
sudo ./elastic-agent install -f --url=https://Server-A-internal-IP:8220 --enrollment-token=xxxxxxx
2021-09-24T07:28:53.704+0100 INFO cmd/enroll_cmd.go:414 Starting enrollment to URL: https://192.168.15.1:8220/
2021-09-24T07:28:55.227+0100 INFO cmd/enroll_cmd.go:252 Successfully triggered restart on running Elastic Agent.
Successfully enrolled the Elastic Agent.
Elastic Agent has been successfully installed.
After a couple of minutes, the status of Server-B changes from Healthy to Unhealthy and looking in the logs, I see this attempting to connect to the non-proxy URL which it cannot access (hence the reverse proxy config).
{
"log.level":"error",
"@timestamp":"2021-09-24T06:31:42.029Z",
"log.origin":{
"file.name":"fleet/fleet_gateway.go",
"file.line":180
},
"message":"failed to dispatch actions, error: fail to communicate with updated API client hosts: Get \"https://kibana-dev.mydomain.com:8220/api/status?\": context deadline exceeded",
"ecs.version":"1.6.0"
}
Am I doing something wrong or is this not achievable?
Appreciate your input.
Kev