Error: fleet-server failed: context canceled

Lelc79 · April 14, 2023, 11:54pm

hello elastic community
I have a problem trying to configure the fleet server, I have done the following:
Inside Kibana - fleet/settings
Fleet server hosts
I have put my local server 192.0.1.20 with port 8220
Outputs
https://192.0.1.20:9200 // Default SSL

Then I go to Agents and give it Add Fleet Server.
In this screen I am initially choosing the fleet server police https://192.0.1.20:8220

And it appears to me that I add the following on the Linux debian server where I want to install the fleet server.

sudo ./elastic-agent install
--fleet-server-es=https://192.0.1.20:9200
--fleet-server-service-token=AAEAAWVsYXN0aWMvZmxlZXQtc2VydmVyL3Rva2VuLTE2ODE1MTU3MjU5Mzk6eEZtdUdjSl9UdXktQ18tdDNfNFl4UQ
--fleet-server-policy=fleet-server-policy

Some Details

I only have a linux (debian11) with Kibana, Elasticsearch and right here I want to add the Fleet server.
Port 8220 isn't active on the linux (debian11) server
The Elasticsearch has the SSL that comes by default in the latest version (I DO NOT use digital certificates)

If I install with /elastic-agent install
--fleet-server-es=https://192.0.1.20:9200 \

I get the following error
{"log.level":"info","@timestamp":"2023-04-14T18:26:57.558-0500","log.origin":{"file.name":"cmd/enroll_cmd.go" ,"file.line":407},"message":"Generating self-signed certificate for Fleet Server","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2023-04-14T18:27:02.218-0500","log.origin":{"file.name":"cmd/enroll_cmd.go" ,"file.line":770},"message":"Waiting for Elastic Agent to start Fleet Server","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2023-04-14T18:27:06.222-0500","log.origin":{"file.name":"cmd/enroll_cmd.go" ,"file.line":803},"message":"Fleet Server - Error - x509: certificate signed by unknown authority","ecs.version":"1.6.0"}
Error: fleet-server failed: context canceled
For help, please see our troubleshooting guide at Troubleshoot common problems | Fleet and Elastic Agent Guide [8.7] | Elastic
Error: enroll command failed for unknown reason: exit status 1

but if I install without Https
/elastic-agent install
--fleet-server-es=http://192.0.1.20:9200 \

I get the following:

Installed as a system package, installation will not be altered.
{"log.level":"info","@timestamp":"2023-04-14T18:29:52.671-0500","log.origin":{"file.name":"cmd/enroll_cmd.go" ,"file.line":407},"message":"Generating self-signed certificate for Fleet Server","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2023-04-14T18:29:56.236-0500","log.origin":{"file.name":"cmd/enroll_cmd.go" ,"file.line":770},"message":"Waiting for Elastic Agent to start Fleet Server","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2023-04-14T18:30:00.240-0500","log.origin":{"file.name":"cmd/enroll_cmd.go" ,"file.line":803},"message":"Fleet Server - Error - EOF","ecs.version":"1.6.0"}
^CError: fleet-server failed: context canceled
For help, please see our troubleshooting guide at Troubleshoot common problems | Fleet and Elastic Agent Guide [8.7] | Elastic

How can I make the fleet server work?

MichelLaterman · April 17, 2023, 7:19pm

By default SSL do you mean that for Elasticsearch you didn't provide any certificates?
If so Elasticsearch would generate it's own self signed certificate and output it's fingerprint on initialization.

It looks like you're missing the --fleet-server-es-ca-trusted-fingerprint flag that passes this fingerprint to fleet-server.
It should have been included in the command the UI gives when setting up a fleet-server.

What version are you running?

Lelc79 · April 18, 2023, 1:13am

I have installed the latest version of Elasticsearch 8.7 and it has its own certificate, but KIBANA, hasn't one certificate. In resume , So I have Https for Elasticsearch and Http for Kibana.

I created the fleet server but in elasticsearch it doesn't activate any port, tell me more about --fleet-server-es-ca-trusted-fingerprint

MichelLaterman · April 18, 2023, 6:21pm

Of Course!
The --fleet-server-es-ca-trusted-fingerprint flag is the SHA256 checksum of the CA that signed the Elasticsearch certificate.
It's an alternative to providing the --certificate-authorities flag.
It should have been provided as part of the fleet-server install command in Kibana.

If it was not provided you can either supply the CA with the --certificate-authorities flag, or compute the checksum of the CA with a tool like openssl:

openssl x509 -noout -fingerprint -sha256 -inform pem -in /path/to/ca.crt

for use with the -fleet-server-es-ca-trusted-fingerprint flag.

All flags are documented in the command reference: Elastic Agent command reference | Fleet and Elastic Agent Guide [8.7] | Elastic

system · May 16, 2023, 6:22pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
"Error: fleet-server failed: context canceled" error when trying to "Install Fleet Server to a centralized host" Kibana fleet	5	3739	March 22, 2023
Install Fleet server Elastic Agent fleet	4	797	August 18, 2022
Unable to install Fleet Server Elastic Agent fleet	4	497	December 6, 2022
Fleet-server failed: context canceled Kibana elastic-stack-monitoring , elastic-stack-security , elastic-stack-alerting , fleet , elastic-agent	3	3402	May 12, 2022
Clear ELK installation cant add Fleet server 8.12 Elastic Agent fleet	3	181	April 10, 2024

Error: fleet-server failed: context canceled

Related topics