Error Installing Fleet Server Agent on Centralized Host

Hi!

I'm facing an issue when installing Fleet Server as centralized host. I' running this command

sudo ./elastic-agent install \
  --fleet-server-es=https://XXX.XXX.XXX.XXX:9200 \
  --fleet-server-service-token=my_token \
  --fleet-server-es-ca-trusted-fingerprint=my_fingerprint

But the console shows this error log

{"log.level":"info","@timestamp":"2023-05-02T09:51:47.218-0500","log.origin":{"file.name":"cmd/enroll_cmd.go","file.line":407},"message":"Generating self-signed certificate for Fleet Server","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2023-05-02T09:51:53.789-0500","log.origin":{"file.name":"cmd/enroll_cmd.go","file.line":753},"message":"Waiting for Elastic Agent to start","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2023-05-02T09:51:57.795-0500","log.origin":{"file.name":"cmd/enroll_cmd.go","file.line":803},"message":"Fleet Server - Error - failed to run subsystems: v7.15.0 data migration failed: failed to apply migration \"AgentMetadata\": migrate AgentMetadata UpdateByQuery failed: [503 Service Unavailable] {\"error\":{\"root_cause\":[],\"type\":\"search_phase_execution_exception\",\"reason\":\"\",\"phase\":\"query\",\"grouped\":true,\"failed_shards\":[],\"caused_by\":{\"type\":\"search_phase_execution_exception\",\"reason\":\"Search rejected due to missing shards [[.fleet-agents-7][0]]. Consider using `allow_partial_search_results` setting to bypass this error.\",\"phase\":\"query\",\"grouped\":true,\"failed_shards\":[]}},\"status\":503}","ecs.version":"1.6.0"}
Error: fleet-server failed: context canceled

I was looking for and tried several workarounds/tips from the internet without success.

Any ideas? Thank you in advance

Hi Guillermo, welcome to the community!

You could try deleting the .fleet-agents index (assuming it was not used before), you will need a superuser role for this that has access to it.

    curl -sk -XPOST --user elastic:changeme -H 'content-type:application/json' \
    https://ES_HOST:PORT/_security/role/fleet_superuser -d '
        {
            "indices": [
                {
                    "names": [".fleet*"],
                    "privileges": ["all"],
                    "allow_restricted_indices": true
                }
            ]
        }'

curl -sk -XPOST --user elastic:changeme -H 'content-type:application/json' \
    https://ES_HOST:PORT/_security/user/fleet_superuser -d '
        {
            "password": "password",
            "roles": ["superuser", "fleet_superuser"]
        }'

Thanks! It's working.

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.