Error installing fleetserver 7.17.5

adrian.cunnelly · August 26, 2022, 1:58pm

Installing fleet server on Ubuntu 20.04 fails with:

Error: fail to enroll: fail to execute request to fleet-server: status code: 400, fleet-server returned an error: BadRequest

The command i'm issuing is:

./elastic-agent install --url=https://ip.of.this.server.for.fleet:8220 \
  --fleet-server-es=http://dns.of.es.server:9200 \
  --fleet-server-service-token=THIS.IS.THE.TOKEN \
  --fleet-server-policy=44eb5270-2544-11ed-8ca6-a96eff51e786 \
  --fleet-server-es-ca=/opt/fleet/certs/elastic-stack-ca.crt \
  --fleet-server-cert=/opt/fleet/certs/fleetserver.crt \
  --fleet-server-cert-key=/opt/fleet/certs/fleetserver.key \
  --certificate-authorities=/opt/fleet/certs/elastic-stack-ca.crt

I am using the same CA for the fleet certs and elasticsearch certs.

There doesn't seem to be any additional info, the full output from the command is:

Elastic Agent will be installed at /opt/Elastic/Agent and will run as a service. Do you want to continue? [Y/n]:y
2022-08-26T13:44:12.169Z        INFO    cmd/enroll_cmd.go:776   Fleet Server - Starting
2022-08-26T13:44:16.173Z        INFO    cmd/enroll_cmd.go:757   Fleet Server - Running on policy with Fleet Server integration: 44eb5270-2544-11ed-8ca6-a96eff51e786; missing config fleet.agent.id (expected during bootstrap process)
2022-08-26T13:44:16.906Z        INFO    cmd/enroll_cmd.go:454   Starting enrollment to URL: https://10.3.2.95:8220/
Error: fail to enroll: fail to execute request to fleet-server: status code: 400, fleet-server returned an error: BadRequest
For help, please see our troubleshooting guide at https://www.elastic.co/guide/en/fleet/7.17/fleet-troubleshooting.html
Error: enroll command failed with exit code: 1
For help, please see our troubleshooting guide at https://www.elastic.co/guide/en/fleet/7.17/fleet-troubleshooting.html

Are their any debug switches I can specify in order to get more information.

Thanks
Adrian

rugenl · August 26, 2022, 3:59pm

My testing doc has tracks where basically the same command worked, then when I went to add another client, it failed. I just used --insecure and it worked, it was a test system only.

Watching for other solutions

sirineb · August 29, 2022, 7:38am

Hi,

I had the same problem when I tried to install the fleet server in production mode without passing the --insecure option.

I think that the problem here is that --fleet-server-es-ca and --certificate-authorities can't be the same.
Follow this link to generate your certificates and to install your Fleet Server : Encrypt traffic in clusters with a self-managed Fleet Server | Fleet and Elastic Agent Guide [7.17] | Elastic

I'm working with 8.3 and I followed Configure SSL/TLS for self-managed Fleet Servers | Fleet and Elastic Agent Guide [8.3] | Elastic which successfully worked so I think it will work for you as well.

Also, in the Fleet settings in Kibana UI, don't forget to add in Output > Advanced YAML configuration field : ssl.certificate_authorities: ["path/to/fleet-server-es-ca"] so here with your certificates it would be ssl.certificate_authorities: ["/opt/fleet/certs/elastic-stack-ca.crt"].

Hope it will help you !

Sirine

system · September 26, 2022, 7:38am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.