Fleet and Elastic-Agent Installed but No Dataset

I've installed a fresh version (clean filesystem) of Elasticsearch 7.9.2 in Docker environment as outlined here: https://www.elastic.co/guide/en/elastic-stack-get-started/7.9/get-started-docker.html#get-started-docker-tls

I then proceeded to setup Fleet, chose the System Integration as a simple use case, and installed + enrolled the elastic agent in Ubuntu to gather basic CPU, RAM, etc. usage. I think I did everything OK because I can see from Kibana the agent is online and running. However, I don't see any data set. It didn't even create an index.

I checked the syslog and the only error I saw was "bad certificate":

Oct 27 08:26:47 tais-dock-zd02 76e534a3bd1f[18564]: "stacktrace": ["io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate",
Oct 27 08:26:47 tais-dock-zd02 76e534a3bd1f[18564]: "at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:471) ~[netty-codec-4.1.49.Final.jar:4.1.49.Final]",
Oct 27 08:26:47 tais-dock-zd02 76e534a3bd1f[18564]: "at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:276) ~[netty-codec-4.1.49.Final.jar:4.1.49.Final]",
Oct 27 08:26:47 tais-dock-zd02 76e534a3bd1f[18564]: "at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) [netty-transport-4.1.49.Final.jar:4.1.49.Final]",

But in the docker-compose.yml, I ensured both certificate checks are disabled:

  - xpack.security.http.ssl.verification_mode=none
  - xpack.security.transport.ssl.verification_mode=none

Does Fleet or Elastic-Agent expect SSL certs to be valid? The docker image that Elastic supplied have self-signed cert:

Common Name
Elastic Certificate Tool Autogenerated CA
Valid until: 10/14/2023, 3:45:04 PM (Pacific Daylight Time)

Could this cert be the issue, or is there some other problem I have to look into?


It's also interesting to note that SSL/Docker related posts don't get answered in this discussion group. I'm curious if it's a difficult question or is there just not a good solution?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.