I've installed a fresh version (clean filesystem) of Elasticsearch 7.9.2 in Docker environment as outlined here: https://www.elastic.co/guide/en/elastic-stack-get-started/7.9/get-started-docker.html#get-started-docker-tls
I then proceeded to setup Fleet, chose the System Integration as a simple use case, and installed + enrolled the elastic agent in Ubuntu to gather basic CPU, RAM, etc. usage. I think I did everything OK because I can see from Kibana the agent is online and running. However, I don't see any data set. It didn't even create an index.
I checked the syslog and the only error I saw was "bad certificate":
Oct 27 08:26:47 tais-dock-zd02 76e534a3bd1f[18564]: "stacktrace": ["io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate",
Oct 27 08:26:47 tais-dock-zd02 76e534a3bd1f[18564]: "at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:471) ~[netty-codec-4.1.49.Final.jar:4.1.49.Final]",
Oct 27 08:26:47 tais-dock-zd02 76e534a3bd1f[18564]: "at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:276) ~[netty-codec-4.1.49.Final.jar:4.1.49.Final]",
Oct 27 08:26:47 tais-dock-zd02 76e534a3bd1f[18564]: "at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) [netty-transport-4.1.49.Final.jar:4.1.49.Final]",
...
But in the docker-compose.yml, I ensured both certificate checks are disabled:
- xpack.security.http.ssl.verification_mode=none
- xpack.security.transport.ssl.verification_mode=none
Does Fleet or Elastic-Agent expect SSL certs to be valid? The docker image that Elastic supplied have self-signed cert:
Common Name
Elastic Certificate Tool Autogenerated CA
Valid until: 10/14/2023, 3:45:04 PM (Pacific Daylight Time)
Could this cert be the issue, or is there some other problem I have to look into?
Thanks