Guys, how are you? Good afternoon!! I'm having a little problem here setting for TLS stack, Elastic-Agent, Fleet and Elasticsearch, I can't close the connection with the fleet, I also see that the port is not listed in kibana.
Is 192.168.30.40 the local address for fleet.*.com.br? Is there a firewall denying local connections? Do the logs from the fleet-server instance show any attempted connection?
The commands you are running indicate that you are attempting to install the fleet-server running under the agent on a new host.
You've stated that it can successfully install when you do not pass any parameters associated with TLS, but you get a connection failed error when you do.
The machine you are attempting to install fleet-server on is unable to connect to 192.168.30.40 (fleet.X.com.br). I'm assuming this is an already running a separate fleet-server instance, is that correct? 8220 is the default port for fleet-server.
Does the fleet-server cert/key you want to pass match the URL you are passing (fleet.X.com.br)?
What do you see in kibana? What hosts are listed under settings?
I will answer you according to the questions to facilitate understanding.
The commands you are running indicate that you are trying to install the fleet server running on the agent on a new host.
Answer: Agent installation is on another server
You've stated that it can install successfully when you don't pass any parameters associated with TLS, but you get a connection failure error when you do.
Answer: Exactly
The machine on which you are trying to install the fleet-server cannot connect to 192.168.30.40 (fleet.X.com.br). I'm assuming this one is already running a separate fleet server instance, is that correct?
8220 is the default port for the fleet server.
Answer: I configured the fleet in the kibana panel (Plugin, port 8220, Ip: 0.0.0.0 I linked to the policy group. (That's all)
Does the fleet server certificate/key you want to pass match the URL you are passing (fleet.X.com.br)?
Answer: I took advantage of the elastic CA - http_ca.crt and created the fleet.x.com.br certificates
What do you see in kibana? What hosts are listed in the settings?
Answer: Kibana creates the policy, I linked the fleet server plugin in the policy, enabled on port 8220 and listens 0.0.0.0, output to elastic and host on the fleet server https://192.168.30.40
That agent is running an instance of fleet-server?
On the instance you are running the install command, are you attempting to run another fleet-server or not?
I think that this is an issue, the fleet server hosts setting in Kibana is passed to agents that enroll so they can find the fleet-server. In this case I would expect the setting to be fleet.X.com.br and all instances running the agent should be able to resolve the DNS entry.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
