Fleet server install failed on fresh ELK stack 8.2.0

Peter_Bodnar · May 11, 2022, 12:33pm

Hello, i have problem to install Fleet server on fresh ELK stack 8.2.0 (RHEL 8)
Elasticsearch and kibana working fine, but when tried to install fleet server (enroll agent as fleet server, based on provided instructions from Kibana UI and/or documentation), got response:

{"log.level":"error","@timestamp":"2022-05-11T14:15:43.732+0200","log.origin":{"file.name":"status/reporter.go","file.line":236},"message":"Elastic Agent status changed to: 'error'","ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2022-05-11T14:15:43.732+0200","log.origin":{"file.name":"log/reporter.go","file.line":36},"message":"2022-05-11T14:15:43+02:00 - message: Application: fleet-server--8.2.0[]: State changed to FAILED: Error - Forbidden - type: 'ERROR' - sub_type: 'FAILED'","ecs.version":"1.6.0"}

firs time tried as Quick-start (self signed certificate, then used certificates signed by company internal CA, still same error

any ideas?
thank

zx8086 · May 11, 2022, 1:10pm

Welcome @Peter_Bodnar !

Just to confirm the issue, does this work with the --insecure flag ?

Also have you checked the permissions on the certs ? that they are readable ?

Peter_Bodnar · May 11, 2022, 1:22pm

yes, certs are readable
tried also with self signed certs, same error
tried with --insecure flag, same error

zx8086 · May 11, 2022, 1:26pm

What command are you running on the command line ? Is it running with sudo privileges ?

Peter_Bodnar · May 11, 2022, 1:32pm

it run as root user
command from kibana UI fleet server installation (agent installed form RPM, but it doesn't matter, same problem with agnet from tar.gz) :

 elastic-agent enroll --url=https://*IP*:8220 \
  --fleet-server-es=https://*IP*:9200 \
  --fleet-server-service-token=***token generathen within Kibana UI*** \
  --fleet-server-policy=0b8fb260-cf76-11ec-b411-0bb14ba68cb2 \
  --fleet-server-es-ca-trusted-fingerprint=6206ac54e5222f6c92dd5758c932298b837c12d3a4b6fdc0e51df9c32ffe82e5 \
  --certificate-authorities=<PATH_TO_CA> \
  --fleet-server-cert=<PATH_TO_FLEET_SERVER_CERT> \
  --fleet-server-cert-key=<PATH_TO_FLEET_SERVER_CERT_KEY>

system · June 8, 2022, 1:33pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.