Install Fleet server

Hani_Atalla · July 19, 2022, 9:59pm

I am trying to install a Fleet server v 8.3.3 but not having much luck. I tried both the "quick" and "advanced" setups and same error related to certificate.

Some notes:

Elasticsearch 8.3. 3 is running on host X and operational
Kibana is running on host Y and is opeational.
Trying to install the Fleet agent on host Z and port 8220 is open.

{"log.level":"info","@timestamp":"2022-07-19T21:24:19.251Z","log.origin":{"file.name":"cmd/enroll_cmd.go","file.line":792},"message":"Fleet Server - Starting","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-07-19T21:24:23.255Z","log.origin":{"file.name":"cmd/enroll_cmd.go","file.line":792},"message":"Fleet Server - Error - x509: certificate signed by unknown authority","ecs.version":"1.6.0"}
Error: fleet-server failed: context canceled

I used this to install the fleet agent:

curl -L -O https://artifacts.elastic.co/downloads/beats/elastic-agent/elastic-agent-8.3.2-linux-x86_64.tar.gz
tar xzvf elastic-agent-8.3.2-linux-x86_64.tar.gz
cd elastic-agent-8.3.2-linux-x86_64
sudo ./elastic-agent install --url=https://<fleet-server-ip>:8220 \
  --fleet-server-es=https://<es-ip>:9200 \
  --fleet-server-service-token=AAEAAWVsYXN0aWMvZmxlZXQtc2VydmVyL3Rva2VuLTE2NTgyNjY1Mzg1ODg6SlhVcHl4RlpTQ2V0c1psWXRXUXhOZw \
  --fleet-server-policy=fleet-server-policy \
  --certificate-authorities=/tmp/ca.crt \
  --fleet-server-es-ca=/tmp/certs/elasticsearch-ca.crt \
  --fleet-server-cert=/tmp/certs/fleet-server.crt \
  --insecure \
  --fleet-server-cert-key=/tmp/certs/fleet-server.key

Thanks for your assistance

MichelLaterman · July 20, 2022, 4:39pm

Does it work if you do not pass the --insecure flag?

Hani_Atalla · July 21, 2022, 2:15pm

So I got the Fleet server agent running and I see it in Kibana using this install

### Fleet Server Installation   
curl -L -O https://artifacts.elastic.co/downloads/beats/elastic-agent/elastic-agent-8.3.2-linux-x86_64.tar.gz
tar xzvf elastic-agent-8.3.2-linux-x86_64.tar.gz
cd elastic-agent-8.3.2-linux-x86_64
sudo ./elastic-agent install --url=https://<fleet-server-ip>:8220 \
  --fleet-server-es=https://<elasticsearch-ip>:9200 \
  --fleet-server-service-token=AAEAAWVsYXN0aWMvZmxlZXQtc2VydmVyL3Rva2VuLTE2NTgzMzY5MDI4NTk6YXRPbHV6RHhRZTJIY09EZ213RTEtUQ \
  --fleet-server-policy=fleet-server-policy \
  --certificate-authorities=/tmp/certs/ca.crt \
  --fleet-server-es-ca=/tmp/certs/http_ca.crt \
  --fleet-server-cert=/tmp/certs/fleet-server.crt \
  --fleet-server-cert-key=/tmp/certs/fleet-server.key

and it's running

I also installed a Fleet managed elastic agent using:

### Elastic Agent Installation
curl -L -O https://artifacts.elastic.co/downloads/beats/elastic-agent/elastic-agent-8.3.2-linux-x86_64.tar.gz
tar xzvf elastic-agent-8.3.2-linux-x86_64.tar.gz
cd elastic-agent-8.3.2-linux-x86_64
sudo ./elastic-agent install --url=https://<fleet-server-ip>:8220 --enrollment-token=LTE0YkhZSUJ2cHZnVk1wM1JrM2E6TjJjeHRURi1SSnVNckluaGstbW95QQ== --insecure

and it is running and I see it in Fleet in Kibana (both Fleet server agent and elastic agent).

However both the Fleet agent and the elastic agent are not sending their internal logs to Elasticsearch, the error I am seeing on each agent from /opt/Elastic/Agent/data/elastic-agent-16c55b/logs/ is:

{"log.level":"error","@timestamp":"2022-07-21T14:02:38.372Z","log.logger":"esclientleg","log.origin":{"file.name":"transport/logging.go","file.line":38},"message":"Error dialing x509: certificate signed by unknown authority","service.name":"filebeat","network":"tcp","address":"<elasticsearch-ip>:9200","ecs.version":"1.6.0"}

the cert I used for the Fleet agent to communicate with elasticsearch is http_ca.crt and I grabbed it from the elasticsearch server from /etc/elasticsearch/certs/http_ca and when I curl from the Fleet server host or from the host running the elastic-agent to https://:9200 it works

curl --cacert /tmp/certs/http_ca.crt --user elastic https://<elasticsearch-ip>:9200

returning:

{
  "name" : "node-1",
  "cluster_name" : "elasticsearch",
  "cluster_uuid" : "PCVh7o6xQy2qJkVJMPjM5w",
  "version" : {
    "number" : "8.3.2",
    "build_type" : "rpm",
    "build_hash" : "8b0b1f23fbebecc3c88e4464319dea8989f374fd",
    "build_date" : "2022-07-06T15:15:15.901688194Z",
    "build_snapshot" : false,
    "lucene_version" : "9.2.0",
    "minimum_wire_compatibility_version" : "7.17.0",
    "minimum_index_compatibility_version" : "7.0.0"
  },
  "tagline" : "You Know, for Search"

So I am not sure what I am missing here.

Hani_Atalla · July 21, 2022, 6:19pm

Ok - finally got this working. The solution was to add the line below under Fleet > settings > outputs in the "Advanced YAML configuration" field

ssl.certificate_authorities: ["/path-to-es-cert/http_ca.crt"]

system · August 18, 2022, 6:20pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.