Elasticsearch version: 8.5.0
APM Server version: 8.5.2
Original install method (e.g. download page, yum, deb, from source, etc.) and version: docker
Fresh install or upgraded from other version?: fresh
Setup:
Attempting to run apm-server standalone, ie. not using an elastic agent, and on docker. This worked fine in 7.x, but in 8.x I'm having all sorts of problems.
Using the following setup:
docker run -d \
-p 8200:8200 \
--network=elastic \
--name=apm-server \
--user=apm-server \
--volume="$(pwd)/ca.crt:/usr/share/apm-server/ca.crt:ro" \
docker.elastic.co/apm/apm-server:8.5.2 \
--strict.perms=false -e \
-E output.elasticsearch.hosts=["https://es00:9200"] \
-E output.elasticsearch.api_key="some_api_key_for_elastic_user" \
-E output.elasticsearch.ssl.certificate_authorities="/usr/share/apm-server/ca.crt"
Elasticsearch is running on the same cluster in the same network. I am using the same CA. The API key is generated with the elastic master user.
Problem:
APM is unable to connect, and it gives a very non-descript error that looks faulty (notice the missing uuid):
apm-server | {"log.level":"error","@timestamp":"2022-11-27T20:26:57.297Z","log.logger":"beater","log.origin":{"file.name":"beater/waitready.go","file.line":64},"message":"precondition failed: error querying cluster_uuid: status_code=401","service.name":"apm-server","ecs.version":"1.6.0"}
I have verified that I can reach both containers from eachothers hostnames on the docker network.
I also get the exact same error if i use username / password approach with the elastic user.
I'm aware that the elastic user is bad practice here - I'm just working in a test environment and need to verify settings before hardening.
The remaining log looks like this:
apm-server | {"log.level":"info","@timestamp":"2022-11-27T20:26:32.287Z","log.origin":{"file.name":"instance/beat.go","file.line":708},"message":"Home path: [/usr/share/apm-server] Config path: [/usr/share/apm-server] Data path: [/usr/share/apm-server/data] Logs path: [/usr/share/apm-server/logs]","service.name":"apm-server","ecs.version":"1.6.0"}
apm-server | {"log.level":"debug","@timestamp":"2022-11-27T20:26:32.287Z","log.logger":"beat","log.origin":{"file.name":"instance/beat.go","file.line":766},"message":"Beat metadata path: /usr/share/apm-server/data/meta.json","service.name":"apm-server","ecs.version":"1.6.0"}
apm-server | {"log.level":"info","@timestamp":"2022-11-27T20:26:32.287Z","log.origin":{"file.name":"instance/beat.go","file.line":716},"message":"Beat ID: be37df93-d182-4a1a-822a-777e4f97548b","service.name":"apm-server","ecs.version":"1.6.0"}
apm-server | {"log.level":"info","@timestamp":"2022-11-27T20:26:32.288Z","log.logger":"beat","log.origin":{"file.name":"instance/beat.go","file.line":1082},"message":"Beat info","service.name":"apm-server","system_info":{"beat":{"path":{"config":"/usr/share/apm-server","data":"/usr/share/apm-server/data","home":"/usr/share/apm-server","logs":"/usr/share/apm-server/logs"},"type":"apm-server","uuid":"be37df93-d182-4a1a-822a-777e4f97548b"},"ecs.version":"1.6.0"}}
apm-server | {"log.level":"info","@timestamp":"2022-11-27T20:26:32.288Z","log.logger":"beat","log.origin":{"file.name":"instance/beat.go","file.line":1091},"message":"Build info","service.name":"apm-server","system_info":{"build":{"commit":"603b5878ad5a02225c03970741b87fb7f8c38e4a","libbeat":"8.5.2","time":"2022-11-17T10:57:37.000+0100","version":"8.5.2"},"ecs.version":"1.6.0"}}
apm-server | {"log.level":"info","@timestamp":"2022-11-27T20:26:32.288Z","log.logger":"beat","log.origin":{"file.name":"instance/beat.go","file.line":1094},"message":"Go runtime info","service.name":"apm-server","system_info":{"go":{"os":"linux","arch":"amd64","max_procs":32,"version":"go1.18.5"},"ecs.version":"1.6.0"}}
apm-server | {"log.level":"info","@timestamp":"2022-11-27T20:26:32.288Z","log.logger":"beat","log.origin":{"file.name":"instance/beat.go","file.line":1098},"message":"Host info","service.name":"apm-server","system_info":{SCRUBBED}
apm-server | {"log.level":"info","@timestamp":"2022-11-27T20:26:32.288Z","log.logger":"beat","log.origin":{"file.name":"instance/beat.go","file.line":1127},"message":"Process info","service.name":"apm-server","system_info":{"process":{"capabilities":{"inheritable":null,"permitted":null,"effective":null,"bounding":["chown","dac_override","fowner","fsetid","kill","setgid","setuid","setpcap","net_bind_service","net_raw","sys_chroot","mknod","audit_write","setfcap"],"ambient":null},"cwd":"/usr/share/apm-server","exe":"/usr/share/apm-server/apm-server","name":"apm-server","pid":7,"ppid":1,"seccomp":{"mode":"filter","no_new_privs":false},"start_time":"2022-11-27T20:26:31.910Z"},"ecs.version":"1.6.0"}}
apm-server | {"log.level":"info","@timestamp":"2022-11-27T20:26:32.288Z","log.origin":{"file.name":"instance/beat.go","file.line":294},"message":"Setup Beat: apm-server; Version: 8.5.2","service.name":"apm-server","ecs.version":"1.6.0"}
apm-server | {"log.level":"debug","@timestamp":"2022-11-27T20:26:32.289Z","log.logger":"beat","log.origin":{"file.name":"instance/beat.go","file.line":319},"message":"Initializing output plugins","service.name":"apm-server","ecs.version":"1.6.0"}
apm-server | {"log.level":"warn","@timestamp":"2022-11-27T20:26:32.290Z","log.logger":"cfgwarn","log.origin":{"file.name":"tlscommon/config.go","file.line":102},"message":"DEPRECATED: Treating the CommonName field on X.509 certificates as a host name when no Subject Alternative Names are present is going to be removed. Please update your certificates if needed. Will be removed in version: 8.0.0","service.name":"apm-server","ecs.version":"1.6.0"}
apm-server | {"log.level":"debug","@timestamp":"2022-11-27T20:26:32.290Z","log.logger":"tls","log.origin":{"file.name":"tlscommon/tls.go","file.line":172},"message":"Successfully loaded CA certificate: /usr/share/apm-server/ca.crt","service.name":"apm-server","ecs.version":"1.6.0"}
apm-server | {"log.level":"info","@timestamp":"2022-11-27T20:26:32.290Z","log.logger":"esclientleg","log.origin":{"file.name":"eslegclient/connection.go","file.line":108},"message":"elasticsearch url: https://es00:9200","service.name":"apm-server","ecs.version":"1.6.0"}
apm-server | {"log.level":"debug","@timestamp":"2022-11-27T20:26:32.291Z","log.logger":"tls","log.origin":{"file.name":"tlscommon/tls.go","file.line":172},"message":"Successfully loaded CA certificate: /usr/share/apm-server/ca.crt","service.name":"apm-server","ecs.version":"1.6.0"}
apm-server | {"log.level":"debug","@timestamp":"2022-11-27T20:26:32.291Z","log.logger":"publisher","log.origin":{"file.name":"pipeline/consumer.go","file.line":98},"message":"start pipeline event consumer","service.name":"apm-server","ecs.version":"1.6.0"}
apm-server | {"log.level":"info","@timestamp":"2022-11-27T20:26:32.291Z","log.logger":"publisher","log.origin":{"file.name":"pipeline/module.go","file.line":113},"message":"Beat name: 825bd2425dff","service.name":"apm-server","ecs.version":"1.6.0"}
apm-server | {"log.level":"debug","@timestamp":"2022-11-27T20:26:32.291Z","log.logger":"publisher","log.origin":{"file.name":"pipeline/queue_reader.go","file.line":49},"message":"pipeline event consumer queue reader: start","service.name":"apm-server","ecs.version":"1.6.0"}
apm-server | {"log.level":"info","@timestamp":"2022-11-27T20:26:32.291Z","log.origin":{"file.name":"instance/beat.go","file.line":471},"message":"apm-server start running.","service.name":"apm-server","ecs.version":"1.6.0"}
apm-server | {"log.level":"info","@timestamp":"2022-11-27T20:26:32.292Z","log.logger":"beater","log.origin":{"file.name":"beater/http.go","file.line":142},"message":"Listening on: [::]:8200","service.name":"apm-server","ecs.version":"1.6.0"}
apm-server | {"log.level":"info","@timestamp":"2022-11-27T20:26:32.292Z","log.logger":"beater","log.origin":{"file.name":"beater/beater.go","file.line":1162},"message":"maxprocs: Leaving GOMAXPROCS=32: CPU quota undefined","service.name":"apm-server","ecs.version":"1.6.0"}
apm-server | {"log.level":"debug","@timestamp":"2022-11-27T20:26:32.292Z","log.logger":"tls","log.origin":{"file.name":"tlscommon/tls.go","file.line":172},"message":"Successfully loaded CA certificate: /usr/share/apm-server/ca.crt","service.name":"apm-server","ecs.version":"1.6.0"}
apm-server | {"log.level":"debug","@timestamp":"2022-11-27T20:26:32.292Z","log.logger":"tls","log.origin":{"file.name":"tlscommon/tls.go","file.line":172},"message":"Successfully loaded CA certificate: /usr/share/apm-server/ca.crt","service.name":"apm-server","ecs.version":"1.6.0"}
apm-server | {"log.level":"info","@timestamp":"2022-11-27T20:26:32.292Z","log.logger":"beater","log.origin":{"file.name":"beater/waitready.go","file.line":40},"message":"blocking ingestion until all preconditions are satisfied","service.name":"apm-server","ecs.version":"1.6.0"}
apm-server | {"log.level":"info","@timestamp":"2022-11-27T20:26:32.293Z","log.logger":"beater","log.origin":{"file.name":"apm-server/main.go","file.line":71},"message":"creating transaction metrics aggregation with config: {Interval:1m0s MaxTransactionGroups:10000 HDRHistogramSignificantFigures:2}","service.name":"apm-server","ecs.version":"1.6.0"}
apm-server | {"log.level":"info","@timestamp":"2022-11-27T20:26:32.296Z","log.logger":"beater","log.origin":{"file.name":"apm-server/main.go","file.line":86},"message":"creating service destinations aggregation with config: {Interval:1m0s MaxGroups:10000}","service.name":"apm-server","ecs.version":"1.6.0"}
apm-server | {"log.level":"info","@timestamp":"2022-11-27T20:26:32.296Z","log.logger":"handler","log.origin":{"file.name":"api/mux.go","file.line":133},"message":"Path / added to request handler","service.name":"apm-server","ecs.version":"1.6.0"}
apm-server | {"log.level":"info","@timestamp":"2022-11-27T20:26:32.296Z","log.logger":"handler","log.origin":{"file.name":"api/mux.go","file.line":133},"message":"Path /config/v1/agents added to request handler","service.name":"apm-server","ecs.version":"1.6.0"}
apm-server | {"log.level":"info","@timestamp":"2022-11-27T20:26:32.296Z","log.logger":"handler","log.origin":{"file.name":"api/mux.go","file.line":133},"message":"Path /config/v1/rum/agents added to request handler","service.name":"apm-server","ecs.version":"1.6.0"}
apm-server | {"log.level":"info","@timestamp":"2022-11-27T20:26:32.296Z","log.logger":"handler","log.origin":{"file.name":"api/mux.go","file.line":133},"message":"Path /intake/v2/rum/events added to request handler","service.name":"apm-server","ecs.version":"1.6.0"}
apm-server | {"log.level":"info","@timestamp":"2022-11-27T20:26:32.296Z","log.logger":"handler","log.origin":{"file.name":"api/mux.go","file.line":133},"message":"Path /intake/v3/rum/events added to request handler","service.name":"apm-server","ecs.version":"1.6.0"}
apm-server | {"log.level":"info","@timestamp":"2022-11-27T20:26:32.296Z","log.logger":"handler","log.origin":{"file.name":"api/mux.go","file.line":133},"message":"Path /intake/v2/events added to request handler","service.name":"apm-server","ecs.version":"1.6.0"}
apm-server | {"log.level":"info","@timestamp":"2022-11-27T20:26:32.296Z","log.logger":"handler","log.origin":{"file.name":"api/mux.go","file.line":133},"message":"Path /v1/traces added to request handler","service.name":"apm-server","ecs.version":"1.6.0"}
apm-server | {"log.level":"info","@timestamp":"2022-11-27T20:26:32.296Z","log.logger":"handler","log.origin":{"file.name":"api/mux.go","file.line":133},"message":"Path /v1/metrics added to request handler","service.name":"apm-server","ecs.version":"1.6.0"}
apm-server | {"log.level":"info","@timestamp":"2022-11-27T20:26:32.296Z","log.logger":"handler","log.origin":{"file.name":"api/mux.go","file.line":133},"message":"Path /v1/logs added to request handler","service.name":"apm-server","ecs.version":"1.6.0"}
apm-server | {"log.level":"info","@timestamp":"2022-11-27T20:26:32.296Z","log.logger":"beater","log.origin":{"file.name":"beater/server.go","file.line":193},"message":"Starting apm-server [603b5878ad5a02225c03970741b87fb7f8c38e4a built 2022-11-17 10:57:37 +0100 +0100]. Hit CTRL-C to stop it.","service.name":"apm-server","ecs.version":"1.6.0"}
apm-server | {"log.level":"info","@timestamp":"2022-11-27T20:26:32.296Z","log.logger":"beater","log.origin":{"file.name":"beater/http.go","file.line":94},"message":"RUM endpoints disabled.","service.name":"apm-server","ecs.version":"1.6.0"}
apm-server | {"log.level":"info","@timestamp":"2022-11-27T20:26:32.296Z","log.logger":"beater","log.origin":{"file.name":"beater/http.go","file.line":104},"message":"SSL disabled.","service.name":"apm-server","ecs.version":"1.6.0"}
apm-server | {"log.level":"error","@timestamp":"2022-11-27T20:26:32.297Z","log.logger":"beater","log.origin":{"file.name":"beater/waitready.go","file.line":64},"message":"precondition failed: error querying cluster_uuid: status_code=401","service.name":"apm-server","ecs.version":"1.6.0"}