I am trying to install Fleet Server with my self-hosted ELK. So, I have the error:
sudo ./elastic-agent install -f --fleet-server-es=https://****.org:9200 --fleet-server-service-token=AAEAAWV**** --fleet-server-policy=fleet-server-policy --fleet-server-es-insecure
{"log.level":"info","@timestamp":"2022-11-16T16:03:14.045Z","log.origin":{"file.name":"cmd/enroll_cmd.go","file.line":403},"message":"Generating self-signed certificate for Fleet Server","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-11-16T16:03:17.696Z","log.origin":{"file.name":"cmd/enroll_cmd.go","file.line":792},"message":"Fleet Server - Waiting on fleet-server input to be added to policy: fleet-server-policy","ecs.version":"1.6.0"}
Error: fleet-server failed: context canceled
For help, please see our troubleshooting guide at https://www.elastic.co/guide/en/fleet/8.4/fleet-troubleshooting.html
Error: enroll command failed with exit code: 1
For help, please see our troubleshooting guide at https://www.elastic.co/guide/en/fleet/8.4/fleet-troubleshooting.html
I've tried different dicisions from here and here. But nothing helps. I have policy "Fleet Server Policy" with Fleet Server integration.
Can you check the output of this API request? You can find the policy id if you look at the URL of Edit Fleet Server integration page. https://<KIBANA_HOST:PORT>/api/fleet/package_policies/<id of fleet-server integration policy>
I would like to see if the inputs are generated correctly.
sudo ./elastic-agent install -f --fleet-server-es=https://****:9200 --fleet-server-service-token=AAEAA**** --fleet-server-policy=fleet-server-policy
{"log.level":"info","@timestamp":"2022-11-22T12:09:52.465Z","log.origin":{"file.name":"cmd/enroll_cmd.go","file.line":403},"message":"Generating self-signed certificate for Fleet Server","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-11-22T12:10:03.688Z","log.origin":{"file.name":"cmd/enroll_cmd.go","file.line":447},"message":"Retrying to restart...","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-11-22T12:10:04.692Z","log.origin":{"file.name":"cmd/enroll_cmd.go","file.line":792},"message":"Fleet Server - Waiting on fleet-server input to be added to policy: fleet-server-policy","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-11-22T12:10:06.695Z","log.origin":{"file.name":"cmd/enroll_cmd.go","file.line":792},"message":"Fleet Server - Starting","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-11-22T12:10:10.696Z","log.origin":{"file.name":"cmd/enroll_cmd.go","file.line":792},"message":"Fleet Server - Waiting on fleet-server input to be added to policy: fleet-server-policy","ecs.version":"1.6.0"}
Error: fleet-server failed: context canceled
For help, please see our troubleshooting guide at https://www.elastic.co/guide/en/fleet/8.4/fleet-troubleshooting.html
Error: enroll command failed with exit code: 1
For help, please see our troubleshooting guide at https://www.elastic.co/guide/en/fleet/8.4/fleet-troubleshooting.html
Since 8.4.0 we have a Debug UI in Fleet where you can trigger the Reset of preconfigured policies.
Though I am not sure if your policy is preconfigured, so this might not help.
Yes. There are not any options available here. I've deleted policy from this debug menu and generated it from quick start. Nothing changed. This is the new generated policy - pastebin
I had a look at the fleet-server logic and the contents of the .fleet-policies index sent earlier. According to the logic, fleet-server takes the latest revision_idx from the policies index, and I see 2 documents with latest revision 4, one of them doesn't contain a fleet-server input. I don't know how this could happen, but there is a workaround if this is the issue.
Can you try creating another Fleet Server policy with a different id, and try to use that to enroll a Fleet server?
You can pass it to the enroll command with this parameter --fleet-server-policy=cutom_id
I suspect that there might be a problem in the command you used to install the fleet server. I tried locally using the same command and failed for me with "context canceled". Could you try with this instead?
Could you also change the "Elasticsearch Host" in outputs to http protocol and then re run the command? They need to be the same in order to work properly.
it's a bit difficult to diagnose your issue without having more info.
Could you share some more details around your configuration (like the versions of the installed stack, how they were installed etc) and also your kibana.yml?
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.