Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

compose: Use service tokens for fleet-server #6959

Closed
wants to merge 3 commits into from
Closed

compose: Use service tokens for fleet-server #6959

wants to merge 3 commits into from

Conversation

marclop
Copy link
Contributor

@marclop marclop commented Dec 30, 2021

Motivation/summary

This patch updates the current fleet-server container to use a custom
entrypoint which creates a service token and uses it. This is necessary
since support to authenticate against Elasticsearch using username /
password authentication has been removed from 8.0 onwards.

Additionally, the docker-compose file has been updated to wait for the
fleet-server container to be healthy before exiting.

Checklist

N/A

@marclop
compose: Use service tokens for fleet-server
ff5908a 
This patch updates the current `fleet-server` container to use a custom
entrypoint which creates a service token and uses it. This is necessary
since support to authenticate against Elasticsearch using username /
password authentication has been removed from `8.0` onwards.

Additionally, the docker-compose file has been updated to wait for the
`fleet-server` container to be healthy before exiting.

Signed-off-by: Marc Lopez Rubio <[email protected]>
@marclop marclop added ci backport-8.0 Automated backport with mergify labels Dec 30, 2021
@apmmachine
Copy link
Contributor

apmmachine commented Dec 30, 2021
edited
Loading

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2022-01-10T09:53:25.655+0000

  • Duration: 42 min 42 sec

  • Commit: b973381

Test stats 🧪

Test Results
Failed 0
Passed 5624
Skipped 20
Total 5644

🤖 GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.

  • /hey-apm : Run the hey-apm benchmark.

  • /package : Generate and publish the docker images.

  • run elasticsearch-ci/docs : Re-trigger the docs validation. (use unformatted text in the comment!)

@simitt
Copy link
Contributor

simitt commented Dec 30, 2021

/test

@marclop
Copy link
Contributor Author

marclop commented Jan 4, 2022

The TBS system test is failing due to elastic/fleet-server#1048

@marclop
Copy link
Contributor Author

marclop commented Jan 4, 2022

There's a pending change on the Elastic Agent that would allow us to continue using user/password in the container, the Elastic Agent itself would generate the service token and pass it down: elastic/beats#29651

@simitt
Copy link
Contributor

simitt commented Jan 10, 2022

@marclop the linked PR in beats has been merged. My understanding is that the container setup still needs to use username+password for the setup to be able to receive a service token with correct privileges. Is this change here needed then?

@marclop
Copy link
Contributor Author

marclop commented Jan 11, 2022

@simitt We are good to close, thanks for the ping.

@marclop marclop closed this Jan 11, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@simitt simitt simitt approved these changes

Assignees
No one assigned
Labels
backport-8.0 Automated backport with mergify ci
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@marclop @apmmachine @simitt