Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Fleet] Add a preconfiguration reset API #121887

Closed
joshdover opened this issue Dec 22, 2021 · 7 comments · Fixed by #122467
Closed

[Fleet] Add a preconfiguration reset API #121887

joshdover opened this issue Dec 22, 2021 · 7 comments · Fixed by #122467
Assignees
@nchaulet
Labels
QA:Validated Issue has been validated by QA Supportability Improve our (devs, SREs, support eng, users) ability to troubleshoot/self-service product better. Team:Fleet Team label for Observability Data Collection Fleet team v7.17.0

Comments

@joshdover
Copy link
Contributor

joshdover commented Dec 22, 2021
edited by nchaulet
Loading

Scoped down version of #118214

Adding this API would help support in fixing issues that are coming up frequently in the 7.x release series. Having an API over manual workaround steps allows us to have a consistent remediation that is not vulnerable to human mistake.

Proposal

POST /internal/fleet/reset_preconfigured_agent_policies

This API will delete all the saved objects related to the default policies:

  • Package policies
  • Default agent policies
    • We should also try to force unenroll any agents here

Then we should clean all .fleet-* internal for these policies

  • .fleet-enrollment-tokens - we should try to invalidate the related API key when deleting a document from here.
    • Do we have a utility for doing this combined action today? If not, it'd be nice to have a single code path for deleting enrollment tokens that also handles invalidating the API key that can be used broadly in the codebase.
  • .fleet-policies

Then this should call the setup to restore the preconfigured policies (within the same API call, not a separate step that a support engineer would have to run).
@joshdover joshdover added Team:Fleet Team label for Observability Data Collection Fleet team Supportability Improve our (devs, SREs, support eng, users) ability to troubleshoot/self-service product better. v7.17.0 labels Dec 22, 2021
@elasticmachine
Copy link
Contributor

Pinging @elastic/fleet (Team:Fleet)

@joshdover
Copy link
Contributor Author

joshdover commented Jan 5, 2022
edited
Loading

I think we should make the path for this API to use the /internal/ prefix instead of /api/ to clearly message that this API is not considered stable and is subject to removal:

POST /internal/fleet/reset_preconfigured_agent_policies

@jen-huang
Copy link
Contributor

@nchaulet We'd like to get this in for 7.17 to help with supportability of 7.x. Do you have capacity to work on this?

@nchaulet
Copy link
Member

nchaulet commented Jan 5, 2022

@nchaulet We'd like to get this in for 7.17 to help with supportability of 7.x. Do you have capacity to work on this?

Sure I can find some time for that before 7.17 feature freeze :)

@nchaulet nchaulet mentioned this issue Jan 10, 2022
Merged
@joshdover joshdover added QA:Needs Validation Issue needs to be validated by QA QA:Ready for Testing Code is merged and ready for QA to validate labels Jan 24, 2022
@joshdover
Copy link
Contributor Author

Test instructions:

  • Spin up 7.17.0 deployment on Cloud staging
  • Do the switch from APM standalone -> APM managed by Fleet by going to APM/Settings/Schema/Switch to Elastic Agent
  • Edit the APM policy that was created (just changing the namespace would work)
  • Run this API call: 
     curl -XPOST https://<kibana url>/internal/fleet/reset_preconfigured_agent_policies/policy-elastic-agent-on-cloud -u elastic:<password> -H 'kbn-xsrf: xyz' -H 'content-type: application/json'
  • Refresh APM policy and see that verify that any changes made in prior step were reverted

@amolnater-qasource
Copy link

Hi @joshdover
Thanks for the detailed steps.
We have revalidated this issue on 7.17.0 and we followed all the same steps.
After execution till step 3, we had Elastic APM integration available in Elastic cloud agent policy with namespace test.

Then we ran the API call.
After this step, we observed that Elastic APM integration is removed from Elastic cloud agent policy.

Screenshots:
21
20

Please let us know if this is the required outcome.
Thanks

@amolnater-qasource amolnater-qasource added QA:Validated Issue has been validated by QA and removed QA:Ready for Testing Code is merged and ready for QA to validate labels Feb 24, 2022
@joshdover
Copy link
Contributor Author

Looks great, thanks!

@joshdover joshdover removed the QA:Needs Validation Issue needs to be validated by QA label Feb 24, 2022
@jen-huang jen-huang mentioned this issue Apr 6, 2022
Closed
@joshdover joshdover mentioned this issue Apr 11, 2022
Closed
1 task
@juliaElastic juliaElastic mentioned this issue Oct 19, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nchaulet nchaulet

Labels
QA:Validated Issue has been validated by QA Supportability Improve our (devs, SREs, support eng, users) ability to troubleshoot/self-service product better. Team:Fleet Team label for Observability Data Collection Fleet team v7.17.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[Fleet] Add reset preconfigured policies API nchaulet/kibana
5 participants
@nchaulet @joshdover @jen-huang @elasticmachine @amolnater-qasource