-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Fleet] Default Fleet Server policy missing fleet_server integration #124004
[Fleet] Default Fleet Server policy missing fleet_server integration #124004
Comments
Pinging @elastic/fleet (Team:Fleet) |
@jen-huang @joshdover And with that, this fix should be backported as well: #124363 |
@juliaElastic Yeah, let's backport those fixes. |
@nchaulet I went through this bug again to verify (see steps in description) and found that the fix for missing package_policies in preconfig is not entirely solved, only works for managed policies. I found that your fix added a condition for Is there a reason why it was restricted only to managed policies? I think the logic should check for all preconfigured policies if package policies are missing (many reported issues are having this bug for I tested the fix locally (to recreate missing package policies for non-managed policies as well), and the caveat is that the fix makes it more likely to encounter this issue: #125105 cc @joshdover |
This makes sense, but I'd also really like to just consider making We have some telemetry on non-default Kibana configurations that are in use. Let me see if I can find any data on how many customers are using preconfiguration. If it is low enough I think we can consider the change. |
For non managed policy one of the requirements was the ability for the user to delete the package policies not sure how it will work if we recreate the package policy on each setup. |
yeah, I thought about that too, mentioned here: #125105 (comment) |
I checked this out and <0.25% of all clusters are using custom agent policies in preconfiguration. I don't know what % of those are specifying an |
Okay, we can make the id required as a separate enhancement. However as for this bug, should we allow recreating preconfigured non-managed policies? It sounds like it is not the best approach since it is a requirement not to recreate deleted non-managed policies. Alternatively we can leave this bug as is, and see how much removing the dependency on EPR reduces the issue occurrence. |
I'm +1 on this for now unless we see this issue more widespread in 8.1+ clusters |
Dropping priority here since we don't have a reasonable solution that wouldn't require breaking changes to the preconfiguration behavior. Will revisit as needed or consider solving in a IaC feature |
I'm seeing the issue with a 8.1.0 fresh installation with eck-operator deployed elasticsearch/fleetserver/agents. |
@ruckc Could you share the |
Hello team, I have the same problem in 7.17.10. I raised case(#01387626) for your support team but so far no response. I have added the 'fleet_server policy integration' to the Default Fleet Policy but I encouraged the second bug mentioned [here].(#125105) Is there any workaround how we can install fleet agent ? |
@Duri9292 I suppose this is on an self managed cluster? You could try adding a new policy with Fleet Server integration, and try installing Fleet Server to that, so it doesn't clash with the preconfiguration. |
Kibana version: 7.16 and potentially others
Elasticsearch version:
Server OS version:
Browser version:
Browser OS version:
Original install method (e.g. download page, yum, from source, etc.): on prem installation
Describe the bug:
Many users reported Default Fleet Server policy missing fleet_server integration, and this blocks them to enroll a Fleet Server successfully. The workaround is to add fleet_server integration manually to the policy.
The root cause/steps to reproduce is unknown, it could be that something goes wrong during setup, and that's why the fleet_server integration fails to be added.
Steps to reproduce:
Set a dummy registryUrl in kibana.yml or kibana.dev.yml, so that fleet_server can't be installed on startup
Remove registryUrl (or set to a valid value)
Bug: even though fleet_server is installed successfully now, fleet server policy still doesn't have a fleet_server policy integration.
Expected behavior: fleet_server integration should be added by default to Default Fleet Server policy.
Screenshots (if relevant):
Errors in browser console (if relevant):
Provide logs and/or server output (if relevant):
Any additional context: this bug might go away once we release removing Default policies: #108456
Reported issues:
https://discuss.elastic.co/t/why-cant-select-an-agent-policy-when-add-a-fleet-server/293083
https://discuss.elastic.co/t/cannot-add-a-fleet-server/295670
The text was updated successfully, but these errors were encountered: