Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Self-Managed]: Unable to install secondary agent on self-managed kibana having Fleet Server running. #1756

Closed
amolnater-qasource opened this issue Nov 18, 2022 · 10 comments
Closed

[Self-Managed]: Unable to install secondary agent on self-managed kibana having Fleet Server running. #1756

amolnater-qasource opened this issue Nov 18, 2022 · 10 comments
Labels
bug Something isn't working impact:high Short-term priority; add to current release, or definitely next. Team:Elastic-Agent-Control-Plane Label for the Agent Control Plane team Team:Fleet Label for the Fleet team

Comments

@amolnater-qasource
Copy link

Kibana version: 8.6 BC1 self-managed environment

Host OS and Browser version: Windows, All

Build details:

VERSION: 8.6.0 BC1 Kibana self-managed environment
BUILD: 58392
COMMIT: 50a7feb0a5eb068d3acccc49c83b9ccb6db6734f

Preconditions:

  1. 8.6 BC1 self-managed environment should be available.
  2. Fleet Server should be installed and a host url should be added.

Steps to reproduce:

  1. Navigate to Agents tab.
  2. Create Agent policy and run agent install command with --insecure.
  3. Observe error:
Error: fail to enroll: fail to execute request to fleet-server: status code: 400, fleet-server returned an error: BadRequest, message: apikey auth response 4sUqioQB57iiFfqR0hGq: [401 Unauthorized] {"error":{"root_cause":[{"type":"security_exception","reason":"unable to authenticate with provided credentials and anonymous access is not allowed for this request","additional_unsuccessful_credentials":"API key: unable to find apikey with id 4sUqioQB57iiFfqR0hGq","header":{"WWW-Authenticate":["Basic realm=\"security\" charset=\"UTF-8\"","Bearer realm=\"security\"","ApiKey"]}}],"type":"security_exception","reason":"unable to authenticate with provided credentials and anonymous access is not allowed for this request","additional_unsuccessful_credentials":"API key: unable to find apikey with id 4sUqioQB57iiFfqR0hGq","header":{"WWW-Authenticate":["Basic realm=\"security\" charset=\"UTF-8\"","Bearer realm=\"security\"","ApiKey"]}},"status":401}
For help, please see our troubleshooting guide at https://www.elastic.co/guide/en/fleet/8.6/fleet-troubleshooting.html
Error: enroll command failed with exit code: 1

Enrollment Token is correct and is not revoked for agent policy.
Screenshots:
Alerts:
20

Kibana details:
16
17
18
19

Expected Result:
User should be able to install secondary agent on self-managed kibana having Fleet Server running.
@amolnater-qasource amolnater-qasource added bug Something isn't working Team:Elastic-Agent-Control-Plane Label for the Agent Control Plane team impact:high Short-term priority; add to current release, or definitely next. labels Nov 18, 2022
@amolnater-qasource
Copy link
Author

@manishgupta-qasource Please review.

@manishgupta-qasource
Copy link

Secondary review for this ticket is Done

@cmacknz
Copy link
Member

cmacknz commented Nov 21, 2022

@joshdover or @michel-laterman any ideas on this one?

@cmacknz cmacknz added the Team:Fleet Label for the Fleet team label Nov 21, 2022
@cmacknz cmacknz mentioned this issue Nov 21, 2022
Closed
@joshdover
Copy link
Contributor

Nothing obvious jumping out at me. @amolnater-qasource could you collect a couple things for the API key id that is returned in the error message:

  • Results of GET _security/api_key?id=<id from error>
  • Results of GET .fleet-enrollment-api-keys/_search?q=api_key_id:<id from error>

@amolnater-qasource
Copy link
Author

Hi @joshdover

Thank you for looking into this.
We have revalidated this issue on latest 8.6 BC2 Kibana self-managed environment and found this issue reproducible.

Observations:

could you collect a couple things for the API key id that is returned in the error message:

  • On the latest BC2, we are not getting API key error message.
  • We are getting Error: enroll command failed with exit code: 1 even on installing agent with --insecure and without this flag.
  • We are still not able to install secondary agent.
    Fleet-Server is running without any errors with Fleet Server integration.

Screenshots:
8

Build details:
BUILD: 58485
COMMIT: b52b34c2ff5216c395bd49c5fbc97744b646f34d

Fleet Server logs:
logs.zip

Please let us know if anything else is required from our end.
Thanks

@cmacknz
Copy link
Member

cmacknz commented Nov 24, 2022

The timeout here might be related to #1731, which is fixed in the latest snapshot but is not yet in the latest BC (BC2).

@amolnater-qasource
Copy link
Author

Hi @cmacknz

Thank you for the update.
We will revalidate this on next 8.6 BC3 build as soon as it is available.

Thanks!

@cmacknz
Copy link
Member

cmacknz commented Nov 29, 2022

Following up, BC3 is available and BC4 will be available tomorrow.

@amolnater-qasource
Copy link
Author

Hi @cmacknz

We have revalidated this issue on latest 8.6 BC4 and observed that we are able to install the secondary agent however it remains stuck in UPDATING state.

Build details:

VERSION: 8.6.0 BC4 Kibana cloud environment
BUILD: 58612
COMMIT: 218162f282314db5b3833c84752dd24395949b3f

Hence we are closing this issue.

Thanks

@ghost
Copy link

ghost commented Jan 23, 2023

Bug Conversion

Thanks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working impact:high Short-term priority; add to current release, or definitely next. Team:Elastic-Agent-Control-Plane Label for the Agent Control Plane team Team:Fleet Label for the Fleet team
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@joshdover @cmacknz @manishgupta-qasource @amolnater-qasource