Change local fleet-server connection to localhost:8221 #1867
Conversation
Fix an issue where the local fleet-server port was not properly used by the elastic-agent when running an instance of fleet-server.
michel-laterman
added
bug
| if c.options.FleetServer.InternalPort == 0 { | ||
| c.options.FleetServer.InternalPort = defaultFleetServerInternalPort | ||
| } |
There was a problem hiding this comment.
The InternalURL is set when the agent is creating the fleet tls settings (line 321), however it expects a non-zero internal port value in order to do so.
There was a problem hiding this comment.
this is fine. we have a check like this inside createFleetServerBootstrapConfig i'm ok with moving this up.
💚 Build Succeeded
Expand to view the summary
Build stats
Test stats 🧪
💚 Flaky test reportTests succeeded. 🤖 GitHub commentsExpand to view the GitHub comments
To re-run your PR in the CI, just comment with:
|
🌐 Coverage report
|
michel-laterman
requested review from
aleksmaus
and removed request for
a team
|
I've tested what port is used by adding a local debug line in When I enroll a new agent running the fleet-server I see that the enroll request targets However, when the agent is running afterwards it switches to Enrolling another agent always targets |
is this for remote agent? remote agent should not call this port just the one running fleet-server. |
|
Oops, sorry I was not clear; The local agent does the swap from 8220 to 8221 when enrolling/running. |
|
just to clarify initial implementation and why we have this. So we introduced internal port which is used only by agent running fleet server. this prevents throttling and force unenrollment of all agents due to heavy load. |
|
SonarCloud Quality Gate failed.
|
|
After a brief discussion with @michalpristas we have decided to keep the behaviour of the local agent that this PR introduces: using |
|
@michel-laterman can we proceed with this change or is there anything else missing? |
* Change local fleet-server connection to localhost:8221 Fix an issue where the local fleet-server port was not properly used by the elastic-agent when running an instance of fleet-server. * Fix typo * Add additional debug line in remote client * change to certificate verfication for local port (cherry picked from commit 8c7537b) # Conflicts: # internal/pkg/agent/cmd/enroll_cmd.go
* Change local fleet-server connection to localhost:8221 Fix an issue where the local fleet-server port was not properly used by the elastic-agent when running an instance of fleet-server. * Fix typo * Add additional debug line in remote client * change to certificate verfication for local port (cherry picked from commit 8c7537b)
* Change local fleet-server connection to localhost:8221 Fix an issue where the local fleet-server port was not properly used by the elastic-agent when running an instance of fleet-server. * Fix typo * Add additional debug line in remote client * change to certificate verfication for local port (cherry picked from commit 8c7537b) Co-authored-by: Michel Laterman <82832767+michel-laterman@users.noreply.github.com>
What does this PR do?
Fix an issue where the local fleet-server port was not properly used by the elastic-agent when running an instance of fleet-server.
Why is it important?
When running a large scale of agents, the fleet-server may hit the connection limit if it's running on the same port as the other agents. this causes the elastic-agent running the fleet-server to be marked as degraded.
Checklist
CHANGELOG.next.asciidocorCHANGELOG-developer.next.asciidoc.