0

Fleet server with elasticsearch in docker container

Fleet server in docker container

Previously, on this post I've created a script to deploy the elastic stack using docker containers.

Fleet & Fleet server was released as of 7.14.0 and it uses the elastic-agent as a single, unified way to add monitoring for logs, metrics and other types of data.

Fleet server is the mechanism to connect elastic-agents to fleet.

In version 5 of the deploy-elastic.sh script I've added the fleet mode so that you can deploy the Fleet server and use it to register elastic-agents.

Simple run ./deploy-elastic.sh fleet 7.14.1

  • The script will check to see if your stack is 7.14+ or else it will exit.
  • Fleet server will be stood up using a container named fleet
  • The fleet server will listen on port 8220 (standard port) - when you are registering remote agents use your host's IP address and 8220 to register the agents.
  • Fleet endpoint is terminated wtih SSL and it uses the same ca.crt for your stack which is conviently copied out to your homedir/elasticstack/ca.crt so that you can copy it out to remote endpoints and use it to send data into fleet server.
  • Even if you've deployed the stack using other options you can add fleet onto it by running ./deploy-elastic.sh fleet {version} just make sure that the version matches your current deployment and that it is 7.14+

Once you are done testing again the cleanup is super simple just run ./deploy-elastic.sh cleanup and it will cleanup all the volumes/containers/networks. It will not remove the images so you will need to do that manually

After the stack is deployed you can log into kibana -> Management -> Fleet and view your Fleet server

file

Enroll elastic agents onto my deployment

My host that runs the newly deployed elastic stack has IP of 192.168.1.172. As mentioned earlier if you goto your homedirectory/elasticstack it has a copy of the ca.crt that was used to sign all the certificate. You will need to copy this ca.crt to the host that you will install and run the elastic-agent from.

I have a 2nd linux host named kube that will run the elastic-agent and report back to my deployment. I've rpm installed the elastic-agent using yum onto this host and copied the ca.crt to /etc/elastic-agent/ and chowned it root:root

Enroll the agent:

# elastic-agent enroll -f -a /etc/elastic-agent/ca.crt --fleet-server-es-ca /etc/elastic-agent/ca.crt --url=https://192.168.1.172:8220 --enrollment-token=Tms1d3gzc0JlaGt4b2VJOURsLVk6R3VIUHg2ODZTNDY0WXIybmhCM3pYZw==

2021-09-08T20:48:31.597-0500    INFO    cmd/enroll_cmd.go:414   Starting enrollment to URL: https://192.168.1.172:8220/
2021-09-08T20:48:32.404-0500    INFO    cmd/enroll_cmd.go:250   Elastic Agent might not be running; unable to trigger restart
2021-09-08T20:48:32.404-0500    INFO    cmd/enroll_cmd.go:252   Successfully triggered restart on running Elastic Agent.
Successfully enrolled the Elastic Agent.

Where did I get the enrollment token? From the Enrollment tokens tab in Fleet.

Start the agent:

# systemctl start elastic-agent
# ps -ef | grep elastic
root      898478       1 35 20:48 ?        00:00:01 /usr/share/elastic-agent/bin/elastic-agent --path.home /var/lib/elastic-agent --path.config /etc/elastic-agent --path.logs /var/log/elastic-agent run --environment systemd -c /etc/elastic-agent/elastic-agent.yml
root      898512  897241  0 20:48 pts/0    00:00:00 grep --color=auto elastic

Now I go back to my Fleet -> Agents page and now I can see that the agent is reporting in

file

The following is the output from a clean deployment.

❯ time ./deploy-elastic.sh fleet 7.14.1
[DEBUG] Deployment does not exist.  Starting deployment first
********** Deploying elasticsearch & kibana 7.14.1 **********
[DEBUG] docker.elastic.co/elasticsearch/elasticsearch:7.14.1 docker image already exists.. moving forward..
[DEBUG] docker.elastic.co/kibana/kibana:7.14.1 docker image already exists.. moving forward..
[DEBUG] Created elasticsearch.yml
[DEBUG] Setting temp password for elastic as G3q1l7lIFdnHK315AxDuWTlzJ
[DEBUG] Created kibana.yml
[DEBUG] Created .env file
[DEBUG] Created instances.yml
[DEBUG] Created create-certs.yml for 7.14.1
[DEBUG] Created stack-compose.yml for 7.14.1
[DEBUG] Create certificates
Creating network "es_default" with the default driver
Creating volume "es_certs" with default driver
Creating es_create_certs_run ... done
Archive:  /certs/bundle.zip
   creating: /certs/ca/
  inflating: /certs/ca/ca.crt
   creating: /certs/es01/
  inflating: /certs/es01/es01.crt
  inflating: /certs/es01/es01.key
   creating: /certs/es02/
  inflating: /certs/es02/es02.crt
  inflating: /certs/es02/es02.key
   creating: /certs/es03/
  inflating: /certs/es03/es03.crt
  inflating: /certs/es03/es03.key
   creating: /certs/kibana/
  inflating: /certs/kibana/kibana.crt
  inflating: /certs/kibana/kibana.key
   creating: /certs/apm/
  inflating: /certs/apm/apm.crt
  inflating: /certs/apm/apm.key
   creating: /certs/entsearch/
  inflating: /certs/entsearch/entsearch.crt
  inflating: /certs/entsearch/entsearch.key
   creating: /certs/minio/
  inflating: /certs/minio/minio.crt
  inflating: /certs/minio/minio.key
   creating: /certs/fleet/
  inflating: /certs/fleet/fleet.crt
  inflating: /certs/fleet/fleet.key
[DEBUG] Starting our deployment
Creating volume "es_data01" with default driver
Creating volume "es_data02" with default driver
Creating volume "es_data03" with default driver
Creating kibana ... done
Creating es01   ... done
Creating es02   ... done
Creating es03   ... done
Creating es_wait_until_ready_1 ... done
[DEBUG] elasticsearch health is GREEN moving forward.
[DEBUG] Setting passwords and storing it in /Users/jlim/elasticstack/notes
Changed password for user apm_system
PASSWORD apm_system = A9sLi96IY9zRd7iTbyzm

Changed password for user kibana_system
PASSWORD kibana_system = 9AGAxQIUeIuvoIAeKVov

Changed password for user kibana
PASSWORD kibana = 9AGAxQIUeIuvoIAeKVov

Changed password for user logstash_system
PASSWORD logstash_system = TB7tAdTtUmjHexJqwz20

Changed password for user beats_system
PASSWORD beats_system = QbUD4RWqXFYpshqSQ9G0

Changed password for user remote_monitoring_user
PASSWORD remote_monitoring_user = ckrsVfB8lOjIv3jM2soe

Changed password for user elastic
PASSWORD elastic = IovHb7fqVvRjsJA3MZsQ

[DEBUG] elastic user's password found IovHb7fqVvRjsJA3MZsQ
[DEBUG] kibana.yml re-generated with new password and encryption keys
[DEBUG] Restarted kibana to pick up the new elastic password
[DEBUG] Copied the certificate authority into /Users/jlim/elasticstack
[DEBUG] Complete! - stack deployed. 7.14.1

********** Deploying FLEET **********
[DEBUG] elastic user's password found IovHb7fqVvRjsJA3MZsQ
[DEBUG] elasticsearch health is GREEN moving forward.
[DEBUG] docker.elastic.co/beats/elastic-agent:7.14.1 docker image already exists.. moving forward..
[DEBUG] Restarting es01 for FLEET
[DEBUG] Restarting es02 for FLEET
[DEBUG] Restarting es03 for FLEET
[DEBUG] elasticsearch is unhealthy. Checking again in 2 seconds.. if this doesnt finish in ~ 30 seconds something is wrong ctrl-c please.
[DEBUG] elasticsearch is unhealthy. Checking again in 2 seconds.. if this doesnt finish in ~ 30 seconds something is wrong ctrl-c please.
[DEBUG] elasticsearch is unhealthy. Checking again in 2 seconds.. if this doesnt finish in ~ 30 seconds something is wrong ctrl-c please.
[DEBUG] elasticsearch is unhealthy. Checking again in 2 seconds.. if this doesnt finish in ~ 30 seconds something is wrong ctrl-c please.
[DEBUG] elasticsearch is unhealthy. Checking again in 2 seconds.. if this doesnt finish in ~ 30 seconds something is wrong ctrl-c please.
[DEBUG] elasticsearch is unhealthy. Checking again in 2 seconds.. if this doesnt finish in ~ 30 seconds something is wrong ctrl-c please.
[DEBUG] elasticsearch is unhealthy. Checking again in 2 seconds.. if this doesnt finish in ~ 30 seconds something is wrong ctrl-c please.
[DEBUG] elasticsearch is unhealthy. Checking again in 2 seconds.. if this doesnt finish in ~ 30 seconds something is wrong ctrl-c please.
[DEBUG] elasticsearch health is GREEN moving forward.
[DEBUG] Created fleet-compose.yml
[DEBUG] Started FLEET SERVER. - Please give it about a minute for things to settle before you go into the FLEET app.
./deploy-elastic.sh fleet 7.14.1  6.58s user 2.46s system 9% cpu 1:37.36 total

It took a total of 1:37.36 to run with the docker images cached!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.