Provide the relevant subset of the agent policy to the shipper as its configuration #617
Comments
cmacknz
added
Team:Elastic-Agent-Data-Plane
|
CC @rdner as this will likely define how the shipper receives the processor list from the agent. CC @fearful-symmetry since the configuration format should be finalized to complete elastic/elastic-agent-shipper#13 |
|
In my proposal document I had the following example: outputs:
default:
type: elasticsearch
hosts:
- 'http://localhost:9200'
inputs:
- id: default-system-policy # unique for the entire policy
use_output: default # output is declared only on the input level
processors: # list of processors for the input level
- add_locale: null
data_stream: # data stream parameters of the input level
# (can be overridden by streams)
namespace: default
dataset: system.auth
type: logs
streams: # optional, some inputs don’t have streams
- id: logfile-system.auth-default-system-policy
data_stream: # overrides the input level `data_stream`
dataset: system.auth
type: logs
processors: # additional processors to what declared
# on the input level
- add_locale: nullThis is the bare minimum we would need in the shipper, it does not have to be exactly that but it's something we could start the discussion with. |
|
Also don't forget monitoring/debug config, which will need to live somewhere in here as well. Also an interesting question is where the source of truth for this configure structure will live, if there is one. Ideally, there would be a single protobuf file that lives somewhere, and is imported by the shipper, and agent, and whatever components care about sending/receiving that config. Not sure if that's possible with the current stack of the entire stack. Also, if this config is (primarily) generated based on some web input in Kibana's Fleet UI, I'm wondering at which point it doesn't really make sense to be storing all this in YAML, which is considerably more cumbersome to deal with in debug environments compared to something non-whitespace sensitive like JSON. |
|
OK, I think it's clear we need the The snippet in the issue description looks like it captures all of this now. |
|
@fearful-symmetry I believe the agent policy is stored as a Kibana saved object by fleet, see https://github.com/elastic/kibana/blob/60e7f1dcd120c5512506050611d99c3455cbd912/x-pack/plugins/fleet/server/saved_objects/index.ts#L131 for example. If you look around https://github.com/elastic/kibana/tree/main/x-pack/plugins/fleet/dev_docs and the fleet packages you can follow how fleet handles policies. |
|
Unless there's anything else we want to add to this I'll convert this into an issue in the agent repository for the control plane team to send us the agent policy sections we care about. |
cmacknz
changed the title
|
This issue is now the specification of what the agent should provide to the shipper. I've transferred to the agent repository and tracked it under #214. CC @ph @blakerouse |
|
We spoke today and decided the simplest initial path is for the agent to provide the shipper with the entire agent policy, and the shipper can parse the sections it requires. |
|
Closing this as the shipper project has been revisited. |
An initial configuration file for the shipper has been defined at https://github.com/elastic/elastic-agent-shipper/blob/main/elastic-agent-shipper.yml, but it does not yet include all of the information required for the shipper to run.
The shipper should receive the subset of the agent policy that applies to each instance of a shipper process started by the agent.
Consider a simple agent policy like https://gist.github.com/blakerouse/88c9e461c031fc089e0f8601b78b48de. Then each defined output will map to an instance of the shipper process that should be provided with:
outputsection for the started shipper.agent.monitoringsection to control shipper monitoring.For the sample agent policy above, we should receive at least the following configuration almost verbatim from the agent policy.
Relates to:
The text was updated successfully, but these errors were encountered: