[Fleet] Improve on-prem Fleet Server instructions for Quick start

[juliaElastic]

When following Fleet Server on-prem instructions and selecting Quick start, the generated command is incomplete.

The command gives an error which is misleading.
It might take long time for users to figure out from the docs that this argument is missing: --fleet-server-insecure-http

Expected fix: If Quick start is selected, add --fleet-server-insecure-http to generated command.

Error message:

sudo ./elastic-agent install   \
 --fleet-server-es=http://localhost:9200 \
--fleet-server-service-token=AAEAAWVsYXN0aWMvZmxlZXQtc2VydmVyL3Rva2VuLTE2MzYxMDQ3MzY5Nzc6c0FHYmQ1TFJRQVdPZVdaVlRkQlBLZw \
  --fleet-server-policy=ac62b120-3d80-11ec-ad0c-f1e85cdefcb8 

2021-11-05T10:40:14.142+0100	INFO	cmd/enroll_cmd.go:382	Generating self-signed certificate for Fleet Server
2021-11-05T10:40:15.533+0100	INFO	cmd/enroll_cmd.go:760	Fleet Server - Starting
2021-11-05T10:40:17.539+0100	INFO	cmd/enroll_cmd.go:741	Fleet Server - Running on policy with Fleet Server integration: ac62b120-3d80-11ec-ad0c-f1e85cdefcb8; missing config fleet.agent.id (expected during bootstrap process)
2021-11-05T10:40:18.274+0100	INFO	cmd/enroll_cmd.go:442	Starting enrollment to URL: https://Julias-MacBook-Pro.local:8220/
2021-11-05T10:40:23.384+0100	WARN	[transport]	transport/tcp.go:52	DNS lookup failure "Julias-MacBook-Pro.local": lookup Julias-MacBook-Pro.local: no such host
Error: fail to enroll: fail to execute request to fleet-server: lookup Julias-MacBook-Pro.local: no such host

[elasticmachine]

Pinging @elastic/fleet (Team:Fleet)

[juliaElastic]

@jen-huang @mostlyjason FYI, I came across this during upgrade testing.

[joshdover]

What's strange is the error message indicates a DNS issue? Agreed we should include this option though in general for the "Quick Start" option.

This also has overlap with #116620. When security on by default is enabled (which as the name indicates, is the default) we should be able to use the self-signed CA fingerprint directly so that Fleet Server will be communicating over HTTPS. Is there still a use case for "Quick Start" anymore? Should we remove it entirely in #116620 ?

[mostlyjason]

@joshdover I believe the quick start mode and the option fleet-server-insecure-http refers to the Agent->FS connection. Security on by default only applies to the Agent->ES and FS->ES connections. They have separate certificates.

Makes sense to me to add this if the user can't proceed without it.

[joshdover]

I believe the quick start mode and the option fleet-server-insecure-http refers to the Agent->FS connection. Security on by default only applies to the Agent->ES and FS->ES connections. They have separate certificates.

Ah yes, you're correct.

Yeah let's go ahead and add this then. Seems like a quick fix we can get in for a 7.x patch release.