Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Fleet] Fixes for preconfigured remote Elasticsearch outputs #172546

Closed
jillguyonnet opened this issue Dec 5, 2023 · 1 comment · Fixed by #172550
Closed

[Fleet] Fixes for preconfigured remote Elasticsearch outputs #172546

jillguyonnet opened this issue Dec 5, 2023 · 1 comment · Fixed by #172550
Assignees
@jillguyonnet
Labels
Team:Fleet Team label for Observability Data Collection Fleet team

Comments

@jillguyonnet
Copy link
Contributor

jillguyonnet commented Dec 5, 2023
edited
Loading

Relates to #104986 (remote ES outputs)
Relates to #166360 (preconfigured output secrets)

Summary

As support for remote ES outputs and preconfigured output secrets were developed in parallel, there remain a couple of issues to iron out.

Preconfiguration validation

The preconfiguration validation is missing the new remote Elasticsearch type for outputs. For this reason, Kibana currently crashes when a remote ES output is defined in kibana.yml:

 FATAL  Error: [config validation of [xpack.fleet].outputs.2]: types that failed validation:
- [config validation of [xpack.fleet].outputs.2.0.type]: expected value to equal [elasticsearch]
- [config validation of [xpack.fleet].outputs.2.1.type]: expected value to equal [logstash]
- [config validation of [xpack.fleet].outputs.2.2.type]: expected value to equal [kafka]
Secret values hashing

The logic in secret hashing and comparison needs to be extended to remote ES output type.

Acceptance criteria

  1. It should be possible to create preconfigured remote ES using the Kibana config file.
  2. The secret values should correctly be stored as secrets in the .fleet-secrets system index.
  3. Updates to secret values should be correctly picked up and stored in the .fleet-secrets system index.
@jillguyonnet jillguyonnet added the Team:Fleet Team label for Observability Data Collection Fleet team label Dec 5, 2023
@elasticmachine
Copy link
Contributor

Pinging @elastic/fleet (Team:Fleet)

@jillguyonnet jillguyonnet self-assigned this Dec 5, 2023
@jillguyonnet jillguyonnet mentioned this issue Dec 5, 2023
Merged
@jillguyonnet jillguyonnet changed the title [Fleet] Preconfiguration config should allow remote Elasticsearch outputs [Fleet] Fixes for preconfigured remote Elasticsearch outputs Dec 5, 2023
jillguyonnet added a commit that referenced this issue Dec 5, 2023
@jillguyonnet @kibanamachine
[Fleet] Fix preconfigured remote ES outputs with secrets (#172550)
1476bda 
## Summary

Closes #172546

### Testing

1. Add the following to your Kibana config file and start Kibana:
```yml
xpack.fleet.outputs:
  - id: my-remote-es-output-with-a-secret
    name: preconfigured remote elasticsearch output with a secret
    type: remote_elasticsearch
    hosts: ['http://localhost:9997']
    secrets:
      service_token: secretRemoteESServiceToken
```
2. Head to Fleet UI and check that the output was correctly created.
3. Go to the Dev Tools Console and query Fleet secrets: `GET
.fleet-secrets/_search`. Check that the service token secret was
created.
4. Edit the output configuration, e.g. the value of the service token,
and wait for Kibana to restart.
5. Check that the value(s) have been correctly updated.

---------

Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jillguyonnet jillguyonnet

Labels
Team:Fleet Team label for Observability Data Collection Fleet team
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[Fleet] Fix preconfigured remote ES outputs with secrets jillguyonnet/kibana
2 participants
@elasticmachine @jillguyonnet