Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Fleet] Support for remote ES output #169252

Merged
merged 25 commits into from
Nov 1, 2023

Conversation

juliaElastic
Copy link
Contributor

@juliaElastic juliaElastic commented Oct 18, 2023

Summary

Resolves #104986

Opening up for review, the feature flag is off for now, and the TODO items can come in follow up prs.

TODO:

Added Remote ES output type, support to generate service token for fleet-server-remote account, support to create and edit remote es output.
Added validation to disallow making remote ES output as default for integration data.

How to test locally?

Enable feature flag by adding this to kibana.dev.yml:

xpack.fleet.enableExperimental: ['remoteESOutput']

See e2e test instructions here: elastic/fleet-server#3051

Generate service token

Create remote service token API:

POST kbn:/api/fleet/service_tokens
{
  "remote": true
}

// kibana logs out
[2023-10-19T16:22:05.776+02:00][DEBUG][plugins.fleet] Creating service token for account elastic/fleet-server-remote

Add/Edit output flyout:

Add output flyout:

image

Edd output flyout:

image

Remote ES output not allowed to be set as integrations data output in agent policies, only as monitoring output:
image
image

Example API call to create/update output:

POST kbn:/api/fleet/outputs
{"name":"remote1","type":"remote-elasticsearch","hosts":["http://localhost:9200"],"is_default":false,"is_default_monitoring":false,"config_yaml":"","service_token":"token1","proxy_id":null}

PUT kbn:/api/fleet/outputs/39168010-6db8-11ee-9bf3-ed5492034535
{"name":"remote2","type":"remote-elasticsearch","hosts":["http://localhost:9200"],"is_default":false,"is_default_monitoring":false,"config_yaml":"","service_token":"token2","proxy_id":null}

Checklist

@juliaElastic juliaElastic added the release_note:feature Makes this part of the condensed release notes label Oct 18, 2023
@juliaElastic juliaElastic self-assigned this Oct 18, 2023
@apmmachine
Copy link
Contributor

🤖 GitHub comments

Expand to view the GitHub comments

Just comment with:

  • /oblt-deploy : Deploy a Kibana instance using the Observability test environments.
  • /oblt-deploy-serverless : Deploy a serverless Kibana instance using the Observability test environments.
  • run elasticsearch-ci/docs : Re-trigger the docs validation. (use unformatted text in the comment!)

@juliaElastic juliaElastic added the ci:cloud-deploy Create or update a Cloud deployment label Oct 19, 2023
serviceToken={serviceToken}
generateServiceToken={generateServiceToken}
isLoadingServiceToken={isLoadingServiceToken}
/>
),
};
};

const ServiceTokenStepContent: React.FunctionComponent<{
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

moved out and renamed this component to GenerateServiceTokenComponent to reuse in generating remote token

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

At the end I haven't used this component somewhere else, but I think the refactor can be left in.

@@ -42,28 +42,7 @@ export const FleetServerRequirementPage: React.FunctionComponent<
const startService = useStartServices();
const deploymentUrl = startService.cloud?.deploymentUrl;

const [isPermissionsLoading, setIsPermissionsLoading] = useState<boolean>(false);
const [permissionsError, setPermissionsError] = useState<string>();
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

moved this to its own hook, useCheckPermissions

}
>
<EuiComboBox
{isRemoteESOutput ? null : (
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

hiding the proxy for remote ES output

...outputsRequest.data.items.map((item) => {
const isOutputTypeUnsupported = !allowedOutputTypes.includes(item.type);
...outputsRequest.data.items
.filter((item) => item.type !== outputType.RemoteElasticsearch)
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

remote ES can't be used as integrations data output:

  1. Do not allow remote elasticsearch output to be selected as integrations data output (should not be shown in dropdown)

if (output && output.type === outputType.Elasticsearch) {
if (
output &&
(output.type === outputType.Elasticsearch || output.type === outputType.RemoteElasticsearch)
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I found output_permissions are needed for remote-elasticsearch output, though it was not mentioned in the definition.

@juliaElastic juliaElastic marked this pull request as ready for review October 25, 2023 12:17
@juliaElastic juliaElastic requested review from a team as code owners October 25, 2023 12:17
@elasticmachine
Copy link
Contributor

Pinging @elastic/fleet (Team:Fleet)

… src/core/server/integration_tests/ci_checks'
Copy link
Contributor

@pgayvallet pgayvallet left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@juliaElastic juliaElastic added ci:cloud-deploy Create or update a Cloud deployment and removed ci:cloud-deploy Create or update a Cloud deployment labels Oct 26, 2023
@nchaulet nchaulet self-requested a review October 30, 2023 12:42

export const GenerateServiceTokenRequestSchema = {
query: schema.object({
remote: schema.boolean({ defaultValue: false }),
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: I personally found the query parameter for POST request confusing and not consistent with our other endpoints, should we move this to a body parameter?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done, also replaced the callout
image

Copy link
Member

@nchaulet nchaulet left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for your changes, I just tested the UI locally and works as expected 🚀

@juliaElastic juliaElastic removed the ci:cloud-deploy Create or update a Cloud deployment label Oct 30, 2023
import { schema } from '@kbn/config-schema';

export const GenerateServiceTokenRequestSchema = {
body: schema.object({
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@juliaElastic looks like it break normal service tokens creation probably should be wrapped in a maybe

{
    "error": "Bad Request",
    "message": "[request body]: expected a plain object value, but found [null] instead.",
    "statusCode": 400
}

Copy link
Contributor Author

@juliaElastic juliaElastic Oct 30, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unfortunately maybe didn't work, I tried a few more combinations (nullable, oneOf, literal) but no luck. At the end I could solve it with a custom validator function.

@kibana-ci
Copy link
Collaborator

💛 Build succeeded, but was flaky

Failed CI Steps

Test Failures

  • [job] [logs] FTR Configs #68 / core plugins application using ScopedHistory.block "before each" hook for "allows navigation if user click confirm on the confirmation dialog"

Metrics [docs]

Module Count

Fewer modules leads to a faster build time

id before after diff
fleet 941 944 +3

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
fleet 1.2MB 1.2MB +3.4KB

Public APIs missing exports

Total count of every type that is part of your API that should be exported but is not. This will cause broken links in the API documentation system. Target amount is 0. Run node scripts/build_api_docs --plugin [yourplugin] --stats exports for more detailed information.

id before after diff
fleet 44 45 +1

Page load bundle

Size of the bundles that are downloaded on every page load. Target size is below 100kb

id before after diff
fleet 148.3KB 149.3KB +1.0KB

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @juliaElastic

@juliaElastic juliaElastic merged commit a732dea into elastic:main Nov 1, 2023
29 checks passed
@kibanamachine kibanamachine added v8.12.0 backport:skip This commit does not require backporting labels Nov 1, 2023
delanni pushed a commit to delanni/kibana that referenced this pull request Nov 6, 2023
## Summary

Resolves elastic#104986

Opening up for review, the feature flag is off for now, and the TODO
items can come in follow up prs.

TODO:
- make service_token a secret field in output - depends on
elastic#157458
- should link to remote elasticsearch docs in UI - depends on
elastic/ingest-docs#530
- remote es connection check and report on UI - depends on fleet-server
to report unhealthy status if can't access the remote ES cluster
- enable feature flag when feature is ready

Added Remote ES output type, support to generate service token for
`fleet-server-remote` account, support to create and edit remote es
output.
Added validation to disallow making remote ES output as default for
integration data.

## How to test locally?
Enable feature flag by adding this to `kibana.dev.yml`:
```
xpack.fleet.enableExperimental: ['remoteESOutput']
```
See e2e test instructions here:
elastic/fleet-server#3051

## Generate service token

Create remote service token API:
```
POST kbn:/api/fleet/service_tokens
{
  "remote": true
}

// kibana logs out
[2023-10-19T16:22:05.776+02:00][DEBUG][plugins.fleet] Creating service token for account elastic/fleet-server-remote
```

## Add/Edit output flyout:
Add output flyout:

<img width="675" alt="image"
src="https://github.com/elastic/kibana/assets/90178898/dafc7d0e-05be-467f-871c-c4256fc833f6">

Edd output flyout:

<img width="660" alt="image"
src="https://github.com/elastic/kibana/assets/90178898/0d58fcfb-8c22-4e27-8719-db86ecba2e8d">

Remote ES output not allowed to be set as integrations data output in
agent policies, only as monitoring output:
<img width="690" alt="image"
src="https://github.com/elastic/kibana/assets/90178898/675279cd-1c89-4069-9e07-e448aa796885">
<img width="683" alt="image"
src="https://github.com/elastic/kibana/assets/90178898/6f67179d-b971-497f-9b04-3d3db5a42976">


Example API call to create/update output:
```
POST kbn:/api/fleet/outputs
{"name":"remote1","type":"remote-elasticsearch","hosts":["http://localhost:9200"],"is_default":false,"is_default_monitoring":false,"config_yaml":"","service_token":"token1","proxy_id":null}

PUT kbn:/api/fleet/outputs/39168010-6db8-11ee-9bf3-ed5492034535
{"name":"remote2","type":"remote-elasticsearch","hosts":["http://localhost:9200"],"is_default":false,"is_default_monitoring":false,"config_yaml":"","service_token":"token2","proxy_id":null}
```

### Checklist

- [x] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios

---------

Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
backport:skip This commit does not require backporting release_note:feature Makes this part of the condensed release notes Team:Fleet Team label for Observability Data Collection Fleet team v8.12.0
Projects
None yet
Development

Successfully merging this pull request may close these issues.

[Fleet] Support for Remote Elasticsearch cluster
7 participants