Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add --fleet-server-service-token. Rename --fleet-server to --fleet-server-es. (backport #25083) #25094

Merged
merged 1 commit into from
Apr 14, 2021
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions x-pack/elastic-agent/CHANGELOG.next.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -86,3 +86,4 @@
- Add STATE_PATH, CONFIG_PATH, LOGS_PATH to Elastic Agent docker image {pull}24817[24817]
- Add status subcommand {pull}24856[24856]
- Add leader_election provider for k8s {pull}24267[24267]
- Add --fleet-server-service-token and FLEET_SERVER_SERVICE_TOKEN options {pull}25083[25083]
29 changes: 19 additions & 10 deletions x-pack/elastic-agent/pkg/agent/cmd/container.go
Original file line number Diff line number Diff line change
Expand Up @@ -80,6 +80,7 @@ The following actions are possible and grouped based on the actions.
FLEET_SERVER_ELASTICSEARCH_USERNAME - elasticsearch username for Fleet Server [$ELASTICSEARCH_USERNAME]
FLEET_SERVER_ELASTICSEARCH_PASSWORD - elasticsearch password for Fleet Server [$ELASTICSEARCH_PASSWORD]
FLEET_SERVER_ELASTICSEARCH_CA - path to certificate authority to use with communicate with elasticsearch [$ELASTICSEARCH_CA]
FLEET_SERVER_SERVICE_TOKEN - service token to use for communication with elasticsearch
FLEET_SERVER_POLICY_NAME - name of policy for the Fleet Server to use for itself [$FLEET_TOKEN_POLICY_NAME]
FLEET_SERVER_POLICY_ID - policy ID for Fleet Server to use for itself ("Default Fleet Server policy" used when undefined)
FLEET_SERVER_HOST - binding host for Fleet Server HTTP (overrides the policy)
Expand Down Expand Up @@ -295,15 +296,18 @@ func buildEnrollArgs(cfg setupConfig, token string, policyID string) ([]string,
if err != nil {
return nil, err
}
args = append(args, "--fleet-server", connStr)
args = append(args, "--fleet-server-es", connStr)
if cfg.FleetServer.Elasticsearch.ServiceToken != "" {
args = append(args, "--fleet-server-service-token", cfg.FleetServer.Elasticsearch.ServiceToken)
}
if policyID == "" {
policyID = cfg.FleetServer.PolicyID
}
if policyID != "" {
args = append(args, "--fleet-server-policy", policyID)
}
if cfg.FleetServer.Elasticsearch.CA != "" {
args = append(args, "--fleet-server-elasticsearch-ca", cfg.FleetServer.Elasticsearch.CA)
args = append(args, "--fleet-server-es-ca", cfg.FleetServer.Elasticsearch.CA)
}
if cfg.FleetServer.Host != "" {
args = append(args, "--fleet-server-host", cfg.FleetServer.Host)
Expand Down Expand Up @@ -351,6 +355,9 @@ func buildFleetServerConnStr(cfg fleetServerConfig) (string, error) {
if u.Path != "" {
path += "/" + strings.TrimLeft(u.Path, "/")
}
if cfg.Elasticsearch.ServiceToken != "" {
return fmt.Sprintf("%s://%s%s", u.Scheme, u.Host, path), nil
}
return fmt.Sprintf("%s://%s:%s@%s%s", u.Scheme, cfg.Elasticsearch.Username, cfg.Elasticsearch.Password, u.Host, path), nil
}

Expand Down Expand Up @@ -710,10 +717,11 @@ type setupConfig struct {
}

type elasticsearchConfig struct {
CA string `config:"ca"`
Host string `config:"host"`
Username string `config:"username"`
Password string `config:"password"`
CA string `config:"ca"`
Host string `config:"host"`
Username string `config:"username"`
Password string `config:"password"`
ServiceToken string `config:"service_token"`
}

type fleetConfig struct {
Expand Down Expand Up @@ -767,10 +775,11 @@ func defaultAccessConfig() setupConfig {
Cert: envWithDefault("", "FLEET_SERVER_CERT"),
CertKey: envWithDefault("", "FLEET_SERVER_CERT_KEY"),
Elasticsearch: elasticsearchConfig{
Host: envWithDefault("http://elasticsearch:9200", "FLEET_SERVER_ELASTICSEARCH_HOST", "ELASTICSEARCH_HOST"),
Username: envWithDefault("elastic", "FLEET_SERVER_ELASTICSEARCH_USERNAME", "ELASTICSEARCH_USERNAME"),
Password: envWithDefault("changeme", "FLEET_SERVER_ELASTICSEARCH_PASSWORD", "ELASTICSEARCH_PASSWORD"),
CA: envWithDefault("", "FLEET_SERVER_ELASTICSEARCH_CA", "ELASTICSEARCH_CA"),
Host: envWithDefault("http://elasticsearch:9200", "FLEET_SERVER_ELASTICSEARCH_HOST", "ELASTICSEARCH_HOST"),
Username: envWithDefault("elastic", "FLEET_SERVER_ELASTICSEARCH_USERNAME", "ELASTICSEARCH_USERNAME"),
Password: envWithDefault("changeme", "FLEET_SERVER_ELASTICSEARCH_PASSWORD", "ELASTICSEARCH_PASSWORD"),
ServiceToken: envWithDefault("", "FLEET_SERVER_SERVICE_TOKEN"),
CA: envWithDefault("", "FLEET_SERVER_ELASTICSEARCH_CA", "ELASTICSEARCH_CA"),
},
Enable: envBool("FLEET_SERVER_ENABLE"),
Host: envWithDefault("", "FLEET_SERVER_HOST"),
Expand Down
24 changes: 16 additions & 8 deletions x-pack/elastic-agent/pkg/agent/cmd/enroll.go
Original file line number Diff line number Diff line change
Expand Up @@ -52,8 +52,9 @@ func addEnrollFlags(cmd *cobra.Command) {
cmd.Flags().StringP("url", "", "", "URL to enroll Agent into Fleet")
cmd.Flags().StringP("kibana-url", "k", "", "URL of Kibana to enroll Agent into Fleet")
cmd.Flags().StringP("enrollment-token", "t", "", "Enrollment token to use to enroll Agent into Fleet")
cmd.Flags().StringP("fleet-server", "", "", "Start and run a Fleet Server along side this Elastic Agent")
cmd.Flags().StringP("fleet-server-elasticsearch-ca", "", "", "Path to certificate authority to use with communicate with elasticsearch")
cmd.Flags().StringP("fleet-server-es", "", "", "Start and run a Fleet Server along side this Elastic Agent connecting to the provided elasticsearch")
cmd.Flags().StringP("fleet-server-es-ca", "", "", "Path to certificate authority to use with communicate with elasticsearch")
cmd.Flags().StringP("fleet-server-service-token", "", "", "Service token to use for communication with elasticsearch")
cmd.Flags().StringP("fleet-server-policy", "", "", "Start and run a Fleet Server on this specific policy")
cmd.Flags().StringP("fleet-server-host", "", "", "Fleet Server HTTP binding host (overrides the policy)")
cmd.Flags().Uint16P("fleet-server-port", "", 0, "Fleet Server HTTP binding port (overrides the policy)")
Expand All @@ -76,8 +77,9 @@ func buildEnrollmentFlags(cmd *cobra.Command, url string, token string) []string
if token == "" {
token, _ = cmd.Flags().GetString("enrollment-token")
}
fServer, _ := cmd.Flags().GetString("fleet-server")
fElasticSearchCA, _ := cmd.Flags().GetString("fleet-server-elasticsearch-ca")
fServer, _ := cmd.Flags().GetString("fleet-server-es")
fElasticSearchCA, _ := cmd.Flags().GetString("fleet-server-es-ca")
fServiceToken, _ := cmd.Flags().GetString("fleet-server-service-token")
fPolicy, _ := cmd.Flags().GetString("fleet-server-policy")
fHost, _ := cmd.Flags().GetString("fleet-server-host")
fPort, _ := cmd.Flags().GetUint16("fleet-server-port")
Expand All @@ -99,13 +101,17 @@ func buildEnrollmentFlags(cmd *cobra.Command, url string, token string) []string
args = append(args, token)
}
if fServer != "" {
args = append(args, "--fleet-server")
args = append(args, "--fleet-server-es")
args = append(args, fServer)
}
if fElasticSearchCA != "" {
args = append(args, "--fleet-server-elasticsearch-ca")
args = append(args, "--fleet-server-es-ca")
args = append(args, fElasticSearchCA)
}
if fServiceToken != "" {
args = append(args, "--fleet-server-service-token")
args = append(args, fServiceToken)
}
if fPolicy != "" {
args = append(args, "--fleet-server-policy")
args = append(args, fPolicy)
Expand Down Expand Up @@ -210,8 +216,9 @@ func enroll(streams *cli.IOStreams, cmd *cobra.Command, args []string) error {
url, _ = cmd.Flags().GetString("kibana-url")
}
enrollmentToken, _ := cmd.Flags().GetString("enrollment-token")
fServer, _ := cmd.Flags().GetString("fleet-server")
fElasticSearchCA, _ := cmd.Flags().GetString("fleet-server-elasticsearch-ca")
fServer, _ := cmd.Flags().GetString("fleet-server-es")
fElasticSearchCA, _ := cmd.Flags().GetString("fleet-server-es-ca")
fServiceToken, _ := cmd.Flags().GetString("fleet-server-service-token")
fPolicy, _ := cmd.Flags().GetString("fleet-server-policy")
fHost, _ := cmd.Flags().GetString("fleet-server-host")
fPort, _ := cmd.Flags().GetUint16("fleet-server-port")
Expand All @@ -238,6 +245,7 @@ func enroll(streams *cli.IOStreams, cmd *cobra.Command, args []string) error {
FleetServer: enrollCmdFleetServerOption{
ConnStr: fServer,
ElasticsearchCA: fElasticSearchCA,
ServiceToken: fServiceToken,
PolicyID: fPolicy,
Host: fHost,
Port: fPort,
Expand Down
11 changes: 7 additions & 4 deletions x-pack/elastic-agent/pkg/agent/cmd/enroll_cmd.go
Original file line number Diff line number Diff line change
Expand Up @@ -67,6 +67,7 @@ type enrollCmd struct {
type enrollCmdFleetServerOption struct {
ConnStr string
ElasticsearchCA string
ServiceToken string
PolicyID string
Host string
Port uint16
Expand Down Expand Up @@ -218,7 +219,8 @@ func (c *enrollCmd) fleetServerBootstrap(ctx context.Context) (string, error) {
}

fleetConfig, err := createFleetServerBootstrapConfig(
c.options.FleetServer.ConnStr, c.options.FleetServer.PolicyID,
c.options.FleetServer.ConnStr, c.options.FleetServer.ServiceToken,
c.options.FleetServer.PolicyID,
c.options.FleetServer.Host, c.options.FleetServer.Port,
c.options.FleetServer.Cert, c.options.FleetServer.CertKey, c.options.FleetServer.ElasticsearchCA)
if err != nil {
Expand Down Expand Up @@ -388,7 +390,8 @@ func (c *enrollCmd) enroll(ctx context.Context) error {
}
if c.options.FleetServer.ConnStr != "" {
serverConfig, err := createFleetServerBootstrapConfig(
c.options.FleetServer.ConnStr, c.options.FleetServer.PolicyID,
c.options.FleetServer.ConnStr, c.options.FleetServer.ServiceToken,
c.options.FleetServer.PolicyID,
c.options.FleetServer.Host, c.options.FleetServer.Port,
c.options.FleetServer.Cert, c.options.FleetServer.CertKey, c.options.FleetServer.ElasticsearchCA)
if err != nil {
Expand Down Expand Up @@ -692,8 +695,8 @@ func storeAgentInfo(s saver, reader io.Reader) error {
return nil
}

func createFleetServerBootstrapConfig(connStr string, policyID string, host string, port uint16, cert string, key string, esCA string) (*configuration.FleetAgentConfig, error) {
es, err := configuration.ElasticsearchFromConnStr(connStr)
func createFleetServerBootstrapConfig(connStr string, serviceToken string, policyID string, host string, port uint16, cert string, key string, esCA string) (*configuration.FleetAgentConfig, error) {
es, err := configuration.ElasticsearchFromConnStr(connStr, serviceToken)
if err != nil {
return nil, err
}
Expand Down
2 changes: 1 addition & 1 deletion x-pack/elastic-agent/pkg/agent/cmd/install.go
Original file line number Diff line number Diff line change
Expand Up @@ -101,7 +101,7 @@ func installCmd(streams *cli.IOStreams, cmd *cobra.Command, args []string) error
if url != "" && token != "" {
askEnroll = false
}
fleetServer, _ := cmd.Flags().GetString("fleet-server")
fleetServer, _ := cmd.Flags().GetString("fleet-server-es")
if fleetServer != "" {
askEnroll = false
}
Expand Down
40 changes: 23 additions & 17 deletions x-pack/elastic-agent/pkg/agent/configuration/fleet_server.go
Original file line number Diff line number Diff line change
Expand Up @@ -33,16 +33,17 @@ type FleetServerOutputConfig struct {

// Elasticsearch is the configuration for elasticsearch.
type Elasticsearch struct {
Protocol string `config:"protocol" yaml:"protocol"`
Hosts []string `config:"hosts" yaml:"hosts"`
Path string `config:"path" yaml:"path,omitempty"`
Username string `config:"username" yaml:"username"`
Password string `config:"password" yaml:"password"`
TLS *tlscommon.Config `config:"ssl" yaml:"ssl,omitempty"`
Protocol string `config:"protocol" yaml:"protocol"`
Hosts []string `config:"hosts" yaml:"hosts"`
Path string `config:"path" yaml:"path,omitempty"`
Username string `config:"username" yaml:"username,omitempty"`
Password string `config:"password" yaml:"password,omitempty"`
ServiceToken string `config:"service_token" yaml:"service_token,omitempty"`
TLS *tlscommon.Config `config:"ssl" yaml:"ssl,omitempty"`
}

// ElasticsearchFromConnStr returns an Elasticsearch configuration from the connection string.
func ElasticsearchFromConnStr(conn string) (Elasticsearch, error) {
func ElasticsearchFromConnStr(conn string, serviceToken string) (Elasticsearch, error) {
u, err := url.Parse(conn)
if err != nil {
return Elasticsearch{}, err
Expand All @@ -53,19 +54,24 @@ func ElasticsearchFromConnStr(conn string) (Elasticsearch, error) {
if u.Host == "" {
return Elasticsearch{}, errors.New("invalid connection string: must include a host")
}
cfg := Elasticsearch{
Protocol: u.Scheme,
Hosts: []string{u.Host},
Path: u.Path,
TLS: nil,
}
if serviceToken != "" {
cfg.ServiceToken = serviceToken
return cfg, nil
}
if u.User == nil || u.User.Username() == "" {
return Elasticsearch{}, errors.New("invalid connection string: must include a username")
return Elasticsearch{}, errors.New("invalid connection string: must include a username unless a service token is provided")
}
password, ok := u.User.Password()
if !ok {
return Elasticsearch{}, errors.New("invalid connection string: must include a password")
return Elasticsearch{}, errors.New("invalid connection string: must include a password unless a service token is provided")
}
return Elasticsearch{
Protocol: u.Scheme,
Hosts: []string{u.Host},
Path: u.Path,
Username: u.User.Username(),
Password: password,
TLS: nil,
}, nil
cfg.Username = u.User.Username()
cfg.Password = password
return cfg, nil
}