Add CA fingerprint to agents configuration in 8.x versions #1082
Conversation
💚 Build Succeeded
Expand to view the summary
Build stats
Test stats 🧪
🤖 GitHub commentsExpand to view the GitHub comments
To re-run your PR in the CI, just comment with:
|
🌐 Coverage report
|
|
Ah no, this setting cannot be set here, it would need to be set in the policies. |
As @agithomas mentioned, this setting goes not in the policies, but in the output configuration. PR updated. |
|
Yes, it works. Tested with 8.5.1 stack and agent version
|
There was a problem hiding this comment.
Works well.
Recommend to add the documentation in the elastic-package about how to add the agent
example:
sudo ./elastic-agent install --certificate-authorities=$ELASTIC_PACKAGE_CA_CERT --fleet-server-es-ca=$ELASTIC_PACKAGE_CA_CERT --url=https://fleet-server:8220 --enrollment-token=
Try again something like bb84977 for 8.x stacks.
Adding this setting was evaluated and discarded in #789 because it didn't help configuring SSL in agents started by
elastic-package stack up, as it was not supported in all versions of the stack supported byelastic-package. More about this can be read in #789.The option implemented then and being used now is to install the certificate in the Elastic Agent containers, in
/etc/ssl. This works well for Agents managed byelastic-package, but is not enough for external Elastic Agents, where installing the CA in the system may be more cumbersome.Try to add the fingerprint back, as it would be helpful in some testing scenarios using external Elastic Agents.
Fix #1083.