Fleet and Elastic Agent 8.10.0edit
Review important information about the Fleet and Elastic Agent 8.10.0 release.
Breaking changesedit
Breaking changes can prevent your application from optimal operation and performance. Before you upgrade, review the breaking changes, then mitigate the impact to your application.
Elastic Agent diagnostics unavailable with Fleet Server below 8.10.0.
Details
The mechanism that Fleet uses to generate diagnostic bundles has been updated. To collect Elastic Agent diagnostics, Fleet Server needs to be at version 8.10.0 or higher.
Impact
If you need to access a diagnostic bundle for an agent, ensure that Fleet Server is at the required version.
Known issuesedit
PGP key download fails in an air-gapped environment
Details
If you’re using an air-gapped environment, we recommended installing version 8.10.3 or any higher version, to avoid being unable to upgrade.
Starting from version 8.9.0, when Elastic Agent tries to perform an upgrade, it first verifies the binary signature with the key bundled in the agent.
This process has a backup mechanism that will use the key coming from https://artifacts.elastic.co/GPG-KEY-elastic-agent instead of the one it already has.
In an air-gapped environment, the agent won’t be able to download the remote key and therefore cannot be upgraded.
Impact
For the upgrade to succeed, the agent needs to download the remote key from a server accessible from the air-gapped environment. Two workarounds are available.
Option 1
If an HTTP proxy is available to be used by the Elastic Agents in your Fleet, add the proxy settings using environment variables as explained in Proxy Server connectivity using default host variables.
Please note that you need to enable HTTP Proxy usage for artifacts.elastic.co to bypass this problem, so you can craft the HTTP_PROXY, HTTPS_PROXY and NO_PROXY environment variables to be used exclusively for it.
Option 2
As the upgrade URL is not customizable, we have to "trick" the system by pointing https://artifacts.elastic.co/ to another host that will have the file.
The following examples require a server in your air-gapped environment that will expose the key you will have downloaded from https://artifacts.elastic.co/GPG-KEY-elastic-agent`.
Example 1: Manual
Edit the Elastic Agent server hosts file to add the following content:
<YOUR_HOST_IP> artifacts.elastic.co
The Linux hosts file path is /etc/hosts.
Windows hosts file path is C:\Windows\System32\drivers\etc\hosts.
Example 2: Puppet
host { 'elastic-artifacts':
ensure => 'present'
comment => 'Workaround for PGP check'
ip => '<YOUR_HOST_IP>'
}
Example 3: Ansible
- name : 'elastic-artifacts'
hosts : 'all'
become: 'yes'
tasks:
- name: 'Add entry to /etc/hosts'
lineinfile:
path: '/etc/hosts'
line: '<YOUR_HOST_IP> artifacts.elastic.co'
Filtering Elastic Agents in Kibana generates an "Error fetching agents" message
Details
A KQL query in a Fleet search field now returns a 400 error when the query is not valid.
Previously, the search fields would accept any type of query, but with the merge of #161064 any type of KQL sent to Fleet needs to have a valid field name, otherwise it returns an error.
Cause
Entering an invalid KQL query on one of the Fleet KQL search fields or through the API produces the error.
Affected search fields in the Fleet UI:
- Agent list
- Agent policies
- Enrollment Keys
Affected endpoints in the Kibana Fleet APIs (these are the endpoints that accept the parameter ListWithKuery):
-
GET api/fleet/agents -
GET api/fleet/agent_status -
GET api/fleet/agent_policies -
GET api/fleet/package_policies -
GET api/fleet/enrollment_api_keys -
GET api/fleet/agent_status
Impact
To avoid getting the 400 error, the queries should be valid.
For instance, entering the query 8.10.0 results in an error. The correct query should be: local_metadata.agent.version="8.10.0".
As another example, when viewing the Agents tab in Fleet, typing a hostname such as a0c8c88ef2f5 in the search field results in an error. The correct query should have the correct field name, taken from among the allowed ones, for example local_metadata.host.hostname: a0c8c88ef2f5.
The list of available field names is visible by clicking on any of the search fields.
New featuresedit
The 8.10.0 release Added the following new and notable features.
- Fleet
- Fleet Server
- Elastic Agent
-
- Report the version from the Elastic Agent package instead of the agent binary to enhance release process. #2908
- Implement tamper protection for Elastic Endpoint uninstall use cases. #2781
- Add component-level diagnostics and CPU profiling. #3118
- Improve upgrade process to use upgraded version of Watcher to ensure a successful upgrade. #3140 #2873
Enhancementsedit
- Fleet
-
- Add support for runtime fields. #161129.
- Fleet Server
- Elastic Agent
-
-
Redundant calls to
/api/fleet/setupwere removed in favor of Kibana-initiated calls. #2985 #2910 - Updated Go version to 1.20.7. #3177
- Add runtime prevention to prevent Elastic Defend from running if Elastic Agent is not installed in the default location. #3114
-
Add a new flag
completeto agent metadata to signal that the instance running is synthetics-capable. #3190 #1754 - Add support for setting GOMAXPROCS to limit CPU usage through the agent policy. #3179
- Add logging to the restart step of the Elastic Agent upgrade rollback process. #3245 #3305
-
Redundant calls to
Bug fixesedit
- Fleet
- Elastic Agent
-
- Don’t trigger Indicator of Compromise (IoC) alert on Windows uninstall. #3014 #2970
- Fix credential redaction in diagnostic bundle collection. #3165
- Ensure that Elastic Agent upgrades are rolled back even when the upgraded agent crashes immediately and repeatedly. #3220 #3123
- Ensure that Elastic Agent is restarted during rollback. #3268
- Fix how the diagnostics command handles the custom path to save the diagnostics. #3340 #3339