Open ycombinator opened 3 months ago
Pinging @elastic/elastic-agent-control-plane (Team:Elastic-Agent-Control-Plane)
Thinking more about this I'm not sure I like the idea of doing this with a --dry-run
flag, we either have to change the enroll API endpoint which limits which agents are compatible with it, or we have to hit a consequence free endpoint and what the command does is misleading.
I think it may be better if we implement a test command that can hit each of the three network locations agent needs to function. These are:
elastic-agent test output
that connects to the output in the policy and prints detailed information about what happened.elastic-agent test fleet [options]
that contacts Fleet Server with the options provided, or if already enrolled makes a test request using the options persisted in the agent encrypted store.elastic-agent test download
that contacts the binary download source and prints detailed information about what happened.We could have diagnostics attempt each of these by default, with a configurable timeout, and an option to skip these checks.
Great idea. Why is this a test command or flag. Perhaps these can be a set of checklists the agent goes through when it is being installed. It's validating the initial config. If any fail we fail installation with a decent warning message to the user. Of course we are only testing here against is what's in the boostrapping config elastic-agent.yml , the first policy download may bring a lot more configuration options.
Making this a structured set of tests that happens by default is a much better idea than making it an option set of tests.
When you enroll as part of installing, we validate we can reach fleet server, but we do nothing to validate the download source or the output before finishing the install.
Describe the enhancement:
Add a
--dry-run
CLI option to theenroll
sub-command that tests Elastic Agent's connectivity to Fleet Server.Describe a specific use case for the enhancement or feature:
To help users test Agent connectivity to Fleet Server before attempting to enroll.
What is the definition of done?
enroll
sub-command supports a new--dry-run
CLI option