Open kaanyalti opened 1 month ago
cc: @ycombinator @cmacknz
Pinging @elastic/elastic-agent-control-plane (Team:Elastic-Agent-Control-Plane)
If you installed the Elastic Agent with --unprivileged
then running sudo elastic-agent enroll
should fail as you are seeing. sudo
is trying to run the command as root, but your Elastic Agent is not running as root.
You have a few options to make this work:
sudo -u elastic-agent-user elastic-agent enroll ...
elastic-agent
group, create a new shell or use newgrp
to ensure that the system knows that your user is now in that group. Then you can just call elastic-agent enroll
.When we are unprivileged, can we put that suggestion directly in the error here? I don't think this is the last time we'll see this problem from users otherwise.
Updating the error message to have a standard message about permissions would be helpful. Pointing to documentation with more information on permissions in this mode would also be helpful.
I have the same feeling than @cmacknz here.
In the same way we are having a warning message when we are not using sudo
in privileged mode we should have a warning message when we are using sudo
in unprivileged.
And of course, we should make it obvious in the unprivileged doc.
I updated the title of this issue and added a Definition of Done to reflect the discussion about improving the error message. As for documentation, I've brought that to @kilfoyle's attention via https://github.com/elastic/ingest-docs/pull/1087#issuecomment-2159456944.
Version: 8.14.0 Operating System: Ubuntu 24.04 LTS Platform: arm64
While working on this issue comparing root and unprivileged elastic agents, I encountered an error with the
enroll
command when using unprivileged agent.Steps to Reproduce:
sudo ./elastic-agent install --unprivileged --url=<fleet url> --enrollment-token=<token>
sudo elastic-agent enroll --url=<fleet url> --enrollment-token=<token>
updating
sudo elastic-agent status
we get the following errorDefinition of Done
Based on discussion in the comments:
install
s an Agent using--unprivileged
, then tries toenroll
this Agent with a privileged user, an error message with the suggestions in https://github.com/elastic/elastic-agent/issues/4889#issuecomment-2158635347 is shown to the user.