The Fleet Agent enroll url given doesn't include the Kibana environment's port

[EricDavisX]

Kibana version: 7.8 Alpha BC1 - same in 8.0 / master at time of logging this tho.

Elasticsearch version: 7.8

Server OS version: Debian 10 / believed unrelated

Browser version: Chrome latest on macOS

Original install method (e.g. download page, yum, from source, etc.): BC1 from download page

Describe the bug: When the user attempts to enroll the Fleet Agent a URL is given to the user to paste into a terminal window, it does not have a port listed - and the user's Kibana environment may be set up on a different port, so it may not work.

Steps to reproduce:

1. Set up an environment on Cloud (which uses port 9243 by default) or on HTTPS (on 443) and browse to the Fleet UI, you can use this Endpoint / Ingest demo environment to test / research: https://kibana.endpoint.elastic.dev/app/ingestManager#/fleet/agents

2. click the 'enroll' button and see the url given out: ./elastic-agent enroll https://kibana.endpoint.elastic.dev VndOSTYzRUJOQ0hSdjI2ZTJTLWQ6am9xMjJMTGpUNXkxLU5XODFUSjZRdw==

3. Note the port is not there and the link will not work to deploy the Agent as is.

Expected behavior: We should document this in 1 or 2 places, any formal docs we do for Alpha! And in the UI. About the UI, we can enhance it to provide an easier and more explicit experience. for that... Option 1) we can give a 'Hint' in the text above this link to check that the port is correct. I can offer the following text, if helpful, "Note: We recommend users verify the port used is correct per the Kibana environment setup." ...we could put it directly after this sentence: "You can use this command to setup agents on more than one host."

• Also, as a 2nd part (maybe for Alpha maybe not) we could add the port to the command link with some value to highlight it better, tho this is a more involved change.

  Option 2) if there was any way to get the real port the Kibana environment was using it would be great to set that in the command string! But this is maybe not available and probably not easy to get.

Screenshots (if relevant):

Errors in browser console (if relevant): the error when the user attempts to deploy the agent is to get a timeout after a minute or so, with no further help as to what is wrong. It looks like this:

edavis-mbp:elastic-agent-8.0.0-SNAPSHOT-darwin-x86_64 edavis$ ./elastic-agent enroll https://kibana.endpoint.elastic.dev cmp6UnpIRUJsV1ljZlJ1NDJPbF86S0prRE5TbnNRUFNfVkl0bUNLcEpQQQ==
The Elastic Agent is currently in Experimental and should not be used in production
This will replace your current settings. Do you want to continue? [Y/n]:y
2020-05-06T21:46:50-04:00 DEBUG client.go:170   Request method: POST, path: /api/ingest_manager/fleet/agents/enroll
fail to enroll: fail to execute request to Kibana: Post https://kibana.endpoint.elastic.dev:5601/api/ingest_manager/fleet/agents/enroll?: dial tcp 35.223.7.94:5601: connect: operation timed out

Provide logs and/or server output (if relevant): n/a

Any additional context: I struggled thru an Agent install and found that I wasn't thinking about my own environment I had helped set up, it may not occur to users, some additional context in this closed-as-user-error ticket: https://github.com/elastic/observability-dev/issues/871

[elasticmachine]

Pinging @elastic/ingest-management (Feature:Fleet)

[jfsiii]

I think we fixed the cloud-related portion of this in https://github.com/elastic/kibana/pull/65366

Sorry if this is covered elsewhere, but does supplying the full value to the xpack.ingestManager.fleet.elasticsearch.host flag work? On my phone, but I think that's right.

[nchaulet]

Also @ph if we provide an https url for kibana should not the agent use 443 as the default port?

[jfsiii]

I just tested this on a 7.8.0-SNAPSHOT on a QA cluster. Note that enroll command a) includes a port b) it's 443 no 9243

This port is decoded from the cloud id supplied by the cloud plugin and seems to work. You can see the new agent in the list in the background of the above picture and here are the logs submitted from my machine

There are errors, but the messages appear successfully sent to the Cloud host.

[jfsiii]

I updated to the latest 7.8.0-SNAPSHOT (7.8.0-f77aab62) and re-ran for a default config and a new config and both LGTM (7.8 version & success messages)

[EricDavisX]

Confirming, I am still seeing this in 8.0 Master line on my self-managed snapshot deploy to the Ingest Demo env: https://kibana.endpoint.elastic.dev/app/ingestManager#/fleet/agents

• I don't know how much further we can introspect the Kibana environemnt when cloudID is not available... But it is a 1 time fix for an Admin to put the correct port into the settings before Agent deploys are done, so it may be a less urgent bug now that Cloud is improved.

[EricDavisX]

I'm still seeing ES come up as 'localhost:9200' which isn't right, I can log that separately if we want, as the elasticsearch value was never mentioned prior. @ph @nchaulet @ruflin do you want a new ticket for the ES side complaint?

And also a separate issue to track the lack of uid:pwd in the agent deploy string when in https? I expect our intention is just to document that requirement.

[ph]

@EricDavisX Lets create a new issue for the Elasticsearch part. @nchaulet can you take a lookt?

@jfsiii Looking at your comment the current issue is fixed, right?

[nchaulet]

The current issue is fixed for cloud, but there is still an issue otherwise. Also @ph this should work without the need to specify 443 as a port no? ./elastic-agent enroll https://kibana.endpoint.elastic.dev VndOSTYzRUJOQ0hSdjI2ZTJTLWQ6am9xMjJMTGpUNXkxLU5XODFUSjZRdw==

[ph]

I've created this https://github.com/elastic/beats/issues/18593

And we can close this one @nchaulet