Unable to install mac agent at custom path using `--base-path` and `--unprivilege` command.
amolnater-qasource opened this issue · comments
Kibana Build details:
VERSION: 8.14.0 BC3
BUILD: 73762
COMMIT: 2a492e1625f24336f3259b2b8df62b2b18127e81
Artifact Link: https://staging.elastic.co/8.14.0-7c638435/downloads/beats/elastic-agent/elastic-agent-8.14.0-darwin-aarch64.tar.gz
Preconditions:
- 8.14.0-BC3 Kibana cloud environment should be available.
Steps to reproduce:
- Run agent install command with
--base-path
and--unprivileged
. - Observe agent installation failed with an error.
Expected Result:
User should be able to install mac agent at custom path using --base-path
and --unprivilege
command.
CLI error:
Unprivileged installation mode enabled; this is an experimental and currently unsupported feature.
Elastic Agent will be installed at /Users/anater/Elastic/Agent and will run as a service. Do you want to continue? [Y/n]:
[== ] Service Started [3s] Elastic Agent successfully installed, starting enrollment.
[ =] Uninstalled [4s] Error uninstalling. Printing logs
2024-05-07T10:19:44.751Z DEBUG [install] Loaded configuration from /Users/anater/Downloads/elastic-agent-8.14.0-darwin-aarch64/elastic-agent.yml
2024-05-07T10:19:44.751Z DEBUG [install] Merged configuration from /Users/anater/Downloads/elastic-agent-8.14.0-darwin-aarch64/elastic-agent.yml into result
2024-05-07T10:19:44.751Z DEBUG [install] Merged all configuration files from [/Users/anater/Downloads/elastic-agent-8.14.0-darwin-aarch64/elastic-agent.yml], no external input files
2024-05-07T10:19:44.751Z DEBUG [install.composable] Starting controller for composable inputs
2024-05-07T10:19:44.751Z DEBUG [install.composable] Started controller for composable inputs
2024-05-07T10:19:44.751Z DEBUG [install.composable] Variable state changed for composable inputs; debounce started
2024-05-07T10:19:44.751Z DEBUG [install.composable.providers.kubernetes] Kubernetes provider for resource pod skipped, unable to connect: unable to build kube config due to error: invalid configuration: no configuration has been provided, try setting KUBERNETES_MASTER environment variable
2024-05-07T10:19:44.751Z DEBUG [install.composable] kubernetes_secrets provider skipped, unable to connect: unable to build kube config due to error: invalid configuration: no configuration has been provided, try setting KUBERNETES_MASTER environment variable
2024-05-07T10:19:44.751Z DEBUG [install.composable.providers.kubernetes] Kubernetes provider for resource node skipped, unable to connect: unable to build kube config due to error: invalid configuration: no configuration has been provided, try setting KUBERNETES_MASTER environment variable
2024-05-07T10:19:44.751Z DEBUG [install.composable] Kubernetes leaderelection provider skipped, unable to connect: unable to build kube config due to error: invalid configuration: no configuration has been provided, try setting KUBERNETES_MASTER environment variable
2024-05-07T10:19:44.752Z INFO [install.composable.providers.docker] Docker provider skipped, unable to connect: Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
2024-05-07T10:19:44.852Z DEBUG [install.composable] Computing new variable state for composable inputs
2024-05-07T10:19:44.852Z DEBUG [install.composable] Stopping controller for composable inputs
2024-05-07T10:19:44.953Z DEBUG [install.composable] Stopped controller for composable inputs
Error: failed to execute enroll command: fork/exec /usr/local/bin/elastic-agent: permission denied
For help, please see our troubleshooting guide at https://www.elastic.co/guide/en/fleet/8.14/fleet-troubleshooting.html
Pinging @elastic/elastic-agent-control-plane (Team:Elastic-Agent-Control-Plane)
@manishgupta-qasource Please review.
Secondary review for this ticket is Done
@amolnater-qasource I just tested this on my Mac and I assume that your home directory /User/anater
does not have any permission for anyone outside of your user and staff
group...
When installing elastic-agent unprivileged a new user and group elastic-agent
are created but obviously the new user does not have access to the install location so when agent tries to execute the enroll command as elastic-agent:elastic-agent
user and group it fails.
Could you please retest choosing a base-path
that is traversable (needs the world x
permission) by everybody?
I just tested on my machine using /tmp/install
as base path which has permissions as shown below
➜ /tmp ll
total 295016
...
drwxr-xr-x 3 root wheel 96B May 7 18:44 install
...
and the install works correctly
➜ elastic-agent-8.15.0-SNAPSHOT-darwin-aarch64 git:(main) ✗ sudo ./elastic-agent install --unprivileged --base-path /tmp/install --url=<redacted> --enrollment-token=<redacted>
Unprivileged installation mode enabled; this is an experimental and currently unsupported feature.
Elastic Agent will be installed at /tmp/install/Elastic/Agent and will run as a service. Do you want to continue? [Y/n]:Y
[=== ] Service Started [3s] Elastic Agent successfully installed, starting enrollment.
[=== ] Enrolling Elastic Agent with Fleet [3s] enrollment command: /usr/local/bin/elastic-agent enroll --from-install --url https://997cfd1736434d5bb4fe8fcc21fbbe4d.fleet.us-west2.gcp.elastic-cloud.com:443 --enrollment-token M3N1QVU0OEJxYXVtOUt1aUlRNVI6V3ZNakxFT3JTTUtw
[== ] Waiting For Enroll... [4s] {"log.level":"info","@timestamp":"2024-05-07T18:44:33.525+0200","log.origin":{"file.name":"cmd/enroll_cmd.go","file.line":506},"message":"Starting enrollment to URL: https://997cfd1736434d5bb4fe8fcc21fbbe4d.fleet.us-west2.gcp.elastic-c
loud.com:443/","ecs.version":"1.6.0"}
[ ===] Waiting For Enroll... [6s] {"log.level":"info","@timestamp":"2024-05-07T18:44:35.620+0200","log.origin":{"file.name":"cmd/enroll_cmd.go","file.line":469},"message":"Restarting agent daemon, attempt 0","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-05-07T18:44:35.623+0200","log.origin":{"file.name":"cmd/enroll_cmd.go","file.line":287},"message":"Successfully triggered restart on running Elastic Agent.","ecs.version":"1.6.0"}
Successfully enrolled the Elastic Agent.
[ ===] Done [6s]
Elastic Agent has been successfully installed.
Hi @pchila
Thank you for looking into this issue and sharing the detailed information.
We have revalidated this issue at our end and we are able to install the agent to the /tmp
and /etc
locations using basepath and unprivileged flag.
Please let us know if this is expected, so that we can close this issue.
Thanks!
Related issue: #4703
Hello @amolnater-qasource
Please let us know if this is expected, so that we can close this issue.
Thanks!
The path where the agent is installed needs to be accessible for elastic-agent
user, so this is expected and the issue can be closed.
It's probably a good idea to add a step to the test scripts where it's specified that the base path must be accessible by elastic-agent
when installing/running as unprivileged