[Fleet] Move Fleet Setup to start lifecycle
#117552
Conversation
kpollich
added
WIP
|
@elasticmachine merge upstream |
|
Pinging @elastic/fleet (Team:Fleet) |
kpollich
changed the title
start lifecyclestart lifecycle
|
@elasticmachine merge upstream |
| new Promise<void>(async (resolve, reject) => { | ||
| try { | ||
| await startFleetServerSetup(); | ||
| await setupFleet( | ||
| new SavedObjectsClient(core.savedObjects.createInternalRepository()), | ||
| core.elasticsearch.client.asInternalUser | ||
| ); | ||
|
|
||
| resolve(); | ||
| } catch (error) { | ||
| reject(error); | ||
| } |
There was a problem hiding this comment.
I think we should move this promise constructor outside the fleetSetupCompleted function so that it isn't called each time fleetSetupCompleted is called and instead just return the already-constructed Promise. Also what is calling fleetSetupCompleted? I don't think we should rely on this being called for setup to run.
Also more of a nit, but I don't think you need the Promise constructor and you can just use an async function directly:
const fleetSetup = (async () {
await startFleetServerSetup();
await setupFleet(...);
})();There was a problem hiding this comment.
Fleet doesn't call fleetSetupCompleted on its own, but the security_solution plugin does rely on it to handle some of their dependent setup logic here:
kibana/x-pack/plugins/security_solution/server/plugin.ts
Lines 368 to 381 in 828a579
Agreed on restructuring this - it doesn't need a Promise constructor anymore.
There was a problem hiding this comment.
Fleet doesn't call
fleetSetupCompletedon its own, but thesecurity_solutionplugin does rely on it to handle some of their dependent setup logic here
I still don't think we should rely on security solution to call this. In fact, we or they may remove this in 8.0 as part of removing our BWC code for pre-GA fleet. We can still support this API for now by initiating the Fleet setup directly in the start function before the return statement, but just don't await the promise and instead return it from fleetSetupCompleted().
There was a problem hiding this comment.
Moved this logic out of fleetSetupCompleted so we don't need to rely on security solution calling it.
| .then(() => { | ||
| logger.info('Fleet setup completed'); | ||
| }) | ||
| .catch((error) => { |
There was a problem hiding this comment.
catching errors here seems to squash the UnhandledPromiseRejection errors that were breaking various tests in CI. 🤞
|
@elasticmachine merge upstream |
|
@elasticmachine merge upstream |
|
Sample debug log output on Kibana boot:
|
| const fleetSetupPromise = (async () => { | ||
| try { | ||
| logger.info('Beginning fleet setup'); | ||
|
|
||
| const { nonFatalErrors } = await setupFleet( | ||
| new SavedObjectsClient(core.savedObjects.createInternalRepository()), | ||
| core.elasticsearch.client.asInternalUser | ||
| ); | ||
|
|
||
| if (nonFatalErrors.length > 0) { | ||
| logger.info('Encountered non fatal errors during Fleet setup'); | ||
| formatNonFatalErrors(nonFatalErrors).forEach((error) => | ||
| logger.info(JSON.stringify(error)) | ||
| ); | ||
| } | ||
|
|
||
| logger.info('Fleet setup completed'); | ||
| } catch (error) { | ||
| logger.warn('Fleet setup failed'); | ||
| logger.warn(error); | ||
| } | ||
| })(); |
There was a problem hiding this comment.
Should we move this logging logic into setupFleet itself so we get the same logging when running manually via the API?
There was a problem hiding this comment.
Yes I think that's a good idea.
There was a problem hiding this comment.
I moved all the logs except for what's in our catch into setupFleet in 76138ec
|
@elasticmachine merge upstream |
💛 Build succeeded, but was flaky
Test Failures
Metrics [docs]
History
To update your PR or re-run it, just comment with: cc @kpollich |
* Call setup on fleet start, remove API calls * Fix unused import * Revert removal of setup API call * Restructor fleetSetupCompleted promise * Add logging + handle setup failures * Restructure logging to mix of debug/info * Maybe fix failing tests * Try fixing tests again * Fix another dashboard test * Re-add output logs after merge * Log non-fatal errors during Fleet setup on boot * Don't rely on fleetSetupCompleted to be called * Fix failing test * Track fleet setup status to avoid double calls * Use IIFE in place of Promise ctor * Remove unnecessary fleetSetupStatus value * Move non-error logs into setupFleet method * Remove unused formatNonFatalErrors import Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
💚 Backport successful
This backport PR will be merged automatically after passing CI. |
* Call setup on fleet start, remove API calls * Fix unused import * Revert removal of setup API call * Restructor fleetSetupCompleted promise * Add logging + handle setup failures * Restructure logging to mix of debug/info * Maybe fix failing tests * Try fixing tests again * Fix another dashboard test * Re-add output logs after merge * Log non-fatal errors during Fleet setup on boot * Don't rely on fleetSetupCompleted to be called * Fix failing test * Track fleet setup status to avoid double calls * Use IIFE in place of Promise ctor * Remove unnecessary fleetSetupStatus value * Move non-error logs into setupFleet method * Remove unused formatNonFatalErrors import Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Kyle Pollich <kyle.pollich@elastic.co>
* Call setup on fleet start, remove API calls * Fix unused import * Revert removal of setup API call * Restructor fleetSetupCompleted promise * Add logging + handle setup failures * Restructure logging to mix of debug/info * Maybe fix failing tests * Try fixing tests again * Fix another dashboard test * Re-add output logs after merge * Log non-fatal errors during Fleet setup on boot * Don't rely on fleetSetupCompleted to be called * Fix failing test * Track fleet setup status to avoid double calls * Use IIFE in place of Promise ctor * Remove unnecessary fleetSetupStatus value * Move non-error logs into setupFleet method * Remove unused formatNonFatalErrors import Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* Call setup on fleet start, remove API calls * Fix unused import * Revert removal of setup API call * Restructor fleetSetupCompleted promise * Add logging + handle setup failures * Restructure logging to mix of debug/info * Maybe fix failing tests * Try fixing tests again * Fix another dashboard test * Re-add output logs after merge * Log non-fatal errors during Fleet setup on boot * Don't rely on fleetSetupCompleted to be called * Fix failing test * Track fleet setup status to avoid double calls * Use IIFE in place of Promise ctor * Remove unnecessary fleetSetupStatus value * Move non-error logs into setupFleet method * Remove unused formatNonFatalErrors import Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Summary
Ref #111858
Move Fleet setup from an API request on every Fleet page-load to the Fleet plugin's server-side
startlifecycle method.For reference, the current Fleet Setup process performs the following steps (see https://github.com/elastic/kibana/blob/main/x-pack/plugins/fleet/server/services/setup.ts):
setupFleet()pendingstatus, elsecreateSetupSideEffects()packages,policies, andoutputsfromkibana.ymlensurePreconfiguredOutputs()and runsettingsSetupensurePreconfiguredOuputswrites or updates output settings to theingest-outputssaved object typesettingsSetupensures that any of Fleet's default settings are properly setensureDefaultOutput()kibana.ymlor by creating oneagentIdVerificationEnabledis set in config, thenensureFleetGlobalEsAssetsensurePreconfiguredPackagesAndPolicies- Install preconfigured packages + policies based onkibana.ymlDEFAULT_PACKAGEShard coded in FleetAUTO_UPDATE_PACKAGEShard coded in FleetupgradeManagedPackagePolicies) for any managed package w/keepPoliciesUpToDate: truesetcleanPreconfiguredOutputsensureDefaultEnrollmentAPIKeysExistsensureFleetServerAgentPoliciesExistsChecklist
setupFleetfrom Fleet plugin's server-sidestartlifecycle