Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error while enrolling unprivileged agent [mac] #4887

Closed
kaanyalti opened this issue Jun 8, 2024 · 4 comments
Closed

Error while enrolling unprivileged agent [mac] #4887

kaanyalti opened this issue Jun 8, 2024 · 4 comments
Labels
bug Something isn't working Team:Elastic-Agent-Control-Plane Label for the Agent Control Plane team

Comments

@kaanyalti
Copy link
Contributor

kaanyalti commented Jun 8, 2024
edited
Loading

Version: 8.14.0
Operating System: macos sonoma v14.5
Platform: arm64

While working on this issue comparing root and unprivileged elastic agents, I encountered an error with the enroll command when using unprivileged agent.

Steps to Reproduce:

  1. Deploy ESS v8.14.0
  2. Create agent policy with system integration
  3. Install fleet managed agent with the unprivileged flag sudo ./elastic-agent install --unprivileged --url=<fleet url> --enrollment-token=<token>
  4. Unenroll the agent
  5. Enroll the agent sudo elastic-agent enroll --url=<fleet url> --enrollment-token=<token>

You should see an error similar what's shown below

[Error: fail to enroll: acquiring metadata failed: failed to create new agent info: could not get agent info from store: fail to read configuration /Library/Elastic/Agent/fleet.enc for the agent: fail to decode bytes: cipher: message authentication failed
For help, please see our troubleshooting guide at https://www.elastic.co/guide/en/fleet/8.14/fleet-troubleshooting.html](<{"log.level":"info","@timestamp":"2024-06-06T22:05:59.706-0700","log.origin":{"file.name":"cmd/enroll_cmd.go","file.line":506},"message":"Starting enrollment to URL: https://a8ef7f060207437a961f91ef9c7b3f42.fleet.us-central1.gcp.cloud.es.io:443/","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-06-06T22:05:59.933-0700","log.origin":{"file.name":"cmd/enroll_cmd.go","file.line":512},"message":"1st enrollment attempt failed, retrying enrolling to URL: https://a8ef7f060207437a961f91ef9c7b3f42.fleet.us-central1.gcp.cloud.es.io:443/ with exponential backoff (init 1s, max 10s)","ecs.version":"1.6.0"}
Error: fail to enroll: acquiring metadata failed: failed to create new agent info: could not get agent info from store: fail to read configuration /Library/Elastic/Agent/fleet.enc for the agent: fail to decode bytes: cipher: message authentication failed
For help, please see our troubleshooting guide at https://www.elastic.co/guide/en/fleet/8.14/fleet-troubleshooting.html>)
@kaanyalti kaanyalti added the bug Something isn't working label Jun 8, 2024
@kaanyalti
Copy link
Contributor Author

cc: @ycombinator @cmacknz

@kaanyalti kaanyalti mentioned this issue Jun 8, 2024
Closed
@kaanyalti kaanyalti changed the title Error while enrolling unprivileged agent Error while enrolling unprivileged agent [mac] Jun 8, 2024
@cmacknz cmacknz added the Team:Elastic-Agent-Control-Plane Label for the Agent Control Plane team label Jun 10, 2024
@elasticmachine
Copy link
Contributor

Pinging @elastic/elastic-agent-control-plane (Team:Elastic-Agent-Control-Plane)

@blakerouse
Copy link
Contributor

Same comment applies - #4889 (comment)

@ycombinator ycombinator mentioned this issue Jun 10, 2024
Merged
@ycombinator
Copy link
Contributor

Based on the discussion in #4889, fixing that issue should fix this one here as well so closing this as a duplicate.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working Team:Elastic-Agent-Control-Plane Label for the Agent Control Plane team
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@ycombinator @cmacknz @blakerouse @elasticmachine @kaanyalti