Fleet and Elastic Agent 8.6.2

edit

Review important information about the Fleet and Elastic Agent 8.6.2 release.

Known issues

edit
Osquery live query results can take up to five minutes to show up in Kibana.

Details
A known issue in Elastic Agent may prevent live query results from being available in the Kibana UI even though the results have been successfully sent to Elasticsearch. For more information, refer to #2066.

Impact
Be aware that the live query results shown in Kibana may be delayed by up to 5 minutes.

Adding a Fleet Server integration to an agent results in panic if the agent was not bootstrapped with a Fleet Server.

Details

A panic occurs because the Elastic Agent does not have a fleet.server in the fleet.enc configuration file. When this happens, the agent fails with a message like:

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x8 pc=0x557b8eeafc1d]
goroutine 86 [running]:
github.com/elastic/elastic-agent/internal/pkg/agent/application.FleetServerComponentModifier.func1({0xc000652f00, 0xa, 0x10}, 0x557b8fa8eb92?)
...

For more information, refer to #2170.

Impact

To work around this problem, uninstall the Elastic Agent and install it again with Fleet Server enabled during the bootstrap process.

Installing Elastic Agent on MacOS Ventura may fail if Full Disk Access has not been granted to the application used for installation.

Details
This issue occurs on MacOS Ventura when Full Disk Access is not granted to the application that runs the installation command. This could be either a Terminal or any custom package that a user has built to distribute Elastic Agent.

For more information, refer to #2103.

Impact
Elastic Agent will fail to install and produce "Error: failed to fix permissions: chown elastic-agent.app: operation not permitted" message. Ensure that the application used to install Elastic Agent (for example, the Terminal or custom package) has Full Disk Access before running sudo ./elastic-agent install.

Elastic Agent upgrades scheduled for a future time do not run.

Details
A known issue in Elastic Agent may prevent upgrades scheduled to execute at a later time from running. For more information refer to #2343.

Impact
Kibana may show an agent as being stuck with the Updating status. If the scheduled start time has passed, you may force the agent to run by sending it any action (excluding an upgrade action), such as a change to the policy or the log level.

Fleet ignores custom server.* attributes provided through integration settings.

Details
Fleet will ignore any custom server.* attributes provided through the custom configurations yaml block of the intgration. For more information refer to #2303.

Impact
Custom yaml settings are silently ignored by Fleet. Settings with input blocks, such as Max agents are still effective.

Enhancements

edit
Fleet
  • Adds the ability to run agent policy schema in batches during Fleet setup. Also adds xpack.fleet.setup.agentPolicySchemaUpgradeBatchSize config #150688

Bug fixes

edit
Fleet
  • Fix max 20 installed integrations returned from Fleet API #150780
  • Fix updates available when beta integrations are off #149515 #149486
Fleet Server
  • Prevent Fleet Server from crashing by allowing the the Warn log level to be specified as "warning" or "warn" #2328 #2331
Elastic Agent
  • Ignore Fleet connectivity state when considering whether an upgrade should be rolled back. Avoids unnecessary upgrade failures due to transient network errors #2239
  • Preserve persistent process state between upgrades. The Filebeat registry is now correctly preserved during Elastic Agent upgrades. #2136 #2207
  • Enable nodejs engine validation when bundling synthetics #2249 #2256 #2225
  • Guarantee that services are stopped before they are started. Fixes occasional upgrade failures when Elastic Defend is installed #2226
  • Fix an issue where inputs in Beats started by Elastic Agent can be incorrectly disabled. This primarily occurs when changing the log level. #2232 #34504