Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Windows Agent gets unhealthy on adding Windows Integration when installed with --unprivileged flag, #4653

Closed
amolnater-qasource opened this issue May 2, 2024 · 6 comments · Fixed by elastic/ingest-docs#1087
Closed

Windows Agent gets unhealthy on adding Windows Integration when installed with --unprivileged flag, #4653

amolnater-qasource opened this issue May 2, 2024 · 6 comments · Fixed by elastic/ingest-docs#1087
Assignees
@VihasMakwana
Labels
bug Something isn't working impact:high Short-term priority; add to current release, or definitely next. QA:Ready For Testing Code is merged and ready for QA to validate Team:Elastic-Agent-Control-Plane Label for the Agent Control Plane team

Comments

@amolnater-qasource
Copy link

Kibana Build details:

VERSION: 8.14.0 BC2
BUILD: 73626
COMMIT: bcf6960778ae270d0894a8aab07f10197ee9b97f

Preconditions:

  1. 8.14.0-BC2 Kibana cloud environment should be available.
  2. Agent should be installed with unprivileged flag.

Steps to reproduce:

  1. Add Windows integration to the agent policy.
  2. Observe under Agents tab Windows agent gets unhealthy.
  3. Observe windows.perfmon dataset is not generated too.

Expected Result:
Windows Agent should remain healthy on adding Windows Integration when installed with --unprivileged flag,

What's working fine:

  • Windows Agent remains healthy on adding Windows Integration when installed without --unprivileged flag,

Diagnostics:
elastic-agent-diagnostics-2024-05-02T09-00-03Z-00.zip

Screen Recording:

Agents.-.Fleet.-.Elastic.-.Google.Chrome.2024-05-02.14-28-45.mp4

image
@amolnater-qasource amolnater-qasource added bug Something isn't working Team:Elastic-Agent-Control-Plane Label for the Agent Control Plane team impact:high Short-term priority; add to current release, or definitely next. labels May 2, 2024
@elasticmachine
Copy link
Contributor

Pinging @elastic/elastic-agent-control-plane (Team:Elastic-Agent-Control-Plane)

@amolnater-qasource
Copy link
Author

@manishgupta-qasource Please review.

@manishgupta-qasource
Copy link

Secondary review for this ticket is Done

@blakerouse
Copy link
Contributor

Permission error because the elastic-agent-user cannot read those metrics.

Error is:

        units:
            input-windows/metrics-default-windows/metrics-windows-90101c17-86f7-46b9-9247-a1c36041c3e7:
                message: '1 error: initialization of reader failed: failed to expand counter (query=''\Process(*)\% Processor Time''): Unable to read the counter and/or explain text from the specified computer.'
                state: 4

More permission errors in the logs:

{"log.level":"error","@timestamp":"2024-05-02T08:55:00.490Z","message":"Error fetching data for metricset system.diskio: disk io counters: cannot open new key in the registry in order to enable the performance counters: Access is denied.","component":{"binary":"metricbeat","dataset":"elastic_agent.metricbeat","id":"system/metrics-default","type":"system/metrics"},"log":{"source":"system/metrics-default"},"log.origin":{"file.line":256,"file.name":"module/wrapper.go","function":"github.com/elastic/beats/v7/metricbeat/mb/module.(*metricSetWrapper).fetch"},"service.name":"metricbeat","ecs.version":"1.6.0","ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2024-05-02T08:55:10.487Z","message":"Error fetching data for metricset system.diskio: disk io counters: cannot open new key in the registry in order to enable the performance counters: Access is denied.","component":{"binary":"metricbeat","dataset":"elastic_agent.metricbeat","id":"system/metrics-default","type":"system/metrics"},"log":{"source":"system/metrics-default"},"log.origin":{"file.line":256,"file.name":"module/wrapper.go","function":"github.com/elastic/beats/v7/metricbeat/mb/module.(*metricSetWrapper).fetch"},"service.name":"metricbeat","ecs.version":"1.6.0","ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2024-05-02T08:55:20.500Z","message":"Error fetching data for metricset system.diskio: disk io counters: cannot open new key in the registry in order to enable the performance counters: Access is denied.","component":{"binary":"metricbeat","dataset":"elastic_agent.metricbeat","id":"system/metrics-default","type":"system/metrics"},"log":{"source":"system/metrics-default"},"log.origin":{"file.line":256,"file.name":"module/wrapper.go","function":"github.com/elastic/beats/v7/metricbeat/mb/module.(*metricSetWrapper).fetch"},"service.name":"metricbeat","ecs.version":"1.6.0","ecs.version":"1.6.0"}

{"log.level":"error","@timestamp":"2024-05-02T08:56:30.924Z","message":"Error fetching data for metricset windows.service: OpenProcess failed for pid=2768: Access is denied.","component":{"binary":"metricbeat","dataset":"elastic_agent.metricbeat","id":"windows/metrics-default","type":"windows/metrics"},"log":{"source":"windows/metrics-default"},"log.origin":{"file.line":256,"file.name":"module/wrapper.go","function":"github.com/elastic/beats/v7/metricbeat/mb/module.(*metricSetWrapper).fetch"},"service.name":"metricbeat","ecs.version":"1.6.0","ecs.version":"1.6.0"}

This is all expected in unprivileged mode. If you want those metrics the elastic-agent-user needs to be added to the correct groups.

@cmacknz
Copy link
Member

cmacknz commented May 2, 2024

We should use this issue to determine which group fixes this so we can explicitly document the fix for this error.

@ycombinator
Copy link
Contributor

We should use this issue to determine which group fixes this so we can explicitly document the fix for this error.

@blakerouse could you figure this out, perhaps with help from @leehinman, and then document it as part of #4705? I'm trying to use that issue as a single place to capture all prerequisites required for successfully running Agent in unprivileged mode. Thanks!

@ycombinator ycombinator mentioned this issue May 9, 2024
Closed
@ycombinator ycombinator assigned kaanyalti and unassigned blakerouse May 21, 2024
@ycombinator ycombinator assigned nchaulet and unassigned kaanyalti Jun 12, 2024
@ycombinator ycombinator assigned VihasMakwana and unassigned nchaulet Jun 20, 2024
@jlind23 jlind23 mentioned this issue Jun 24, 2024
Merged
@amolnater-qasource amolnater-qasource added the QA:Ready For Testing Code is merged and ready for QA to validate label Jun 28, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@VihasMakwana VihasMakwana

Labels
bug Something isn't working impact:high Short-term priority; add to current release, or definitely next. QA:Ready For Testing Code is merged and ready for QA to validate Team:Elastic-Agent-Control-Plane Label for the Agent Control Plane team
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add steps and details for running 'unprivileged' Elastic Agent kilfoyle/ingest-docs
10 participants
@ycombinator @pierrehilbert @nchaulet @cmacknz @blakerouse @elasticmachine @kaanyalti @manishgupta-qasource @amolnater-qasource @VihasMakwana