Skip to content

Latest commit

 

History

History
675 lines (433 loc) · 18.2 KB

shared-env.asciidoc

File metadata and controls

675 lines (433 loc) · 18.2 KB

|

NAME

| (TYPE) DESCRIPTION.

Default: DEFAULT

OPTIONAL INFO AND EXAMPLE

|

ELASTIC_AGENT_CERT

| (string) The path to the mutual TLS client certificate that {agent} will use to connect to {fleet-server}.

|

ELASTIC_AGENT_CERT_KEY

| (string) The path to the mutual TLS private key that {agent} will use to connect to {fleet-server}.

|

ELASTIC_AGENT_CERT_KEY_PASSPHRASE

| (string) The path to the file that contains the passphrase for the mutual TLS private key that {agent} will use to connect to {fleet-server}. The file must only contain the characters of the passphrase, no newline or extra non-printing characters.

This option is only used if the --elastic-agent-cert-key is encrypted and requires a passphrase to use.

|

ELASTIC_AGENT_TAGS

| (string) A comma-separated list of tags to apply to {fleet}-managed {agent}s. You can use these tags to filter the list of agents in {fleet}.

|

KIBANA_FLEET_HOST

| (string) The {kib} host to enable {fleet} on. Overrides FLEET_HOST when set.

|

KIBANA_FLEET_USERNAME

| (string) The basic authentication username used to connect to {kib} and retrieve a service_token to enable {fleet}. Overrides ELASTICSEARCH_USERNAME when set.

Default: elastic

|

KIBANA_FLEET_PASSWORD

| (string) The basic authentication password used to connect to {kib} and retrieve a service_token to enable {fleet}. Overrides ELASTICSEARCH_PASSWORD when set.

Default: changeme

|

KIBANA_FLEET_CA

| (string) The path to a certificate authority. Overrides KIBANA_CA when set.

By default, {agent} uses the list of trusted certificate authorities (CA) from the operating system where it is running. If the certificate authority that signed your node certificates is not in the host system’s trusted certificate authorities list, use this config to add the path to the .pem file that contains your CA’s certificate.

Default: ""

|

FLEET_FORCE

| (bool) Set to true to force overwrite of the current {agent} configuration without prompting for confirmation. This flag is helpful when using automation software or scripted deployments.

Default: false

|

FLEET_SERVER_ENABLE

| (int) Set to 1 to bootstrap {fleet-server} on this {agent}. When set to 1, this automatically forces {fleet} enrollment as well.

Default: none

|

FLEET_SERVER_ELASTICSEARCH_HOST

| (string) The {es} host for {fleet-server} to communicate with. Overrides ELASTICSEARCH_HOST when set.

|

FLEET_SERVER_ELASTICSEARCH_CA

| (string) The path to a certificate authority. Overrides ELASTICSEARCH_CA when set.

By default, {agent} uses the list of trusted certificate authorities (CA) from the operating system where it is running. If the certificate authority that signed your node certificates is not in the host system’s trusted certificate authorities list, use this config to add the path to the .pem file that contains your CA’s certificate.

Default: ""

|

FLEET_SERVER_POLICY_NAME

| (string) The name of the policy for {fleet-server} to use on itself. Overrides FLEET_TOKEN_POLICY_NAME when set.

Default: none

|

FLEET_SERVER_SERVICE_TOKEN

| (string) Service token to use for communication with {es} and {kib} if KIBANA_FLEET_SETUP is enabled. If the service token value and service token path are specified the value may be used for setup and the path is passed to the agent in the container.

Default: none

|

FLEET_SERVER_SERVICE_TOKEN_PATH

| (string) The path to the service token file to use for communication with {es} and {kib} if KIBANA_FLEET_SETUP is enabled. If the service token value and service token path are specified the value may be used for setup and the path is passed to the agent in the container.

Default: none

|

FLEET_SERVER_POLICY_ID

| (string) The policy ID for {fleet-server} to use on itself.

|

FLEET_SERVER_HOST

| (string) The binding host for {fleet-server} HTTP. Overrides the host defined in the policy.

Default: none

|

FLEET_SERVER_PORT

| (string) The binding port for {fleet-server} HTTP. Overrides the port defined in the policy.

Default: none

|

FLEET_SERVER_CERT

| (string) The path to the certificate to use for HTTPS.

Default: none

|

FLEET_SERVER_CERT_KEY

| (string) The path to the private key for the certificate used for HTTPS.

Default: none

|

FLEET_SERVER_CERT_KEY_PASSPHRASE

| (string) The path to the private key passphrase for an encrypted private key file.

Default: none

|

FLEET_SERVER_CLIENT_AUTH

| (string) One of none, optional, or required. {fleet-server}'s client authentication option for client mTLS connections. If optional or required is specified, client certificates are verified using CAs.

Default: none

|

FLEET_SERVER_ELASTICSEARCH_CA_TRUSTED_FINGERPRINT

| (string) The SHA-256 fingerprint (hash) of the certificate authority used to self-sign {es} certificates. This fingerprint is used to verify self-signed certificates presented by {fleet-server} and any inputs started by {agent} for communication. This flag is required when using self-signed certificates with {es}.

Default: ""

|

FLEET_SERVER_ES_CERT

| (string) The path to the mutual TLS client certificate that {fleet-server} will use to connect to {es}.

Default: ""

|

FLEET_SERVER_ES_CERT_KEY

| (string) The path to the mutual TLS private key that {fleet-server} will use to connect to {es}.

Default: ""

|

FLEET_SERVER_INSECURE_HTTP

| (bool) When true, {fleet-server} is exposed over insecure or unverified HTTP. Setting this to true is not recommended.

Default: false

|

FLEET_DAEMON_TIMEOUT

| (duration) Set to indicate how long {fleet-server} will wait during the bootstrap process for {elastic-agent}.

|

FLEET_SERVER_TIMEOUT

| (duration) Set to indicate how long {agent} will wait for {fleet-server} to check in as healthy.

|

FLEET_ENROLL

| (bool) Set to 1 to enroll the {agent} into {fleet-server}.

Default: false

|

FLEET_URL

| (string) URL to enroll the {fleet-server} into.

Default: ""

|

FLEET_ENROLLMENT_TOKEN

| (string) The token to use for enrollment.

Default: ""

|

FLEET_TOKEN_NAME

| (string) The token name to use to fetch the token from {kib}.

Default: ""

|

FLEET_TOKEN_POLICY_NAME

| (string) The token policy name to use to fetch the token from {kib}.

Default: false

|

FLEET_CA

| (string) The path to a certificate authority. Overrides ELASTICSEARCH_CA when set.

By default, {agent} uses the list of trusted certificate authorities (CA) from the operating system where it is running. If the certificate authority that signed your node certificates is not in the host system’s trusted certificate authorities list, use this config to add the path to the .pem file that contains your CA’s certificate.

Default: false

|

FLEET_INSECURE

| (bool) When true, {agent} communicates with {fleet-server} over insecure or unverified HTTP. Setting this to true is not recommended.

Default: false

|

ELASTICSEARCH_HOST

| (string) The {es} host to communicate with.

|

ES_HOST

| (string) The {es} host to communicate with.

|

ELASTICSEARCH_USERNAME

| (string) The basic authentication username used to connect to {kib} and retrieve a service_token for {fleet}.

Default: elastic

|

ES_USERNAME

| (string) The basic authentication username used to connect to {es}. This user needs the privileges required to publish events to {es}.

Default: elastic

|

ELASTICSEARCH_PASSWORD

| (string) The basic authentication password used to connect to {kib} and retrieve a service_token for {fleet}.

Default: changeme

|

ES_PASSWORD

| (string) The basic authentication password used to connect to {es}.

Default: changeme

|

ELASTICSEARCH_CA

| (string) The path to a certificate authority.

By default, {agent} uses the list of trusted certificate authorities (CA) from the operating system where it is running. If the certificate authority that signed your node certificates is not in the host system’s trusted certificate authorities list, use this config to add the path to the .pem file that contains your CA’s certificate.

Default: ""

|

KIBANA_HOST

| (string) The {kib} host.

|

KIBANA_USERNAME

| (string) The basic authentication username used to connect to {kib} to retrieve a service_token.

Default: elastic

|

KIBANA_PASSWORD

| (string) The basic authentication password used to connect to {kib} to retrieve a service_token.

Default: changeme

|

KIBANA_CA

| (string) The path to a certificate authority.

By default, {agent} uses the list of trusted certificate authorities (CA) from the operating system where it is running. If the certificate authority that signed your node certificates is not in the host system’s trusted certificate authorities list, use this config to add the path to the .pem file that contains your CA’s certificate.

Default: ""

|

ELASTIC_NETINFO

| (bool) When false, disables netinfo.enabled parameter of add_host_metadata processor. Setting this to false is recommended for large scale setups where the host.ip and host.mac fields index size increases.

By default, {agent} initializes the add_host_metadata processor. The netinfo.enabled parameter defines ingestion of IP addresses and MAC addresses as fields host.ip and host.mac. For more information see [add_host_metadata-processor]

Default: "false"