This section summarizes the changes in each release.
Also see:
-
{kibana-ref}/release-notes.html[{kib} release notes]
-
{beats-ref}/release-notes.html[{beats} release notes]
Review important information about the {fleet} and {agent} 8.9.2 release.
PGP key download fails in an air-gapped environment
Details
|
Important
|
If you’re using an air-gapped environment, we recommended installing version 8.10.3 or any higher version, to avoid being unable to upgrade. |
Starting from version 8.9.0, when {agent} tries to perform an upgrade, it first verifies the binary signature with the key bundled in the agent.
This process has a backup mechanism that will use the key coming from https://artifacts.elastic.co/GPG-KEY-elastic-agent instead of the one it already has.
In an air-gapped environment, the agent won’t be able to download the remote key and therefore cannot be upgraded.
Impact
For the upgrade to succeed, the agent needs to download the remote key from a server accessible from the air-gapped environment. Two workarounds are available.
Option 1
If an HTTP proxy is available to be used by the {agents} in your {fleet}, add the proxy settings using environment variables as explained in Proxy Server connectivity using default host variables.
Please note that you need to enable HTTP Proxy usage for artifacts.elastic.co to bypass this problem, so you can craft the HTTP_PROXY, HTTPS_PROXY and NO_PROXY environment variables to be used exclusively for it.
Option 2
As the upgrade URL is not customizable, we have to "trick" the system by pointing https://artifacts.elastic.co/ to another host that will have the file.
The following examples require a server in your air-gapped environment that will expose the key you will have downloaded from https://artifacts.elastic.co/GPG-KEY-elastic-agent`.
Example 1: Manual
Edit the {agent} server hosts file to add the following content:
<YOUR_HOST_IP> artifacts.elastic.coThe Linux hosts file path is /etc/hosts.
Windows hosts file path is C:\Windows\System32\drivers\etc\hosts.
Example 2: Puppet
host { 'elastic-artifacts':
ensure => 'present'
comment => 'Workaround for PGP check'
ip => '<YOUR_HOST_IP>'
}Example 3: Ansible
- name : 'elastic-artifacts'
hosts : 'all'
become: 'yes'
tasks:
- name: 'Add entry to /etc/hosts'
lineinfile:
path: '/etc/hosts'
line: '<YOUR_HOST_IP> artifacts.elastic.co'- {agent}
-
-
Correctly identify retryable errors when attempting to uninstall on Windows. #3317
-
Review important information about the {fleet} and {agent} 8.9.1 release.
- {agent}
-
-
Updated Go version to 1.19.12. #3186
-
PGP key download fails in an air-gapped environment
Details
|
Important
|
If you’re using an air-gapped environment, we recommended waiting for this issue to be resolved before installing 8.9.x or any higher version, to avoid being unable to upgrade. |
Starting from version 8.9.0, when {agent} tries to perform an upgrade, it first verifies the binary signature with the key bundled in the agent.
This process has a backup mechanism that will use the key coming from https://artifacts.elastic.co/GPG-KEY-elastic-agent instead of the one it already has.
In an air-gapped environment, the agent won’t be able to download the remote key and therefore cannot be upgraded.
Impact
For the upgrade to succeed, the agent needs to download the remote key from a server accessible from the air-gapped environment. Two workarounds are available.
Option 1
If an HTTP proxy is available to be used by the {agents} in your {fleet}, add the proxy settings using environment variables as explained in Proxy Server connectivity using default host variables.
Please note that you need to enable HTTP Proxy usage for artifacts.elastic.co to bypass this problem, so you can craft the HTTP_PROXY, HTTPS_PROXY and NO_PROXY environment variables to be used exclusively for it.
Option 2
As the upgrade URL is not customizable, we have to "trick" the system by pointing https://artifacts.elastic.co/ to another host that will have the file.
The following examples require a server in your air-gapped environment that will expose the key you will have downloaded from https://artifacts.elastic.co/GPG-KEY-elastic-agent`.
Example 1: Manual
Edit the {agent} server hosts file to add the following content:
<YOUR_HOST_IP> artifacts.elastic.coThe Linux hosts file path is /etc/hosts.
Windows hosts file path is C:\Windows\System32\drivers\etc\hosts.
Example 2: Puppet
host { 'elastic-artifacts':
ensure => 'present'
comment => 'Workaround for PGP check'
ip => '<YOUR_HOST_IP>'
}Example 3: Ansible
- name : 'elastic-artifacts'
hosts : 'all'
become: 'yes'
tasks:
- name: 'Add entry to /etc/hosts'
lineinfile:
path: '/etc/hosts'
line: '<YOUR_HOST_IP> artifacts.elastic.co'- {fleet}
- {agent}
Review important information about the {fleet} and {agent} 8.9.0 release.
- {fleet-server}
-
-
Use a verified base image for building Fleet Server binaries. #2339
-
PGP key download fails in an air-gapped environment
Details
|
Important
|
If you’re using an air-gapped environment, we recommended waiting for this issue to be resolved before installing 8.9.x or any higher version, to avoid being unable to upgrade. |
Starting from version 8.9.0, when {agent} tries to perform an upgrade, it first verifies the binary signature with the key bundled in the agent.
This process has a backup mechanism that will use the key coming from https://artifacts.elastic.co/GPG-KEY-elastic-agent instead of the one it already has.
In an air-gapped environment, the agent won’t be able to download the remote key and therefore cannot be upgraded.
Impact
For the upgrade to succeed, the agent needs to download the remote key from a server accessible from the air-gapped environment. Two workarounds are available.
Option 1
If an HTTP proxy is available to be used by the {agents} in your {fleet}, add the proxy settings using environment variables as explained in Proxy Server connectivity using default host variables.
Please note that you need to enable HTTP Proxy usage for artifacts.elastic.co to bypass this problem, so you can craft the HTTP_PROXY, HTTPS_PROXY and NO_PROXY environment variables to be used exclusively for it.
Option 2
As the upgrade URL is not customizable, we have to "trick" the system by pointing https://artifacts.elastic.co/ to another host that will have the file.
The following examples require a server in your air-gapped environment that will expose the key you will have downloaded from https://artifacts.elastic.co/GPG-KEY-elastic-agent`.
Example 1: Manual
Edit the {agent} server hosts file to add the following content:
<YOUR_HOST_IP> artifacts.elastic.coThe Linux hosts file path is /etc/hosts.
Windows hosts file path is C:\Windows\System32\drivers\etc\hosts.
Example 2: Puppet
host { 'elastic-artifacts':
ensure => 'present'
comment => 'Workaround for PGP check'
ip => '<YOUR_HOST_IP>'
}Example 3: Ansible
- name : 'elastic-artifacts'
hosts : 'all'
become: 'yes'
tasks:
- name: 'Add entry to /etc/hosts'
lineinfile:
path: '/etc/hosts'
line: '<YOUR_HOST_IP> artifacts.elastic.co'Breaking changes can prevent your application from optimal operation and performance. Before you upgrade, review the breaking changes, then mitigate the impact to your application.
Status command has been changed.
Details
The {agent} status command has been changed so that the default human output now uses a list format and summaries output.
Impact
Full human output can be obtained with the new full option.
For for information, refer to #2890.
API default error code is now 500.
Details
Previously, when {fleet-server} encountered an unexpected error it resulted in a Bad Request response.
Impact
Now, any unexpected error returns an Internal Server Error response while keeping most of the current behavior
unchanged. On expected failure paths (for example, Agent Inactive, Missing Agent ID, Missing Auth Header) a Bad Request response is returned. For more information, refer to #2531.
host.name field changed to ECS lowercase format.
Details
In {agent} output the host.name field has been changed to lowercase to match Elastic Common Schema (ECS) guidelines. The agent name is also reported in lowercase (AGENT-name becomes agent-name).
Impact
After upgrading {agent} to version 8.9.0 or higher, any case-sensitive searches may result in false-positive alerts. For example, a case-sensitive search based on the upper-case AGENT-name could result in an alert such as system.load.1 reported no data in the last 5m for AGENT-name. After upgrading, you may need to manually clear alerts and adjust some searches to match the new host.name format.
The 8.9.0 release Added the following new and notable features.
- {fleet}
- {fleet-server}
- {agent}
- {fleet}
-
-
Adds agent integration health reporting in the Fleet UI. #158826
-
- {fleet-server}
-
-
Expose Prometheus metrics on metrics listener (when enabled). Ship Prometheus metrics with apm.Tracer when tracer is enabled. #2610
-
- {agent}
-
-
Add additional elements to support the Universal Profiling integration. #2881
-
- {fleet}
-
-
Fixes a bug that prevented
index.mappingsettings to be propagated into component templates from default settings. #157289
-
- {fleet-server}
- {agent}