-
Notifications
You must be signed in to change notification settings - Fork 8.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Fleet] Notify the user if the integration being deployed needs root privileges #166784
Comments
Pinging @elastic/fleet (Team:Fleet) |
Will there be an indication in the agent diagnostics / fleet / will an agent be considered unhealthy if it does not run as root but there is an integration in the policy that requires running as root? Is that outlined somewhere? |
The meta issue https://github.com/elastic/ingest-dev/issues/1766 has a requirement for health reporting to be enhanced for this purpose |
Product questions:
Technical questions:
|
@joshdover @amitkanfer following our conversation today I changed the outcome of this issue to:
@nimarezainia @zombieFox what do you think about adding a new disclaimer on this page saying that root privileges are needed? |
Copying @jen-huang comment from Slack: |
Most users don't install the integration this way and actually installing this way doesn't require root privileges. It probably needs to be on the policy creation flow. |
@joshdover @jlind23 it is the overview solution the only thing we want here? do we also want something in the package policy editor that is another place to install an integration? |
@nchaulet where ever the user would be installing an integration. So in short yes, policy editor as well. |
Can we be sure we don't call this "super user" anywhere in the final UI or docs? It's not a common term from my understanding and it also overlaps with our Elasticsearch role called |
@nimarezainia we need to specify what this would look like. Would it make sense to put it near the top under the integration settings? |
@jsoriano I am working on the kibana implementation and it seems the Draft here elastic/package-registry#1109 |
@nimarezainia @zombieFox I tried to put it in different place in the package policy page let met now if there is one that will work for you (and if you have better copy idea to)
|
@nchaulet I would say that option 2) would be the best option - just my opinion. I think best not to have this buried in with the rest of the settings and have it at the top before the user goes any further - almost as a warning. (I do like option 3 as it's part of the editor related to the actual host but that also is way too late) |
Sorry to chime in so late, I'm not sure where else to ask this. If a non-root Agent has a policy applied that includes integrations that require root what does that failure look like in Fleet for the Agent? Will it be readily evident to the user why their Agent is unhealthy? |
Then the input will fail and the agent will report itself as unhealthy. As of today fleet does not know if the agent is run as root or not. |
Elastic Agent is removing the requirement to run in a privileged mode. The package-spec has been modified to indicate whether the package as a whole or a datastream within the package requires root privilege.
Feature Request:
Definition of done:
The text was updated successfully, but these errors were encountered: