From 5cc4aa2e95bfdd6573b79c4df34fc6ed87788c25 Mon Sep 17 00:00:00 2001 From: David Kilfoyle <41695641+kilfoyle@users.noreply.github.com> Date: Thu, 14 Dec 2023 11:01:26 -0500 Subject: [PATCH] [DOCS] Add 'secrets' to Fleet settings page (#172637) This updates the list of available Fleet settings in the Kibana docs, as follows: - Moves the `config` and `proxy_id` settings from the Required to the Optional section of `xpack.fleet.outputs`. CC @nchaulet since the settings were added to the docs via https://github.com/elastic/kibana/pull/158771). [See orange highlight] - Adds the `ssl` setting with the `certificate` property (this setting is already available but doesn't appear to have been documented). [See red highlight] - Adds the new `secrets` setting, with SSL `key` as a property. [See blue highlight] - Adds an example output configuration. [See green highlight] Rel: https://github.com/elastic/ingest-docs/issues/692 See [docs preview](https://kibana_172637.docs-preview.app.elstc.co/guide/en/kibana/master/fleet-settings-kb.html) --- ![Screenshot 2023-12-05 at 4 22 42 PM](https://github.com/elastic/kibana/assets/41695641/a547bad7-57aa-4470-8328-30b80f257973) (cherry picked from commit c7fabda4c59789facbbc6127589e66d162148669) --- docs/settings/fleet-settings.asciidoc | 52 +++++++++++++++++++++++---- 1 file changed, 46 insertions(+), 6 deletions(-) diff --git a/docs/settings/fleet-settings.asciidoc b/docs/settings/fleet-settings.asciidoc index d3cad6b4dfdbc..a85c4b67063e6 100644 --- a/docs/settings/fleet-settings.asciidoc +++ b/docs/settings/fleet-settings.asciidoc @@ -13,7 +13,10 @@ In {ecloud}, {fleet} flags are already configured. You can configure `xpack.fleet` settings in your `kibana.yml`. By default, {fleet} is enabled. To use {fleet}, you also need to configure {kib} and {es} hosts. -See the {fleet-guide}/index.html[{fleet}] docs for more information. +Many {fleet} settings can also be configured directly through the {fleet} UI. +See {fleet-guide}/fleet-settings.html[Fleet UI settings] for details. + +See the {fleet-guide}/index.html[{fleet}] docs for more information about {fleet}. [[general-fleet-settings-kb]] ==== General {fleet} settings @@ -174,6 +177,8 @@ xpack.fleet.agentPolicies: `xpack.fleet.outputs`:: List of outputs that are configured when the {fleet} app starts. + +Certain types of outputs have additional required and optional settings. Refer to {fleet-guide}/fleet-settings.html#output-settings[Output settings] in the {fleet} and {agent} Guide for the full list of settings for each output type. ++ If configured in your `kibana.yml`, output settings are grayed out and unavailable in the {fleet} UI. To make these settings editable in the UI, do not configure them in the configuration file. @@ -188,13 +193,9 @@ NOTE: The `xpack.fleet.outputs` settings are intended for advanced configuration `name`::: Output name. `type`::: - Type of Output. Currently we support "elasticsearch", "logstash", "kafka". + Type of Output. Currently we support "elasticsearch", "logstash", "kafka", and "remote_elasticsearch". `hosts`::: Array that contains the list of host for that output. - `config`::: - Extra config for that output. - `proxy_id`::: - Unique ID of a proxy to access the output. ===== + .Optional properties of `xpack.fleet.outputs` @@ -204,7 +205,46 @@ NOTE: The `xpack.fleet.outputs` settings are intended for advanced configuration If `true`, the output specified in `xpack.fleet.outputs` will be the one used to send agent data unless there is another one configured specifically for the agent policy. `is_default_monitoring`::: If `true`, the output specified in `xpack.fleet.outputs` will be the one used to send agent monitoring data unless there is another one configured specifically for the agent policy. + `config`::: + Extra config for that output. + `proxy_id`::: + Unique ID of a proxy to access the output. + `ssl`::: + Set to enable authentication using the Secure Sockets Layer (SSL) protocol. ++ +.Properties of `ssl` +[%collapsible%open] +======= + `certificate`:::: + The SSL certificate that {agents} use to authenticate with the output. Include the full contents of the certificate here. +======= + + `secrets`::: + Include here any values for preconfigured outputs that should be stored as secrets. A secret value is replaced in the `kibana.yml` settings file with a reference, with the original value stored externally as a secure hash. Note that this type of secret storage requires all configured {fleet-server}s to be on version 8.12.0 or later. ++ +.Properties of `secrets` +[%collapsible%open] +======= + `key`::::: + The private certificate key that {agents} use to authenticate with the output. +======= ===== ++ +Example `xpack.fleet.outputs` configuration: ++ +[source,yaml] +---- +xpack.fleet.outputs: + - id: my-logstash-output-with-a-secret + name: preconfigured logstash output with a secret + type: logstash + hosts: ["localhost:9999"] + ssl: + certificate: xxxxxxxxxx + secrets: + ssl: + key: securekey +---- `xpack.fleet.fleetServerHosts`:: List of {fleet-server} hosts that are configured when the {fleet} app starts.