英文:
Elastic Fleet server API Deployment
问题
抱歉,您提供的代码块中包含许多特定于代码的信息,我不能将其翻译成中文,因为这不是一段标准文本。如果您有关于代码的具体问题或需要协助,请提供详细信息,我将尽力提供帮助。
英文:
I am trying to create fully automated script for SIEM deployment. There is one issue. I am not able to install fleet server. I want it to be fully automated no UI interaction. So first i need to create policy using API which i was able to do. Then I need to add fleet server integration to this policy and enroll fleet server using agent package and policy token. I just cannot add fleet to my policy using API. Can someone please provide me any tips for that. This is code responsible for creation of a policy:
fleet_policy_id=$(curl --request POST \
--url 'https://10.*.*.*:5601/api/fleet/agent_policies?sys_monitoring=true' \
--header 'Accept: */*' \
--header 'Authorization: Basic *********************** \
--header 'Cache-Control: no-cache' \
--header 'Connection: keep-alive' \
--header 'Content-Type: application/json' \
--header 'kbn-xsrf: xxx' \
--data '{
"name": "Agent policy 11",
"description": "",
"namespace": "default",
"monitoring_enabled": [
"logs",
"metrics"
]
}' --insecure | jq -r '.item.id')
echo $fleet_policy_id
response=$(curl --request POST \
--url 'https://10.*.*.*:5601/api/fleet/package_policies' \
--header 'Authorization: Basic **************************** \
--header 'Content-Type: application/json' \
--header 'kbn-xsrf: xx' \
--data '{
"name": "Fleet",
"policy_id": "$fleet_policy_id",
"package": {
"name": "fleet_server",
"version": "1.2.0"
}
}' --insecure)
echo $response
I get the policy created in fleet server but cannot assign fleet integration to it:
Thank you in advance for any help
答案1
得分: 1
"Ok i got this. To anyone wondering. You have to add 'has_fleet_server: true' to the first request:"
英文:
Ok i got this. To anyone wondering. You have to add
"has_fleet_server: true" to the first request:
fleet_policy_id=$(curl --request POST \
--url 'https://10.*.*.*:5601/api/fleet/agent_policies?sys_monitoring=true' \
--header 'Accept: */*' \
--header 'Authorization: Basic **************************' \
--header 'Cache-Control: no-cache' \
--header 'Connection: keep-alive' \
--header 'Content-Type: application/json' \
--header 'kbn-xsrf: xxx' \
--data '{
"name": "Agent policy 12",
"description": "",
"namespace": "default",
"monitoring_enabled": [
"logs",
"metrics"
],
"has_fleet_server": "true"
}' --insecure | jq -r '.item.id')
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论