Elasticsearch and stack - self managed tutorial 1 complete refinement#5636
Open
Elasticsearch and stack - self managed tutorial 1 complete refinement#5636
Conversation
Contributor
🔍 Preview links for changed docs |
Contributor
✅ Vale Linting ResultsNo issues found on modified lines! The Vale linter checks documentation changes against the Elastic Docs style guide. To use Vale locally or report issues, refer to Elastic style guide for Vale. |
| * {{agent}} enrolls using that Quick Start flow, which requires the install command to include the `--insecure` flag. | ||
|
|
||
| If you plan to use certificates signed by your organization's certificate authority or by a public CA, complete this tutorial until {{kib}} is installed (Step 6), and then continue with [Tutorial 2: Customize certificates for a self-managed {{stack}}](tutorial-self-managed-secure.md) before installing {{fleet-server}} and {{agent}}. | ||
| If you plan to use certificates signed by your organization's certificate authority or by a public CA, complete this tutorial until {{kib}} is installed (Step 7), and then continue with [Tutorial 2: Customize certificates for a self-managed {{stack}}](tutorial-self-managed-secure.md) before installing {{fleet-server}} and {{agent}}. |
Contributor
There was a problem hiding this comment.
Maybe this should be in a Tip or Important admonition so that it's more prominent
| * The transport interface is bound to the loopback interface (`localhost`), preventing other nodes from joining the cluster, while the HTTP interface listens on all network interfaces (`http.host: 0.0.0.0`). | ||
|
|
||
| 7. Copy the terminal output from the install command to a local file. In particular, you need the password for the built-in `elastic` superuser account. The output also contains the commands to enable {{es}} to run as a service, which you use in the next step. | ||
| 1. Copy the terminal output from the install command to a local file. In particular, you need the password for the built-in `elastic` superuser account. The output also contains the commands to enable {{es}} to run as a service, which you use in the next step. |
Contributor
There was a problem hiding this comment.
Suggested change
| 1. Copy the terminal output from the install command to a local file. In particular, you need the password for the built-in `elastic` superuser account. The output also contains the commands to enable {{es}} to run as a service, which you use in the next step. | |
| 1. Copy the terminal output from the install command to a local file. In particular, you need the password for the built-in `elastic` user account. The output also contains the commands to enable {{es}} to run as a service, which you use in the next step. |
Not sure if this is correct, but pointing this out since you changed "super user" to "user" in the prereqs
Contributor
There was a problem hiding this comment.
Same comment for other places on this page where "superuser" is mentioned
| Before moving ahead to configure additional {{es}} nodes, you need to update the {{es}} configuration on this first node so that other hosts are able to connect to it. This is done by updating the settings in the `elasticsearch.yml` file. For more details about {{es}} configuration and the most common settings, refer to [Configure {{es}}](/deploy-manage/deploy/self-managed/configure-elasticsearch.md) and [important settings configuration](/deploy-manage/deploy/self-managed/important-settings-configuration.md). | ||
|
|
||
| 1. In a terminal, run the `ifconfig` command and copy the value shown for the host IP address (for example, `10.128.0.84`). You need this value later. | ||
| 1. Obtain your host IP address (for example, by running `ifconfig`). You need this value later. |
Contributor
There was a problem hiding this comment.
Suggested change
| 1. Obtain your host IP address (for example, by running `ifconfig`). You need this value later. | |
| 1. Obtain your host IP address (for example, by running `ifconfig`). You will need this value later. |
| 1. Answer the `Do you want to continue with the reconfiguration process` prompt with `yes` (`y`). The new {{es}} node is reconfigured. | ||
|
|
||
| 13. Open the second {{es}} instance configuration file in a text editor: | ||
| 1. Obtain your host IP address (for example, by running `ifconfig`). You need this value later. |
Contributor
There was a problem hiding this comment.
Suggested change
| 1. Obtain your host IP address (for example, by running `ifconfig`). You need this value later. | |
| 1. Obtain your host IP address (for example, by running `ifconfig`). You will need this value later. |
| 1. If you want {{kib}} to listen on all available network interfaces, you can use `0.0.0.0` instead. | ||
|
|
||
| 12. Open the {{kib}} configuration file for editing: | ||
| 1. Add `xpack.encryptedSavedObjects.encryptionKey` setting with the value returned by the `kibana-encryption-keys generate` command: |
Contributor
There was a problem hiding this comment.
Suggested change
| 1. Add `xpack.encryptedSavedObjects.encryptionKey` setting with the value returned by the `kibana-encryption-keys generate` command: | |
| 1. Add the `xpack.encryptedSavedObjects.encryptionKey` setting with the value returned by the `kibana-encryption-keys generate` command: |
| * {{agent}} enrolls using that Quick Start flow, which requires the install command to include the `--insecure` flag. | ||
|
|
||
| If you plan to use certificates signed by your organization's certificate authority or by a public CA, complete this tutorial until {{kib}} is installed (Step 6), and then continue with [Tutorial 2: Customize certificates for a self-managed {{stack}}](tutorial-self-managed-secure.md) before installing {{fleet-server}} and {{agent}}. | ||
| If you plan to use certificates signed by your organization's certificate authority or by a public CA, complete this tutorial until {{kib}} is installed (Step 7), and then continue with [Tutorial 2: Customize certificates for a self-managed {{stack}}](tutorial-self-managed-secure.md) before installing {{fleet-server}} and {{agent}}. |
Contributor
There was a problem hiding this comment.
You could link to the admonition in step 7 to make it clear exactly where they should stop
| ::::{note} | ||
| This tutorial uses the **Quick Start** installation flow, which generates a self-signed certificate for the {{fleet-server}} by default. For more details about **Quick Start** and **Advanced** setup options, refer to [Deploy on-premises and self-managed {{fleet-server}}](/reference/fleet/add-fleet-server-on-prem.md). | ||
|
|
||
| If you want to use custom SSL/TLS certificates, follow the [Tutorial 2: Customize certificates for a self-managed {{stack}}](tutorial-self-managed-secure.md) instead of continuing with these steps. |
Contributor
There was a problem hiding this comment.
Suggested change
| If you want to use custom SSL/TLS certificates, follow the [Tutorial 2: Customize certificates for a self-managed {{stack}}](tutorial-self-managed-secure.md) instead of continuing with these steps. | |
| If you want to use custom SSL/TLS certificates, follow [Tutorial 2: Customize certificates for a self-managed {{stack}}](tutorial-self-managed-secure.md) instead of continuing with these steps. |
| ``` | ||
|
|
||
| 4. In the terminal, run `ifconfig` and copy the value shown for the host IP address (for example, `10.128.0.84`). You need this value later. | ||
| 1. Obtain the host IP address for your {{fleet-server}} host (for example, by running `ifconfig`). You need this value later. |
Contributor
There was a problem hiding this comment.
Suggested change
| 1. Obtain the host IP address for your {{fleet-server}} host (for example, by running `ifconfig`). You need this value later. | |
| 1. Obtain the host IP address for your {{fleet-server}} host (for example, by running `ifconfig`). You will need this value later. |
| 1. Obtain the host IP address for your {{fleet-server}} host (for example, by running `ifconfig`). You need this value later. | ||
|
|
||
| 5. Back to your web browser, open the {{kib}} menu and go to **Management -> Fleet**. {{fleet}} opens with a message that you need to add a {{fleet-server}}. | ||
| 1. Back to your web browser, open the {{kib}} menu and go to **Management -> Fleet**. {{fleet}} opens with a message that you need to add a {{fleet-server}}. |
Contributor
There was a problem hiding this comment.
Suggested change
| 1. Back to your web browser, open the {{kib}} menu and go to **Management -> Fleet**. {{fleet}} opens with a message that you need to add a {{fleet-server}}. | |
| 1. Return to your web browser. Open the {{kib}} menu and go to **Management -> Fleet**. {{fleet}} opens with a message that you need to add a {{fleet-server}}. |
| - Download the {{fleet-server}} package from the {{artifact-registry}} | ||
| - Unpack the package archive | ||
| - Change into the directory containing the install binaries | ||
| - Install {{fleet-server}}. |
Contributor
There was a problem hiding this comment.
Suggested change
| - Install {{fleet-server}}. | |
| - Install {{fleet-server}} |
| If you'd like to learn about the install command options, refer to [`elastic-agent install`](/reference/fleet/agent-command-reference.md#elastic-agent-install-command) in the {{agent}} command reference. | ||
|
|
||
| 13. At the prompt, enter `Y` to install {{agent}} and run it as a service. Wait for the installation to complete. | ||
| 1. At the prompt, enter `Y` to install {{agent}} and run it as a service. Wait for the installation to complete. |
Contributor
There was a problem hiding this comment.
Suggested change
| 1. At the prompt, enter `Y` to install {{agent}} and run it as a service. Wait for the installation to complete. | |
| 1. When prompted, enter `Y` to install {{agent}} and run it as a service. Wait for the installation to complete. |
| 1. Back to your web browser, open the {{kib}} menu and go to **Management -> Fleet**. {{fleet}} opens with a message that you need to add a {{fleet-server}}. | ||
|
|
||
| 6. Click **Add Fleet Server**. The **Add a Fleet Server** flyout opens. | ||
| 1. Click **Add Fleet Server**. The **Add a Fleet Server** flyout opens. |
Contributor
There was a problem hiding this comment.
Suggested change
| 1. Click **Add Fleet Server**. The **Add a Fleet Server** flyout opens. | |
| 1. Click **Add Fleet Server**. The **Add a Fleet Server** flyout shows up. |
| 1. Open the **Settings** tab and review the **Fleet Server hosts** and **Outputs** URLs. Ensure the URLs and IP addresses are valid for reaching {{fleet-server}} and the {{es}} cluster, and that they use the HTTPS protocol. | ||
|
|
||
| 7. Reopen the **Agents** tab and select **Add agent**. The **Add agent** flyout opens. | ||
| 1. Reopen the **Agents** tab and select **Add agent**. The **Add agent** flyout opens. |
Contributor
There was a problem hiding this comment.
Suggested change
| 1. Reopen the **Agents** tab and select **Add agent**. The **Add agent** flyout opens. | |
| 1. Reopen the **Agents** tab and select **Add agent**. The **Add agent** flyout shows up. |
| If you want to set up secure communications using custom SSL certificates, refer to [Tutorial 2: Customize certificates for a self-managed {{stack}}](tutorial-self-managed-secure.md). | ||
| ::: | ||
|
|
||
| The result should be like the following: |
Contributor
There was a problem hiding this comment.
Suggested change
| The result should be like the following: | |
| The result should look like the following: |
| - Install {{agent}}. | ||
|
|
||
| 16. At the prompt, enter `Y` to install {{agent}} and run it as a service. Wait for the installation to complete: | ||
| 1. At the prompt, enter `Y` to install {{agent}} and run it as a service. Wait for the installation to complete: |
Contributor
There was a problem hiding this comment.
Suggested change
| 1. At the prompt, enter `Y` to install {{agent}} and run it as a service. Wait for the installation to complete: | |
| 1. When prompted, enter `Y` to install {{agent}} and run it as a service. Wait for the installation to complete: |
|
|
||
| * Do you have data ready to ingest? Learn how to [bring your data to Elastic](/manage-data/ingest.md). | ||
| * Use [Elastic {{observability}}](/solutions/observability.md) to unify your logs, infrastructure metrics, uptime, and application performance data. | ||
| * Want to protect your endpoints from security threats? Try [{{elastic-sec}}](/solutions/security.md). Adding endpoint protection is just another integration that you add to the agent policy! |
Contributor
There was a problem hiding this comment.
Suggested change
| * Want to protect your endpoints from security threats? Try [{{elastic-sec}}](/solutions/security.md). Adding endpoint protection is just another integration that you add to the agent policy. |
@eedugon can you have a look at this last line? I don't know if "just another integration" is correct
wajihaparvez
approved these changes
Mar 26, 2026
Contributor
wajihaparvez
left a comment
wajihaparvez
left a comment
There was a problem hiding this comment.
Looks great @eedugon! ⭐️ Just some minor suggestions
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Major and hopefully final refinement of tutorial 1.
Addressed issues:
Structure and navigation
Step 6: Consolidate {{es}} configurationto the table of contents.Elasticsearch setup and configuration
wgetdownloads withcurl -L -Oequivalents.curl(removedwgetdependency).transport.host, explainedhttp.hostfrom automatic setup, and aligned references to official networking settings docs.node.nameguidance and mirrored it in the second-node flow.Kibana setup and enrollment
xpack.encryptedSavedObjects.encryptionKeysetup inkibana.yml.kibana-encryption-keys generateusage with explicit guidance on which key to use.xpack.encryptedSavedObjects.encryptionKeyis needed for this tutorial path.Fleet Server and Elastic Agent flows
aarch64vsx64) in Fleet Server and Agent install steps.--insecureis required in this tutorial path.elasticusers)https://epr.elastic.co:443{{agent}}per host.Fleet Server hostsandOutputsURL validation).Data validation and closing section
{{observability}}Observability -> Infrastructure -> Hosts.Generative AI disclosure
Closes https://github.com/elastic/docs-content-internal/issues/929