From 71395529aaa5ef2df0e0b5a97cb881d76feeb9d6 Mon Sep 17 00:00:00 2001 From: David Kilfoyle Date: Tue, 5 Mar 2024 13:16:43 -0500 Subject: [PATCH 1/3] Add custom settings page --- .../install-elastic-agent.asciidoc | 25 ------ docs/en/ingest-management/index.asciidoc | 2 + .../override-policy-settings.asciidoc | 79 +++++++++++++++++++ 3 files changed, 81 insertions(+), 25 deletions(-) create mode 100644 docs/en/ingest-management/override-policy-settings.asciidoc diff --git a/docs/en/ingest-management/elastic-agent/install-elastic-agent.asciidoc b/docs/en/ingest-management/elastic-agent/install-elastic-agent.asciidoc index e0f17c7f3..04b617088 100644 --- a/docs/en/ingest-management/elastic-agent/install-elastic-agent.asciidoc +++ b/docs/en/ingest-management/elastic-agent/install-elastic-agent.asciidoc @@ -80,29 +80,4 @@ During upgrades, double the disk space is required to store the new {agent} bina |=== Adding integrations will increase the memory used by the agent and its processes. -[discrete] -=== Limiting CPU usage - -If you need to limit the amount of CPU consumption you can use the `agent.limits.go_max_procs` configuration option. This parameter limits the number of operating system threads that can be executing Go code simultaneously in each Go process. The `agent.limits.go_max_procs` option accepts an integer value not less than `0`, which is the default value that stands for "all available CPUs". - -The `agent.limits.go_max_procs` limit applies independently to the agent and each underlying Go process that it supervises. For example, if {agent} is configured to supervise two {beats} with `agent.limits.go_max_procs: 2` in the policy, then the total CPU limit is six, where each of the three processes (one {agent} and two {Beats}) may execute independently on two CPUs. - -This setting is similar to the {beats} {filebeat-ref}/configuration-general-options.html#_max_procs[`max_procs`] setting. For more detail, refer to the link:https://pkg.go.dev/runtime#GOMAXPROCS[GOMAXPROCS] function in the Go runtime documentation. -To enable `agent.limits.go_max_procs`, run a <> request from the {kib} {kibana-ref}/console-kibana.html[Dev Tools console] to override your current {agent} policy and add the `go_max_procs` parameter. For example, to limit Go processes supervised by {agent} to two operating system threads each, run: - -[source,shell] --- -PUT kbn:/api/fleet/agent_policies/ -{ - "name": "", - "namespace": "default", - "overrides": { - "agent": { - "limits": { - "go_max_procs": 2 - } - } - } -} --- diff --git a/docs/en/ingest-management/index.asciidoc b/docs/en/ingest-management/index.asciidoc index 82362704b..d5ab450de 100644 --- a/docs/en/ingest-management/index.asciidoc +++ b/docs/en/ingest-management/index.asciidoc @@ -141,6 +141,8 @@ include::agent-policies.asciidoc[leveloffset=+2] include::create-agent-policies-no-UI.asciidoc[leveloffset=+3] +include::override-policy-settings.asciidoc[leveloffset=+3] + include::security/fleet-roles-and-privileges.asciidoc[leveloffset=+2] include::security/enrollment-tokens.asciidoc[leveloffset=+2] diff --git a/docs/en/ingest-management/override-policy-settings.asciidoc b/docs/en/ingest-management/override-policy-settings.asciidoc new file mode 100644 index 000000000..c71c037e4 --- /dev/null +++ b/docs/en/ingest-management/override-policy-settings.asciidoc @@ -0,0 +1,79 @@ +[[enable-custom-policy-settings]] += Enable custom settings in an agent policy + +In certain cases it can be useful to enable custom settings that are not available in {fleet}, and that override the default behavior for {agent}. Examples include limiting the amount of CPU consumed by an agent, configuring the agent download timeout, and overriding the default port used for monitoring. + +WARNING: Use these custom settings with caution as it is intended for special cases. We do not test all possible combinations of settings which will be passed down to the components of {agent}, so it is possible that certain custom configurations can result in breakages. + +* <> +* <> +* <> + +[discrete] +[[limit-cpu-usage]] +== Limit CPU usage + +If you need to limit the amount of CPU consumption you can use the `agent.limits.go_max_procs` configuration option. This parameter limits the number of operating system threads that can be executing Go code simultaneously in each Go process. The `agent.limits.go_max_procs` option accepts an integer value not less than `0`, which is the default value that stands for "all available CPUs". + +The `agent.limits.go_max_procs` limit applies independently to the agent and each underlying Go process that it supervises. For example, if {agent} is configured to supervise two {beats} with `agent.limits.go_max_procs: 2` in the policy, then the total CPU limit is six, where each of the three processes (one {agent} and two {Beats}) may execute independently on two CPUs. + +This setting is similar to the {beats} {filebeat-ref}/configuration-general-options.html#_max_procs[`max_procs`] setting. For more detail, refer to the link:https://pkg.go.dev/runtime#GOMAXPROCS[GOMAXPROCS] function in the Go runtime documentation. + +To enable `agent.limits.go_max_procs`, run a <> request from the {kib} {kibana-ref}/console-kibana.html[Dev Tools console] to override your current {agent} policy and add the `go_max_procs` parameter. For example, to limit Go processes supervised by {agent} to two operating system threads each, run: + +[source,shell] +-- +PUT kbn:/api/fleet/agent_policies/ +{ + "name": "", + "namespace": "default", + "overrides": { + "agent": { + "limits": { + "go_max_procs": 2 + } + } + } +} +-- + +[discrete] +[[configure-agent-download-timeout]] +== Configure the agent download timeout + +You can configure the the amount of time that {agent} waits for an upgrade package download to complete. + +[source,shell] +-- +PUT kbn:/api/fleet/agent_policies/24292680-158e-11ee-b8ce-f39328f70950 +{ + "name": "Test policy", + "namespace": "default", + "overrides": { + "agent": { + "download": { + "timeout": "120s" + } + } + } +} +-- + + +[discrete] +[[override-default-monitoring-port]] +== Override the default monitoring port + +You can override the default port that {agent} uses to send monitoring data. It's useful to be able to adjust this setting if you have an application running on the machine on which the agent is deployed, and that is using the same port. + +[source,shell] +-- +PUT kbn:/api/fleet/agent_policies/eba679f0-c76e-11ee-9794-919aa176783b +{ + "name": "Agent policy 1", + "namespace": "default", + "overrides": { + "agent.monitoring.http.port": 6792 + } +} +-- From 1ad3244d29a87eeac36579340e5446f259b362a8 Mon Sep 17 00:00:00 2001 From: David Kilfoyle Date: Wed, 6 Mar 2024 09:49:35 -0500 Subject: [PATCH 2/3] Fixup --- docs/en/ingest-management/override-policy-settings.asciidoc | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/docs/en/ingest-management/override-policy-settings.asciidoc b/docs/en/ingest-management/override-policy-settings.asciidoc index c71c037e4..c94d2f530 100644 --- a/docs/en/ingest-management/override-policy-settings.asciidoc +++ b/docs/en/ingest-management/override-policy-settings.asciidoc @@ -3,7 +3,7 @@ In certain cases it can be useful to enable custom settings that are not available in {fleet}, and that override the default behavior for {agent}. Examples include limiting the amount of CPU consumed by an agent, configuring the agent download timeout, and overriding the default port used for monitoring. -WARNING: Use these custom settings with caution as it is intended for special cases. We do not test all possible combinations of settings which will be passed down to the components of {agent}, so it is possible that certain custom configurations can result in breakages. +WARNING: Use these custom settings with caution as they are intended for special cases. We do not test all possible combinations of settings which will be passed down to the components of {agent}, so it is possible that certain custom configurations can result in breakages. * <> * <> @@ -41,7 +41,7 @@ PUT kbn:/api/fleet/agent_policies/ [[configure-agent-download-timeout]] == Configure the agent download timeout -You can configure the the amount of time that {agent} waits for an upgrade package download to complete. +You can configure the the amount of time that {agent} waits for an upgrade package download to complete. This is useful in the case of a slow or intermittent network connection. [source,shell] -- @@ -59,7 +59,6 @@ PUT kbn:/api/fleet/agent_policies/24292680-158e-11ee-b8ce-f39328f70950 } -- - [discrete] [[override-default-monitoring-port]] == Override the default monitoring port From cfff9109b02965fc3164664997c6118202f49fcb Mon Sep 17 00:00:00 2001 From: David Kilfoyle Date: Wed, 6 Mar 2024 12:21:02 -0500 Subject: [PATCH 3/3] Fix whitespace; replace policy ID with placeholder --- .../override-policy-settings.asciidoc | 30 +++++++++---------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/docs/en/ingest-management/override-policy-settings.asciidoc b/docs/en/ingest-management/override-policy-settings.asciidoc index c94d2f530..9bb7b478c 100644 --- a/docs/en/ingest-management/override-policy-settings.asciidoc +++ b/docs/en/ingest-management/override-policy-settings.asciidoc @@ -45,17 +45,17 @@ You can configure the the amount of time that {agent} waits for an upgrade packa [source,shell] -- -PUT kbn:/api/fleet/agent_policies/24292680-158e-11ee-b8ce-f39328f70950 +PUT kbn:/api/fleet/agent_policies/ { - "name": "Test policy", - "namespace": "default", - "overrides": { - "agent": { - "download": { - "timeout": "120s" - } - } + "name": "Test policy", + "namespace": "default", + "overrides": { + "agent": { + "download": { + "timeout": "120s" + } } + } } -- @@ -67,12 +67,12 @@ You can override the default port that {agent} uses to send monitoring data. It' [source,shell] -- -PUT kbn:/api/fleet/agent_policies/eba679f0-c76e-11ee-9794-919aa176783b +PUT kbn:/api/fleet/agent_policies/ { - "name": "Agent policy 1", - "namespace": "default", - "overrides": { - "agent.monitoring.http.port": 6792 - } + "name": "Agent policy 1", + "namespace": "default", + "overrides": { + "agent.monitoring.http.port": 6792 + } } --