Describe the bug:
Adding endpoint integration to a policy triggers a side effect (#79198) of installing detection index and rules. If installing those rules fails, the error is not caught correctly, and kibana crashes
Kibana/Elasticsearch Stack version:
kibana master @ 7e24ae6
Server OS version:
8.0.0-SNAPSHOT
Browser and Browser OS versions:
n/a
Elastic Endpoint version:
n/a
Original install method (e.g. download page, yum, from source, etc.):
kibana running from source yarn start --no-base-path
elasticsearch running from docker snapshot
docker run --rm -it \
-p 9200:9200 -p 9300:9300 \
-e discovery.type=single-node \
-e xpack.security.authc.api_key.enabled=true \
-e xpack.security.enabled=true \
-e xpack.license.self_generated.type=trial \
-e network.host=0.0.0.0 \
-e ELASTIC_PASSWORD=foo \
-e ES_JAVA_OPTS=-Xms4g -Xmx4g \
--ulimit=host \
--privileged
elasticsearch:8.0.0-SNAPSHOT
(similar to yarn es snapshot, but the rule installation only fails w/ docker snapshot)
Steps to reproduce:
- start es snapshot in docker
- start kibana
- navigate to fleet policy page ( http://localhost:5601/app/ingestManager#/policies )
- Click Default policy name
- Add integration
- Endpoint Security
- give it a name
- Kibana will crash on clicking Save
Current behavior:
Performing the detection rules installation seems to fail with HTTP 503 and ECONNRESET. Which, sure, that's an environment thing maybe. But The exception is not handled and kibana crashes
Expected behavior:
Flaky connections or other errors are gracefully handled
Screenshots (if relevant):
Errors in browser console (if relevant):
Provide logs and/or server output (if relevant):
server log [08:22:51.193] [error][data][elasticsearch] [ConnectionError]: read ECONNRESET
Unhandled Promise rejection detected:
{ ConnectionError: read ECONNRESET
at ClientRequest.request.on.err (/home/dan/dev/elastic/kibana/node_modules/@elastic/elasticsearch/lib/Connection.js:132:18)
at ClientRequest.emit (events.js:198:13)
at Socket.socketErrorListener (_http_client.js:401:9)
at Socket.emit (events.js:198:13)
at emitErrorNT (internal/streams/destroy.js:91:8)
at emitErrorAndCloseNT (internal/streams/destroy.js:59:3)
at process._tickCallback (internal/process/next_tick.js:63:19)
name: 'ConnectionError',
meta:
{ body: null,
statusCode: null,
headers: null,
meta:
{ context: null,
request: [Object],
name: 'elasticsearch-js',
connection: [Object],
attempts: 0,
aborted: false } },
isBoom: true,
isServer: true,
data: null,
output:
{ statusCode: 503,
payload:
{ statusCode: 503,
error: 'Service Unavailable',
message: 'read ECONNRESET' },
headers: {} },
[Symbol(SavedObjectsClientErrorCode)]: 'SavedObjectsClient/esUnavailable' }
Terminating process...
server crashed with status code 1
Any additional context (logs, chat logs, magical formulas, etc.):
Describe the bug:
Adding endpoint integration to a policy triggers a side effect (#79198) of installing detection index and rules. If installing those rules fails, the error is not caught correctly, and kibana crashes
Kibana/Elasticsearch Stack version:
kibana master @ 7e24ae6
Server OS version:
8.0.0-SNAPSHOT
Browser and Browser OS versions:
n/a
Elastic Endpoint version:
n/a
Original install method (e.g. download page, yum, from source, etc.):
kibana running from source
yarn start --no-base-pathelasticsearch running from docker snapshot
(similar to
yarn es snapshot, but the rule installation only fails w/ docker snapshot)Steps to reproduce:
Current behavior:
Performing the detection rules installation seems to fail with HTTP 503 and ECONNRESET. Which, sure, that's an environment thing maybe. But The exception is not handled and kibana crashes
Expected behavior:
Flaky connections or other errors are gracefully handled
Screenshots (if relevant):
Errors in browser console (if relevant):
Provide logs and/or server output (if relevant):
Any additional context (logs, chat logs, magical formulas, etc.):