in internal/pkg/agent/cmd/container.go [412:532]
func buildEnrollArgs(cfg setupConfig, token string, policyID string) ([]string, error) {
args := []string{
"enroll", "-f",
"-c", paths.ConfigFile(),
"--path.home", paths.Top(), // --path.home actually maps to paths.Top()
"--path.config", paths.Config(),
"--path.logs", paths.Logs(),
"--path.socket", paths.ControlSocket(),
"--skip-daemon-reload",
}
if paths.Downloads() != "" {
args = append(args, "--path.downloads", paths.Downloads())
}
if !paths.IsVersionHome() {
args = append(args, "--path.home.unversioned")
}
if tags := envWithDefault("", "ELASTIC_AGENT_TAGS"); tags != "" {
args = append(args, "--tag", tags)
}
if cfg.FleetServer.Enable {
connStr, err := buildFleetServerConnStr(cfg.FleetServer)
if err != nil {
return nil, err
}
args = append(args, "--fleet-server-es", connStr)
if cfg.FleetServer.Elasticsearch.ServiceTokenPath != "" {
args = append(args, "--fleet-server-service-token-path", cfg.FleetServer.Elasticsearch.ServiceTokenPath)
} else if cfg.FleetServer.Elasticsearch.ServiceTokenPath == "" && cfg.FleetServer.Elasticsearch.ServiceToken != "" {
args = append(args, "--fleet-server-service-token", cfg.FleetServer.Elasticsearch.ServiceToken)
}
if policyID != "" {
args = append(args, "--fleet-server-policy", policyID)
}
if cfg.FleetServer.Elasticsearch.CA != "" {
args = append(args, "--fleet-server-es-ca", cfg.FleetServer.Elasticsearch.CA)
}
if cfg.FleetServer.Elasticsearch.CATrustedFingerprint != "" {
args = append(args, "--fleet-server-es-ca-trusted-fingerprint", cfg.FleetServer.Elasticsearch.CATrustedFingerprint)
}
if cfg.FleetServer.Elasticsearch.Cert != "" {
args = append(args, "--fleet-server-es-cert", cfg.FleetServer.Elasticsearch.Cert)
}
if cfg.FleetServer.Elasticsearch.CertKey != "" {
args = append(args, "--fleet-server-es-cert-key", cfg.FleetServer.Elasticsearch.CertKey)
}
if cfg.FleetServer.Host != "" {
args = append(args, "--fleet-server-host", cfg.FleetServer.Host)
}
if cfg.FleetServer.Port != "" {
args = append(args, "--fleet-server-port", cfg.FleetServer.Port)
}
if cfg.FleetServer.Cert != "" {
args = append(args, "--fleet-server-cert", cfg.FleetServer.Cert)
}
if cfg.FleetServer.CertKey != "" {
args = append(args, "--fleet-server-cert-key", cfg.FleetServer.CertKey)
}
if cfg.FleetServer.PassphrasePath != "" {
args = append(args, "--fleet-server-cert-key-passphrase", cfg.FleetServer.PassphrasePath)
}
if cfg.FleetServer.ClientAuth != "" {
args = append(args, "--fleet-server-client-auth", cfg.FleetServer.ClientAuth)
}
for k, v := range cfg.FleetServer.Headers {
args = append(args, "--header", k+"="+v)
}
if cfg.Fleet.URL != "" {
args = append(args, "--url", cfg.Fleet.URL)
}
if cfg.FleetServer.InsecureHTTP {
args = append(args, "--fleet-server-insecure-http")
}
if cfg.FleetServer.InsecureHTTP || cfg.Fleet.Insecure {
args = append(args, "--insecure")
}
if cfg.FleetServer.Elasticsearch.Insecure {
args = append(args, "--fleet-server-es-insecure")
}
if cfg.FleetServer.Timeout != 0 {
args = append(args, "--fleet-server-timeout")
args = append(args, cfg.FleetServer.Timeout.String())
}
} else {
if cfg.Fleet.URL == "" {
return nil, errors.New("FLEET_URL is required when FLEET_ENROLL is true without FLEET_SERVER_ENABLE")
}
args = append(args, "--url", cfg.Fleet.URL)
if cfg.Fleet.Insecure {
args = append(args, "--insecure")
}
}
if cfg.Fleet.CA != "" {
args = append(args, "--certificate-authorities", cfg.Fleet.CA)
}
if token != "" {
args = append(args, "--enrollment-token", token)
}
if cfg.Fleet.ID != "" {
args = append(args, "--id", cfg.Fleet.ID)
}
if cfg.Fleet.ReplaceToken != "" {
args = append(args, "--replace-token", cfg.Fleet.ReplaceToken)
}
if cfg.Fleet.DaemonTimeout != 0 {
args = append(args, "--daemon-timeout")
args = append(args, cfg.Fleet.DaemonTimeout.String())
}
if cfg.Fleet.EnrollTimeout != 0 {
args = append(args, "--enroll-timeout")
args = append(args, cfg.Fleet.EnrollTimeout.String())
}
if cfg.Fleet.Cert != "" {
args = append(args, "--elastic-agent-cert", cfg.Fleet.Cert)
}
if cfg.Fleet.CertKey != "" {
args = append(args, "--elastic-agent-cert-key", cfg.Fleet.CertKey)
}
return args, nil
}