Cherry-pick #20929 to 7.8: Clarify use for shared_credential_file #21083
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
When starting beats as a service, the PID will be owned by the user that manages the service. This would be root in most cases. Users tend to run tests as non-root, running beats directly (./metricbeat) on the command line. Without the shared_credential_file path the beat checks for credentials under the user's home directory. When starting beats as a service, the home directory of the user managing the service (typically root) is different than what was being used in testing and development, which can be hard to figure out. (cherry picked from commit cbed0d6)
kaiyan-sheng
added
[zube]: In Review
backport
Team:Docs
botelastic
bot
added
the
needs_team
|
Pinging @elastic/obs-docs (Team:Docs) |
botelastic
bot
removed
the
needs_team
💚 Build Succeeded
Expand to view the summary
Build stats
|
ChrsMark
approved these changes
Sep 15, 2020
leweafan
pushed a commit
to leweafan/beats
that referenced
this pull request
Apr 28, 2023
(cherry picked from commit f2c9616) Co-authored-by: Kostas Botsas <kostas.botsas@elastic.co>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Cherry-pick of PR #20929 to 7.8 branch. Original message:
When starting Beats as a service, the Beat's PID will be owned by the user that manages the service. This would be root in most cases.
Users tend to run tests as non-root, running beats directly (./metricbeat) on the command line. Without the shared_credential_file path the beat checks for credentials under the user's home directory.
As a service, the home directory of the user managing the service (typically root) tends to be different than that of the user in testing and development, which can be difficult to figure out.
What does this PR do?
Clarifies AWS module's credential lookup behavior and when to use shared_credential_file to avoid ambiguity.
Why is it important?
Helps users avoid credential lookup issues, especially deviations between environments where Beats run as standalone process vs service.