[Fleet] enable feature flag enableSyncIntegrationsOnRemote

[juliaElastic]

Summary

Closes #217490

• Enable feature flag enableSyncIntegrationsOnRemote
• Added check to hide sync integrations feature in serverless
• Moved creating the follower index from Fleet setup to output create/update API and async task (create if does not exist)
• Follower index is not hidden for now, because if hidden, it's not showing up on the CCR UI

[elasticmachine]

Pinging @elastic/fleet (Team:Fleet)

[nchaulet]

🚀

[juliaElastic]

I found that there is an error in serverless when trying to query Cluster.remoteInfo.
I think we have to disable the feature altogether in serverless, as CCS and CCR is not supported in serverless.

[00:00:28]         │ debg --- retry.try failed again with the same message...
[00:00:29]         │ proc [kibana] [2025-05-07T07:28:12.465+00:00][ERROR][plugins.fleet] ResponseError: This API is unavailable in the version of Elasticsearch you are using.
[00:00:29]         │ proc [kibana]     at KibanaTransport._request (/opt/buildkite-agent/builds/bk-agent-prod-gcp-1746602353840141449/elastic/kibana-pull-request/kibana-build-xpack/node_modules/@elastic/transport/lib/Transport.js:547:27)
[00:00:29]         │ proc [kibana]     at processTicksAndRejections (node:internal/process/task_queues:95:5)
[00:00:29]         │ proc [kibana]     at /opt/buildkite-agent/builds/bk-agent-prod-gcp-1746602353840141449/elastic/kibana-pull-request/kibana-build-xpack/node_modules/@elastic/transport/lib/Transport.js:645:32
[00:00:29]         │ proc [kibana]     at KibanaTransport.request (/opt/buildkite-agent/builds/bk-agent-prod-gcp-1746602353840141449/elastic/kibana-pull-request/kibana-build-xpack/node_modules/@elastic/transport/lib/Transport.js:641:20)
[00:00:29]         │ proc [kibana]     at KibanaTransport.request (/opt/buildkite-agent/builds/bk-agent-prod-gcp-1746602353840141449/elastic/kibana-pull-request/kibana-build-xpack/node_modules/@kbn/core-elasticsearch-client-server-internal/src/create_transport.js:60:16)
[00:00:29]         │ proc [kibana]     at Cluster.remoteInfo (/opt/buildkite-agent/builds/bk-agent-prod-gcp-1746602353840141449/elastic/kibana-pull-request/kibana-build-xpack/node_modules/@elastic/elasticsearch/lib/api/api/cluster.js:688:16)
[00:00:29]         │ proc [kibana]     at createCCSIndexPatterns (/opt/buildkite-agent/builds/bk-agent-prod-gcp-1746602353840141449/elastic/kibana-pull-request/kibana-build-xpack/node_modules/@kbn/fleet-plugin/server/services/setup/fleet_synced_integrations.js:123:22)
[00:00:29]         │ proc [kibana]     at createSetupSideEffects (/opt/buildkite-agent/builds/bk-agent-prod-gcp-1746602353840141449/elastic/kibana-pull-request/kibana-build-xpack/node_modules/@kbn/fleet-plugin/server/services/setup.js:192:3)
[00:00:29]         │ proc [kibana]     at awaitIfPending (/opt/buildkite-agent/builds/bk-agent-prod-gcp-1746602353840141449/elastic/kibana-pull-request/kibana-build-xpack/node_modules/@kbn/fleet-plugin/server/services/setup_utils.js:35:20)
[00:00:29]         │ proc [kibana]     at setupFleet (/opt/buildkite-agent/builds/bk-agent-prod-gcp-1746602353840141449/elastic/kibana-pull-request/kibana-build-xpack/node_modules/@kbn/fleet-plugin/server/services/setup.js:73:14)
[00:00:29]         │ proc [kibana]     at fleetSetupHandler (/opt/buildkite-agent/builds/bk-agent-prod-gcp-1746602353840141449/elastic/kibana-pull-request/kibana-build-xpack/node_modules/@kbn/fleet-plugin/server/routes/setup/handlers.js:59:23)
[00:00:29]         │ proc [kibana]     at defaultErrorHandlerWrapper (/opt/buildkite-agent/builds/bk-agent-prod-gcp-1746602353840141449/elastic/kibana-pull-request/kibana-build-xpack/node_modules/@kbn/fleet-plugin/server/services/security/fleet_router.js:40:14)
[00:00:29]         │ proc [kibana]     at CoreVersionedRoute.handle (/opt/buildkite-agent/builds/bk-agent-prod-gcp-1746602353840141449/elastic/kibana-pull-request/kibana-build-xpack/node_modules/@kbn/core-http-router-server-internal/src/versioned_router/core_versioned_route.js:104:22)
[00:00:29]         │ proc [kibana]     at Router.handle (/opt/buildkite-agent/builds/bk-agent-prod-gcp-1746602353840141449/elastic/kibana-pull-request/kibana-build-xpack/node_modules/@kbn/core-http-router-server-internal/src/router.js:127:30)
[00:00:29]         │ proc [kibana]     at handler (/opt/buildkite-agent/builds/bk-agent-prod-gcp-1746602353840141449/elastic/kibana-pull-request/kibana-build-xpack/node_modules/@kbn/core-http-router-server-internal/src/router.js:113:52)
[00:00:29]         │ proc [kibana]     at exports.Manager.execute (/opt/buildkite-agent/builds/bk-agent-prod-gcp-1746602353840141449/elastic/kibana-pull-request/kibana-build-xpack/node_modules/@hapi/hapi/lib/toolkit.js:60:28)
[00:00:29]         │ proc [kibana]     at Object.internals.handler (/opt/buildkite-agent/builds/bk-agent-prod-gcp-1746602353840141449/elastic/kibana-pull-request/kibana-build-xpack/node_modules/@hapi/hapi/lib/handler.js:46:20)
[00:00:29]         │ proc [kibana]     at exports.execute (/opt/buildkite-agent/builds/bk-agent-prod-gcp-1746602353840141449/elastic/kibana-pull-request/kibana-build-xpack/node_modules/@hapi/hapi/lib/handler.js:31:20)
[00:00:29]         │ proc [kibana]     at Request._lifecycle (/opt/buildkite-agent/builds/bk-agent-prod-gcp-1746602353840141449/elastic/kibana-pull-request/kibana-build-xpack/node_modules/@hapi/hapi/lib/request.js:370:32)
[00:00:29]         │ proc [kibana]     at Request._execute (/opt/buildkite-agent/builds/bk-agent-prod-gcp-1746602353840141449/elastic/kibana-pull-request/kibana-build-xpack/node_modules/@hapi/hapi/lib/request.js:280:9) {"service":{"node":{"roles":["background_tasks","ui"]}}}
[00:00:29]         │ warn browser[SEVERE] http://localhost:5620/api/fleet/setup - Failed to load resource: the server responded with a status of 500 (Internal Server Error)

Hiding sync feature from UI and API on serverless

[TattdCodeMonkey]

The change to set enableSyncIntegrationsOnRemote: true is resulting in the index fleet-synced-integrations to be created which is breaking the search tests.

The broken tests are testing our onboarding flows which expect no non-system indices to exist. Which is why those tests are failing on this PR.

Why is fleet-synced-integrations not hidden or not a system index?

[TattdCodeMonkey]

please do not skip these tests, your changes broke them

[TattdCodeMonkey]

your changes broke these tests

[juliaElastic]

The change to set enableSyncIntegrationsOnRemote: true is resulting in the index fleet-synced-integrations to be created which is breaking the search tests.

The broken tests are testing our onboarding flows which expect no non-system indices to exist. Which is why those tests are failing on this PR.

Why is fleet-synced-integrations not hidden or not a system index?

@TattdCodeMonkey Thanks for reviewing, I didn't realize the tests broke because of the new index.
We need a non-system index to be able to use CCR for a feature, more context here: #206237
Should I change the tests to allow this index?

[TattdCodeMonkey]

Should I change the tests to allow this index?

No, thats a larger discussion. We would need to update our code to ignore that index when we're checking for indices. Which is a bit of a hack. We'll have to discuss further what we should do in this case.

[serenachou]

@juliaElastic I think the more pressing concern is that Elasticsearch Index Management will show this index by default to customers.

As the ES product lead, this is internally relevant, and shouldn't be messed around with by customers. Also, having this not hidden means that our telemetry starts to track this as a potential signal that this ES cluster has ingestion (to signify better paid conversion etc) and that's not true because we have created this for the user on their behalf. By breaking the convention we introduce more problems. Where can we discuss this in more detail?

[kpollich]

I think we have two options to fix this, and we need to fix it on the Fleet side before we can enable this feature flag.

First, we should try to make this index hidden. I don't think there's anything preventing us from CCRing hidden indices, and I imagine this would fix the false signal issue for onboarding and user data flagging.

Second, we should fix this more robustly by only creating the index on-demand when a user takes some action. We initially wanted a more purposed onboarding flow for setting up the integration sync feature across clusters, but opted for a "follow these docs to enable CCR and set up the indices on each cluster" manual process. If we had a more purposed onboarding UX here we could defer creation of this index until the user actually opts into syncing integrations, which would be the "most correct" approach here.

We should do both of these things, if possible, where marking the index as hidden is the quick fix and providing a more robust UX that defers index creation until the user opts in is the more involved architectural correction.

@juliaElastic let me know what you think about this.

[juliaElastic]

I made the change to make fleet-synced-integrations index hidden, and it seems to work, however after adding the follower index on the hidden index, it is not showing up in the list, even though the follower index is created and the replication works.
It seems the API /api/cross_cluster_replication/follower_indices doesn't return hidden indices, which is a bad UX as users will be confused that the follower index is not showing up on the UI. The code is here.
I'm not sure if we can change this API to return hidden indices too.

Main cluster:

Remote cluster:

GET _all/_ccr/info

{
  "follower_indices": []
}

GET _all/_ccr/stats

{
  "indices": [
    {
      "index": "fleet-synced-integrations-ccr-local",
      "total_global_checkpoint_lag": 0,
      "shards": [
        {
          "remote_cluster": "local",
          "leader_index": "fleet-synced-integrations",
          "follower_index": "fleet-synced-integrations-ccr-local",
          "shard_id": 0,
          "leader_global_checkpoint": 10,
          "leader_max_seq_no": 10,
          "follower_global_checkpoint": 10,
          "follower_max_seq_no": 10,
          "last_requested_seq_no": 10,
          "outstanding_read_requests": 1,
          "outstanding_write_requests": 0,
          "write_buffer_operation_count": 0,
          "write_buffer_size_in_bytes": 0,
          "follower_mapping_version": 1,
          "follower_settings_version": 2,
          "follower_aliases_version": 1,
          "total_read_time_millis": 325843,
          "total_read_remote_exec_time_millis": 325831,
          "successful_read_requests": 7,
          "failed_read_requests": 0,
          "operations_read": 7,
          "bytes_read": 4921,
          "total_write_time_millis": 354,
          "successful_write_requests": 7,
          "failed_write_requests": 0,
          "operations_written": 7,
          "read_exceptions": [],
          "time_since_last_read_millis": 9330
        }
      ]
    }
  ]
}

[criamico]

So with the hidden index do we always have an empty response as below?

GET _all/_ccr/info

{
  "follower_indices": []
}

We rely on the ccr info api in getFollowerIndex to get the integrations doc, so I'm wondering if everything will work as expected.

[juliaElastic]

removed the canEnableSyncIntegrations() check because it seems licenceService is not available when this code runs in kibana start

[juliaElastic]

I made the change to create the follower index only if the sync is enabled on a remote output. This fixes the failed tests in onboarding.
Also reverted the change to make the follower index hidden for now, because it doesn't work well with the CCR UI and it would be confusing to users.
This should probably be an enhancement on the ES API side to support returning hidden indices in the _ccr/info API.

cc @kpollich

[criamico]

should this be removed?

[criamico]

I'm confused if wait_for_active_shards is is still needed, I thought it was decided to remove the hidden: true ?

[juliaElastic]

it's an optional parameter, not related to hidden, copied it from the docs: https://www.elastic.co/guide/en/elasticsearch/reference/8.18/ccr-put-follow.html

[criamico]

LGTM 🚢

[jillguyonnet]

LGTM 🚀

[elasticmachine]

💚 Build Succeeded

• Buildkite Build
• Commit: a08b8da

Metrics [docs]

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id	before	after	diff
fleet	1.7MB	1.7MB	+100.0B

History

• 💔 Build #304693 failed 5b48a3c
• 💔 Build #304531 failed 8a55b0c
• 💛 Build #304247 was flaky b8c118f
• 💔 Build #304041 failed 6236b00
• 💔 Build #304022 failed 072b268

cc @juliaElastic

fixed the cause of failing onboarding tests