[Fleet] Use type@lifecycle ILMs for new package installs

[juliaElastic]

Summary

Closes https://github.com/elastic/ingest-dev/issues/6082

Start using type@lifecycle ILM policies when installing new packages and record migration status.

To test:

• install a package e.g. system
• verify that the migration status is saved
• verify that the type@lifecycle ILM policies are used

[2025-11-11T10:21:53.722+01:00][INFO ][plugins.fleet] Saving ILM migration status changes: [["logs","success"],["metrics","success"],["synthetics",null]]

GET .kibana_ingest/_doc/ingest_manager_settings:fleet-default-settings

"_source": {
    "ingest_manager_settings": {
      "prerelease_integrations_enabled": true,
      "use_space_awareness_migration_status": "success",
      "ilm_migration_status": {
        "logs": "success",
        "metrics": "success"
      }
    },

Checklist

Check the PR satisfies following conditions.

Reviewers should verify this PR satisfies this list as well.

• Any text added follows EUI's writing guidelines, uses sentence case text and includes i18n support
• Documentation was added for features that require explanation or tutorials
• Unit or functional tests were updated or added to match the most common scenarios
• If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the docker list
• This was checked for breaking HTTP API changes, and any breaking changes have been approved by the breaking-change committee. The release_note:breaking label should be applied in these situations.
• Flaky Test Runner was used on any tests changed
• The PR description includes the appropriate Release Notes section, and the correct release_note:* label is applied per the guidelines
• Review the backport guidelines and apply applicable backport:* labels.

Identify risks

Does this PR introduce any risks? For example, consider risks like hard to test bugs, performance regression, potential of data loss.

Describe the risk, its severity, and mitigation for each identified risk. Invite stakeholders and evaluate how to proceed before merging.

• See some risk examples
• ...

[juliaElastic]

code LGTM, @juliaElastic I am curious if we could maybe move some complexity from the template install codepath that is already complex and have a dedicated step in package install maybe something, package_install_precheck where we could build the ilm_migration status for all types, and eventually create the global component ES assets in the future, wdyt?

Good idea, we can do that. The difference would be that for each package installation we would check the migration status for all types (logs, metrics, synthetics), not only for those data stream types that are part of the package. I think it should be fine, we want to do the migration sooner than later.

[azasypkin]

The PR adds a new migration to the GLOBAL_SETTINGS_SAVED_OBJECT_TYPE (ingest_manager_settings) saved object type that doesn't seem to be an encrypted saved object, so LGTM from the security perspective.

[nchaulet]

code LGTM 🚀

[seanrathier]

LGTM

[jesuswr]

There's a property defined in the mappings but not in the schema, not sure if it's intentional: fleet_server_hosts: { type: 'keyword' }

[juliaElastic]

I think it's a deprecated field that's no longer used in the SettingsSchema.
It was removed from the API here: https://github.com/elastic/kibana/pull/198799/files#diff-928c69c436a8c2e0ba247288a26603a901701e6ca70b2db67a22e3ed757efb68

[tiansivive]

LGTM from EA

[elasticmachine]

💛 Build succeeded, but was flaky

• Buildkite Build
• Commit: d00d92a

Failed CI Steps

• Scout Test Run Builder

Test Failures

• [job] [logs] Scout Test Run Builder / serverless-security - EUI testing wrapper: EuiToast - toast
• [job] [logs] Scout Test Run Builder / toast

Metrics [docs]

✅ unchanged

History

• 💔 Build #361249 failed 9268f46
• 💔 Build #361237 failed 1b59224
• 💔 Build #360665 failed fc5f667
• 💔 Build #360576 failed 3821d63
• 💔 Build #360534 failed 3540b22