[Internal]: Document Known Issue: Elastic Agent DEB/RPM Upgrades May Fail When Tamper Protection Is Enabled #2636
Description
Description
DEB or RPM upgrades of Elastic Agent may fail when Tamper Protection is enabled while the Elastic Defend integration is installed. When this occurs, the upgrade log will contain output like the following:
Invalid uninstall token: exit status 28
Managed upgrades performed through Fleet are unaffected. This issue only impacts manual DEB/RPM upgrades.
Affected and Fixed Versions
This issue occurs when performing DEB and RPM upgrades from the following versions:
- 8.19.2
- 9.1.2
The issue is fixed in the following versions. Upgrades to these versions (and later) are unaffected by this issue:
- 8.19.3
- 9.1.3
Workarounds
Stop elastic-agent service before upgrading
Before installing the Elastic Agent deb/rpm, run systemctl stop elastic-agent then proceed with the installation. This should work even when “upgrading” to the same version/commit.
Temporarily Remove Defend
Before performing the upgrade, move Agent to a policy without the Elastic Defend integration, wait for the change to take effect, perform the upgrade, then move Agent back to its former policy.
Disable Tamper Protection
Before performing the upgrade, disable Tamper Protection in Agent policy, wait for the change to take effect, perform the upgrade, then move Agent back to its former policy.
Resources
Fixed in elastic/elastic-agent#9462
Which documentation set does this change impact?
Elastic On-Prem and Cloud (all)
Feature differences
N/A
What release is this request related to?
N/A
Serverless release
Unknown
Collaboration model
The engineering team
Point of contact.
Main contact: @gabriellandau
Stakeholders: @pkoutsovasilis