Support manual rollback for Fleet-managed agents #11143
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
|
This pull request does not have a backport label. Could you fix it @pchila? 🙏
|
Contributor
|
This pull request is now in conflicts. Could you fix it? 🙏 |
pchila
force-pushed
the
add-rollback-flag-to-update-action
branch
2 times, most recently
from
2d1051f to
d79ff2e
Compare
8 tasks
pchila
force-pushed
the
add-rollback-flag-to-update-action
branch
from
d79ff2e to
cbd20bb
Compare
pchila
changed the title
This was
linked to
issues
Nov 27, 2025
Contributor
💛 Build succeeded, but was flaky
Failed CI StepsHistory
cc @pchila |
pchila
added
enhancement
Contributor
|
Pinging @elastic/elastic-agent-control-plane (Team:Elastic-Agent-Control-Plane) |
swiatekm
approved these changes
Dec 3, 2025
Contributor
swiatekm
left a comment
swiatekm
left a comment
There was a problem hiding this comment.
I haven't tried to manually test this, but the logic looks good to me.
blakerouse
approved these changes
Dec 9, 2025
Contributor
blakerouse
left a comment
blakerouse
left a comment
There was a problem hiding this comment.
I am also good with these changes. Looks good and has good testing coverage.
8 tasks
6 tasks
jillguyonnet
added a commit
to elastic/kibana
that referenced
this pull request
Jan 6, 2026
## Summary Closes elastic/ingest-dev#6212 This PR adds Fleet support for Elastic Agent upgrade rollback (main issue: elastic/ingest-dev#3971). Key points: * Feature is behind `enableAgentRollback` feature flag * Feature is only available for Enterprise license * New single agent upgrade rollback API endpoint: `POST /api/fleet/agents/{agentId}/rollback` * New bulk agent upgrade rollback API endpoint: `POST /api/fleet/agents/bulk_rollback` * Upgrade rollback generates an `UPGRADE` type agent action with `rollback: true` and the rollback version set by the agent * For multiple agents, one action per rollback version is generated * Single agent and bulk upgrade rollback available from Fleet UI ### Screenshots Single agent confirmation modal: <img width="1919" height="773" alt="Screenshot 2025-12-23 at 16 06 09" src="https://github.com/user-attachments/assets/6b3948b6-b530-4c18-b2b8-8763234ae75d" /> Multiple agents confirmation modal: <img width="1919" height="773" alt="Screenshot 2025-12-23 at 16 02 29" src="https://github.com/user-attachments/assets/1b7e36b2-7c67-4b17-aae5-75a86fb7e015" /> Action result example: <img width="1919" height="881" alt="Screenshot 2025-12-23 at 16 01 24" src="https://github.com/user-attachments/assets/f84eb8bb-fc55-4fb7-ac22-48042da87718" /> If action was correctly created and rollback failed, it shows in the agent's upgrade details: <img width="1919" height="881" alt="Screenshot 2025-12-23 at 15 40 41" src="https://github.com/user-attachments/assets/3aa51fcb-12ac-4c59-920f-6d685605fe09" /> ### Testing Properly testing agent rollback is not straightforward right now as the feature is new and requires a "rollbackable" upgrade. See elastic/elastic-agent#11143 for steps. Alternatively, the agent document can be directly edited with fake upgrade rollback information in order to test that Fleet behaves correctly (the action will fail in this case). Scenarios to check: * Single agent * If no upgrade rollback, UI element should be disabled and API request should fail fast * Same if agent has expired rollback * If agent has a valid rollback, an `UPGRADE` type action should be created with `rollback: true` and the correct rollback version * Multiple agents * Should work with list of agent ids (manual selection in the UI) * Should work with agent kuery (select all in the UI) * If agents have different rollback versions, there should be one action per version * Agents not found and agents with no (valid) rollback should generate corresponding action errors ### Checklist - [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [ ] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [x] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels. ### Identify risks This is a new experimental feature behind the `enableAgentRollback` feature flag and leaves existing flows largely untouched. ## Release note Adds capability for rolling back a recent upgrade of a Fleet-managed Elastic Agent upgrade using Fleet UI or API. --------- Co-authored-by: kibanamachine <[email protected]> Co-authored-by: Elastic Machine <[email protected]>
dej611
pushed a commit
to dej611/kibana
that referenced
this pull request
Jan 8, 2026
## Summary Closes elastic/ingest-dev#6212 This PR adds Fleet support for Elastic Agent upgrade rollback (main issue: elastic/ingest-dev#3971). Key points: * Feature is behind `enableAgentRollback` feature flag * Feature is only available for Enterprise license * New single agent upgrade rollback API endpoint: `POST /api/fleet/agents/{agentId}/rollback` * New bulk agent upgrade rollback API endpoint: `POST /api/fleet/agents/bulk_rollback` * Upgrade rollback generates an `UPGRADE` type agent action with `rollback: true` and the rollback version set by the agent * For multiple agents, one action per rollback version is generated * Single agent and bulk upgrade rollback available from Fleet UI ### Screenshots Single agent confirmation modal: <img width="1919" height="773" alt="Screenshot 2025-12-23 at 16 06 09" src="https://github.com/user-attachments/assets/6b3948b6-b530-4c18-b2b8-8763234ae75d" /> Multiple agents confirmation modal: <img width="1919" height="773" alt="Screenshot 2025-12-23 at 16 02 29" src="https://github.com/user-attachments/assets/1b7e36b2-7c67-4b17-aae5-75a86fb7e015" /> Action result example: <img width="1919" height="881" alt="Screenshot 2025-12-23 at 16 01 24" src="https://github.com/user-attachments/assets/f84eb8bb-fc55-4fb7-ac22-48042da87718" /> If action was correctly created and rollback failed, it shows in the agent's upgrade details: <img width="1919" height="881" alt="Screenshot 2025-12-23 at 15 40 41" src="https://github.com/user-attachments/assets/3aa51fcb-12ac-4c59-920f-6d685605fe09" /> ### Testing Properly testing agent rollback is not straightforward right now as the feature is new and requires a "rollbackable" upgrade. See elastic/elastic-agent#11143 for steps. Alternatively, the agent document can be directly edited with fake upgrade rollback information in order to test that Fleet behaves correctly (the action will fail in this case). Scenarios to check: * Single agent * If no upgrade rollback, UI element should be disabled and API request should fail fast * Same if agent has expired rollback * If agent has a valid rollback, an `UPGRADE` type action should be created with `rollback: true` and the correct rollback version * Multiple agents * Should work with list of agent ids (manual selection in the UI) * Should work with agent kuery (select all in the UI) * If agents have different rollback versions, there should be one action per version * Agents not found and agents with no (valid) rollback should generate corresponding action errors ### Checklist - [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [ ] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [x] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels. ### Identify risks This is a new experimental feature behind the `enableAgentRollback` feature flag and leaves existing flows largely untouched. ## Release note Adds capability for rolling back a recent upgrade of a Fleet-managed Elastic Agent upgrade using Fleet UI or API. --------- Co-authored-by: kibanamachine <[email protected]> Co-authored-by: Elastic Machine <[email protected]>
devamanv
pushed a commit
to devamanv/kibana
that referenced
this pull request
Jan 12, 2026
## Summary Closes elastic/ingest-dev#6212 This PR adds Fleet support for Elastic Agent upgrade rollback (main issue: elastic/ingest-dev#3971). Key points: * Feature is behind `enableAgentRollback` feature flag * Feature is only available for Enterprise license * New single agent upgrade rollback API endpoint: `POST /api/fleet/agents/{agentId}/rollback` * New bulk agent upgrade rollback API endpoint: `POST /api/fleet/agents/bulk_rollback` * Upgrade rollback generates an `UPGRADE` type agent action with `rollback: true` and the rollback version set by the agent * For multiple agents, one action per rollback version is generated * Single agent and bulk upgrade rollback available from Fleet UI ### Screenshots Single agent confirmation modal: <img width="1919" height="773" alt="Screenshot 2025-12-23 at 16 06 09" src="https://github.com/user-attachments/assets/6b3948b6-b530-4c18-b2b8-8763234ae75d" /> Multiple agents confirmation modal: <img width="1919" height="773" alt="Screenshot 2025-12-23 at 16 02 29" src="https://github.com/user-attachments/assets/1b7e36b2-7c67-4b17-aae5-75a86fb7e015" /> Action result example: <img width="1919" height="881" alt="Screenshot 2025-12-23 at 16 01 24" src="https://github.com/user-attachments/assets/f84eb8bb-fc55-4fb7-ac22-48042da87718" /> If action was correctly created and rollback failed, it shows in the agent's upgrade details: <img width="1919" height="881" alt="Screenshot 2025-12-23 at 15 40 41" src="https://github.com/user-attachments/assets/3aa51fcb-12ac-4c59-920f-6d685605fe09" /> ### Testing Properly testing agent rollback is not straightforward right now as the feature is new and requires a "rollbackable" upgrade. See elastic/elastic-agent#11143 for steps. Alternatively, the agent document can be directly edited with fake upgrade rollback information in order to test that Fleet behaves correctly (the action will fail in this case). Scenarios to check: * Single agent * If no upgrade rollback, UI element should be disabled and API request should fail fast * Same if agent has expired rollback * If agent has a valid rollback, an `UPGRADE` type action should be created with `rollback: true` and the correct rollback version * Multiple agents * Should work with list of agent ids (manual selection in the UI) * Should work with agent kuery (select all in the UI) * If agents have different rollback versions, there should be one action per version * Agents not found and agents with no (valid) rollback should generate corresponding action errors ### Checklist - [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [ ] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [x] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels. ### Identify risks This is a new experimental feature behind the `enableAgentRollback` feature flag and leaves existing flows largely untouched. ## Release note Adds capability for rolling back a recent upgrade of a Fleet-managed Elastic Agent upgrade using Fleet UI or API. --------- Co-authored-by: kibanamachine <[email protected]> Co-authored-by: Elastic Machine <[email protected]>
jillguyonnet
added a commit
to jillguyonnet/kibana
that referenced
this pull request
Jan 15, 2026
## Summary Closes elastic/ingest-dev#6212 This PR adds Fleet support for Elastic Agent upgrade rollback (main issue: elastic/ingest-dev#3971). Key points: * Feature is behind `enableAgentRollback` feature flag * Feature is only available for Enterprise license * New single agent upgrade rollback API endpoint: `POST /api/fleet/agents/{agentId}/rollback` * New bulk agent upgrade rollback API endpoint: `POST /api/fleet/agents/bulk_rollback` * Upgrade rollback generates an `UPGRADE` type agent action with `rollback: true` and the rollback version set by the agent * For multiple agents, one action per rollback version is generated * Single agent and bulk upgrade rollback available from Fleet UI ### Screenshots Single agent confirmation modal: <img width="1919" height="773" alt="Screenshot 2025-12-23 at 16 06 09" src="https://github.com/user-attachments/assets/6b3948b6-b530-4c18-b2b8-8763234ae75d" /> Multiple agents confirmation modal: <img width="1919" height="773" alt="Screenshot 2025-12-23 at 16 02 29" src="https://github.com/user-attachments/assets/1b7e36b2-7c67-4b17-aae5-75a86fb7e015" /> Action result example: <img width="1919" height="881" alt="Screenshot 2025-12-23 at 16 01 24" src="https://github.com/user-attachments/assets/f84eb8bb-fc55-4fb7-ac22-48042da87718" /> If action was correctly created and rollback failed, it shows in the agent's upgrade details: <img width="1919" height="881" alt="Screenshot 2025-12-23 at 15 40 41" src="https://github.com/user-attachments/assets/3aa51fcb-12ac-4c59-920f-6d685605fe09" /> ### Testing Properly testing agent rollback is not straightforward right now as the feature is new and requires a "rollbackable" upgrade. See elastic/elastic-agent#11143 for steps. Alternatively, the agent document can be directly edited with fake upgrade rollback information in order to test that Fleet behaves correctly (the action will fail in this case). Scenarios to check: * Single agent * If no upgrade rollback, UI element should be disabled and API request should fail fast * Same if agent has expired rollback * If agent has a valid rollback, an `UPGRADE` type action should be created with `rollback: true` and the correct rollback version * Multiple agents * Should work with list of agent ids (manual selection in the UI) * Should work with agent kuery (select all in the UI) * If agents have different rollback versions, there should be one action per version * Agents not found and agents with no (valid) rollback should generate corresponding action errors ### Checklist - [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [ ] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [x] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels. ### Identify risks This is a new experimental feature behind the `enableAgentRollback` feature flag and leaves existing flows largely untouched. ## Release note Adds capability for rolling back a recent upgrade of a Fleet-managed Elastic Agent upgrade using Fleet UI or API. --------- Co-authored-by: kibanamachine <[email protected]> Co-authored-by: Elastic Machine <[email protected]> (cherry picked from commit f4ab534)
jillguyonnet
added a commit
to elastic/kibana
that referenced
this pull request
Jan 16, 2026
# Backport This will backport the following commits from `main` to `9.3`: - [[Fleet] Implement agent upgrade rollback (#247398)](#247398) <!--- Backport version: 10.2.0 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Jill Guyonnet","email":"[email protected]"},"sourceCommit":{"committedDate":"2026-01-06T16:34:36Z","message":"[Fleet] Implement agent upgrade rollback (#247398)\n\n## Summary\n\nCloses https://github.com/elastic/ingest-dev/issues/6212\n\nThis PR adds Fleet support for Elastic Agent upgrade rollback (main\nissue: https://github.com/elastic/ingest-dev/issues/3971).\n\nKey points:\n* Feature is behind `enableAgentRollback` feature flag\n* Feature is only available for Enterprise license\n* New single agent upgrade rollback API endpoint: `POST\n/api/fleet/agents/{agentId}/rollback`\n* New bulk agent upgrade rollback API endpoint: `POST\n/api/fleet/agents/bulk_rollback`\n* Upgrade rollback generates an `UPGRADE` type agent action with\n`rollback: true` and the rollback version set by the agent\n* For multiple agents, one action per rollback version is generated\n* Single agent and bulk upgrade rollback available from Fleet UI\n\n### Screenshots\n\nSingle agent confirmation modal:\n<img width=\"1919\" height=\"773\" alt=\"Screenshot 2025-12-23 at 16 06 09\"\nsrc=\"https://github.com/user-attachments/assets/6b3948b6-b530-4c18-b2b8-8763234ae75d\"\n/>\n\nMultiple agents confirmation modal:\n<img width=\"1919\" height=\"773\" alt=\"Screenshot 2025-12-23 at 16 02 29\"\nsrc=\"https://github.com/user-attachments/assets/1b7e36b2-7c67-4b17-aae5-75a86fb7e015\"\n/>\n\nAction result example:\n<img width=\"1919\" height=\"881\" alt=\"Screenshot 2025-12-23 at 16 01 24\"\nsrc=\"https://github.com/user-attachments/assets/f84eb8bb-fc55-4fb7-ac22-48042da87718\"\n/>\n\nIf action was correctly created and rollback failed, it shows in the\nagent's upgrade details:\n<img width=\"1919\" height=\"881\" alt=\"Screenshot 2025-12-23 at 15 40 41\"\nsrc=\"https://github.com/user-attachments/assets/3aa51fcb-12ac-4c59-920f-6d685605fe09\"\n/>\n\n### Testing\n\nProperly testing agent rollback is not straightforward right now as the\nfeature is new and requires a \"rollbackable\" upgrade. See\nhttps://github.com/elastic/elastic-agent/pull/11143 for steps.\n\nAlternatively, the agent document can be directly edited with fake\nupgrade rollback information in order to test that Fleet behaves\ncorrectly (the action will fail in this case).\n\nScenarios to check:\n* Single agent\n* If no upgrade rollback, UI element should be disabled and API request\nshould fail fast\n * Same if agent has expired rollback\n* If agent has a valid rollback, an `UPGRADE` type action should be\ncreated with `rollback: true` and the correct rollback version\n* Multiple agents\n * Should work with list of agent ids (manual selection in the UI)\n * Should work with agent kuery (select all in the UI)\n* If agents have different rollback versions, there should be one action\nper version\n* Agents not found and agents with no (valid) rollback should generate\ncorresponding action errors\n\n### Checklist\n\n- [ ] Any text added follows [EUI's writing\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\nsentence case text and includes [i18n\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\n- [ ]\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\nwas added for features that require explanation or tutorials\n- [x] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n- [ ] [Flaky Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\nused on any tests changed\n- [ ] The PR description includes the appropriate Release Notes section,\nand the correct `release_note:*` label is applied per the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n- [x] Review the [backport\nguidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing)\nand apply applicable `backport:*` labels.\n\n### Identify risks\n\nThis is a new experimental feature behind the `enableAgentRollback`\nfeature flag and leaves existing flows largely untouched.\n\n## Release note\n\nAdds capability for rolling back a recent upgrade of a Fleet-managed\nElastic Agent upgrade using Fleet UI or API.\n\n---------\n\nCo-authored-by: kibanamachine <[email protected]>\nCo-authored-by: Elastic Machine <[email protected]>","sha":"f4ab5345a8723400fcc5d6c5dba885b2b6de4513","branchLabelMapping":{"^v9.4.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["backport:skip","Team:Fleet","release_note:feature","v9.3.0"],"title":"[Fleet] Implement agent upgrade rollback","number":247398,"url":"https://github.com/elastic/kibana/pull/247398","mergeCommit":{"message":"[Fleet] Implement agent upgrade rollback (#247398)\n\n## Summary\n\nCloses https://github.com/elastic/ingest-dev/issues/6212\n\nThis PR adds Fleet support for Elastic Agent upgrade rollback (main\nissue: https://github.com/elastic/ingest-dev/issues/3971).\n\nKey points:\n* Feature is behind `enableAgentRollback` feature flag\n* Feature is only available for Enterprise license\n* New single agent upgrade rollback API endpoint: `POST\n/api/fleet/agents/{agentId}/rollback`\n* New bulk agent upgrade rollback API endpoint: `POST\n/api/fleet/agents/bulk_rollback`\n* Upgrade rollback generates an `UPGRADE` type agent action with\n`rollback: true` and the rollback version set by the agent\n* For multiple agents, one action per rollback version is generated\n* Single agent and bulk upgrade rollback available from Fleet UI\n\n### Screenshots\n\nSingle agent confirmation modal:\n<img width=\"1919\" height=\"773\" alt=\"Screenshot 2025-12-23 at 16 06 09\"\nsrc=\"https://github.com/user-attachments/assets/6b3948b6-b530-4c18-b2b8-8763234ae75d\"\n/>\n\nMultiple agents confirmation modal:\n<img width=\"1919\" height=\"773\" alt=\"Screenshot 2025-12-23 at 16 02 29\"\nsrc=\"https://github.com/user-attachments/assets/1b7e36b2-7c67-4b17-aae5-75a86fb7e015\"\n/>\n\nAction result example:\n<img width=\"1919\" height=\"881\" alt=\"Screenshot 2025-12-23 at 16 01 24\"\nsrc=\"https://github.com/user-attachments/assets/f84eb8bb-fc55-4fb7-ac22-48042da87718\"\n/>\n\nIf action was correctly created and rollback failed, it shows in the\nagent's upgrade details:\n<img width=\"1919\" height=\"881\" alt=\"Screenshot 2025-12-23 at 15 40 41\"\nsrc=\"https://github.com/user-attachments/assets/3aa51fcb-12ac-4c59-920f-6d685605fe09\"\n/>\n\n### Testing\n\nProperly testing agent rollback is not straightforward right now as the\nfeature is new and requires a \"rollbackable\" upgrade. See\nhttps://github.com/elastic/elastic-agent/pull/11143 for steps.\n\nAlternatively, the agent document can be directly edited with fake\nupgrade rollback information in order to test that Fleet behaves\ncorrectly (the action will fail in this case).\n\nScenarios to check:\n* Single agent\n* If no upgrade rollback, UI element should be disabled and API request\nshould fail fast\n * Same if agent has expired rollback\n* If agent has a valid rollback, an `UPGRADE` type action should be\ncreated with `rollback: true` and the correct rollback version\n* Multiple agents\n * Should work with list of agent ids (manual selection in the UI)\n * Should work with agent kuery (select all in the UI)\n* If agents have different rollback versions, there should be one action\nper version\n* Agents not found and agents with no (valid) rollback should generate\ncorresponding action errors\n\n### Checklist\n\n- [ ] Any text added follows [EUI's writing\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\nsentence case text and includes [i18n\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\n- [ ]\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\nwas added for features that require explanation or tutorials\n- [x] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n- [ ] [Flaky Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\nused on any tests changed\n- [ ] The PR description includes the appropriate Release Notes section,\nand the correct `release_note:*` label is applied per the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n- [x] Review the [backport\nguidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing)\nand apply applicable `backport:*` labels.\n\n### Identify risks\n\nThis is a new experimental feature behind the `enableAgentRollback`\nfeature flag and leaves existing flows largely untouched.\n\n## Release note\n\nAdds capability for rolling back a recent upgrade of a Fleet-managed\nElastic Agent upgrade using Fleet UI or API.\n\n---------\n\nCo-authored-by: kibanamachine <[email protected]>\nCo-authored-by: Elastic Machine <[email protected]>","sha":"f4ab5345a8723400fcc5d6c5dba885b2b6de4513"}},"sourceBranch":"main","suggestedTargetBranches":["9.3"],"targetPullRequestStates":[{"branch":"9.3","label":"v9.3.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> --------- Co-authored-by: kibanamachine <[email protected]> Co-authored-by: Elastic Machine <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What does this PR do?
Introduces manual rollback for managed agents (requires elastic/fleet-server#5975 on fleet-server side)
Why is it important?
To implement manual rollback feature for Fleet-managed agents as it has been implemented for standalone agents in #9643
Checklist
./changelog/fragmentsusing the changelog toolDisruptive User Impact
How to test this PR locally
Prerequisites
In order to test this PR we need to use a fleet-server that contains the changes of PR elastic/fleet-server#5975.
In case the fleet server PR isn't merged yet we can build a docker image (to create a stack on ECH CFT region or using
elastic-package) and a zip/tar.gz including a local fleet-server artifact from a local build as follows (MANIFEST_URL, PLATFORMS, AGENT_DROP_PATH location can be changed/updated as needed)Alternatively, if fleet-server is already available in the manifest pointed at by
.package-versionwe only need to create 2 elastic-agents archives with a simpler commandbeats/elastic-agentdirectory tree underbuild/distributions(could be a different root folder if so preferred)beats/elastic-agentcp elastic-agent-9.3.0+build20251125-SNAPSHOT-linux-x86_64.tar.gz* beats/elastic-agent0001-DO-NOT-MERGE-Test-commit-to-skip-verifying-upgrade-p.patch
or setup an alternative PGP key to sign and verify the packages produces from this PR
Testing
integration_server.config.docker_imagevalue)Agent binary download9.3.0-SNAPSHOT.fleet-agentfrom the Dev Console...in the example below for brevity), notice the keyupgrade.rollbacks{ "_index": ".fleet-agents-7", "_id": "8432a3dc-0b75-43f2-9fac-87f8701b82a2", "_score": 0.6931471, "_source": { "access_api_key_id": "OLrfxZoBUWrzn3OjJDDo", "action_seq_no": [ -1 ], "active": true, "agent": { "id": "8432a3dc-0b75-43f2-9fac-87f8701b82a2", "version": "9.3.0" }, "enrolled_at": "2025-11-27T15:12:06Z", "local_metadata": { ... }, "namespaces": [ "default" ], "policy_id": "6eeca4e4-79eb-477f-8f60-73b4c04b6be2", "type": "PERMANENT", "outputs": { ... }, "policy_revision_idx": 2, "updated_at": "2025-11-27T15:12:53Z", "upgrade": { rollbacks: [] }, "components": [ ... ], "last_checkin_message": "Running", "last_checkin_status": "online", "last_checkin": "2025-11-27T15:12:44Z", "unhealthy_reason": null, "last_known_status": "online" } }9.3.0+build20251125-SNAPSHOT(or whatever version has been used for repackaging the agent) via the Fleet UIand wait till the agent restarts with the new version and is in state
Upgrade monitoring.fleet-agents{ "_index": ".fleet-agents-7", "_id": "8432a3dc-0b75-43f2-9fac-87f8701b82a2", "_score": 0.6931471, "_ignored": [ "local_metadata.elastic.agent.version.keyword", "upgrade_details.target_version.keyword" ], "_source": { "access_api_key_id": "OLrfxZoBUWrzn3OjJDDo", "action_seq_no": [ 1 ], "active": true, "agent": { "id": "8432a3dc-0b75-43f2-9fac-87f8701b82a2", "version": "9.3.0+build20251125" }, "enrolled_at": "2025-11-27T15:12:06Z", "local_metadata": { ... }, "namespaces": [ "default" ], "policy_id": "6eeca4e4-79eb-477f-8f60-73b4c04b6be2", "type": "PERMANENT", "outputs": { ... }, "policy_revision_idx": 4, "updated_at": "2025-11-27T15:35:03Z", ], "components": [], "last_checkin_message": "Running", "last_checkin_status": "online", "last_checkin": "2025-11-27T15:35:02Z", "unhealthy_reason": [ "output" ], "last_known_status": "online", "upgrade_started_at": null, "upgraded_at": "2025-11-27T15:34:00Z", "upgrade_details": { "metadata": { "download_percent": 1 }, "action_id": "e26c5b33-5ab3-44a1-9f4a-163832603b0f", "state": "UPG_WATCHING", "target_version": "9.3.0+build20251125" }, "upgrade": { "rollbacks": [ { "valid_until": "2025-11-27T15:48:59Z", "version": "9.3.0-SNAPSHOT" } ] }, "upgrade_status": null } }upgrade.rollbacksshows9.3.0-SNAPSHOTas a possible rollback target.valid_untilattribute), let's manually rollback the agent.fleet-agents{ "_index": ".fleet-agents-7", "_id": "8432a3dc-0b75-43f2-9fac-87f8701b82a2", "_score": 0.53899646, "_source": { "access_api_key_id": "OLrfxZoBUWrzn3OjJDDo", "action_seq_no": [ 3 ], "active": true, "agent": { "id": "8432a3dc-0b75-43f2-9fac-87f8701b82a2", "version": "9.3.0" }, "enrolled_at": "2025-11-27T15:12:06Z", "local_metadata": { ... }, "namespaces": [ "default" ], "policy_id": "6eeca4e4-79eb-477f-8f60-73b4c04b6be2", "type": "PERMANENT", "outputs": { ... }, "policy_revision_idx": 4, "updated_at": "2025-11-27T15:45:23Z", "components": [], "last_checkin_message": "Running", "last_checkin_status": "online", "last_checkin": "2025-11-27T15:45:14Z", "unhealthy_reason": [ "output" ], "last_known_status": "online", "upgrade": { "rollbacks": [ ] } "upgrade_started_at": null, "upgraded_at": "2025-11-27T15:45:12Z", "upgrade_details": { "metadata": { "reason": "manual rollback requested to version 9.3.0-SNAPSHOT", }, "action_id": "f46e5d9e-3418-48dc-a18b-f7a8bfae8cd9", "state": "UPG_ROLLBACK", "target_version": "9.3.0-SNAPSHOT" }, "upgrade_status": null } }upgrade.rollbacksis again empty andupgrade_detailsreports the stateUPG_ROLLBACKwith a specificreasonUpgrade failedmessage (with correct message `` on theitooltip which is incredibly difficult to screenshot)The same info can be found in the `.fleet-agents` document in the `upgrade_details` section
Related issues
Questions to ask yourself