Update to v7.8.0

deviantony · Jun 30, 2020 · cf12a79 · cf12a79
1 parent 155c33c
commit cf12a79
Show file tree

Hide file tree

Showing 7 changed files with 32 additions and 11 deletions.
diff --git a/.env b/.env
@@ -1 +1 @@
-ELK_VERSION=7.7.1
+ELK_VERSION=7.8.0
diff --git a/.travis.yml b/.travis.yml
@@ -19,7 +19,7 @@ before_script:
   - docker-compose build
 
   # Use built-in users with passwords set by 'elasticsearch-setup-passwords.exp'
-  - sed -i -e 's/\(elasticsearch.username:\) elastic/\1 kibana/g' -e 's/\(elasticsearch.password:\) changeme/\1 testpasswd/g' kibana/config/kibana.yml
+  - sed -i -e 's/\(elasticsearch.username:\) elastic/\1 kibana_system/g' -e 's/\(elasticsearch.password:\) changeme/\1 testpasswd/g' kibana/config/kibana.yml
   - sed -i -e 's/\(xpack.monitoring.elasticsearch.username:\) elastic/\1 logstash_system/g' -e 's/\(xpack.monitoring.elasticsearch.password:\) changeme/\1 testpasswd/g' logstash/config/logstash.yml
   - sed -i 's/\(password =>\) "changeme"/\1 "testpasswd"/g' logstash/pipeline/logstash.conf
   - sed -i -e 's/\(elasticsearch.password:\) changeme/\1 testpasswd/g' -e 's/\(secret_management.encryption_keys:\)/\1 [test-encrypt]/g' extensions/enterprise-search/config/enterprise-search.yml
@@ -40,12 +40,16 @@ script:
 
   # Extensions
     # Enterprise Search
+  - "sed -i '$ a xpack.security.authc.api_key.enabled: true' elasticsearch/config/elasticsearch.yml"
+  - docker-compose restart elasticsearch
   - docker-compose -f docker-compose.yml -f extensions/enterprise-search/enterprise-search-compose.yml up -d enterprise-search
   - sleep 30
   - .travis/run-tests-enterprise-search.sh
   - docker-compose -f docker-compose.yml -f extensions/enterprise-search/enterprise-search-compose.yml ps
   - docker-compose -f docker-compose.yml -f extensions/enterprise-search/enterprise-search-compose.yml logs enterprise-search
   - docker-compose -f docker-compose.yml -f extensions/enterprise-search/enterprise-search-compose.yml stop enterprise-search
+  - "sed -i '/xpack.security.authc.api_key.enabled: true/d' elasticsearch/config/elasticsearch.yml"
+  - docker-compose restart elasticsearch
     # APM Server
   - docker-compose -f docker-compose.yml -f extensions/apm-server/apm-server-compose.yml up -d apm-server
   - .travis/run-tests-apm-server.sh

diff --git a/.travis/elasticsearch-setup-passwords.exp b/.travis/elasticsearch-setup-passwords.exp
@@ -1,7 +1,7 @@
 #!/usr/bin/expect -f
 
 # List of expected users with dummy password
-set user "(elastic|apm_system|kibana|logstash_system|beats_system|remote_monitoring_user)"
+set user "(elastic|apm_system|kibana_system|logstash_system|beats_system|remote_monitoring_user)"
 set password "testpasswd"
 
 # Find elasticsearch container id

diff --git a/.travis/run-tests-core.sh b/.travis/run-tests-core.sh
@@ -16,7 +16,7 @@ log 'Waiting for readiness of Elasticsearch'
 poll_ready elasticsearch 'http://localhost:9200/' 'elastic:testpasswd'
 
 log 'Waiting for readiness of Kibana'
-poll_ready kibana 'http://localhost:5601/api/status' 'kibana:testpasswd'
+poll_ready kibana 'http://localhost:5601/api/status' 'kibana_system:testpasswd'
 
 log 'Waiting for readiness of Logstash'
 poll_ready logstash 'http://localhost:9600/_node/pipelines/main?pretty'

diff --git a/README.md b/README.md
@@ -1,7 +1,7 @@
 # Elastic stack (ELK) on Docker
 
 [![Join the chat at https://gitter.im/deviantony/docker-elk](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/deviantony/docker-elk?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
-[![Elastic Stack version](https://img.shields.io/badge/ELK-7.7.1-blue.svg?style=flat)](https://github.com/deviantony/docker-elk/issues/508)
+[![Elastic Stack version](https://img.shields.io/badge/ELK-7.8.0-blue.svg?style=flat)](https://github.com/deviantony/docker-elk/issues/515)
 [![Build Status](https://api.travis-ci.org/deviantony/docker-elk.svg?branch=master)](https://travis-ci.org/deviantony/docker-elk)
 
 Run the latest version of the [Elastic stack][elk-stack] with Docker and Docker Compose.
@@ -170,8 +170,9 @@ Remove the `ELASTIC_PASSWORD` environment variable from the `elasticsearch` serv
 
 3. Replace usernames and passwords in configuration files
 
-Use the `kibana` user inside the Kibana configuration file (`kibana/config/kibana.yml`) and the `logstash_system` user
-inside the Logstash configuration file (`logstash/config/logstash.yml`) in place of the existing `elastic` user.
+Use the `kibana_system` user (`kibana` for releases <7.8.0) inside the Kibana configuration file
+(`kibana/config/kibana.yml`) and the `logstash_system` user inside the Logstash configuration file
+(`logstash/config/logstash.yml`) in place of the existing `elastic` user.
 
 Replace the password for the `elastic` user inside the Logstash pipeline file (`logstash/pipeline/logstash.conf`).
 
@@ -237,7 +238,7 @@ Create an index pattern via the Kibana API:
 ```console
 $ curl -XPOST -D- 'http://localhost:5601/api/saved_objects/index-pattern' \
     -H 'Content-Type: application/json' \
-    -H 'kbn-version: 7.7.1' \
+    -H 'kbn-version: 7.8.0' \
     -u elastic:<your generated elastic password> \
     -d '{"attributes":{"title":"logstash-*","timeFieldName":"@timestamp"}}'
 ```

diff --git a/docker-stack.yml b/docker-stack.yml
@@ -3,7 +3,7 @@ version: '3.3'
 services:
 
   elasticsearch:
-    image: docker.elastic.co/elasticsearch/elasticsearch:7.7.1
+    image: docker.elastic.co/elasticsearch/elasticsearch:7.8.0
     ports:
       - "9200:9200"
       - "9300:9300"
@@ -23,7 +23,7 @@ services:
       replicas: 1
 
   logstash:
-    image: docker.elastic.co/logstash/logstash:7.7.1
+    image: docker.elastic.co/logstash/logstash:7.8.0
     ports:
       - "5000:5000"
       - "9600:9600"
@@ -41,7 +41,7 @@ services:
       replicas: 1
 
   kibana:
-    image: docker.elastic.co/kibana/kibana:7.7.1
+    image: docker.elastic.co/kibana/kibana:7.8.0
     ports:
       - "5601:5601"
     configs:

diff --git a/extensions/enterprise-search/README.md b/extensions/enterprise-search/README.md
@@ -44,6 +44,19 @@ secret_management.encryption_keys: [my_first_encryption_key, my_second_encryptio
 > key=<generated AES key>
 > ```
 
+### Enable Elasticsearch's API key service
+
+Enterprise Search requires Elasticsearch's built-in [API key service][es-security] to be enabled in order to start.
+Unless Elasticsearch is configured to enable TLS on the HTTP interface (disabled by default), this service is disabled
+by default.
+
+To enable it, modify the Elasticsearch configuration file in [`elasticsearch/config/elasticsearch.yml`][config-es] and
+add the following setting:
+
+```yaml
+xpack.security.authc.api_key.enabled: true
+```
+
 ### Start the server
 
 To include Enterprise Search in the stack, run Docker Compose from the root of the repository with an additional command
@@ -117,3 +130,6 @@ Docker container: [Running Enterprise Search Using Docker][enterprisesearch-dock
 [enterprisesearch-config]: https://www.elastic.co/guide/en/enterprise-search/current/configuration.html
 [enterprisesearch-docker]: https://www.elastic.co/guide/en/enterprise-search/current/docker.html
 [enterprisesearch-docs]: https://www.elastic.co/guide/en/enterprise-search/current/index.html
+
+[es-security]: https://www.elastic.co/guide/en/elasticsearch/reference/current/security-settings.html#api-key-service-settings
+[config-es]: ../../elasticsearch/config/elasticsearch.yml