diff --git a/.env b/.env index 7056c18d2c..19b14896c2 100644 --- a/.env +++ b/.env @@ -1 +1 @@ -ELK_VERSION=7.7.1 +ELK_VERSION=7.8.0 diff --git a/.travis.yml b/.travis.yml index 8e9628f530..68dae04f42 100644 --- a/.travis.yml +++ b/.travis.yml @@ -19,7 +19,7 @@ before_script: - docker-compose build # Use built-in users with passwords set by 'elasticsearch-setup-passwords.exp' - - sed -i -e 's/\(elasticsearch.username:\) elastic/\1 kibana/g' -e 's/\(elasticsearch.password:\) changeme/\1 testpasswd/g' kibana/config/kibana.yml + - sed -i -e 's/\(elasticsearch.username:\) elastic/\1 kibana_system/g' -e 's/\(elasticsearch.password:\) changeme/\1 testpasswd/g' kibana/config/kibana.yml - sed -i -e 's/\(xpack.monitoring.elasticsearch.username:\) elastic/\1 logstash_system/g' -e 's/\(xpack.monitoring.elasticsearch.password:\) changeme/\1 testpasswd/g' logstash/config/logstash.yml - sed -i 's/\(password =>\) "changeme"/\1 "testpasswd"/g' logstash/pipeline/logstash.conf - sed -i -e 's/\(elasticsearch.password:\) changeme/\1 testpasswd/g' -e 's/\(secret_management.encryption_keys:\)/\1 [test-encrypt]/g' extensions/enterprise-search/config/enterprise-search.yml @@ -40,12 +40,16 @@ script: # Extensions # Enterprise Search + - "sed -i '$ a xpack.security.authc.api_key.enabled: true' elasticsearch/config/elasticsearch.yml" + - docker-compose restart elasticsearch - docker-compose -f docker-compose.yml -f extensions/enterprise-search/enterprise-search-compose.yml up -d enterprise-search - sleep 30 - .travis/run-tests-enterprise-search.sh - docker-compose -f docker-compose.yml -f extensions/enterprise-search/enterprise-search-compose.yml ps - docker-compose -f docker-compose.yml -f extensions/enterprise-search/enterprise-search-compose.yml logs enterprise-search - docker-compose -f docker-compose.yml -f extensions/enterprise-search/enterprise-search-compose.yml stop enterprise-search + - "sed -i '/xpack.security.authc.api_key.enabled: true/d' elasticsearch/config/elasticsearch.yml" + - docker-compose restart elasticsearch # APM Server - docker-compose -f docker-compose.yml -f extensions/apm-server/apm-server-compose.yml up -d apm-server - .travis/run-tests-apm-server.sh diff --git a/.travis/elasticsearch-setup-passwords.exp b/.travis/elasticsearch-setup-passwords.exp index 4b72292743..48bafeda85 100755 --- a/.travis/elasticsearch-setup-passwords.exp +++ b/.travis/elasticsearch-setup-passwords.exp @@ -1,7 +1,7 @@ #!/usr/bin/expect -f # List of expected users with dummy password -set user "(elastic|apm_system|kibana|logstash_system|beats_system|remote_monitoring_user)" +set user "(elastic|apm_system|kibana_system|logstash_system|beats_system|remote_monitoring_user)" set password "testpasswd" # Find elasticsearch container id diff --git a/.travis/lib/testing.sh b/.travis/lib/testing.sh index 1900868e6c..f108bb1a1c 100755 --- a/.travis/lib/testing.sh +++ b/.travis/lib/testing.sh @@ -24,8 +24,8 @@ function poll_ready { local cid local output - # retry for max 120s (24*5s) - for _ in $(seq 1 24); do + # retry for max 180s (36*5s) + for _ in $(seq 1 36); do cid="$(docker ps -q -f label="$label")" if [ -z "${cid:-}" ]; then echo "Container exited" diff --git a/.travis/run-tests-core.sh b/.travis/run-tests-core.sh index c68cf9415f..f21c930336 100755 --- a/.travis/run-tests-core.sh +++ b/.travis/run-tests-core.sh @@ -16,7 +16,7 @@ log 'Waiting for readiness of Elasticsearch' poll_ready elasticsearch 'http://localhost:9200/' 'elastic:testpasswd' log 'Waiting for readiness of Kibana' -poll_ready kibana 'http://localhost:5601/api/status' 'kibana:testpasswd' +poll_ready kibana 'http://localhost:5601/api/status' 'kibana_system:testpasswd' log 'Waiting for readiness of Logstash' poll_ready logstash 'http://localhost:9600/_node/pipelines/main?pretty' diff --git a/README.md b/README.md index 9718430f90..0b41ad9fb1 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ # Elastic stack (ELK) on Docker [![Join the chat at https://gitter.im/deviantony/docker-elk](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/deviantony/docker-elk?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge) -[![Elastic Stack version](https://img.shields.io/badge/ELK-7.7.1-blue.svg?style=flat)](https://github.com/deviantony/docker-elk/issues/508) +[![Elastic Stack version](https://img.shields.io/badge/ELK-7.8.0-blue.svg?style=flat)](https://github.com/deviantony/docker-elk/issues/515) [![Build Status](https://api.travis-ci.org/deviantony/docker-elk.svg?branch=master)](https://travis-ci.org/deviantony/docker-elk) Run the latest version of the [Elastic stack][elk-stack] with Docker and Docker Compose. @@ -170,8 +170,9 @@ Remove the `ELASTIC_PASSWORD` environment variable from the `elasticsearch` serv 3. Replace usernames and passwords in configuration files -Use the `kibana` user inside the Kibana configuration file (`kibana/config/kibana.yml`) and the `logstash_system` user -inside the Logstash configuration file (`logstash/config/logstash.yml`) in place of the existing `elastic` user. +Use the `kibana_system` user (`kibana` for releases <7.8.0) inside the Kibana configuration file +(`kibana/config/kibana.yml`) and the `logstash_system` user inside the Logstash configuration file +(`logstash/config/logstash.yml`) in place of the existing `elastic` user. Replace the password for the `elastic` user inside the Logstash pipeline file (`logstash/pipeline/logstash.conf`). @@ -237,7 +238,7 @@ Create an index pattern via the Kibana API: ```console $ curl -XPOST -D- 'http://localhost:5601/api/saved_objects/index-pattern' \ -H 'Content-Type: application/json' \ - -H 'kbn-version: 7.7.1' \ + -H 'kbn-version: 7.8.0' \ -u elastic: \ -d '{"attributes":{"title":"logstash-*","timeFieldName":"@timestamp"}}' ``` diff --git a/docker-stack.yml b/docker-stack.yml index e5a85e4205..dc8b807a42 100644 --- a/docker-stack.yml +++ b/docker-stack.yml @@ -3,7 +3,7 @@ version: '3.3' services: elasticsearch: - image: docker.elastic.co/elasticsearch/elasticsearch:7.7.1 + image: docker.elastic.co/elasticsearch/elasticsearch:7.8.0 ports: - "9200:9200" - "9300:9300" @@ -23,7 +23,7 @@ services: replicas: 1 logstash: - image: docker.elastic.co/logstash/logstash:7.7.1 + image: docker.elastic.co/logstash/logstash:7.8.0 ports: - "5000:5000" - "9600:9600" @@ -41,7 +41,7 @@ services: replicas: 1 kibana: - image: docker.elastic.co/kibana/kibana:7.7.1 + image: docker.elastic.co/kibana/kibana:7.8.0 ports: - "5601:5601" configs: diff --git a/extensions/enterprise-search/README.md b/extensions/enterprise-search/README.md index 7624486963..d6fc87b786 100644 --- a/extensions/enterprise-search/README.md +++ b/extensions/enterprise-search/README.md @@ -44,6 +44,19 @@ secret_management.encryption_keys: [my_first_encryption_key, my_second_encryptio > key= > ``` +### Enable Elasticsearch's API key service + +Enterprise Search requires Elasticsearch's built-in [API key service][es-security] to be enabled in order to start. +Unless Elasticsearch is configured to enable TLS on the HTTP interface (disabled by default), this service is disabled +by default. + +To enable it, modify the Elasticsearch configuration file in [`elasticsearch/config/elasticsearch.yml`][config-es] and +add the following setting: + +```yaml +xpack.security.authc.api_key.enabled: true +``` + ### Start the server To include Enterprise Search in the stack, run Docker Compose from the root of the repository with an additional command @@ -117,3 +130,6 @@ Docker container: [Running Enterprise Search Using Docker][enterprisesearch-dock [enterprisesearch-config]: https://www.elastic.co/guide/en/enterprise-search/current/configuration.html [enterprisesearch-docker]: https://www.elastic.co/guide/en/enterprise-search/current/docker.html [enterprisesearch-docs]: https://www.elastic.co/guide/en/enterprise-search/current/index.html + +[es-security]: https://www.elastic.co/guide/en/elasticsearch/reference/current/security-settings.html#api-key-service-settings +[config-es]: ../../elasticsearch/config/elasticsearch.yml