-
Notifications
You must be signed in to change notification settings - Fork 6.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enable Stack Features (X-Pack) and trial by default #387
Conversation
d7055c9
to
0f6d61e
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I did a quick test by rebuilding the stack entirely through:
docker-compose down -v
docker-compose build
docker-compose up
But it seems that there are a lot of authentication issues between the services now:
kibana_1 | {"type":"log","@timestamp":"2019-04-26T21:05:19Z","tags":["warning","task_manager"],"pid":1,"message":"PollError [security_exception] failed to authenticate user [kibana], with { header={ WWW-Authenticate=\"Basic realm=\\\"security\\\" charset=\\\"UTF-8\\\"\" } }"}
elasticsearch_1 | [2019-04-26T21:05:19,775][INFO ][o.e.x.s.a.AuthenticationService] [yecAKML] Authentication of [kibana] was terminated by realm [reserved] - failed to authenticate user [kibana]
elasticsearch_1 | [2019-04-26T21:05:20,684][INFO ][o.e.x.s.a.AuthenticationService] [yecAKML] Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]
logstash_1 | [2019-04-26T21:05:20,686][WARN ][logstash.outputs.elasticsearch] Attempted to resurrect connection to dead ES instance, but got an error. {:url=>"http:https://elastic:xxxxxx@elasticsearch:9200/", :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::BadResponseCodeError, :error=>"Got response code '401' contacting Elasticsearch at URL 'http:https://elasticsearch:9200/'"}
I think it's related to the fact that you changed the default elastic
username and removed ELASTIC_PASSWORD
from the compose file. I can try to investigate a bit later.
Yes it's by design (see new README section in "Initial setup"). We kind of abused this bootstrap password on the X-Pack branch, whereas the documentation recommends using the built-in users with less privileges instead. Just trying to apply best practices and making user aware of security. I can change it back and use the super admin everywhere. |
@antoineco oh I see, you got a point with security awareness. Argh, another battle security VS user experience :-) My opinion is to use the super-admin everywhere in order to make the experience using this stack pretty much a "clone and up". We're not really providing a production ready stack, the main goal is still to be able to quickly give a try to the Elastic stack hassle free. tbh, this is kinda what I was expected when I tested this branch, just clone and up. WDYT about default super-admin and a note about security in the README? |
Sounds good! I'll do that. |
0f6d61e
to
1171218
Compare
@deviantony Done here and here. |
a011577
to
388b433
Compare
b3571c3
to
9be3ecd
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Overall LGTM.
Quickly tested, seems to be working fine.
README.md
Outdated
> :information_source: Other branches in this project are available: | ||
> | ||
> * [`searchguard`](https://github.com/deviantony/docker-elk/tree/searchguard): Search Guard support | ||
> * [`vagrant`](https://github.com/deviantony/docker-elk/tree/vagrant): run Docker inside Vagrant |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We can remove the vagrant
branch ref, I don't think it is worth maintaining anymore.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
README.md
Outdated
It will give you the ability to analyze any data set by using the searching/aggregation capabilities of Elasticsearch | ||
and the visualization power of Kibana. | ||
> :information_source: The Docker images backing this stack include [Stack Features][stack-features] (formerly X-Pack) | ||
with [paid features][paid-features] enabled by default. The [trial license][trial-license] is valid for 30 days. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Worth adding a quick note here saying that this can be easily disabled so that we don't frighten people that don't want to use paid features.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
|
||
If you're using Docker for Windows, ensure the "Shared Drives" feature is enabled for the `C:` drive (Docker for Windows > Settings > Shared Drives). See [Configuring Docker for Windows Shared Drives](https://blogs.msdn.microsoft.com/stevelasker/2016/06/14/configuring-docker-for-windows-volumes/) (MSDN Blog). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this outdated?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I just rephrased it and changed the link to point to the official documentation, which didn't exist back then.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh sorry, missed the link, LGTM
05d815f
to
224db06
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Good work ! 馃憤 Not sure why the travis build fails though. I'll let you merge this one. |
Looks like Travis is sometimes slower and Logstash is not ready when it should be. I'll bump the delays a little bit if it fails this round again. Thanks for the review! 馃檶 |
Co-authored-by: Willian Soares <[email protected]>
268b93a
to
7561f30
Compare
Co-authored-by: Willian Soares <[email protected]>
Sorry, I was on vacation 馃檲 edit: LGTM but did not try it by myself. |
Co-authored-by: Willian Soares <[email protected]>
We're now "secure by default" with X-Pack and paid features enabled by default 馃攼 (30-day trial)
If this gets merged, the
x-pack
branch will become the newmaster
in a second step.Closes #163
Closes #378