diff --git a/README.md b/README.md
index 1535f334..fd50695f 100644
--- a/README.md
+++ b/README.md
@@ -56,7 +56,7 @@ Deploying through the Marketplace is great and easy way to get your feet wet for
-You can view the UI in developer mode by [clicking here](https://portal.azure.com/#blade/Microsoft_Azure_Compute/CreateMultiVmWizardBlade/internal_bladeCallId/anything/internal_bladeCallerParams/{"initialData":{},"providerConfig":{"createUiDefinition":"https%3A%2F%2Fraw.githubusercontent.com%2Felastic%2Fazure-marketplace%2Fmaster%2Fsrc%2FcreateUiDefinition.json"}}). If you feel something is cached improperly use [this client unoptimized link instead](https://portal.azure.com/?clientOptimizations=false#blade/Microsoft_Azure_Compute/CreateMultiVmWizardBlade/internal_bladeCallId/anything/internal_bladeCallerParams/{"initialData":{},"providerConfig":{"createUiDefinition":"https%3A%2F%2Fraw.githubusercontent.com%2Felastic%2Fazure-marketplace%2Fmaster%2Fsrc%2FcreateUiDefinition.json"}})
+You can view the UI in developer mode by [clicking here](https://portal.azure.com/#blade/Microsoft_Azure_Compute/CreateMultiVmWizardBlade/internal_bladeCallId/anything/internal_bladeCallerParams/{"initialData":{},"providerConfig":{"createUiDefinition":"https%3A%2F%2Fraw.githubusercontent.com%2Felastic%2Fazure-marketplace%2F7.0%2Fsrc%2FcreateUiDefinition.json"}}). If you feel something is cached improperly use [this client unoptimized link instead](https://portal.azure.com/?clientOptimizations=false#blade/Microsoft_Azure_Compute/CreateMultiVmWizardBlade/internal_bladeCallId/anything/internal_bladeCallerParams/{"initialData":{},"providerConfig":{"createUiDefinition":"https%3A%2F%2Fraw.githubusercontent.com%2Felastic%2Fazure-marketplace%2F7.0%2Fsrc%2FcreateUiDefinition.json"}})
## Reporting bugs
@@ -357,12 +357,6 @@ value defined in the template.
should be a minimum of 12 characters, and must be greater than 6 characters.
"" |
- | securityReadPassword | securestring |
- Security password for the es_read user with user (read-only) role.
-
- should be a minimum of 12 characters, and must be greater than 6 characters.
- | "" |
-
| securityKibanaPassword | securestring |
Security password Kibana.
@@ -383,6 +377,18 @@ value defined in the template.
should be a minimum of 12 characters, and must be greater than 6 characters.
| "" |
+ | securityApmPassword | securestring |
+ This is the built-in apm_system user. Valid for Elasticsearch 6.5.0+
+
+ should be a minimum of 12 characters, and must be greater than 6 characters.
+ | "" |
+
+ | securityRemoteMonitoringPassword | securestring |
+ This is the built-in remote_monitoring_user user. Valid for Elasticsearch 6.5.0+
+
+ should be a minimum of 12 characters, and must be greater than 6 characters.
+ | "" |
+
| Kibana related settings |
| kibana | string |
@@ -563,7 +569,7 @@ value defined in the template.
### Web based deploy
-
+
@@ -597,7 +603,7 @@ supported by the last release. It's recommended to update to [Azure CLI 2.0](htt
```sh
az group deployment create \
--resource-group \
- --template-uri https://raw.githubusercontent.com/elastic/azure-marketplace/master/src/mainTemplate.json \
+ --template-uri https://raw.githubusercontent.com/elastic/azure-marketplace/7.0/src/mainTemplate.json \
--parameters @parameters/password.parameters.json
```
@@ -622,7 +628,7 @@ where `` refers to the resource group you just created.
```powershell
$clusterParameters = @{
- "artifactsBaseUrl"="https://raw.githubusercontent.com/elastic/azure-marketplace/master/src"
+ "artifactsBaseUrl"="https://raw.githubusercontent.com/elastic/azure-marketplace/7.0/src"
"esVersion" = "6.7.0"
"esClusterName" = "elasticsearch"
"loadBalancerType" = "internal"
@@ -630,11 +636,12 @@ where `` refers to the resource group you just created.
"adminUsername" = "russ"
"adminPassword" = "Password1234"
"securityBootstrapPassword" = "Password1234"
- "securityAdminPassword" = "Password1234"
- "securityReadPassword" = "Password1234"
+ "securityAdminPassword" = "Password1234"
"securityKibanaPassword" = "Password1234"
"securityLogstashPassword" = "Password1234"
"securityBeatsPassword" = "Password1234"
+ "securityApmPassword" = "Password1234"
+ "securityRemoteMonitoringPassword" = "Password1234"
}
```
@@ -647,7 +654,7 @@ where `` refers to the resource group you just created.
5. Use our template directly from GitHub
```powershell
- New-AzureRmResourceGroupDeployment -Name "" -ResourceGroupName "" -TemplateUri "https://raw.githubusercontent.com/elastic/azure-marketplace/master/src/mainTemplate.json" -TemplateParameterObject $clusterParameters
+ New-AzureRmResourceGroupDeployment -Name "" -ResourceGroupName "" -TemplateUri "https://raw.githubusercontent.com/elastic/azure-marketplace/7.0/src/mainTemplate.json" -TemplateParameterObject $clusterParameters
```
## Targeting a specific template version
@@ -657,24 +664,25 @@ the artifactsBaseUrl parameter of the template to point to a specific tagged rel
**Targeting a specific template version is recommended for repeatable production deployments.**
-For example, to target the [`6.6.1` tag release with PowerShell](https://github.com/elastic/azure-marketplace/tree/6.6.1)
+For example, to target the [`7.0.0` tag release with PowerShell](https://github.com/elastic/azure-marketplace/tree/6.6.1)
```powershell
-$templateVersion = "6.6.1"
+$templateVersion = "7.0.0"
$templateBaseUrl = "https://raw.githubusercontent.com/elastic/azure-marketplace/$templateVersion/src"
# minimum parameters required to deploy
$clusterParameters = @{
"artifactsBaseUrl" = $templateBaseUrl
- "esVersion" = "6.6.1"
+ "esVersion" = "7.0.0"
"adminUsername" = "russ"
"adminPassword" = "Password1234"
"securityBootstrapPassword" = "Password1234"
"securityAdminPassword" = "Password1234"
- "securityReadPassword" = "Password1234"
"securityKibanaPassword" = "Password1234"
"securityLogstashPassword" = "Password1234"
"securityBeatsPassword" = "Password1234"
+ "securityApmPassword" = "Password1234"
+ "securityRemoteMonitoringPassword" = "Password1234"
}
$resourceGroup = "my-azure-cluster"
diff --git a/build/allowedValues.json b/build/allowedValues.json
index 058af191..098009c2 100644
--- a/build/allowedValues.json
+++ b/build/allowedValues.json
@@ -8,7 +8,8 @@
"6.4.3",
"6.5.4",
"6.6.2",
- "6.7.0"
+ "6.7.1",
+ "7.0.0"
],
"numberOfDataNodes" : 50,
"numberOfClientNodes" : 20,
@@ -45,8 +46,6 @@
"Standard_F8s",
"Standard_F16s",
-
-
"Standard_D4_v3",
"Standard_D8_v3",
"Standard_D16_v3",
diff --git a/build/arm-tests/1d-nvme-0m-0c-ext-p.json b/build/arm-tests/1d-nvme-0m-0c-ext-p.json
index f5f76888..6290fab0 100644
--- a/build/arm-tests/1d-nvme-0m-0c-ext-p.json
+++ b/build/arm-tests/1d-nvme-0m-0c-ext-p.json
@@ -12,7 +12,7 @@
"vmSizeDataNodes":{"value":"Standard_L8s_v2"},
"vmDataNodeCount":{"value":1},
"vmDataDiskCount":{"value":0},
- "vmDataDiskSize":{"value":"Small"},
+ "vmDataDiskSize":{"value":"32GiB"},
"storageAccountType":{"value":"Default"},
"dataNodesAreMasterEligible":{"value":"Yes"},
"vmSizeMasterNodes":{"value":"Standard_DS2"},
diff --git a/build/tasks/arm-validator.js b/build/tasks/arm-validator.js
index a991cf8a..3c5dbd47 100644
--- a/build/tasks/arm-validator.js
+++ b/build/tasks/arm-validator.js
@@ -71,10 +71,11 @@ var bootstrapTest = (t, defaultVersion) =>
testParameters.sshPublicKey.value = config.deployments.ssh;
testParameters.securityBootstrapPassword.value = config.deployments.securityPassword;
testParameters.securityAdminPassword.value = config.deployments.securityPassword;
- testParameters.securityReadPassword.value = config.deployments.securityPassword;
+ testParameters.securityRemoteMonitoringPassword.value = config.deployments.securityPassword;
testParameters.securityKibanaPassword.value = config.deployments.securityPassword;
testParameters.securityLogstashPassword.value = config.deployments.securityPassword;
testParameters.securityBeatsPassword.value = config.deployments.securityPassword;
+ testParameters.securityApmPassword.value = config.deployments.securityPassword;
testParameters.esVersion.value = defaultVersion;
// Some parameters are longer than the max allowed characters for cmd on Windows.
diff --git a/docs/azure-arm-template.asciidoc b/docs/azure-arm-template.asciidoc
index b683af01..2c481a93 100644
--- a/docs/azure-arm-template.asciidoc
+++ b/docs/azure-arm-template.asciidoc
@@ -1,8 +1,8 @@
:marketplace: https://azuremarketplace.microsoft.com/en-au/marketplace/apps/elastic.elasticsearch
:portal: https://portal.azure.com
:github: https://github.com/elastic/azure-marketplace
-:current: 6.6
-:version: 6.6.0
+:current: 7.0
+:version: 7.0.0
:register: https://register.elastic.co
:elasticguide: https://www.elastic.co/guide/en/elasticsearch
:elasticdocs: {elasticguide}/reference/{current}
@@ -151,11 +151,12 @@ az group deployment create \
vmDataDiskCount=1 dataNodesAreMasterEligible=Yes \
adminUsername=russ adminPassword=Password1234 \
securityBootstrapPassword=bootstrapPassword123 \
- securityAdminPassword=adminPassword123 \
- securityReadPassword=readPassword123 \
+ securityAdminPassword=adminPassword123 \
securityKibanaPassword=kibanaPassword123 \
securityLogstashPassword=logstashPassword123 \
- securityBeatsPassword=beatsPassword123
+ securityBeatsPassword=beatsPassword123 \
+ securityApmPassword=apmPassword123 \
+ securityRemoteMonitoringPassword=remoteMonitoringPassword123
----
[source,powershell]
@@ -175,10 +176,11 @@ $parameters = @{
"adminPassword" = "Password1234"
"securityBootstrapPassword" = "bootstrapPassword123"
"securityAdminPassword" = "adminPassword123"
- "securityReadPassword" = "readPassword123"
"securityKibanaPassword" = "kibanaPassword123"
"securityLogstashPassword" = "logstashPassword123"
"securityBeatsPassword" = "beatsPassword123"
+ "securityApmPassword" = "apmPassword123"
+ "securityRemoteMonitoringPassword" = "remoteMonitoringPassword123"
}
$deployment = New-AzureRmResourceGroupDeployment -ResourceGroupName "" `
@@ -1051,24 +1053,16 @@ Security password for the `beats_system` built-in user account. This is the acco
Beats can use to communicate with Elasticsearch. Must be greater
than six characters in length. Valid only for Elasticsearch 6.3.0+
-`securityReadPassword`::
-Security password for an `es_read` user account configured with a user (read-only) role with
-the following definition
-+
-[source,json]
---
-{
- "cluster": [ "monitor" ],
- "indices": [
- {
- "names": [ "*" ],
- "privileges": [ "read", "monitor", "view_index_metadata" ]
- }
- ]
-}
---
-+
-Must be greater than six characters in length.
+`securityApmPassword`::
+Security password for the `apm_system` built-in user account. This is the account that the
+APM server can use to communicate with Elasticsearch. Must be greater
+than six characters in length. Valid only for Elasticsearch 6.5.0+
+
+`securityRemoteMonitoringPassword`::
+Security password for the `remote_monitoring_user` built-in user account. This is the account that
+Metricbeat uses when collecting and storing monitoring information in Elasticsearch.
+It has the `remote_monitoring_agent` and `remote_monitoring_collector` built-in roles.
+Valid only for Elasticsearch 6.5.0+
It is recommended after deployment to use the `elastic` superuser account to create
the individual user accounts that will be needed for the users and applications
@@ -1273,10 +1267,11 @@ az group deployment create \
adminPassword=Password1234 \
securityBootstrapPassword=BootstrapPassword123 \
securityAdminPassword=AdminPassword123 \
- securityReadPassword=ReadPassword123 \
securityKibanaPassword=KibanaPassword123 \
securityLogstashPassword=LogstashPassword123 \
securityBeatsPassword=BeatsPassword123 \
+ securityApmPassword=ApmPassword123 \
+ securityRemoteMonitoringPassword=RemoteMonitoringPassword123 \
kibanaCertBlob=$kibana_cert \
kibanaKeyBlob=$kibana_key \
samlMetadataUri=$metadata_uri
@@ -1309,10 +1304,11 @@ $parameters = @{
"adminPassword" = "Password1234"
"securityBootstrapPassword" = "BootstrapPassword123"
"securityAdminPassword" = "AdminPassword123"
- "securityReadPassword" = "ReadPassword123"
"securityKibanaPassword" = "KibanaPassword123"
"securityLogstashPassword" = "LogstashPassword123"
"securityBeatsPassword" = "BeatsPassword123"
+ "securityApmPassword" = "ApmPassword123"
+ "securityRemoteMonitoringPassword" = "RemoteMonitoringPassword123"
"kibanaCertBlob" = $kibanaCert
"kibanaKeyBlob" = $kibanaKey
"samlMetadataUri" = $metadataUri
diff --git a/docs/trial-license-warning.asciidoc b/docs/trial-license-warning.asciidoc
index 60550ee0..42ac6a62 100644
--- a/docs/trial-license-warning.asciidoc
+++ b/docs/trial-license-warning.asciidoc
@@ -1,4 +1,4 @@
-:current: 6.6
+:current: 7.0
:register: https://register.elastic.co
:elasticdocs: https://www.elastic.co/guide/en/elasticsearch/reference/{current}
:licenseexpiration: {stackdocs}/license-expiration.html
diff --git a/docs/troubleshooting.asciidoc b/docs/troubleshooting.asciidoc
index 8183f33c..6db9789f 100644
--- a/docs/troubleshooting.asciidoc
+++ b/docs/troubleshooting.asciidoc
@@ -159,10 +159,11 @@ az group deployment create \
adminUsername=russ adminPassword=Password1234 \
securityBootstrapPassword=bootstrapPassword123 \
securityAdminPassword=adminPassword123 \
- securityReadPassword=readPassword123 \
securityKibanaPassword=kibanaPassword123 \
securityLogstashPassword=logstashPassword123 \
- securityBeatsPassword=beatsPassword123
+ securityBeatsPassword=beatsPassword123 \
+ securityApmPassword=apmPassword123 \
+ securityRemoteMonitoringPassword=remoteMonitoringPassword123
----
[source,powershell]
@@ -182,10 +183,11 @@ $parameters = @{
"adminPassword" = "Password1234"
"securityBootstrapPassword" = "bootstrapPassword123"
"securityAdminPassword" = "adminPassword123"
- "securityReadPassword" = "readPassword123"
"securityKibanaPassword" = "kibanaPassword123"
"securityLogstashPassword" = "logstashPassword123"
"securityBeatsPassword" = "beatsPassword123"
+ "securityApmPassword" = "apmPassword123"
+ "securityRemoteMonitoringPassword" = "remoteMonitoringPassword123"
}
$deployment = New-AzureRmResourceGroupDeployment -ResourceGroupName "" `
diff --git a/parameters/password.parameters.json b/parameters/password.parameters.json
index 3fa18108..afdfd3af 100644
--- a/parameters/password.parameters.json
+++ b/parameters/password.parameters.json
@@ -1,5 +1,5 @@
{
- "artifactsBaseUrl":{"value":"https://raw.githubusercontent.com/elastic/azure-marketplace/master/src"},
+ "artifactsBaseUrl":{"value":"https://raw.githubusercontent.com/elastic/azure-marketplace/7.0/src"},
"esVersion":{"value":"6.7.0"},
"esClusterName":{"value":"my-azure-cluster"},
"loadBalancerType":{"value":"internal"},
@@ -54,10 +54,11 @@
"adminPassword":{"value":""},
"securityBootstrapPassword":{"value":""},
"securityAdminPassword":{"value":""},
- "securityReadPassword":{"value":""},
"securityKibanaPassword":{"value":""},
"securityLogstashPassword":{"value":""},
"securityBeatsPassword":{"value":""},
+ "securityApmPassword":{"value":""},
+ "securityRemoteMonitoringPassword":{"value":""},
"vNetNewOrExisting": {"value":"new"},
"vNetName": {"value": "es-net"},
"vNetExistingResourceGroup": {"value": ""},
diff --git a/parameters/ssh.parameters.json b/parameters/ssh.parameters.json
index 7e4d5385..116d4afb 100644
--- a/parameters/ssh.parameters.json
+++ b/parameters/ssh.parameters.json
@@ -1,5 +1,5 @@
{
- "artifactsBaseUrl":{"value":"https://raw.githubusercontent.com/elastic/azure-marketplace/master/src"},
+ "artifactsBaseUrl":{"value":"https://raw.githubusercontent.com/elastic/azure-marketplace/7.0/src"},
"esVersion":{"value":"6.7.0"},
"esClusterName":{"value":"my-azure-cluster"},
"loadBalancerType":{"value":"internal"},
@@ -54,10 +54,11 @@
"adminPassword":{"value":""},
"securityBootstrapPassword":{"value":""},
"securityAdminPassword":{"value":""},
- "securityReadPassword":{"value":""},
"securityKibanaPassword":{"value":""},
"securityLogstashPassword":{"value":""},
"securityBeatsPassword":{"value":""},
+ "securityApmPassword":{"value":""},
+ "securityRemoteMonitoringPassword":{"value":""},
"vNetNewOrExisting": {"value":"new"},
"vNetName": {"value": "es-net"},
"vNetExistingResourceGroup": {"value": ""},
diff --git a/src/createUiDefinition.json b/src/createUiDefinition.json
index e2de3364..6f05f4ef 100644
--- a/src/createUiDefinition.json
+++ b/src/createUiDefinition.json
@@ -54,7 +54,7 @@
"name": "esVersion",
"type": "Microsoft.Common.DropDown",
"label": "Elasticsearch version",
- "defaultValue": "v6.7.0",
+ "defaultValue": "v7.0.0",
"toolTip": "Choose a version of Elasticsearch.",
"constraints": {
"allowedValues": [
@@ -91,8 +91,12 @@
"value": "6.6.2"
},
{
- "label": "v6.7.0",
- "value": "6.7.0"
+ "label": "v6.7.1",
+ "value": "6.7.1"
+ },
+ {
+ "label": "v7.0.0",
+ "value": "7.0.0"
}
]
}
@@ -1426,18 +1430,42 @@
]
},
{
- "name": "es_read",
+ "name": "es_apm",
+ "type": "Microsoft.Common.Section",
+ "label": "APM system user account",
+ "elements": [
+ {
+ "name": "securityApmPassword",
+ "type": "Microsoft.Common.PasswordBox",
+ "label": {
+ "password": "'apm_system' built-in user password",
+ "confirmPassword": "Confirm password"
+ },
+ "toolTip": "Password to use for the built-in 'apm_system' user. This is a built-in account that APM server uses to communicate with Elasticsearch. Required for Elasticsearch 6.5.0+",
+ "constraints": {
+ "required": true,
+ "regex": "^.{12,}",
+ "validationMessage": "Password must be at least 12 characters long"
+ },
+ "options": {
+ "hideConfirmation": false
+ }
+ }
+ ]
+ },
+ {
+ "name": "es_remote",
"type": "Microsoft.Common.Section",
- "label": "es_read (read only) user account",
+ "label": "Remote monitoring user system user account",
"elements": [
{
- "name": "securityReadPassword",
+ "name": "securityRemoteMonitoringPassword",
"type": "Microsoft.Common.PasswordBox",
"label": {
- "password": "'es_read' user password",
+ "password": "'remote_monitoring_user' built-in user password",
"confirmPassword": "Confirm password"
},
- "toolTip": "Password to use for the 'es_read' user. This is a user account configured with limited read-only access",
+ "toolTip": "Password to use for the built-in 'remote_monitoring_user' user. This is a built-in account that Metricbeat uses when collecting and storing monitoring information in Elasticsearch. Required for Elasticsearch 6.5.0+",
"constraints": {
"required": true,
"regex": "^.{12,}",
@@ -1516,10 +1544,11 @@
"sshPublicKey": "[basics('password').sshPublicKey]",
"securityBootstrapPassword": "",
"securityAdminPassword": "[steps('securityStep').es_admin.securityAdminPassword]",
- "securityReadPassword": "[steps('securityStep').es_read.securityReadPassword]",
"securityKibanaPassword": "[steps('securityStep').es_kibana.securityKibanaPassword]",
"securityLogstashPassword": "[steps('securityStep').es_logstash.securityLogstashPassword]",
"securityBeatsPassword": "[steps('securityStep').es_beats.securityBeatsPassword]",
+ "securityApmPassword": "[steps('securityStep').es_apm.securityApmPassword]",
+ "securityRemoteMonitoringPassword": "[steps('securityStep').es_remote.securityRemoteMonitoringPassword]",
"appGatewayTier": "Standard",
"appGatewaySku": "Small",
"appGatewayCount": 1,
diff --git a/src/mainTemplate.json b/src/mainTemplate.json
index 57f07657..3c76cd8d 100644
--- a/src/mainTemplate.json
+++ b/src/mainTemplate.json
@@ -4,7 +4,7 @@
"parameters": {
"artifactsBaseUrl": {
"type": "string",
- "defaultValue": "https://raw.githubusercontent.com/elastic/azure-marketplace/master/src",
+ "defaultValue": "https://raw.githubusercontent.com/elastic/azure-marketplace/7.0/src",
"metadata": {
"artifactsBaseUrl": "Base URL of the Elastic template gallery package"
}
@@ -21,7 +21,7 @@
},
"esVersion": {
"type": "string",
- "defaultValue": "6.7.0",
+ "defaultValue": "7.0.0",
"allowedValues": [
"5.6.15",
"6.0.1",
@@ -31,7 +31,8 @@
"6.4.3",
"6.5.4",
"6.6.2",
- "6.7.0"
+ "6.7.1",
+ "7.0.0"
],
"metadata": {
"description": "Elasticsearch version to install"
@@ -1114,12 +1115,6 @@
"description": "Password for the built-in 'elastic' user. Should be 12 characters or more, with a minimum of 6 characters"
}
},
- "securityReadPassword": {
- "type": "securestring",
- "metadata": {
- "description": "Password for the 'es_read' user with user (read-only) role. Should be 12 characters or more, with a minimum of 6 characters"
- }
- },
"securityKibanaPassword": {
"type": "securestring",
"metadata": {
@@ -1129,13 +1124,25 @@
"securityLogstashPassword": {
"type": "securestring",
"metadata": {
- "description": "Password for the 'logstash_system' user. Should be 12 characters or more, with a minimum of 6 characters"
+ "description": "Password for the built-in 'logstash_system' user. Should be 12 characters or more, with a minimum of 6 characters"
}
},
"securityBeatsPassword": {
"type": "securestring",
"metadata": {
- "description": "Password for the 'beats_system' user. Should be 12 characters or more, with a minimum of 6 characters. Required for Elasticsearch 6.3.0+ when xpackPlugins is 'Yes'"
+ "description": "Password for the built-in 'beats_system' user. Should be 12 characters or more, with a minimum of 6 characters. Required for Elasticsearch 6.3.0+ when xpackPlugins is 'Yes'"
+ }
+ },
+ "securityApmPassword": {
+ "type": "securestring",
+ "metadata": {
+ "description": "Password for the built-in 'apm_system' user. Should be 12 characters or more, with a minimum of 6 characters. Required for Elasticsearch 6.5.0+ when xpackPlugins is 'Yes'"
+ }
+ },
+ "securityRemoteMonitoringPassword": {
+ "type": "securestring",
+ "metadata": {
+ "description": "Password for the built-in 'remote_monitoring_user' user. Should be 12 characters or more, with a minimum of 6 characters. Required for Elasticsearch 6.5.0+ when xpackPlugins is 'Yes'"
}
},
"location": {
@@ -1320,10 +1327,11 @@
"transportCaCertPassword": "[parameters('esTransportCaCertPassword')]",
"transportCertPassword": "[parameters('esTransportCertPassword')]",
"securityAdminPwd": "[parameters('securityAdminPassword')]",
- "securityReadPwd": "[parameters('securityReadPassword')]",
"securityKibanaPwd": "[parameters('securityKibanaPassword')]",
"securityLogstashPwd": "[parameters('securityLogstashPassword')]",
"securityBeatsPwd": "[parameters('securityBeatsPassword')]",
+ "securityApmPwd": "[parameters('securityApmPassword')]",
+ "securityRemoteMonitoringPwd": "[parameters('securityRemoteMonitoringPassword')]",
"securityBootstrapPwd": "[if(not(empty(parameters('securityBootstrapPassword'))),parameters('securityBootstrapPassword'),uniqueString(resourceGroup().id, deployment().name, parameters('securityAdminPassword')))]",
"samlMetadataUri": "[parameters('samlMetadataUri')]",
"samlServiceProviderUri": "[parameters('samlServiceProviderUri')]"
diff --git a/src/scripts/elasticsearch-install.sh b/src/scripts/elasticsearch-install.sh
index f3111a5e..edd03b9e 100644
--- a/src/scripts/elasticsearch-install.sh
+++ b/src/scripts/elasticsearch-install.sh
@@ -19,18 +19,20 @@ help()
echo ""
echo "Options:"
echo " -n elasticsearch cluster name"
- echo " -v elasticsearch version e.g. 6.4.1"
+ echo " -v elasticsearch version e.g. 7.0.0"
echo " -p hostname prefix of nodes for unicast discovery"
echo " -m heap size in megabytes to allocate to JVM"
echo " -d cluster uses dedicated masters"
echo " -Z hint to the install script how many data nodes we are provisioning"
- echo " -A admin password"
- echo " -R read password"
+ echo " -B bootstrap password"
+ echo " -A elastic user password"
echo " -K kibana user password"
echo " -S logstash_system user password"
echo " -F beats_system user password"
+ echo " -M apm_system user password"
+ echo " -R remote_monitoring_user user password"
echo " -x configure as a dedicated master node"
echo " -y configure as client only node (no master, no data)"
@@ -50,10 +52,12 @@ help()
echo " -O URI from which to retrieve the metadata file for the Identity Provider to configure SAML Single-Sign-On"
echo " -P Public domain name for the instance of Kibana to configure SAML Single-Sign-On"
+ echo " -D Internal Load Balancer IP address"
- echo " -j install azure cloud plugin for snapshot and restore"
- echo " -a set the default storage account for azure cloud plugin"
- echo " -k set the key for the default storage account for azure cloud plugin"
+ echo " -j install repository-azure plugin for snapshot and restore"
+ echo " -a set the default storage account for repository-azure plugin"
+ echo " -k set the key for the default storage account for repository-azure plugin"
+ echo " -E set the storage account suffix for repository-azure plugin"
echo " -h view this help content"
}
@@ -113,13 +117,15 @@ CLUSTER_USES_DEDICATED_MASTERS=0
DATANODE_COUNT=0
MINIMUM_MASTER_NODES=3
-UNICAST_HOSTS='["'"$NAMESPACE_PREFIX"'master-0:9300","'"$NAMESPACE_PREFIX"'master-1:9300","'"$NAMESPACE_PREFIX"'master-2:9300"]'
+UNICAST_HOST_PORT=":9300"
+UNICAST_HOSTS='["'"$NAMESPACE_PREFIX"'master-0'"$UNICAST_HOST_PORT"'","'"$NAMESPACE_PREFIX"'master-1'"$UNICAST_HOST_PORT"'","'"$NAMESPACE_PREFIX"'master-2'"$UNICAST_HOST_PORT"'"]'
USER_ADMIN_PWD="changeme"
-USER_READ_PWD="changeme"
+USER_REMOTE_MONITORING_PWD="changeme"
USER_KIBANA_PWD="changeme"
USER_LOGSTASH_PWD="changeme"
USER_BEATS_PWD="changeme"
+USER_APM_PWD="changeme"
BOOTSTRAP_PASSWORD="changeme"
SEED_PASSWORD="changeme"
@@ -143,7 +149,7 @@ SAML_METADATA_URI=""
SAML_SP_URI=""
#Loop through options passed
-while getopts :n:m:v:A:R:K:S:F:Z:p:a:k:L:C:B:E:H:G:T:W:V:J:N:D:O:P:xyzldjh optname; do
+while getopts :n:m:v:A:R:M:K:S:F:Z:p:a:k:L:C:B:E:H:G:T:W:V:J:N:D:O:P:xyzldjh optname; do
log "Option $optname set"
case $optname in
n) #set cluster name
@@ -158,8 +164,8 @@ while getopts :n:m:v:A:R:K:S:F:Z:p:a:k:L:C:B:E:H:G:T:W:V:J:N:D:O:P:xyzldjh optna
A) #security admin pwd
USER_ADMIN_PWD="${OPTARG}"
;;
- R) #security readonly pwd
- USER_READ_PWD="${OPTARG}"
+ R) #security remote_monitoring_user pwd
+ USER_REMOTE_MONITORING_PWD="${OPTARG}"
;;
K) #security kibana user pwd
USER_KIBANA_PWD="${OPTARG}"
@@ -170,6 +176,9 @@ while getopts :n:m:v:A:R:K:S:F:Z:p:a:k:L:C:B:E:H:G:T:W:V:J:N:D:O:P:xyzldjh optna
F) #security beats_system user pwd
USER_BEATS_PWD="${OPTARG}"
;;
+ M) #security apm_system user pwd
+ USER_APM_PWD="${OPTARG}"
+ ;;
B) #bootstrap password
BOOTSTRAP_PASSWORD="${OPTARG}"
;;
@@ -258,19 +267,24 @@ done
# Parameter state changes
#########################
+# zen2 should emit the ports from hosts
+if dpkg --compare-versions "$ES_VERSION" "ge" "7.0.0"; then
+ UNICAST_HOST_PORT=""
+fi
+
if [ ${CLUSTER_USES_DEDICATED_MASTERS} -ne 0 ]; then
MINIMUM_MASTER_NODES=2
- UNICAST_HOSTS='["'"$NAMESPACE_PREFIX"'master-0:9300","'"$NAMESPACE_PREFIX"'master-1:9300","'"$NAMESPACE_PREFIX"'master-2:9300"]'
+ UNICAST_HOSTS='["'"$NAMESPACE_PREFIX"'master-0'"$UNICAST_HOST_PORT"'","'"$NAMESPACE_PREFIX"'master-1'"$UNICAST_HOST_PORT"'","'"$NAMESPACE_PREFIX"'master-2'"$UNICAST_HOST_PORT"'"]'
else
MINIMUM_MASTER_NODES=$(((DATANODE_COUNT/2)+1))
UNICAST_HOSTS='['
for i in $(seq 0 $((DATANODE_COUNT-1))); do
- UNICAST_HOSTS="$UNICAST_HOSTS\"${NAMESPACE_PREFIX}data-$i:9300\","
+ UNICAST_HOSTS="$UNICAST_HOSTS\"${NAMESPACE_PREFIX}data-$i${UNICAST_HOST_PORT}\","
done
UNICAST_HOSTS="${UNICAST_HOSTS%?}]"
fi
-if [[ "${ES_VERSION}" == \6* && ${INSTALL_XPACK} -ne 0 ]]; then
+if [[ $(dpkg --compare-versions "$ES_VERSION" "ge" "6.0.0"; echo $?) -eq 0 && ${INSTALL_XPACK} -ne 0 ]]; then
log "using bootstrap password as the seed password"
SEED_PASSWORD="$BOOTSTRAP_PASSWORD"
fi
@@ -347,16 +361,21 @@ check_data_disk()
fi
}
-# Install Oracle Java
+# Install OpenJDK
install_java()
{
- bash java-install.sh
+ bash java-install.sh -v "$ES_VERSION"
}
# Install Elasticsearch
install_es()
{
- local PACKAGE="elasticsearch-$ES_VERSION.deb"
+ local OS_SUFFIX=""
+ if dpkg --compare-versions "$ES_VERSION" "ge" "7.0.0"; then
+ OS_SUFFIX="-amd64"
+ fi
+ local PACKAGE="elasticsearch-${ES_VERSION}${OS_SUFFIX}.deb"
+
local ALGORITHM="512"
if dpkg --compare-versions "$ES_VERSION" "lt" "5.6.2"; then
ALGORITHM="1"
@@ -425,6 +444,12 @@ install_repository_azure_plugin()
install_additional_plugins()
{
SKIP_PLUGINS="license shield watcher marvel-agent graph cloud-azure x-pack repository-azure"
+
+ if dpkg --compare-versions "$ES_VERSION" "ge" "6.7.0"; then
+ # plugins are bundled in the distribution
+ SKIP_PLUGINS+=" ingest-geoip ingest-user-agent"
+ fi
+
log "[install_additional_plugins] Installing additional plugins"
for PLUGIN in $(echo $INSTALL_ADDITIONAL_PLUGINS | tr ";" "\n")
do
@@ -446,21 +471,27 @@ install_additional_plugins()
node_is_up()
{
- curl --output /dev/null --silent --head --fail $PROTOCOL://localhost:9200 -u elastic:$1 -H 'Content-Type: application/json' $CURL_SWITCH
+ curl --output /dev/null --silent --head --fail $PROTOCOL://localhost:9200 -u "elastic:$1" -H 'Content-Type: application/json' $CURL_SWITCH
return $?
}
elastic_user_exists()
{
- local USER_TYPENAME curl_error_code http_code
+ local ELASTIC_USER_NAME USER_TYPENAME curl_error_code http_code
if [[ "${ES_VERSION}" == \5* ]]; then
USER_TYPENAME="reserved-user"
- else
+ ELASTIC_USER_NAME="elastic"
+ elif [[ "${ES_VERSION}" == \6* ]]; then
USER_TYPENAME="doc"
+ ELASTIC_USER_NAME="reserved-user-elastic"
+ else
+ # 7.x +
+ USER_TYPENAME="_doc"
+ ELASTIC_USER_NAME="reserved-user-elastic"
fi
exec 17>&1
- http_code=$(curl -H 'Content-Type: application/json' --write-out '\n%{http_code}\n' $PROTOCOL://localhost:9200/.security/$USER_TYPENAME/elastic -u elastic:$1 $CURL_SWITCH | tee /dev/fd/17 | tail -n 1)
+ http_code=$(curl -H 'Content-Type: application/json' --write-out '\n%{http_code}\n' $PROTOCOL://localhost:9200/.security/$USER_TYPENAME/$ELASTIC_USER_NAME -u "elastic:$1" $CURL_SWITCH | tee /dev/fd/17 | tail -n 1)
curl_error_code=$?
exec 17>&-
if [ $http_code -eq 200 ]; then
@@ -524,8 +555,15 @@ apply_security_settings()
else
log "[apply_security_settings] start updating roles and users"
- local XPACK_USER_ENDPOINT="$PROTOCOL://localhost:9200/_xpack/security/user"
- local XPACK_ROLE_ENDPOINT="$PROTOCOL://localhost:9200/_xpack/security/role"
+ local XPACK_SECURITY_PATH
+ if dpkg --compare-versions "$ES_VERSION" "ge" "7.0.0"; then
+ XPACK_SECURITY_PATH="_security"
+ else
+ XPACK_SECURITY_PATH="_xpack/security"
+ fi
+
+ local XPACK_USER_ENDPOINT="$PROTOCOL://localhost:9200/$XPACK_SECURITY_PATH/user"
+ local XPACK_ROLE_ENDPOINT="$PROTOCOL://localhost:9200/$XPACK_SECURITY_PATH/role"
#update builtin `elastic` account.
local ADMIN_JSON=$(printf '{"password":"%s"}\n' $USER_ADMIN_PWD)
@@ -569,32 +607,26 @@ apply_security_settings()
log "[apply_security_settings] updated built-in beats_system user password"
fi
- #create a readonly role that mimics the `user` role in the old shield plugin
- curl_ignore_409 -XPOST -u "elastic:$USER_ADMIN_PWD" "$XPACK_ROLE_ENDPOINT/user" -d'
- {
- "cluster": [ "monitor" ],
- "indices": [
- {
- "names": [ "*" ],
- "privileges": [ "read", "monitor", "view_index_metadata" ]
- }
- ]
- }'
- if [[ $? != 0 ]]; then
- log "[apply_security_settings] could not create user role"
- exit 10
- fi
- log "[apply_security_settings] added user role"
-
- # add `es_read` user with the newly created `user` role
- local USER_JSON=$(printf '{"password":"%s","roles":["user"]}\n' $USER_READ_PWD)
- echo $USER_JSON | curl_ignore_409 -XPOST -u "elastic:$USER_ADMIN_PWD" "$XPACK_USER_ENDPOINT/es_read" -d @-
- if [[ $? != 0 ]]; then
- log "[apply_security_settings] could not add es_read"
- exit 10
- fi
- log "[apply_security_settings] added es_read account"
- log "[apply_security_settings] updated roles and users"
+
+ if dpkg --compare-versions "$ES_VERSION" "ge" "6.5.0"; then
+ #update builtin `apm_system` account for Elasticsearch 6.5.0+
+ local APM_JSON=$(printf '{"password":"%s"}\n' $USER_APM_PWD)
+ echo $APM_JSON | curl_ignore_409 -XPUT -u "elastic:$USER_ADMIN_PWD" "$XPACK_USER_ENDPOINT/apm_system/_password" -d @-
+ if [[ $? != 0 ]]; then
+ log "[apply_security_settings] could not update the built-in apm_system user"
+ exit 10
+ fi
+ log "[apply_security_settings] updated built-in apm_system user password"
+
+ #update builtin `remote_monitoring_user` account for Elasticsearch 6.5.0+
+ local REMOTE_MONITORING_JSON=$(printf '{"password":"%s"}\n' $USER_REMOTE_MONITORING_PWD)
+ echo $REMOTE_MONITORING_JSON | curl_ignore_409 -XPUT -u "elastic:$USER_ADMIN_PWD" "$XPACK_USER_ENDPOINT/remote_monitoring_user/_password" -d @-
+ if [[ $? != 0 ]]; then
+ log "[apply_security_settings] could not update the built-in remote_monitoring_user user"
+ exit 10
+ fi
+ log "[apply_security_settings] updated built-in remote_monitoring_user user password"
+ fi
fi
}
@@ -712,7 +744,7 @@ configure_http_tls()
log "[configure_http_tls] configuring SSL/TLS for HTTP layer"
echo "xpack.security.http.ssl.enabled: true" >> $ES_CONF
- if [[ "${ES_VERSION}" == \6* ]]; then
+ if dpkg --compare-versions "$ES_VERSION" "ge" "6.0.0"; then
if [[ -f $HTTP_CERT_PATH ]]; then
# dealing with PKCS#12 archive
echo "xpack.security.http.ssl.keystore.path: $HTTP_CERT_PATH" >> $ES_CONF
@@ -865,7 +897,7 @@ configure_transport_tls()
log "[configure_transport_tls] configuring SSL/TLS for Transport layer"
echo "xpack.security.transport.ssl.enabled: true" >> $ES_CONF
- if [[ "${ES_VERSION}" == \6* ]]; then
+ if dpkg --compare-versions "$ES_VERSION" "ge" "6.0.0"; then
if [[ -f $TRANSPORT_CERT_PATH ]]; then
echo "xpack.security.transport.ssl.keystore.path: $TRANSPORT_CERT_PATH" >> $ES_CONF
echo "xpack.security.transport.ssl.truststore.path: $TRANSPORT_CERT_PATH" >> $ES_CONF
@@ -959,8 +991,15 @@ configure_elasticsearch_yaml()
echo "path.data: $DATAPATH_CONFIG" >> $ES_CONF
# Configure discovery
- log "[configure_elasticsearch_yaml] update configuration with hosts configuration of $UNICAST_HOSTS"
- echo "discovery.zen.ping.unicast.hosts: $UNICAST_HOSTS" >> $ES_CONF
+ if dpkg --compare-versions "$ES_VERSION" "lt" "7.0.0"; then
+ log "[configure_elasticsearch_yaml] update configuration with discovery.zen.ping.unicast.hosts set to $UNICAST_HOSTS"
+ echo "discovery.zen.ping.unicast.hosts: $UNICAST_HOSTS" >> $ES_CONF
+ echo "discovery.zen.minimum_master_nodes: $MINIMUM_MASTER_NODES" >> $ES_CONF
+ else
+ log "[configure_elasticsearch_yaml] update configuration with discovery.seed_hosts and cluster.initial_master_nodes set to $UNICAST_HOSTS"
+ echo "discovery.seed_hosts: $UNICAST_HOSTS" >> $ES_CONF
+ echo "cluster.initial_master_nodes: $UNICAST_HOSTS" >> $ES_CONF
+ fi
# Configure Elasticsearch node type
log "[configure_elasticsearch_yaml] configure master/client/data node type flags only master-$MASTER_ONLY_NODE only data-$DATA_ONLY_NODE"
@@ -981,8 +1020,7 @@ configure_elasticsearch_yaml()
echo "node.master: true" >> $ES_CONF
echo "node.data: true" >> $ES_CONF
fi
-
- echo "discovery.zen.minimum_master_nodes: $MINIMUM_MASTER_NODES" >> $ES_CONF
+
echo "network.host: [_site_, _local_]" >> $ES_CONF
echo "node.max_local_storage_nodes: 1" >> $ES_CONF
@@ -996,7 +1034,7 @@ configure_elasticsearch_yaml()
# Configure Azure Cloud plugin
if [[ -n "$STORAGE_ACCOUNT" && -n "$STORAGE_KEY" && -n "$STORAGE_SUFFIX" ]]; then
- if [[ "${ES_VERSION}" == \6* ]]; then
+ if dpkg --compare-versions "$ES_VERSION" "ge" "6.0.0"; then
log "[configure_elasticsearch_yaml] configure storage for repository-azure plugin in keystore"
create_keystore_if_not_exists
echo "$STORAGE_ACCOUNT" | /usr/share/elasticsearch/bin/elasticsearch-keystore add azure.client.default.account -xf
@@ -1024,6 +1062,7 @@ configure_elasticsearch_yaml()
local SKIP_LINES="cluster.name node.name path.data discovery.zen.ping.unicast.hosts "
SKIP_LINES+="node.master node.data discovery.zen.minimum_master_nodes network.host "
+ SKIP_LINES+="discovery.seed_hosts cluster.initial_master_nodes "
SKIP_LINES+="discovery.zen.ping.multicast.enabled marvel.agent.enabled "
SKIP_LINES+="node.max_local_storage_nodes plugin.mandatory cloud.azure.storage.default.account "
SKIP_LINES+="cloud.azure.storage.default.key azure.client.default.endpoint_suffix xpack.security.authc "
@@ -1071,7 +1110,7 @@ configure_elasticsearch_yaml()
fi
# Configure SAML realm only for valid versions of Elasticsearch and if the conditions are met
- if [[ $(dpkg --compare-versions "$ES_VERSION" "ge" "6.2.0") -eq 0 && -n "$SAML_METADATA_URI" && -n "$SAML_SP_URI" && ( -n "$HTTP_CERT" || -n "$HTTP_CACERT" ) && ${INSTALL_XPACK} -ne 0 ]]; then
+ if [[ $(dpkg --compare-versions "$ES_VERSION" "ge" "6.2.0"; echo $?) -eq 0 && -n "$SAML_METADATA_URI" && -n "$SAML_SP_URI" && ( -n "$HTTP_CERT" || -n "$HTTP_CACERT" ) && ${INSTALL_XPACK} -ne 0 ]]; then
log "[configure_elasticsearch_yaml] configuring SAML realm named 'saml_aad' for $SAML_SP_URI"
[ -d /etc/elasticsearch/saml ] || mkdir -p /etc/elasticsearch/saml
wget --retry-connrefused --waitretry=1 -q "$SAML_METADATA_URI" -O /etc/elasticsearch/saml/metadata.xml
@@ -1081,8 +1120,13 @@ configure_elasticsearch_yaml()
local IDP_ENTITY_ID="$(grep -oP '\sentityID="(.*?)"\s' /etc/elasticsearch/saml/metadata.xml | sed 's/^.*"\(.*\)".*/\1/')"
{
echo -e ""
- echo -e "xpack.security.authc.realms.saml_aad:"
- echo -e " type: saml"
+ # include the realm type in the setting name in 7.x +
+ if dpkg --compare-versions "$ES_VERSION" "lt" "7.0.0"; then
+ echo -e "xpack.security.authc.realms.saml_aad:"
+ echo -e " type: saml"
+ else
+ echo -e "xpack.security.authc.realms.saml.saml_aad:"
+ fi
echo -e " order: 2"
echo -e " idp.metadata.path: /etc/elasticsearch/saml/metadata.xml"
echo -e " idp.entity_id: \"$IDP_ENTITY_ID\""
@@ -1240,8 +1284,8 @@ setup_data_disk
if [ ${INSTALL_XPACK} -ne 0 ]; then
install_xpack
- # in 6.x we need to set up the bootstrap.password in the keystore to use when setting up users
- if [[ "${ES_VERSION}" == \6* ]]; then
+ # in 6.x + we need to set up the bootstrap.password in the keystore to use when setting up users
+ if dpkg --compare-versions "$ES_VERSION" "ge" "6.0.0"; then
setup_bootstrap_password
fi
fi
diff --git a/src/scripts/java-install.sh b/src/scripts/java-install.sh
index 32dabb36..f10dca2d 100644
--- a/src/scripts/java-install.sh
+++ b/src/scripts/java-install.sh
@@ -29,9 +29,14 @@ log()
# Parameter handling
#########################
-while getopts h optname; do
+ES_VERSION=""
+
+while getopts :v:h optname; do
log "Option $optname set with value ${OPTARG}"
case ${optname} in
+ v) #elasticsearch version number
+ ES_VERSION="${OPTARG}"
+ ;;
h) #show help
help
exit 2
@@ -46,13 +51,19 @@ done
install_java()
{
- log "updating apt-get"
- (apt-get -y update || (sleep 15; apt-get -y update)) > /dev/null
- log "updated apt-get"
log "installing java"
(apt-get -yq install openjdk-8-jdk || (sleep 15; apt-get -yq install openjdk-8-jdk))
command -v java >/dev/null 2>&1 || { log "java did not get installed" >&2; exit 50; }
log "installed java"
}
-install_java
+log "updating apt-get"
+(apt-get -y update || (sleep 15; apt-get -y update)) > /dev/null
+log "updated apt-get"
+
+# Only install Java if not bundled with Elasticsearch
+if [[ -z "$ES_VERSION" || $(dpkg --compare-versions "$ES_VERSION" "lt" "7.0.0"; echo $?) -eq 0 ]]; then
+ install_java
+else
+ log "not installing java, using JDK bundled with distribution"
+fi
\ No newline at end of file
diff --git a/src/scripts/kibana-install.sh b/src/scripts/kibana-install.sh
index 0338e718..178329e2 100644
--- a/src/scripts/kibana-install.sh
+++ b/src/scripts/kibana-install.sh
@@ -204,7 +204,12 @@ configure_kibana_yaml()
log "[configure_kibana_yaml] Configuring kibana.yml"
# set the elasticsearch URL
- echo "elasticsearch.url: \"$ELASTICSEARCH_URL\"" >> $KIBANA_CONF
+ if dpkg --compare-versions "$KIBANA_VERSION" "lt" "7.0.0"; then
+ echo "elasticsearch.url: \"$ELASTICSEARCH_URL\"" >> $KIBANA_CONF
+ else
+ echo "elasticsearch.hosts: [\"$ELASTICSEARCH_URL\"]" >> $KIBANA_CONF
+ fi
+
echo "server.host:" $(hostname -I) >> $KIBANA_CONF
# specify kibana log location
echo "logging.dest: /var/log/kibana.log" >> $KIBANA_CONF
@@ -302,7 +307,7 @@ configure_kibana_yaml()
if [[ -n "$SAML_SP_URI" && ${INSTALL_XPACK} -ne 0 ]]; then
log "[configure_kibana_yaml] Configuring Kibana for SAML Single-Sign-On"
# Allow both saml and basic realms
- echo "xpack.security.authProviders: [ saml,basic ]" >> $KIBANA_CONF
+ echo "xpack.security.authProviders: [ saml, basic ]" >> $KIBANA_CONF
echo "server.xsrf.whitelist: [ /api/security/v1/saml ]" >> $KIBANA_CONF
local PROTOCOL="`echo $SAML_SP_URI | grep '://' | sed -e's,^\(.*://\).*,\1,g'`"
diff --git a/src/scripts/logstash-install.sh b/src/scripts/logstash-install.sh
index 38f4b723..fef20555 100644
--- a/src/scripts/logstash-install.sh
+++ b/src/scripts/logstash-install.sh
@@ -287,14 +287,22 @@ configure_logstash_yaml()
log "[configure_logstash_yaml] installed x-pack plugin"
fi
- echo 'xpack.monitoring.elasticsearch.url: "${ELASTICSEARCH_URL}"' >> $LOGSTASH_CONF
+ if dpkg --compare-versions "$LOGSTASH_VERSION" "lt" "7.0.0"; then
+ echo 'xpack.monitoring.elasticsearch.url: "${ELASTICSEARCH_URL}"' >> $LOGSTASH_CONF
+ else
+ echo 'xpack.monitoring.elasticsearch.hosts: ["${ELASTICSEARCH_URL}"]' >> $LOGSTASH_CONF
+ fi
# assumes Security is enabled, so configure monitoring credentials
echo "xpack.monitoring.elasticsearch.username: logstash_system" >> $LOGSTASH_CONF
echo 'xpack.monitoring.elasticsearch.password: "${LOGSTASH_SYSTEM_PASSWORD}"' >> $LOGSTASH_CONF
elif [[ $XPACK_BUNDLED -eq 0 ]]; then
# configure monitoring for basic
- echo 'xpack.monitoring.elasticsearch.url: "${ELASTICSEARCH_URL}"' >> $LOGSTASH_CONF
+ if dpkg --compare-versions "$LOGSTASH_VERSION" "lt" "7.0.0"; then
+ echo 'xpack.monitoring.elasticsearch.url: "${ELASTICSEARCH_URL}"' >> $LOGSTASH_CONF
+ else
+ echo 'xpack.monitoring.elasticsearch.hosts: ["${ELASTICSEARCH_URL}"]' >> $LOGSTASH_CONF
+ fi
fi
local MONITORING='true'
@@ -325,7 +333,11 @@ configure_logstash_yaml()
# which will not work for a HTTP cert provided by the user, where logstash communicates through internal loadbalancer.
# 6.4.0 exposes verification_mode, so set this to none and document.
if dpkg --compare-versions "$LOGSTASH_VERSION" "ge" "6.4.0"; then
- echo 'xpack.monitoring.elasticsearch.ssl.ca: "${ELASTICSEARCH_CACERT}"' >> $LOGSTASH_CONF
+ if dpkg --compare-versions "$LOGSTASH_VERSION" "lt" "7.0.0"; then
+ echo 'xpack.monitoring.elasticsearch.ssl.ca: "${ELASTICSEARCH_CACERT}"' >> $LOGSTASH_CONF
+ else
+ echo 'xpack.monitoring.elasticsearch.ssl.certificate_authority: "${ELASTICSEARCH_CACERT}"' >> $LOGSTASH_CONF
+ fi
echo 'xpack.monitoring.elasticsearch.ssl.verification_mode: none' >> $LOGSTASH_CONF
MONITORING='true'
fi
@@ -348,7 +360,11 @@ configure_logstash_yaml()
# HTTP certs created from a HTTP CA provided by the user will include the
# IP address of the internal loadbalancer, so hostname verification will pass.
- echo 'xpack.monitoring.elasticsearch.ssl.ca: "${ELASTICSEARCH_CACERT}"' >> $LOGSTASH_CONF
+ if dpkg --compare-versions "$LOGSTASH_VERSION" "lt" "7.0.0"; then
+ echo 'xpack.monitoring.elasticsearch.ssl.ca: "${ELASTICSEARCH_CACERT}"' >> $LOGSTASH_CONF
+ else
+ echo 'xpack.monitoring.elasticsearch.ssl.certificate_authority: "${ELASTICSEARCH_CACERT}"' >> $LOGSTASH_CONF
+ fi
MONITORING='true'
fi
fi
@@ -369,9 +385,10 @@ configure_logstash_yaml()
if [[ -n "$YAML_CONFIGURATION" ]]; then
log "[configure_logstash] include additional yaml configuration"
- local SKIP_LINES="node.name path.data path.logs "
+ local SKIP_LINES="node.name path.data path.logs xpack.monitoring.elasticsearch.url xpack.monitoring.elasticsearch.hosts "
SKIP_LINES+="xpack.monitoring.elasticsearch.username xpack.monitoring.elasticsearch.password "
- SKIP_LINES+="xpack.monitoring.enabled xpack.monitoring.elasticsearch.ssl.ca xpack.monitoring.elasticsearch.ssl.verification_mode "
+ SKIP_LINES+="xpack.monitoring.enabled xpack.monitoring.elasticsearch.ssl.ca xpack.monitoring.elasticsearch.ssl.certificate_authority "
+ SKIP_LINES+="xpack.monitoring.elasticsearch.ssl.verification_mode "
local SKIP_REGEX="^\s*("$(echo $SKIP_LINES | tr " " "|" | sed 's/\./\\\./g')")"
IFS=$'\n'
for LINE in $(echo -e "$YAML_CONFIGURATION"); do
diff --git a/src/settings/ubuntuSettings.json b/src/settings/ubuntuSettings.json
index 6a3a82a2..7eaeafdc 100644
--- a/src/settings/ubuntuSettings.json
+++ b/src/settings/ubuntuSettings.json
@@ -93,7 +93,7 @@
},
"installPluginsShortOpt": "[variables('installPluginsShortOpts')[parameters('esSettings').installPlugins]]",
"commonShortOpts": "[concat(variables('dedicatedMasterNodesShortOpt'), variables('installPluginsShortOpt'), variables('installAzureCloudPluginShortOpt'), 'n ')]",
- "commonInstallParams": "[concat(variables('quote'), parameters('esSettings').clusterName, variables('quote'), ' -v ', variables('quote'), parameters('esSettings').version, variables('quote'), ' -m ', parameters('esSettings').heapSize,' -A ', variables('quote'), replace(parameters('esSettings').securityAdminPwd, variables('quote'), variables('escapedQuote')), variables('quote'), ' -R ', variables('quote'), replace(parameters('esSettings').securityReadPwd, variables('quote'), variables('escapedQuote')), variables('quote'), ' -K ', variables('quote'), replace(parameters('esSettings').securityKibanaPwd, variables('quote'), variables('escapedQuote')), variables('quote'), ' -S ', variables('quote'), replace(parameters('esSettings').securityLogstashPwd, variables('quote'), variables('escapedQuote')), variables('quote'), ' -F ', variables('quote'), replace(parameters('esSettings').securityBeatsPwd, variables('quote'), variables('escapedQuote')), variables('quote'), ' -B ', variables('quote'), replace(parameters('esSettings').securityBootstrapPwd, variables('quote'), variables('escapedQuote')), variables('quote'), ' -Z ', parameters('topologySettings').vmDataNodeCount,' -p ', variables('quote'), variables('namespacePrefix'), variables('quote'), ' -a ', variables('quote'), variables('azureCloudStorageName'), variables('quote'), ' -k ', variables('quote'), variables('azureCloudStorageKey'), variables('quote'), ' -E ', variables('quote'), variables('azureCloudStorageSuffix'), variables('quote'), ' -L ', variables('quote'), parameters('esSettings').installAdditionalPlugins, variables('quote'), ' -C ', variables('quote'), replace(replace(parameters('esSettings').yamlConfiguration, variables('quote'), variables('escapedQuote')), concat(variables('backslash'), variables('doublequote')), variables('doublequote')), variables('quote'), ' -D ', variables('quote'), parameters('topologySettings').vNetLoadBalancerIp, variables('quote'), ' -H ', variables('quote'), parameters('esSettings').httpCertBlob,variables('quote'), ' -G ', variables('quote'), replace(parameters('esSettings').httpCertPassword, variables('quote'), variables('escapedQuote')), variables('quote'), ' -V ', variables('quote'), parameters('esSettings').httpCaCertBlob, variables('quote'), ' -J ', variables('quote'), replace(parameters('esSettings').httpCaCertPassword, variables('quote'), variables('escapedQuote')), variables('quote'), ' -T ', variables('quote'), parameters('esSettings').transportCaCertBlob, variables('quote'), ' -W ', variables('quote'), replace(parameters('esSettings').transportCaCertPassword, variables('quote'), variables('escapedQuote')), variables('quote'), ' -N ', variables('quote'), replace(parameters('esSettings').transportCertPassword, variables('quote'), variables('escapedQuote')), variables('quote'), ' -O ', variables('quote'), parameters('esSettings').samlMetadataUri, variables('quote'), ' -P ', variables('quote'), variables('kibanaDomainName'), variables('quote'))]",
+ "commonInstallParams": "[concat(variables('quote'), parameters('esSettings').clusterName, variables('quote'), ' -v ', variables('quote'), parameters('esSettings').version, variables('quote'), ' -m ', parameters('esSettings').heapSize, ' -A ', variables('quote'), replace(parameters('esSettings').securityAdminPwd, variables('quote'), variables('escapedQuote')), variables('quote'), ' -R ', variables('quote'), replace(parameters('esSettings').securityRemoteMonitoringPwd, variables('quote'), variables('escapedQuote')), variables('quote'), ' -K ', variables('quote'), replace(parameters('esSettings').securityKibanaPwd, variables('quote'), variables('escapedQuote')), variables('quote'), ' -S ', variables('quote'), replace(parameters('esSettings').securityLogstashPwd, variables('quote'), variables('escapedQuote')), variables('quote'), ' -F ', variables('quote'), replace(parameters('esSettings').securityBeatsPwd, variables('quote'), variables('escapedQuote')), variables('quote'), ' -M ', variables('quote'), replace(parameters('esSettings').securityApmPwd, variables('quote'), variables('escapedQuote')), variables('quote'), ' -B ', variables('quote'), replace(parameters('esSettings').securityBootstrapPwd, variables('quote'), variables('escapedQuote')), variables('quote'), ' -Z ', parameters('topologySettings').vmDataNodeCount,' -p ', variables('quote'), variables('namespacePrefix'), variables('quote'), ' -a ', variables('quote'), variables('azureCloudStorageName'), variables('quote'), ' -k ', variables('quote'), variables('azureCloudStorageKey'), variables('quote'), ' -E ', variables('quote'), variables('azureCloudStorageSuffix'), variables('quote'), ' -L ', variables('quote'), parameters('esSettings').installAdditionalPlugins, variables('quote'), ' -C ', variables('quote'), replace(replace(parameters('esSettings').yamlConfiguration, variables('quote'), variables('escapedQuote')), concat(variables('backslash'), variables('doublequote')), variables('doublequote')), variables('quote'), ' -D ', variables('quote'), parameters('topologySettings').vNetLoadBalancerIp, variables('quote'), ' -H ', variables('quote'), parameters('esSettings').httpCertBlob,variables('quote'), ' -G ', variables('quote'), replace(parameters('esSettings').httpCertPassword, variables('quote'), variables('escapedQuote')), variables('quote'), ' -V ', variables('quote'), parameters('esSettings').httpCaCertBlob, variables('quote'), ' -J ', variables('quote'), replace(parameters('esSettings').httpCaCertPassword, variables('quote'), variables('escapedQuote')), variables('quote'), ' -T ', variables('quote'), parameters('esSettings').transportCaCertBlob, variables('quote'), ' -W ', variables('quote'), replace(parameters('esSettings').transportCaCertPassword, variables('quote'), variables('escapedQuote')), variables('quote'), ' -N ', variables('quote'), replace(parameters('esSettings').transportCertPassword, variables('quote'), variables('escapedQuote')), variables('quote'), ' -O ', variables('quote'), parameters('esSettings').samlMetadataUri, variables('quote'), ' -P ', variables('quote'), variables('kibanaDomainName'), variables('quote'))]",
"ubuntuScripts": [
"[concat(parameters('templateBaseUrl'), 'scripts/elasticsearch-install.sh')]",
"[concat(parameters('templateBaseUrl'), 'scripts/kibana-install.sh')]",