Set monitoring credentials if xpack flag set or basic security defaul…

…t enabled (#342)

This commit fixes a bug in logstash monitoring configuring to set monitoring
credentials when basic security will be enabled by default. For versions
6.8.0+ (and less than 7.0.0) and 7.1.0+, basic security will be enabled so
credentials should be configured in logstash.yml.

Fixes #341

(cherry picked from commit 86f007d)

build/tasks/arm-validator.js

@@ -157,7 +157,7 @@ var login = (cb) => {
   var version = [ '--version' ];
   az(version, (error, stdout, stderr) => {
     // ignore stderr if it's simply a warning about an older version of Azure CLI
-    if (error || (stderr && !/^WARNING: You have \d+ updates available/.test(stderr))) {
+    if (error || (stderr && !/^WARNING: You have \d+ updates available/.test(stderr) && !/Unable to check if your CLI is up-to-date. Check your internet connection./.test(stderr))) {
       return bailOut(error || new Error(stderr));
     }
 

src/scripts/logstash-install.sh

@@ -271,24 +271,17 @@ configure_logstash_yaml()
     echo "path.logs: $LOG_PATH" >> $LOGSTASH_CONF
     echo "log.level: error" >> $LOGSTASH_CONF
 
-    # install x-pack
-    if [[ $INSTALL_XPACK -ne 0 ]]; then
-      if dpkg --compare-versions "$LOGSTASH_VERSION" "lt" "7.0.0"; then
-        echo 'xpack.monitoring.elasticsearch.url: "${ELASTICSEARCH_URL}"' >> $LOGSTASH_CONF
-      else
-        echo 'xpack.monitoring.elasticsearch.hosts: ["${ELASTICSEARCH_URL}"]' >> $LOGSTASH_CONF
-      fi
+    # configure monitoring
+    if dpkg --compare-versions "$LOGSTASH_VERSION" "lt" "7.0.0"; then
+      echo 'xpack.monitoring.elasticsearch.url: "${ELASTICSEARCH_URL}"' >> $LOGSTASH_CONF
+    else
+      echo 'xpack.monitoring.elasticsearch.hosts: ["${ELASTICSEARCH_URL}"]' >> $LOGSTASH_CONF
+    fi
 
-      # assumes Security is enabled, so configure monitoring credentials
+    # configure monitoring credentials
+    if [[ $INSTALL_XPACK -ne 0 || $BASIC_SECURITY -ne 0 ]]; then
       echo "xpack.monitoring.elasticsearch.username: logstash_system" >> $LOGSTASH_CONF
       echo 'xpack.monitoring.elasticsearch.password: "${LOGSTASH_SYSTEM_PASSWORD}"' >> $LOGSTASH_CONF
-    else
-      # configure monitoring for basic
-      if dpkg --compare-versions "$LOGSTASH_VERSION" "lt" "7.0.0"; then
-        echo 'xpack.monitoring.elasticsearch.url: "${ELASTICSEARCH_URL}"' >> $LOGSTASH_CONF
-      else
-        echo 'xpack.monitoring.elasticsearch.hosts: ["${ELASTICSEARCH_URL}"]' >> $LOGSTASH_CONF
-      fi
     fi
 
     local MONITORING='true'
@@ -320,9 +313,9 @@ configure_logstash_yaml()
             log "[configure_logstash_yaml] CA cert extracted from HTTP PKCS#12 archive. Make ELASTICSEARCH_CACERT available to conf files"
             add_keystore "ELASTICSEARCH_CACERT" "$SSL_PATH/elasticsearch-http-ca.crt"
 
-            # logstash performs hostname verification for monitoring
+            # logstash performs hostname verification for monitoring when verification_mode:certificate is used,
             # which will not work for a HTTP cert provided by the user, where logstash communicates through internal loadbalancer.
-            # 6.4.0 exposes verification_mode, so set this to none and document.
+            # 6.4.0 exposes verification_mode, so set to none to allow monitoring, and document.
             if dpkg --compare-versions "$LOGSTASH_VERSION" "ge" "6.4.0"; then
               if dpkg --compare-versions "$LOGSTASH_VERSION" "lt" "7.0.0"; then
                 echo 'xpack.monitoring.elasticsearch.ssl.ca: "${ELASTICSEARCH_CACERT}"' >> $LOGSTASH_CONF