Commit Graph

6783 Commits

Author SHA1 Message Date
Lee Hinman 24d91298db Create skeleton for plugin split (elastic/x-pack-elasticsearch#3233)
This creates a basic skeleton for the plugin split by adding folders and example
`build.gradle` files. It also includes a non-implemented `migrate-plugins.sh`
script that we can fill in at a later time.

Relates to elastic/x-pack-elasticsearch#2925

Original commit: elastic/x-pack-elasticsearch@2ab035d6b6
2017-12-08 09:41:32 -07:00
Dimitris Athanasiou a9535c0b5a [ML][DOCS] Correct get-overall-buckets API example (elastic/x-pack-elasticsearch#3269)
Also fixes the score filters explanation for the results APIs.

Original commit: elastic/x-pack-elasticsearch@18cb31ab56
2017-12-08 16:03:51 +00:00
Ioannis Kakavas aff5cc840f Make generated passwords shell safe (elastic/x-pack-elasticsearch#3253)
Generate passwords from  [A-Za-z0-9] so that they are safe to be
used in shell scripts.
Entropy deterioration is not significant (124.9 -> 119), generated
passwords still meet guidelines and best practices regarding length
and complexity.

Resolves elastic/x-pack-elasticsearch#3087

Original commit: elastic/x-pack-elasticsearch@078639e7c2
2017-12-08 18:03:13 +02:00
Dimitrios Athanasiou 4082d6fa48 [Watcher] Remove line that accidentally sneaked in
Original commit: elastic/x-pack-elasticsearch@e63b1942ca
2017-12-08 13:47:53 +00:00
Dimitris Athanasiou 434dc94eb2 [ML] Avoid all overhead when renormalization window is zero (elastic/x-pack-elasticsearch#3255)
relates elastic/x-pack-elasticsearch#3244

Original commit: elastic/x-pack-elasticsearch@fe41c23ad7
2017-12-08 12:22:52 +00:00
Alexander Reelsen 3f17c28f9b Docs: Remove note about running watches with elevated privileges
The documentation still mentioned that watches are running with elevated
privileges, which is not true anymore since elastic/x-pack-elasticsearch#2808.

Original commit: elastic/x-pack-elasticsearch@6b510d999a
2017-12-08 11:01:28 +01:00
Yannick Welsch 9ddbef0641 Fix long path issue of bwc checkouts on Windows (elastic/x-pack-elasticsearch#3259)
Hopefully fixes the Windows CI failures that break on cloning the repository into a target directory with a lengthy path name.

Original commit: elastic/x-pack-elasticsearch@fe18e95d3f
2017-12-07 19:04:40 +01:00
Jason Tedor 0c6ec82317 Grant Netty necessary permissions
When using the security networking implementations, the Netty jars that
are in play are those that are loaded in the X-Pack classloader. This
means that permissions granted to the Netty jars loaded in the
transport-netty4 module classloader do nothing. Instead, we have to
grant the same permissions to the Netty jars in the X-Pack
classloader. This commit does this.

Relates elastic/x-pack-elasticsearch#3247

Original commit: elastic/x-pack-elasticsearch@91780597b9
2017-12-07 12:57:48 -05:00
Jay Modi c6799de2a4 Do not enforce TLS if discovery type is single-node (elastic/x-pack-elasticsearch#3245)
This commit adds a check for the discovery type so that the TLS join validator does not fail join
requests when the discovery type is single-node.

relates elastic/x-pack-elasticsearch#2828

Original commit: elastic/x-pack-elasticsearch@fdfdb76b0b
2017-12-07 09:50:25 -07:00
Lisa Cawley c7b100a8c3 [DOCS] Added X-Pack bootstrap checks (elastic/x-pack-elasticsearch#2747)
* [DOCS] Added X-Pack bootstrap checks

* [DOCS] Added more bootstrap checks

* [DOCS] Added link to TLS configuration

* [DOCS] Added Encrypt Sensitive Data bootstrap check

* [DOCS] Added link to watcher encryption task

* [DOCS] Added role mapping bootstrap check

* [DOCS] Added PKI realm boostrap check

* [DOCS] Added token SSL bootstrap check

* [DOCS] Added role mapping bootstrap check

* [DOCS] Added bootstrap check file names

Original commit: elastic/x-pack-elasticsearch@4f3eb72d94
2017-12-07 08:42:02 -08:00
Alexander Reelsen eaf67f8bc2 Tests: Replace YAML tests with ESTestRestCase to be able to wait for … (elastic/x-pack-elasticsearch#3252)
* Tests: Replace YAML tests with ESTestRestCase to be able to wait for events

The YAML tests did not have any possibility to wait for the watches to
be created. A hard ten second timeout was used, that could not be
aborted, by simulating a sleep when waiting for a number of nodes that
never occured in the cluster.

This commit replaces those waiting YAML tests with ESRestTestCases, that
use `assertBusy()` to exit early once the watches have been added. Also
this increases the wait time if needed, as these tests tend to fail on
CI.

relates elastic/x-pack-elasticsearch#3217

Original commit: elastic/x-pack-elasticsearch@74b9945d88
2017-12-07 14:40:08 +01:00
David Kyle e9d9199205 [ML] Special Events (elastic/x-pack-elasticsearch#2930)
* Add Special Event

* Add special events to update process

* Add time condition and skip rule actions.

* Update special events

* Address review comments

Original commit: elastic/x-pack-elasticsearch@80500ded76
2017-12-07 11:44:12 +00:00
Tim Vernum 628dfaa843 Add API for SSL certificate information (elastic/x-pack-elasticsearch#3088)
Exposes the certificate location (configured path), serial number, and expiry date

Closes: elastic/x-pack-elasticsearch#2795

Original commit: elastic/x-pack-elasticsearch@a0773f6840
2017-12-06 19:57:25 +10:00
Nhat Nguyen 7f553f391f TEST: fix index template without index patterns
Relates https://github.com/elastic/elasticsearch/pull/27662

Original commit: elastic/x-pack-elasticsearch@7f2766695f
2017-12-05 21:25:53 -05:00
Nhat Nguyen 3cbb69eb3d Fix index template tests
Relates https://github.com/elastic/elasticsearch/pull/27662

Original commit: elastic/x-pack-elasticsearch@a2175c1689
2017-12-05 18:27:45 -05:00
Luca Cavanna 81dcd8c5f1 Filter mappings fields when field level security is configured (elastic/x-pack-elasticsearch#3173)
This PR uses a new extension point that's being added to Elasticsearch (see https://github.com/elastic/elasticsearch/pull/27603) so that the security plugin can filter the mappings fields returned by get index, get mappings, get field mappings and field capabilities API.

This effort aims at filtering information returned by API in the `indices/admin` category and field capabilities. It doesn't filter what the cluster state api returns as that is a cluster level operation.

One question is about backwards compatibility given that we would like to have this in 6.2. Shall we treat this as a bug as mappings should have been filtered before? Not sure if it's going to break existing integrations.

relates elastic/x-pack-elasticsearch#340

Original commit: elastic/x-pack-elasticsearch@d7e3fd3fa1
2017-12-05 20:32:17 +01:00
Chris Earle 48c8aed373 [Monitoring] Support Beats Monitoring (elastic/x-pack-elasticsearch#3208)
This reintroduces support for Beats monitoring.

Original commit: elastic/x-pack-elasticsearch@539da3afa1
2017-12-05 13:44:22 -05:00
David Kyle 4cd8f075b9 [ML] Add missing job Ids to log messages
Original commit: elastic/x-pack-elasticsearch@56855a3808
2017-12-05 17:43:34 +00:00
David Roberts 751caaae76 [ML] Set established model memory on job open for pre-6.1 jobs (elastic/x-pack-elasticsearch#3222)
Before this was done it was easy to get into the situation where a
job created in 5.x with a default model memory limit of 4GB could not
be opened on any node in the cluster.  Following this change this
problem will no longer occur for jobs that ran for a decent amount of
time on the old cluster.

relates elastic/x-pack-elasticsearch#3181

Original commit: elastic/x-pack-elasticsearch@cb029debba
2017-12-05 17:05:58 +00:00
Dimitrios Athanasiou 6c6b72db25 [TEST] Increase timeout for CoreWithSecurityClientYamlTestSuiteIT
This suite seems to be timing out on the CI slaves. Hopefully,
some extra time will stop the failures.

Original commit: elastic/x-pack-elasticsearch@95ba86be79
2017-12-05 15:57:27 +00:00
Alexander Reelsen 9eb2e14981 Watcher: Ensure watcher thread pool size is reasonably bound (elastic/x-pack-elasticsearch#3056)
The watcher threadpool size was always five times the CPU core
count, resulting in a huge threadpool when with even 24 cores.

This changes the behaviour to be five times the number of cores
by default - as watcher is usually waiting on I/O you should have more
threads than cores, but it maxes out with 50 threads, unless the number
of available cores is higher than that.

relates elastic/x-pack-elasticsearch#3052

Original commit: elastic/x-pack-elasticsearch@eab5deb113
2017-12-05 16:09:46 +01:00
Alexander Reelsen e3a7e4bee4 Tests: Increase timeout to wait to monitoring watches being created
Relates elastic/x-pack-elasticsearch#3217

Original commit: elastic/x-pack-elasticsearch@a6256f9e42
2017-12-05 14:20:46 +01:00
Alexander Reelsen c3e5a20242 Monitoring: Disable security for integration tests (elastic/x-pack-elasticsearch#3174)
In order to support the source directory repo split, this commit
disables security for the regular integration tests.

The MonitoringSettingsFilterTests already existed as REST test, so
this test has been removed.

Relates elastic/x-pack-elasticsearch#2925

Original commit: elastic/x-pack-elasticsearch@519154dd5f
2017-12-05 12:07:04 +01:00
Alexander Reelsen fdb02f4f99 Watcher: Fix pagerduty action to send context data (elastic/x-pack-elasticsearch#3185)
The pagerduty action allows to send contexts, which contains an array
of texts or images, each with a link.

The field of this data was named 'context' instead of 'contexts' and
thus those contects were never correctly parsed on the pagerduty side.

Unfortunately pagerduty accepts any JSON, thus this was not caught so
far.

This commit allows parsing of the old field name to retain BWC, but when
written out via toXContent, it will always use the 'contexts' field name.

relates elastic/x-pack-elasticsearch#3184

Original commit: elastic/x-pack-elasticsearch@50f0b65d56
2017-12-05 11:31:48 +01:00
Lisa Cawley 0def4dfbf8 [DOCS] Add Data Visualizer to the ML Getting Started tutorial (elastic/x-pack-elasticsearch#3171)
* [DOCS] Refreshed ML screenshots

* [DOCS] Added screenshots for ML Data Visualizer

* [DOCS] Addressed feedback about data visualizer

* [DOCS] Fixed typo in ML tutorial

Original commit: elastic/x-pack-elasticsearch@2603536a93
2017-12-04 13:22:42 -08:00
jaymode 6487557e61 Test: fix min value being greater than max value in IndexLifecycleManagerIntegTests
This commit fixes the minimum value being smaller than the maximum value in a call to the
scaledRandomIntBetween, which causes the test to fail.

Original commit: elastic/x-pack-elasticsearch@da7d0ce0ce
2017-12-04 10:45:18 -07:00
Alexander Reelsen b4a317ee94 Documentation: Fix checksum link to point to sha512 link
Original commit: elastic/x-pack-elasticsearch@cac9cb1a84
2017-12-04 17:54:51 +01:00
Dimitris Athanasiou 30b745f846 [ML] Frequency in datafeeds with aggs must be multiple of hist interval (elastic/x-pack-elasticsearch#3205)
relates elastic/x-pack-elasticsearch#3204

Original commit: elastic/x-pack-elasticsearch@0bbd9addd4
2017-12-04 15:22:56 +00:00
David Kyle d39c8b76db [ML] Fix test after elastic/x-pack-elasticsearch#3202
Original commit: elastic/x-pack-elasticsearch@c83c3ebcc1
2017-12-04 13:48:24 +00:00
David Kyle cb9314ba78 [ML] Remove confusing datafeed log message (elastic/x-pack-elasticsearch#3202)
Original commit: elastic/x-pack-elasticsearch@b8ec3d06c9
2017-12-04 13:08:49 +00:00
David Roberts 2c978842da [ML] Avoid spurious logging when deleting lookback job from the UI (elastic/x-pack-elasticsearch#3193)
When you click "delete" in the UI it force-deletes the datafeed then
force-deletes the job.  For a datafeed doing lookback, this results
in a close followed very quickly by a kill on the autodetect process.
Depending on thread scheduling this could cause a lot of spurious
errors and exception traces to be logged.

This change prevents the log spam in this scenario.

relates elastic/x-pack-elasticsearch#3149

Original commit: elastic/x-pack-elasticsearch@091240f32a
2017-12-04 10:29:05 +00:00
David Roberts df9dd77656 [TEST] Fix more side effects of elastic/x-pack-elasticsearch#2975 on machines with < 16GB RAM
Our rolling upgrade tests were failing on many machines due to using
the 5.x default of 4GB model_memory_limit, which then propagated forward
to 6.1+ even though the default is now lower.

Original commit: elastic/x-pack-elasticsearch@3b23d8fe9d
2017-12-04 09:48:51 +00:00
jaymode 409492808f Test: bound number of requests in IndexLifecycleManagerIntegTests
The IndexLifecycleManagerIntegTests has a method that tests concurrency and executes a large number
of requests in parallel. On some machines, this can actually overwhelm a thread pool and cause the
test to fail for the wrong reasons. This commit bounds the total number of requests to 100.

Original commit: elastic/x-pack-elasticsearch@07613ada51
2017-12-01 09:40:53 -07:00
Alexander Reelsen f816b2e850 Monitoring: Move watcher tests for repository split preparations (elastic/x-pack-elasticsearch#3183)
Created a smoke-test-monitoring-with-watcher project that runs REST
tests with watcher enabled to ensure that the proper watcher are
installed either when the local or the HTTP exporter are set up.

Also removed two more watcher imports in the tests.

Relates elastic/x-pack-elasticsearch#2925

Original commit: elastic/x-pack-elasticsearch@0a9abc3185
2017-12-01 13:20:05 +01:00
Luca Cavanna 55a19ed394 Deprecate the transport client in favour of the high-level REST client (elastic/x-pack-elasticsearch#2779)
Original commit: elastic/x-pack-elasticsearch@2aeef5df3f
2017-12-01 12:24:26 +01:00
David Roberts d08944b1ff [TEST] Fix seed-specific failure in ML node allocation test
This was due to a hardcoded job ID that wouldn't exist when two random
numbers generated by the test framework were both small.

Original commit: elastic/x-pack-elasticsearch@9529e6d280
2017-12-01 11:12:55 +00:00
Tim Sullivan 6f4484c287 [Monitoring] Update Beats Template with Metrics (elastic/x-pack-elasticsearch#2902)
* [Monitoring] Update Beats Template with Metrics

- remove source_node.timestamp
- includes mapping for beat type = Metricbeat

* remove metricbeat and xpack objects which are not used in the UI

* use long instead of integer type

Original commit: elastic/x-pack-elasticsearch@083b9cc575
2017-11-30 13:33:16 -07:00
Lisa Cawley d2172be562 [DOCS] Refresh screenshots in ML single metric job tutorial (elastic/x-pack-elasticsearch#3172)
* [DOCS] Refresh screenshots in ML tutorial

* [DOCS] Refreshed screenshots for single metric job

* [DOCS] Removed outdated index screenshot

Original commit: elastic/x-pack-elasticsearch@14f39c3091
2017-11-30 10:55:46 -08:00
Albert Zaharovits 3ea5a6df91 Augment audit authz event with role names data (elastic/x-pack-elasticsearch#3100)
Audit authz events (accessGranted, accessDenied, runAsGranted
and runAsDenied) include role names.

Original commit: elastic/x-pack-elasticsearch@6a94f65962
2017-11-30 15:56:00 +02:00
Tim Vernum 4262b29188 [Security] Add DEBUG logging on role resolution (elastic/x-pack-elasticsearch#3138)
This change adds some debug and trace logging when we look up role names, to explain how each role was resolved.

At the moment we have very little insight into how roles are being resolved which can make it difficult to diagnose some issues.

Original commit: elastic/x-pack-elasticsearch@1b3c246186
2017-11-30 21:34:07 +10:00
Albert Zaharovits a5fe074b5c LoggingAuditTrail emit events before local address available (elastic/x-pack-elasticsearch#3061)
Register LoggingAuditTrail as a ClusterStateListener.
Avoid querying for the localNode while on the ClusterStateApplier thread,
which tripps assertion. This can happen when logging audit events that
originate from the system.

relates elastic/x-pack-elasticsearch#3057

Original commit: elastic/x-pack-elasticsearch@66bc59682d
2017-11-30 12:42:34 +02:00
Hendrik Muhs 756d878983 [ML-FC] do not allow durations below the bucket span (elastic/x-pack-elasticsearch#3166)
do not allow durations below the bucket span

Original commit: elastic/x-pack-elasticsearch@0e895c1ddd
2017-11-30 07:49:21 +01:00
Tim Vernum c2ff796fea Support realm validation when Keystore is closed (elastic/x-pack-elasticsearch#3096)
If the KeyStoreWrapper is closed, then we cannot validate secure settings (because we no longer have access to them)
The Realm group setting uses the "validate" method to ensure that child settings are correct, but it must ignore secure settings as it might get called
after startup (e.g. during a settings diff)

Original commit: elastic/x-pack-elasticsearch@b30db6bc62
2017-11-30 11:22:17 +10:00
Lisa Cawley 90a1da82ee [DOCS] Subdivided getting started with ML pages (elastic/x-pack-elasticsearch#3167)
* [DOCS] Subdivided getting started with ML pages

* [DOCS] Added new getting started page to build.gradle

Original commit: elastic/x-pack-elasticsearch@968187b048
2017-11-29 12:03:51 -08:00
Lisa Cawley 11ab50d9dc [DOCS] Clarified watcher cleaner service behaviour (elastic/x-pack-elasticsearch#3135)
* [DOCS] Clarified watcher cleaner service behaviour

* [DOCS] Fixed typo in watcher settings

* [DOC] Clarified watcher and monitor setting dependencies

Original commit: elastic/x-pack-elasticsearch@1386139460
2017-11-29 08:25:59 -08:00
Michael Basnight bf27cd1457 Use SPI to glean reserved roles (elastic/x-pack-elasticsearch#3012)
This commit uses SPI to get the list of system wide reserved roles in
security. It does not yet split out the RoleDescriptor to a common
location so the implementing services still depend on security. Each
role, however, only depends on its own feature as well as security.

ref elastic/x-pack-elasticsearch#2925

Original commit: elastic/x-pack-elasticsearch@efebc3e5c8
2017-11-29 09:00:23 -06:00
Alexander Reelsen c641a30bc5 Docs: Explain watcher security integration/limitations (elastic/x-pack-elasticsearch#3106)
Original commit: elastic/x-pack-elasticsearch@991e1de267
2017-11-29 14:48:06 +01:00
David Kyle 171c48fd2f [TESTS] Refactor yml test suite classes (elastic/x-pack-elasticsearch#3145)
* Use XPackRestIT as base class for XDocsClientYamlTestSuiteIT

* Remove the XPackRestTestCase class

* Address review comments

* Fix checkstyle checks

Original commit: elastic/x-pack-elasticsearch@c2a5e60c12
2017-11-29 12:43:53 +00:00
David Roberts ef96831515 [ML] Don't mention unrelated indices when deleting job index aliases (elastic/x-pack-elasticsearch#3160)
This change fixes a problem that would cause job deletion to fail if ANY
index had a block on it, e.g. read-only.

The problem was that we were requesting the job aliases be deleted from
ALL indices in the system due to a misunderstanding with the format of the
get_aliases response.  This didn't usually cause any noticable effects, as
only the ML indices would have the aliases.  But in the case of a read-only
index it would cause an error, leading to unnecessary failure of the job
deletion.

Fixes elastic/machine-learning-cpp#428

Original commit: elastic/x-pack-elasticsearch@a573f85a00
2017-11-29 11:39:30 +00:00
Dimitris Athanasiou 9ef9edc1ca [ML] Rework ScrollDataExtractorTests to make scroll clearing more robust (elastic/x-pack-elasticsearch#3150)
Original commit: elastic/x-pack-elasticsearch@7784497a3d
2017-11-29 11:19:13 +00:00