- remove state - the existing of the internal `bulk` is enough to determine the state of the exporter. When the exporter is started, the bulk is instantiated.
- simplified & structured the startup of the exporter - now it listens to cluster state events and acts on those, rather than fetching & checking the cluster state on demand.
- the master is responsible for "putting" the marvel template... everything else will just wait for the right template to appear in the cluster state.
- started to fix the local exporter tests
Original commit: elastic/x-pack-elasticsearch@7fae23d166
- bulk abstraction on top of exporter
- removed queuing and bulk processor from local exporter
- started to adjust tests to shield (require a lot of helper methods in `MarvelInegTestCase`)
- moved index name resolution to `Exporter` (functionality shared between all exporters)
Original commit: elastic/x-pack-elasticsearch@86b495622c
- prepared the ground for shield integration tests.
- for now, `shield` is disabled for all integration tests (once we have the `local` exporter we'll be able to turn shield on.
Original commit: elastic/x-pack-elasticsearch@cf5d660f58
- an exporter is no longer fixed construct. Instead, this commit creates an `Exporter` abstraction. An exporter has a type and is responsible for exporting marvel documents.
- multiple exporters can be configured, each can be of a different type.
- an exporter can be of a "singleton" type, indicating that there can only be one exporter of that type at any point in time.
- exporters are configured in the settings. Each exporters is identified by a unique name/id and has its own settings (the type of the exporter defines what settings that exporter expects)
- exporters are loaded at start up time, but it is also possible to update the exporter settings at runtime (all exporter settings are registered as dynamic cluster settings). When updated, all the exporters will be rebuild & reloaded.
- there are two types of exporters: `http` and `local`
- `http` exporter exports documents to external elasticsearch clusters using the REST API
- the new `http` exporter doesn't support user info as part of the URL (it's pron to security info leak). Instead a new `auth.username` and `auth.password` settings were added that can be set per `http` exporter (when shield is installed, the passwords are filtered out from the node info API)
- `local` exporter exports documents to the same cluster the agent is installed on, using the internal node client.
- when no exporter is configured, a default `local` exporter is created (for best ootb experience)
Original commit: elastic/x-pack-elasticsearch@d1d7c8aefd
- Adds internal `__marvel_user`
- Adds a `SecuredClient` that binds the internal marvel user to all requests it sends
Original commit: elastic/x-pack-elasticsearch@77c4716261
Some tests are still using a node builder for nodes that need to load Shield, which is not currently
supported by elasticsearch. This changes some to use a MockNode and awaits fix a tribe test
that was previously testing nothing.
Original commit: elastic/x-pack-elasticsearch@57d0c902b6
This updates our test certificates to have more subject alternative names and adds a script
to make regeneration easier in the future. Also added are the private keys in PEM format and
a .p12 version of the keystore. In the future we may want to start supporting PKCS12 keystores
and this will be a starting point for that.
Original commit: elastic/x-pack-elasticsearch@92c94c9f28
These files are generated automatically with eclipse:eclipse so they shouldn't
be tracked in the repository.
Original commit: elastic/x-pack-elasticsearch@3869ddebfa
This also stops the remote IndexAuditTrail services prior to wiping the cluster to prevent possible
writes after a template has been deleted.
Original commit: elastic/x-pack-elasticsearch@30ef226250
This change updates the IPFilter to always allow traffic from the bound addresses of the node
even if they have been explicitly disabled. This behavior can be disabled through a setting but
that could be dangerous if the blocking rule is added via a persistent setting stored in the cluster
state.
Closeselastic/elasticsearch#487
Original commit: elastic/x-pack-elasticsearch@4c1cf9455f
When we receive a message and cannot decode the signed user header, we should audit
this as a tampered request. The request may not be tampered if nodes are configured
differently in terms of system keys, but this at least provides some evidence of the bad
request on the nodes that receives it.
Closeselastic/elasticsearch#647
Original commit: elastic/x-pack-elasticsearch@2f3411d9f9