If a persistent task throws an exception, the persistent tasks framework will no longer try to restart the task. This is a temporary measure to prevent threshing the cluster with endless restart attempt. We will revisit this in the future version to make the restart process more robust. Please note, however, that if node executing the task goes down, the task will still be restarted on another node.
Original commit: elastic/x-pack-elasticsearch@30712e0fbf
* [ML] Removes direct dependency on Jackson Parser
The classes that read data from the post data action ready to write to the autodetect process had a direct dependency on Jackson’s `Parser` class. This changes makes those classes depend on XContent instead making them consistent with the way we parse requests and data across Elasticsearch and X-Pack.
* Simplify json record reader
This commit removes the unnecessary `AbstractJsonRecordReader` and `JsonRecordReader` interfaces/classes. These are not required as we do and should only have one implementation of reading json records.
Original commit: elastic/x-pack-elasticsearch@366b8af943
Removes the transport layer dependency from PersistentActions, makes PersistentActionRegistry immutable and rename actions into tasks in class and variable names.
Original commit: elastic/x-pack-elasticsearch@e3e5b79c28
The action name is currently inconsistent with the class name.
Also as more types of jobs will be added, they should reuse the existing actions,
so it make more sense to gave a generic job name for the action name. Note that
it is ok to have additional rest handlers for new type of jobs.
Original commit: elastic/x-pack-elasticsearch@a70d46fb8a
The LdapRealm submits runnables to the generic thread pool when a bind is necessary as a bind must
be a synchronous operation and we do not want to block network threads on this. However, the
generic threadpool could be full and this runnable could get queued. When this happens requests
appear to hang; to prevent this we submit a delayed executable that will stop the runnable from
attempting to connect to Ldap and provide an exceptional response to the listener.
relates elastic/x-pack-elasticsearch#716
Original commit: elastic/x-pack-elasticsearch@3e43b17f1d
This commit fixes the merging of field level security rules from multiple roles. Prior to 5.2, the
merging was treated as the merging of languages whereas after 5.2, this incorrectly became a merge
of all rules meaning a single wildcard could cause denials to be ignored.
Original commit: elastic/x-pack-elasticsearch@42f9e6d8b0
This commit removes the blocking invocation of bulk requests in monitoring as in some cases this
can lead to exhaustion of the generic threadpool, which effectively prevents the node from
operating normally.
One behavior change that is made by this commit is the MonitoringService will no longer wait
indefinitely when closing as this can lead to a node blocking forever and never shutting down.
Instead a wait of 10 seconds is added, which aligns with the security index audit trail's behavior
on shutdown.
relates elastic/x-pack-elasticsearch#715
Original commit: elastic/x-pack-elasticsearch@5ba7f49aab
In preparation of extending the model snapshot update API,
it makes sense to make it immutable to avoid any confusion
that could be caused by having setters on it.
I also like immutable stuff :-)
Original commit: elastic/x-pack-elasticsearch@6b2ee527a8
The scheduler based trigger engine is not enabled by default
as the ticker based trigger engine is used. As we dont use it
in production, this commit removes this specific implementation.
It also removes some uneeded abstractions like AbstractTriggerEngine, TriggerEngine.Listener and TriggerEngine.Job
Original commit: elastic/x-pack-elasticsearch@b17a2e9d62
This commit makes the XPackFeatureSet#usage calls asynchronous. Previously these were synchronous
calls that would execute a multi-search request from the currently elected master node in a blocking
fashion. The multi-search request is now executed asynchronously.
relates elastic/x-pack-elasticsearch#213
Original commit: elastic/x-pack-elasticsearch@a0cb988442
Datafeed state was always stopped when the stats
endpoint was called with _all. The reason is that
_all was not being expanded into all datafeed IDs.
This commit fixes the issue by expanding _all into
all datafeed IDs in the cluster. Stats are then fetched
for all of them.
relates elastic/x-pack-elasticsearch#693
Original commit: elastic/x-pack-elasticsearch@ccbdb35b6e
Prior to this change the integration tests could fail for up to 24
hours after a change to the C++ output format
Original commit: elastic/x-pack-elasticsearch@b8d9fa0adb
Rename model_debug_output to model_plot
The model debug output is 1 result type of the autodetect (anomaly detection) process reporting bounds/statistics/state - not anomalies - It's main usage as of time of writing is visualization in the UI, naming the 'blue shadow' under the result graph. Rename in order to remove 'debug' in the name
Original commit: elastic/x-pack-elasticsearch@86de428512
This commit restricts custom role providers to only apply to those
instances of x-pack with a platinum level license. All other license
types will not be allowed to use custom role providers. Any custom role
providers implemented via the XPackExtension will not take effect unless
the license is platinum.
relates elastic/x-pack-elasticsearch#720
Original commit: elastic/x-pack-elasticsearch@4fc35494ee
The wait condition used for integ tests by default calls the cluster
health api with wait_for_nodes nd wait_for_status. However, xpack
overrides the wait condition to add auth, but most of these conditions
still looked at the root ES url, which means the tests are susceptible
to race conditions with the check and node startup. This change modifies
the url for the authenticated wait condtion to check the health api,
with the appropriate wait_for_nodes and wait_for_status.
Original commit: elastic/x-pack-elasticsearch@0b23ef528f
When adding support for rest request filtering of sensitive content, the overridden rest request
did not properly delegate the #getRemoteAddress method to the wrapped request. This resulted in a
NPE when a filtered rest request was created and an audit record needed to be generated.
relates elastic/x-pack-elasticsearch#714
Original commit: elastic/x-pack-elasticsearch@710b43355b
User signing was removed with the move to TLS only transport and this change removes a no longer
used setting.
Original commit: elastic/x-pack-elasticsearch@c221f1f4a4
* Changed ML action names to allow distinguishing of admin and read-only actions
using wildcards
* Added manage_ml and monitor_ml built-in privileges as subsets of the existing
manage and monitor privileges
* Added out-of-the-box machine_learning_admin and machine_learning_user roles
* Changed machine learning results endpoints to use a NodeClient rather than an
InternalClient when searching for results so that index/document level permissions
applied to ML results are respected
Original commit: elastic/x-pack-elasticsearch@eee800aaa8
This commit removes an unnecessary String creation from the char[] of a password and instead uses
a byte[] that is cleared after it is used to prevent the password bytes from sticking around in
memory longer than required.
Original commit: elastic/x-pack-elasticsearch@1154a68965
- introduce builtin user 'beats_system'
- init monitoring-beats ES mapping
- add beats to MonitoredSystem + Resolver
Original commit: elastic/x-pack-elasticsearch@4d7b45d54d
DataStreamDiagnostics
DataStreamDiagnostics analyzes input data regarding machine learning fit. It checks whether data is sane/plausible as anomaly detection on broken data (or misconfiguration).
Original commit: elastic/x-pack-elasticsearch@2f37d3c960
This commit fixes the SHA hashes for the Netty dependencies after Netty
was upgraded from version 4.1.8 to version 4.1.9.
Original commit: elastic/x-pack-elasticsearch@ca4c376886
This integration tests only checks if date math index names are
supported. This is nothing that a watcher test should check for.
Original commit: elastic/x-pack-elasticsearch@8a06988fff
Now machine learning is simply a feature of X-Pack, so I have made the
MachineLearning class more like the other feature classes. It no longer extends
Plugin and its createComponents() method takes an InternalClient rather than
a generic Client.
Original commit: elastic/x-pack-elasticsearch@704860147c
This commit adds an end-point to force deletion of expired data:
DELETE /_xpack/ml/_delete_expired_data
A few other things are changed too:
- Delete expired results from now rather than start of day
- Rename MlDaily{Management -> Maintenance}Service
- Refresh job indices when job is closing to ensure latest result
visibility
- Commit results when quantiles are persisted to ensure they are visible
for renormalization
Original commit: elastic/x-pack-elasticsearch@8ca5272a94
Switched the order of the local atomic flag check and cluster state check,
based on the observation that we used to sometimes get a storm of cluster
state updates on initial startup, due to a race between checking for the
presence of an index template and starting to create one.
Original commit: elastic/x-pack-elasticsearch@7ae83648ce
* [ML] Wait for templates to be installed before running ML Integ tests
* Revert put job template check and preserve template change
* Review comments
Original commit: elastic/x-pack-elasticsearch@21deb34f4a
Security API to determine which (if any) of a specified set of index/cluster privileges are held by the current (runAs) user.
Intended for use by Kibana to distinguish between read/write and read-only users, but should be applicable to other uses cases also.
Closes: elastic/x-pack-elasticsearch#282
Original commit: elastic/x-pack-elasticsearch@8b4cfdb858
The only tricky thing here was what to do about ES jars. We now ignore them for the jar sha checking, and the base elasticsearch license and notice is copied here, and elasticsearch jars are mapped to those license/notice files.
Original commit: elastic/x-pack-elasticsearch@a6373cfe4e
This fixes returning results only for the job asked
when a shared index is used.
The commit also refactors the field count check to
use the field mappings API and solves a bug where the
check blows due to the _default_ type not having properties.
[Zach] Minor test tweak to MlJobIT
Original commit: elastic/x-pack-elasticsearch@729f886879
The yaml test runner now throws error when skip or do sections are malformed, such as they don't start with the proper token (START_OBJECT). That signals bad indentation, which was previously ignored. Thanks (or due to) our pull parsing code, we were still able to properly parse the sections, yet other runners weren't able to.
Original commit: elastic/x-pack-elasticsearch@920201207c
Only distributed ml tests, only enable ml as security, watcher, monitoring etc. only add noise to the tests.
Disable mock big arrays for distributed ml tests, as nodes starting/stopping in tests somehow leaves allocations around,
which only is a test problem.
Original commit: elastic/x-pack-elasticsearch@5ff1e69036
This moves the index structure to using a single, shared index
(.ml-anomalies-shared). Custom indices can still be used by manually
setting `results_index`.
An alias is always created which points from `.ml-anomalies-<jobid>`
to `.ml-anomalies-shared`.
User defined indices are prepended with "custom-"
Index helper functions have been renamed to make this clear. Furthermore,
accessing an index should always be done either by fetching the
currently configured index/alias from the state, or using the preconfigured
alias. Because the user can specify a custom physical index, it is
impossible to determine the physical index "by convention" now.
The helpers have been configured to reflect that.
Original commit: elastic/x-pack-elasticsearch@a5368eb230
This commit adds the ability for x-pack extensions to optionally
provide custom roles providers, which are used to resolve any roles
into role descriptors that are not found in the reserved or native
realms. This feature enables the ability to define and provide roles
from other sources, without having to pre-define such roles in the security
config files.
relates elastic/x-pack-elasticsearch#77
Original commit: elastic/x-pack-elasticsearch@bbbe7a49bf
As part of authentication, we use a iterating action listener to perform asynchronous authentication against the realm
chain. When this listener is called with a response or a failure, it could be called from a thread that is not owned by
the Elasticsearch threadpool such as a LDAPConnectionReader thread. When this happens, we need to ensure that the
ThreadContext is not left with items in it otherwise we leave behind things like Authentication and hit obscure errors.
This commit stores the context when the listener calls the consumer or onResponse/onFailure is invoked, which prevents
us from polluting a external thread's ThreadContext.
Original commit: elastic/x-pack-elasticsearch@0f50fb6c10
Some json builders in the codebase were not closed. even
though this is not needed for the BytesStreamOutput being used,
there is more closing logic in the jackson classes, which we
should not rely on, that those never change or are ok to not
close.
Original commit: elastic/x-pack-elasticsearch@05a43d80ff
This is the Elastic convention, and also makes it clearer where the
actual log message from the C++ starts
Original commit: elastic/x-pack-elasticsearch@dc9aeefb08
Martijn van Groningen
Dimitris Athanasiou
Zachary Tong
Igor Motov
Hendrik Muhs
Colin Goodheart-Smithe
David Roberts
Tim Vernum
Zachary Tong
Jay Modi
Ryan Ernst
Alexander Reelsen
Boaz Leskes
David Kyle
Ali Beyad
Tanguy Leroux
Steffen Siering
Jason Tedor
Luca Cavanna