From c7852a428f6afa0fd496c210ae296f5a4b062622 Mon Sep 17 00:00:00 2001 From: Craig MacKenzie Date: Tue, 17 Jan 2023 13:17:13 -0500 Subject: [PATCH] Remove unused testing environments. (#2108) These were copied from Beats, and we keep getting Snyk PRs and vulnerabiltiy reports for Docker containers that aren't even used. Simpler to remove them. --- testing/environments/Dockerfile | 8 -- testing/environments/Makefile | 30 ------- testing/environments/README.md | 85 ------------------ testing/environments/docker/README.md | 6 -- .../docker/elasticsearch/kerberos/init.sh | 10 --- .../elasticsearch/kerberos/installkdc.sh | 73 --------------- .../docker/elasticsearch/pki/ca/ca.crt | 20 ----- .../docker/elasticsearch/pki/ca/ca.key | 27 ------ .../pki/elasticsearchssl/elasticsearchssl.crt | 19 ---- .../pki/elasticsearchssl/elasticsearchssl.key | 27 ------ .../docker/elasticsearch/pki/generate_pki.sh | 4 - .../docker/elasticsearch/roles.yml | 31 ------- .../environments/docker/elasticsearch/users | 8 -- .../docker/elasticsearch/users_roles | 11 --- .../docker/elasticsearch_kerberos/Dockerfile | 15 ---- .../config/kdc.conf.template | 34 ------- .../elasticsearch_kerberos/config/krb5.conf | 25 ------ .../config/krb5.conf.template | 43 --------- .../elasticsearch_kerberos/healthcheck.sh | 11 --- .../docker/elasticsearch_kerberos/init.sh | 0 .../scripts/addprinc.sh | 62 ------------- .../scripts/addprincs.sh | 7 -- .../scripts/installkdc.sh | 78 ---------------- .../docker/elasticsearch_kerberos/start.sh | 8 -- testing/environments/docker/kafka/Dockerfile | 35 -------- testing/environments/docker/kafka/README.md | 35 -------- .../docker/kafka/certs/broker-cert | 18 ---- .../docker/kafka/certs/broker-cert-signed | 18 ---- .../docker/kafka/certs/broker.keystore.jks | Bin 3959 -> 0 bytes .../environments/docker/kafka/certs/ca-cert | 16 ---- .../docker/kafka/certs/ca-cert.srl | 1 - .../environments/docker/kafka/certs/ca-key | 30 ------- .../docker/kafka/certs/client.truststore.jks | Bin 962 -> 0 bytes .../environments/docker/kafka/healthcheck.sh | 12 --- testing/environments/docker/kafka/run.sh | 50 ----------- .../docker/kerberos_kdc/Dockerfile | 15 ---- .../environments/docker/logstash/gencerts.sh | 5 -- .../logstash/pipeline-xpack/default.conf | 26 ------ .../docker/logstash/pipeline/default.conf | 24 ----- .../logstash/pki/tls/certs/logstash.crt | 18 ---- .../logstash/pki/tls/private/logstash.key | 28 ------ testing/environments/docker/logstash/ssl.conf | 18 ---- .../environments/docker/mosquitto/Dockerfile | 2 - testing/environments/docker/sredis/Dockerfile | 16 ---- .../environments/docker/sredis/gencerts.sh | 5 -- .../docker/sredis/pki/tls/certs/sredis.crt | 19 ---- .../docker/sredis/pki/tls/private/sredis.key | 27 ------ .../environments/docker/sredis/stunnel.conf | 7 -- testing/environments/docker/test.env | 2 - testing/environments/latest.yml | 37 -------- testing/environments/local.yml | 33 ------- testing/environments/prev-minor.yml | 38 -------- testing/environments/snapshot.yml | 59 ------------ 53 files changed, 1236 deletions(-) delete mode 100644 testing/environments/Dockerfile delete mode 100644 testing/environments/Makefile delete mode 100644 testing/environments/README.md delete mode 100644 testing/environments/docker/README.md delete mode 100644 testing/environments/docker/elasticsearch/kerberos/init.sh delete mode 100644 testing/environments/docker/elasticsearch/kerberos/installkdc.sh delete mode 100644 testing/environments/docker/elasticsearch/pki/ca/ca.crt delete mode 100644 testing/environments/docker/elasticsearch/pki/ca/ca.key delete mode 100644 testing/environments/docker/elasticsearch/pki/elasticsearchssl/elasticsearchssl.crt delete mode 100644 testing/environments/docker/elasticsearch/pki/elasticsearchssl/elasticsearchssl.key delete mode 100755 testing/environments/docker/elasticsearch/pki/generate_pki.sh delete mode 100644 testing/environments/docker/elasticsearch/roles.yml delete mode 100644 testing/environments/docker/elasticsearch/users delete mode 100644 testing/environments/docker/elasticsearch/users_roles delete mode 100644 testing/environments/docker/elasticsearch_kerberos/Dockerfile delete mode 100644 testing/environments/docker/elasticsearch_kerberos/config/kdc.conf.template delete mode 100644 testing/environments/docker/elasticsearch_kerberos/config/krb5.conf delete mode 100644 testing/environments/docker/elasticsearch_kerberos/config/krb5.conf.template delete mode 100755 testing/environments/docker/elasticsearch_kerberos/healthcheck.sh delete mode 100755 testing/environments/docker/elasticsearch_kerberos/init.sh delete mode 100755 testing/environments/docker/elasticsearch_kerberos/scripts/addprinc.sh delete mode 100755 testing/environments/docker/elasticsearch_kerberos/scripts/addprincs.sh delete mode 100755 testing/environments/docker/elasticsearch_kerberos/scripts/installkdc.sh delete mode 100755 testing/environments/docker/elasticsearch_kerberos/start.sh delete mode 100644 testing/environments/docker/kafka/Dockerfile delete mode 100644 testing/environments/docker/kafka/README.md delete mode 100644 testing/environments/docker/kafka/certs/broker-cert delete mode 100644 testing/environments/docker/kafka/certs/broker-cert-signed delete mode 100644 testing/environments/docker/kafka/certs/broker.keystore.jks delete mode 100644 testing/environments/docker/kafka/certs/ca-cert delete mode 100644 testing/environments/docker/kafka/certs/ca-cert.srl delete mode 100644 testing/environments/docker/kafka/certs/ca-key delete mode 100644 testing/environments/docker/kafka/certs/client.truststore.jks delete mode 100755 testing/environments/docker/kafka/healthcheck.sh delete mode 100755 testing/environments/docker/kafka/run.sh delete mode 100644 testing/environments/docker/kerberos_kdc/Dockerfile delete mode 100755 testing/environments/docker/logstash/gencerts.sh delete mode 100644 testing/environments/docker/logstash/pipeline-xpack/default.conf delete mode 100644 testing/environments/docker/logstash/pipeline/default.conf delete mode 100644 testing/environments/docker/logstash/pki/tls/certs/logstash.crt delete mode 100644 testing/environments/docker/logstash/pki/tls/private/logstash.key delete mode 100644 testing/environments/docker/logstash/ssl.conf delete mode 100644 testing/environments/docker/mosquitto/Dockerfile delete mode 100644 testing/environments/docker/sredis/Dockerfile delete mode 100755 testing/environments/docker/sredis/gencerts.sh delete mode 100644 testing/environments/docker/sredis/pki/tls/certs/sredis.crt delete mode 100644 testing/environments/docker/sredis/pki/tls/private/sredis.key delete mode 100644 testing/environments/docker/sredis/stunnel.conf delete mode 100644 testing/environments/docker/test.env delete mode 100644 testing/environments/latest.yml delete mode 100644 testing/environments/local.yml delete mode 100644 testing/environments/prev-minor.yml delete mode 100644 testing/environments/snapshot.yml diff --git a/testing/environments/Dockerfile b/testing/environments/Dockerfile deleted file mode 100644 index e2fe35768ba..00000000000 --- a/testing/environments/Dockerfile +++ /dev/null @@ -1,8 +0,0 @@ -# Basic debian file with curl, wget and nano installed to fetch files -# an update config files -FROM debian:11.5 -MAINTAINER Nicolas Ruflin - -RUN apt-get update && \ - apt-get install -y curl nano wget zip && \ - apt-get clean diff --git a/testing/environments/Makefile b/testing/environments/Makefile deleted file mode 100644 index 6387289ac01..00000000000 --- a/testing/environments/Makefile +++ /dev/null @@ -1,30 +0,0 @@ -ENV?=snapshot.yml -BASE_COMMAND=docker-compose -f ${ENV} -f local.yml - -start: - # This is run every time to make sure the environment is up-to-date - ${BASE_COMMAND} build --pull --force-rm - ${BASE_COMMAND} run beat bash - -stop: - ${BASE_COMMAND} down -v - -status: - ${BASE_COMMAND} ps - -up: - ${BASE_COMMAND} build - ${BASE_COMMAND} up - -up-%: - ${BASE_COMMAND} build $* - ${BASE_COMMAND} up $* - -# Be careful using this command, as it will remove all containers and volumes of your docker-machine -clean: - docker stop $(shell docker ps -a -q) - docker rm -v $(shell docker ps -a -q) - -# Tails the environment log files -logs: - ${BASE_COMMAND} logs -f diff --git a/testing/environments/README.md b/testing/environments/README.md deleted file mode 100644 index 332e52bfe2a..00000000000 --- a/testing/environments/README.md +++ /dev/null @@ -1,85 +0,0 @@ -# Testing environments - -These environments are intended for manual and automated testing. The docker-compose files can be combined to create the different environment. - - -# Manual testing - -The different environments can be started with the following commands for manual testing. These environments expose ports of Elasticsearch, Logstash and Kibana on the Docker-Machine ip. - -Running the environment chains the following docker-compose files together - -* local.yml: Definition of ports which have to be exposed for local testing including kibana -* latest.yml: Latest version of elasticsearch, logstash, kibana -* snapshot.yml: Snapshot version of elasticsearch, logstash, kibana - - -## Start / Stop environment - -``` -make start ENV=es17-ls15-kb41.yml -``` - -This will start the environment and log you into the debian machine. This machine is intended for manual testing of the beats. Download the beats package or snapshot you want to test. Elasticsearch can be reached under the host `elasticsearch`, logstash under `logstash`. Make sure to update the configuration file of the beat with the specific host. - -To stop an clean up the environment afterwards, make sure to run: - -``` -make stop ENV=es17-ls15-kb41.yml -``` - - -## Update containers - -As for testing, some default installation must be changed, access to the containers is needed. Each container has a unique name which corresponds with the service name. To access a running container of elasticsearch, run: - -``` -docker exec -it elasticsearch bash -``` - -## Access machines from external - -It is useful to sometimes access the containers from a browser, especially for Kibana. Elasticsearch exposes port 9200 and Kibana 5601. Make sure no other services on your machine are already assigned to these ports. To access Kibana for example, go to the following url: - -``` -http://docker-machine-ip:5601/ -``` - -Often the default address is `localhost`. - - -## Cleanup -In case your environment is messed up because of multiple instances still running and conflicting with each other, use the following commands to clean up. Please be aware that this will stop ALL docker containers ony our docker-machine. - -``` -make clean -``` - - -## Notes - -Every container has a name corresponding with the service. This requires to shut down an environment and clean it up before starting an other environment. This is intentional to prevent conflicts. - - -# Automated Testing - -These environments are also used for integration testing in the different beats. For this, `make testsuite` by default uses the snapshot environment. To select a different environment during testing, run the following command to use the latest environment: - -``` -TESTING_ENVIRONMENT=latest make testsuite -``` - -This will run the full testsuite but with latest environments instead of snapshot. - - -## Defaults - -By default, elasticsearch, logstash and kibana are started. These are available at all time that these environments are used. Running the environment, chains the following docker-compose flies together: - -* snapshot.yml: Snapshot version of elasticsearch, logstash, kibana -* docker-compose.yml: Local beat docker-compose file - - -## Updating environments - -If the snapshot environment is updated with a new build, all beats will automatically build with the most recent version. diff --git a/testing/environments/docker/README.md b/testing/environments/docker/README.md deleted file mode 100644 index 8ecb7bb5241..00000000000 --- a/testing/environments/docker/README.md +++ /dev/null @@ -1,6 +0,0 @@ -# XPack security - -This directory contains default usernames and passwords with roles configured -according to the Beats documentation. - -The default password for all accounts is `testing`. \ No newline at end of file diff --git a/testing/environments/docker/elasticsearch/kerberos/init.sh b/testing/environments/docker/elasticsearch/kerberos/init.sh deleted file mode 100644 index ac7fe70fa69..00000000000 --- a/testing/environments/docker/elasticsearch/kerberos/init.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/sh - -# setup Keberos -echo elasticsearch_kerberos.elastic > /etc/hostname && echo "127.0.0.1 elasticsearch_kerberos.elastic" >> /etc/hosts - -/scripts/installkdc.sh -/scripts/addprincs.sh - -# add test user -bin/elasticsearch-users useradd beats -r superuser -p testing | /usr/local/bin/docker-entrypoint.sh eswrapper diff --git a/testing/environments/docker/elasticsearch/kerberos/installkdc.sh b/testing/environments/docker/elasticsearch/kerberos/installkdc.sh deleted file mode 100644 index f35848d004c..00000000000 --- a/testing/environments/docker/elasticsearch/kerberos/installkdc.sh +++ /dev/null @@ -1,73 +0,0 @@ -#!/bin/bash - -# Licensed to Elasticsearch under one or more contributor -# license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright -# ownership. Elasticsearch licenses this file to you under -# the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - -set -e - -# KDC installation steps and considerations based on https://web.mit.edu/kerberos/krb5-latest/doc/admin/install_kdc.html -# and helpful input from https://help.ubuntu.com/community/Kerberos - -LOCALSTATEDIR=/etc -LOGDIR=/var/log/krb5 - -#MARKER_FILE=/etc/marker - -# Transfer and interpolate krb5.conf -cp /config/krb5.conf.template $LOCALSTATEDIR/krb5.conf -sed -i 's/${REALM_NAME}/'$REALM_NAME'/g' $LOCALSTATEDIR/krb5.conf -sed -i 's/${KDC_NAME}/'$KDC_NAME'/g' $LOCALSTATEDIR/krb5.conf -sed -i 's/${BUILD_ZONE}/'$BUILD_ZONE'/g' $LOCALSTATEDIR/krb5.conf -sed -i 's/${ELASTIC_ZONE}/'$ELASTIC_ZONE'/g' $LOCALSTATEDIR/krb5.conf - - -# Transfer and interpolate the kdc.conf -mkdir -p $LOCALSTATEDIR/krb5kdc -cp /config/kdc.conf.template $LOCALSTATEDIR/krb5kdc/kdc.conf -sed -i 's/${REALM_NAME}/'$REALM_NAME'/g' $LOCALSTATEDIR/krb5kdc/kdc.conf -sed -i 's/${KDC_NAME}/'$KDC_NAME'/g' $LOCALSTATEDIR/krb5kdc/kdc.conf -sed -i 's/${BUILD_ZONE}/'$BUILD_ZONE'/g' $LOCALSTATEDIR/krb5kdc/kdc.conf -sed -i 's/${ELASTIC_ZONE}/'$ELASTIC_ZONE'/g' $LOCALSTATEDIR/krb5.conf - -# Touch logging locations -mkdir -p $LOGDIR -touch $LOGDIR/kadmin.log -touch $LOGDIR/krb5kdc.log -touch $LOGDIR/krb5lib.log - -# Update package manager -yum update -qqy - -# Install krb5 packages -yum install -qqy krb5-{server,libs,workstation} - -# Create kerberos database with stash file and garbage password -kdb5_util create -s -r $REALM_NAME -P zyxwvutsrpqonmlk9876 - -# Set up admin acls -cat << EOF > /etc/krb5kdc/kadm5.acl -*/admin@$REALM_NAME * -*@$REALM_NAME * -*/*@$REALM_NAME i -EOF - -# Create admin principal -kadmin.local -q "addprinc -pw elastic admin/admin@$REALM_NAME" -kadmin.local -q "ktadd -k /etc/admin.keytab admin/admin@$REALM_NAME" - -# Create a link so addprinc.sh is on path -ln -s /scripts/addprinc.sh /usr/bin/ diff --git a/testing/environments/docker/elasticsearch/pki/ca/ca.crt b/testing/environments/docker/elasticsearch/pki/ca/ca.crt deleted file mode 100644 index a18a84fd7b6..00000000000 --- a/testing/environments/docker/elasticsearch/pki/ca/ca.crt +++ /dev/null @@ -1,20 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDSjCCAjKgAwIBAgIVAOshUH7Va8Kh1QeA4KgLw8dI29M4MA0GCSqGSIb3DQEB -CwUAMDQxMjAwBgNVBAMTKUVsYXN0aWMgQ2VydGlmaWNhdGUgVG9vbCBBdXRvZ2Vu -ZXJhdGVkIENBMB4XDTIwMDIwNzE2MzUzMFoXDTIzMDIwNjE2MzUzMFowNDEyMDAG -A1UEAxMpRWxhc3RpYyBDZXJ0aWZpY2F0ZSBUb29sIEF1dG9nZW5lcmF0ZWQgQ0Ew -ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv7Oq3uE0kO5Ij41U9M7ee -xOtprdA3joR68B32/SQ1FW9Igk3f/DTn8MqlAFexwzGAONPNIcj44W9KhVeT9aFA -qCKfS2no+V9aKds6wyEHY3sAmYICEHBMDor9KhPnIc8m/gl3TcGMKmouoHqFPNKE -irilBDUO7rs5w46lcbxJrHTlEA6xyQLT7+sJ4DswO/xeoemPTBa7vzkoVUyZ50/D -VSUulY4XtmQvmbe4Aa0p8sgLNzFAJRl3XqZMECwO2iJ9jFwKCUT4EbFW4aTQtylI -CBax+Cn79vKpp3gO1WVu1cdcQW3+ciAJyUydTsCA2zjGYZyzL84z7eCHW946WQWD -AgMBAAGjUzBRMB0GA1UdDgQWBBQZKfuW0o2yabRo9tosWldK43GDbjAfBgNVHSME -GDAWgBQZKfuW0o2yabRo9tosWldK43GDbjAPBgNVHRMBAf8EBTADAQH/MA0GCSqG -SIb3DQEBCwUAA4IBAQAHeIJPwxvHTismlbFJKcCM3kr/ZblXguiFTmhqylqa8wFI -ke1xpTUrdfTAkD0ohmtPAUMPBkHeyHKzvxK7Blh230/lxybJNVSpfp7FQvj1EsmW -7FbIsKoj9MwJ2Lg5h6rnFA4t0bL3q74HV+vqpMoJDe92uX0GaSH/iYb+BfZ2El8m -QfANac0O+TE70i0++v/BzUAkqhJB3pG/3ziPzdFWlXf4iUG0YhMG4Ig5P/SvGz/V -MNc+uq3bh9xsNrtcm2S/pVdt/gdsujg9MTaoOr+maJPB/+LBrkZWtZcbUe++1+Z7 -32exp0eKNA0i90cc/Ayr79MOFDxdgI7baBnLPPa8 ------END CERTIFICATE----- diff --git a/testing/environments/docker/elasticsearch/pki/ca/ca.key b/testing/environments/docker/elasticsearch/pki/ca/ca.key deleted file mode 100644 index 48982cea36e..00000000000 --- a/testing/environments/docker/elasticsearch/pki/ca/ca.key +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpQIBAAKCAQEAr+zqt7hNJDuSI+NVPTO3nsTraa3QN46EevAd9v0kNRVvSIJN -3/w05/DKpQBXscMxgDjTzSHI+OFvSoVXk/WhQKgin0tp6PlfWinbOsMhB2N7AJmC -AhBwTA6K/SoT5yHPJv4Jd03BjCpqLqB6hTzShIq4pQQ1Du67OcOOpXG8Sax05RAO -sckC0+/rCeA7MDv8XqHpj0wWu785KFVMmedPw1UlLpWOF7ZkL5m3uAGtKfLICzcx -QCUZd16mTBAsDtoifYxcCglE+BGxVuGk0LcpSAgWsfgp+/byqad4DtVlbtXHXEFt -/nIgCclMnU7AgNs4xmGcsy/OM+3gh1veOlkFgwIDAQABAoIBAALZzfvoKqfZp0aZ -mnoBaopSGpZ90I/16UOsvG+SLpIFpOYB5o0ooxrXFhGSbdldlmHDifsa/wy5anpE -quSk6FYJ43W9XRv/XoIxh3HuU4yxGf8qfabW6VryKWJs2iG2tIqnNzQNuIMy9MGI -rDOYhrjLHq7d4JY7XCFVf+xCaZCwCb3yvZwVnrAqmPoeg2FrXmCVzqr1IpmwzJ0B -OfGWzi5THLm4/aGVUBfkvGURxsmwo3jGn0myr9oUkKczOKGEqvnlVuT9+ShURZp2 -tDU8zVRF0ksUNogUSfSNgWwpCYNBIqPOdxr7nT0+NEJ7b4R7/3LXEh/tRcuRNX+d -mjUMwbECgYEA/1MWpTdB9+9M7wyQasd29m1b0mkw+Jebdw+CuIK3XdPPGOfD17WO -sKZek3uK24DFGzRQf8tzHqzGvHncykAhb3oePVbfuhE5jt9bfgAOX8Naz6AK6Dmj -6+pJgXFTTNGL8JDojsIlabq4QH7oB02HoQ87GTr8IF4CjlJCHcyVB98CgYEAsGQO -uz0A1HdeuzbOP0+E86Ip03gcq66mVibXpy2qdMwEluxARW52XPKc8LKKI0QS4Qxk -giHHTQwPTLXJW9gM8v9/SQupQ/Vx8Zi3KjQ2ZAQoj6bGyDJ1P278GePJC4b0h/vG -F0sSUsmoEUGrLtq8Ofv3hDF6Ik247MQFi7i+Bt0CgYEAgP0kAqGw9SXzEw2g5CET -C5nh+qHj+KL3CqZOXxLCumcoSCfGe/KgPMRAIXgXhZ8/dOfwBy/sX8HfwRY7of3W -JnBmWIzMCD9tea2DlltG58BU33G2MO31z1iUfA2ZjMSMUyOSKZURu6F2Njcm15Gm -hIqiS7PN7jgwSGBsQIu7ercCgYEAh/nKJWrkbeVLgLTCD6okSpAzABLyvyJWlclB -q12Xrovr6dBbx2pdEk/wzdhEhuUeTKB6Bps1gV6PmMn2XLfTW6u8GrpDlODsIptg -b8dqOnW+MucVDBVhrzHGY8rmG93AOefMD/7ONEXCKvNdnDQAsA5eA2kExtb1fIer -4sbarn0CgYEAl1av+NOVduN1KrJXuZnNeN4KeNoYqJOS4s14Wk37GIujsrcE/m18 -BhZk0Al/oKZIDSuya5GGRhT+ndD8OWc4DEMWk2JnJdWKh20FfeM6UXVI46Sq3Won -vPDB6GYr45uRgtLvYeitLpXE5s9GmH8GyIV9om3TvDiceMXd/LbCodY= ------END RSA PRIVATE KEY----- diff --git a/testing/environments/docker/elasticsearch/pki/elasticsearchssl/elasticsearchssl.crt b/testing/environments/docker/elasticsearch/pki/elasticsearchssl/elasticsearchssl.crt deleted file mode 100644 index 4b373ea66a0..00000000000 --- a/testing/environments/docker/elasticsearch/pki/elasticsearchssl/elasticsearchssl.crt +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDKjCCAhKgAwIBAgIUZWu3nanhrFaNe6kMhtsPM4neUCYwDQYJKoZIhvcNAQEL -BQAwNDEyMDAGA1UEAxMpRWxhc3RpYyBDZXJ0aWZpY2F0ZSBUb29sIEF1dG9nZW5l -cmF0ZWQgQ0EwHhcNMjAwMjA3MTYzNjMxWhcNMjMwMjA2MTYzNjMxWjAbMRkwFwYD -VQQDExBlbGFzdGljc2VhcmNoc3NsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB -CgKCAQEAl09yaI0HI3I8DmJ0UyRDedFNBFOfsFh7sYGGElj0h4H1kt8oEA3uYIH/ -oPUQ9Mkn30m+qccdQC6/pz/ZgkCfOckXtX1PVLEAK9MEqEwj6UU4uMgSIUTjXN22 -m/YedSJFtwGiQqFbCD1LijRLjlDCvHZ1W5M6XYzWoUN1y4MDZSD755TuluAp277j -6yuJIEw5SsQ/Nw4Coaqexy1ha7G/y3L+3t4SFrXaBqe+nM1xPDR0Is/p8iTdcdlu -kEFmbIqDGAPx2jvTRWYikL3MmR4u58AoIk0WqeGmLefxzV6jC6zsQGRnpmtz3jye -XHRfodf3crMZm+mw6FNPk4PJzZSsXwIDAQABo00wSzAdBgNVHQ4EFgQUmcNplxkS -+zHt5LWVM67Tzws8fBEwHwYDVR0jBBgwFoAUGSn7ltKNsmm0aPbaLFpXSuNxg24w -CQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEAPpFdJpuwBXqBZezfQTTQFkKm -EHz3UDYKA3nHt2tcmFqAEXYx4cXaor5GG9YLThGWUp2iBXIyIzUZnpkM2wl/pIlz -8fMFxvtS6hQ2VwFDHAo2ht8ay7/vTrKcVvNL5NtPHjRlHhT94XiwYNpneiB6EMGP -+lTxWXSLpSnl0AnFdpLzPpS6DiaMHAPChAbDGK9i76D13sQBJZ/lgQiMmntEWsTr -0NNsjBk2xjMQAYs/eJXfENkAxvuzJTbQdJ1kMOvybONT4Lw8UIhoRpRY7EspwlI3 -encLBhcxYJjpzSPqdDQQRVXd4zUNFe4595LKEsm14mXaTy682HAe/HvN+yO7qw== ------END CERTIFICATE----- diff --git a/testing/environments/docker/elasticsearch/pki/elasticsearchssl/elasticsearchssl.key b/testing/environments/docker/elasticsearch/pki/elasticsearchssl/elasticsearchssl.key deleted file mode 100644 index f374f10fa44..00000000000 --- a/testing/environments/docker/elasticsearch/pki/elasticsearchssl/elasticsearchssl.key +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAl09yaI0HI3I8DmJ0UyRDedFNBFOfsFh7sYGGElj0h4H1kt8o -EA3uYIH/oPUQ9Mkn30m+qccdQC6/pz/ZgkCfOckXtX1PVLEAK9MEqEwj6UU4uMgS -IUTjXN22m/YedSJFtwGiQqFbCD1LijRLjlDCvHZ1W5M6XYzWoUN1y4MDZSD755Tu -luAp277j6yuJIEw5SsQ/Nw4Coaqexy1ha7G/y3L+3t4SFrXaBqe+nM1xPDR0Is/p -8iTdcdlukEFmbIqDGAPx2jvTRWYikL3MmR4u58AoIk0WqeGmLefxzV6jC6zsQGRn -pmtz3jyeXHRfodf3crMZm+mw6FNPk4PJzZSsXwIDAQABAoIBAB1rHu1g7hBgN3j8 -f21i0ZOvs++xaozYx0Pd0PlkPjbSd7KUnK9yZfRxkgfzXdaZ/ZyWM/HCetdtv2l/ -KoT+l3aeuHNa57+pokTjBDbMhvbltH+Itq2tPR9jJAvysD1J6pAIS0n1IUPa1wMJ -497JqPMHfQ3O9DwYE+rKuO5WjKRulUrL8K3OgHndLiHPZuUfIveSd6qux7wAebmD -OpWukVvYoC2k//Bgopdyg9VxVZtTg1SZlyFZ8wteDrbgF+eDMp9uIRddrvMUCwH4 -+GJOzkXxgkeOANjr5obMRjrr5hwoCE+RObCXAT3lx+nfCvYY5Lb72WWPQPEJ5ltP -xuxYY/ECgYEA71+DxCSUpxaK6THpJ10Z4FlTV0YAFfnMx9Jecn4CaJpQrWYFjLB7 -zkhlJWWyzPMc56+5olfcMEXHO9dT1/w3lFlJmRaS4yu/ZdPf2E6Pi6eXpeRYshj9 -NIq/pMCB1XxNogGzQA0AFBc+vw6Tx7LG+Bz/Yafi4SQN89I9v2SaeiMCgYEAodIE -epMZmVhlmrVzjPKcYtqWu464Sb3sHBwgnxvKcU1NUAUjTuzI9DwrJYgrA9NBcgHq -ckwbqiHNcej4MGFk7nN98U47eb+p6PAPNde7q42iNz2q7pKlNVml+Eg/wC2lhNah -N6K6S4wvTM6ujNIZGQ3DyKQC0tCMu+LnPxYYcpUCgYEAi9E2nfLgAVjheqR0k1GG -M8z5KRjyI+PtASqXkDiaH49DYIUe6LaNGkifC+EDN0MptwqlW3YGXwvi+8kiaB4i -OLyOiKTu11JOUaQYM7hvkBssMPHX/O8rtuz0U78+FvysO9zSXq85RILvW5mgKBz8 -qyAE632sv+TXYXuEJa8VrBECgYEAmAmh6aSh7aDPPc90NJ6R7pMgAjKy1Z4a48JN -qBBNYazWkfNx3Cq/GDIb+9R3Tc3D9KD2LNNzPqMpyvevkI1BboSWdQ0i9l3s/w3l -zJnYGvQk0DAhlKu1i22icac4NpDsreWWbZZ34Jliq5CZEXgo2pBDPhVTDc2iHLmw -uWZCLA0CgYAG99zukAD9iq2MyGiyuJ8dYU0dDvyaKcSkM3pfsgA4TpSlZljDKnAH -1VVPGB3pOHUYbcxsD2/1AJBlplvq8OVcrURuSXYl9PtwczJBgfSNNtSkHvMirWzo -q7eEeYCCs/VZUr9mY0nuzysq3ltiBW6tsdCn6d89ogs2WvseTlHZLg== ------END RSA PRIVATE KEY----- diff --git a/testing/environments/docker/elasticsearch/pki/generate_pki.sh b/testing/environments/docker/elasticsearch/pki/generate_pki.sh deleted file mode 100755 index beb43d294ea..00000000000 --- a/testing/environments/docker/elasticsearch/pki/generate_pki.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/sh -# Take the certificates and create a DER format and create a sha256 of it and encode it to base 64 -# https://www.openssl.org/docs/manmaster/man1/dgst.html -openssl x509 -in ca/ca.crt -pubkey -noout | openssl pkey -pubin -outform der | openssl dgst -sha256 -binary | openssl enc -base64 diff --git a/testing/environments/docker/elasticsearch/roles.yml b/testing/environments/docker/elasticsearch/roles.yml deleted file mode 100644 index 2f324761053..00000000000 --- a/testing/environments/docker/elasticsearch/roles.yml +++ /dev/null @@ -1,31 +0,0 @@ ---- -beats: - cluster: ['manage_index_templates', 'monitor', 'manage_ingest_pipelines', 'manage_ilm', 'manage_security', 'manage_api_key'] - indices: - - names: ['filebeat-*', 'shrink-filebeat-*'] - privileges: ['all'] -filebeat: - cluster: ['manage_index_templates', 'monitor', 'manage_ingest_pipelines', 'manage_ilm'] - indices: - - names: ['filebeat-*', 'shrink-filebeat-*'] - privileges: ['all'] -heartbeat: - cluster: ['manage_index_templates', 'monitor', 'manage_ingest_pipelines', 'manage_ilm'] - indices: - - names: ['heartbeat-*', 'shrink-heartbeat-*'] - privileges: ['all'] -auditbeat: - cluster: ['manage_index_templates', 'monitor', 'manage_ingest_pipelines', 'manage_ilm'] - indices: - - names: ['auditbeat-*', 'shrink-auditbeat-*'] - privileges: ['all'] -journalbeat: - cluster: ['manage_index_templates', 'monitor', 'manage_ingest_pipelines', 'manage_ilm'] - indices: - - names: ['journalbeat-*', 'shrink-journalbeat-*'] - privileges: ['all'] -metricbeat: - cluster: ['manage_index_templates', 'monitor', 'manage_ingest_pipelines', 'manage_ilm'] - indices: - - names: ['metricbeat-*', 'shrink-metricbeat-*'] - privileges: ['all'] diff --git a/testing/environments/docker/elasticsearch/users b/testing/environments/docker/elasticsearch/users deleted file mode 100644 index b912ebffd77..00000000000 --- a/testing/environments/docker/elasticsearch/users +++ /dev/null @@ -1,8 +0,0 @@ -admin:$2a$10$3y5UdMFkcUWtBfDhAJtYieGwZobnb6GNxCBlTt4ymMkEgImZk.vl2 -beats:$2a$10$3y5UdMFkcUWtBfDhAJtYieGwZobnb6GNxCBlTt4ymMkEgImZk.vl2 -filebeat_user:$2a$10$3y5UdMFkcUWtBfDhAJtYieGwZobnb6GNxCBlTt4ymMkEgImZk.vl2 -heartbeat_user:$2a$10$3y5UdMFkcUWtBfDhAJtYieGwZobnb6GNxCBlTt4ymMkEgImZk.vl2 -kibana_system_user:$2a$10$3y5UdMFkcUWtBfDhAJtYieGwZobnb6GNxCBlTt4ymMkEgImZk.vl2 -metricbeat_user:$2a$10$3y5UdMFkcUWtBfDhAJtYieGwZobnb6GNxCBlTt4ymMkEgImZk.vl2 -auditbeat_user:$2a$10$3y5UdMFkcUWtBfDhAJtYieGwZobnb6GNxCBlTt4ymMkEgImZk.vl2 -journalbeat_user:$2a$10$3y5UdMFkcUWtBfDhAJtYieGwZobnb6GNxCBlTt4ymMkEgImZk.vl2 diff --git a/testing/environments/docker/elasticsearch/users_roles b/testing/environments/docker/elasticsearch/users_roles deleted file mode 100644 index 36dd721ecb5..00000000000 --- a/testing/environments/docker/elasticsearch/users_roles +++ /dev/null @@ -1,11 +0,0 @@ -beats:beats -beats_system:beats,filebeat_user,heartbeat_user,metricbeat_user,auditbeat_user,journalbeat_user -filebeat:filebeat_user -heartbeat:heartbeat_user -ingest_admin:apm_server_user -kibana_system:kibana_system_user -kibana_admin:apm_server_user,apm_user_ro,beats,filebeat_user,heartbeat_user,metricbeat_user,auditbeat_user,journalbeat_user -metricbeat:metricbeat_user -auditbeat:auditbeat_user -journalbeat:journalbeat_user -superuser:admin diff --git a/testing/environments/docker/elasticsearch_kerberos/Dockerfile b/testing/environments/docker/elasticsearch_kerberos/Dockerfile deleted file mode 100644 index 59e5de735ad..00000000000 --- a/testing/environments/docker/elasticsearch_kerberos/Dockerfile +++ /dev/null @@ -1,15 +0,0 @@ -FROM docker.elastic.co/elasticsearch/elasticsearch:8.0.0-SNAPSHOT - -ADD scripts /scripts -ADD config /config -ADD healthcheck.sh /healthcheck.sh -ADD start.sh /start.sh - -ENV REALM_NAME ELASTIC -ENV KDC_NAME elasticsearch_kerberos.elastic -ENV BUILD_ZONE elastic -ENV ELASTIC_ZONE $BUILD_ZONE - -USER root -RUN /scripts/installkdc.sh && /scripts/addprincs.sh -USER elasticsearch diff --git a/testing/environments/docker/elasticsearch_kerberos/config/kdc.conf.template b/testing/environments/docker/elasticsearch_kerberos/config/kdc.conf.template deleted file mode 100644 index 0d32b8d411f..00000000000 --- a/testing/environments/docker/elasticsearch_kerberos/config/kdc.conf.template +++ /dev/null @@ -1,34 +0,0 @@ -# Licensed to Elasticsearch under one or more contributor -# license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright -# ownership. Elasticsearch licenses this file to you under -# the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - -[kdcdefaults] - kdc_listen = 1088 - kdc_tcp_listen = 1088 - -[realms] - ${REALM_NAME} = { - kadmind_port = 1749 - max_life = 12h 0m 0s - max_renewable_life = 7d 0h 0m 0s - master_key_type = aes256-cts - supported_enctypes = aes128-cts:normal des3-hmac-sha1:normal arcfour-hmac:normal des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal - } - -[logging] - kdc = FILE:/var/log/krb5/krb5kdc.log - admin_server = FILE:/var/log/krb5/kadmin.log - default = FILE:/var/log/krb5/krb5lib.log diff --git a/testing/environments/docker/elasticsearch_kerberos/config/krb5.conf b/testing/environments/docker/elasticsearch_kerberos/config/krb5.conf deleted file mode 100644 index 1b34299558c..00000000000 --- a/testing/environments/docker/elasticsearch_kerberos/config/krb5.conf +++ /dev/null @@ -1,25 +0,0 @@ -[libdefaults] - default_realm = ELASTIC - dns_canonicalize_hostname = false - dns_lookup_kdc = false - dns_lookup_realm = false - dns_uri_lookup = false - forwardable = true - ignore_acceptor_hostname = true - rdns = false - default_tgs_enctypes = aes128-cts-hmac-sha1-96 - default_tkt_enctypes = aes128-cts-hmac-sha1-96 - permitted_enctypes = aes128-cts-hmac-sha1-96 - kdc_timeout = 3000 - -[realms] - ELASTIC = { - kdc = elasticsearch_kerberos.elastic:88 - admin_server = elasticsearch_kerberos.elastic:749 - default_domain = elastic - } - -[domain_realm] - .elastic = ELASTIC - elastic = ELASTIC - diff --git a/testing/environments/docker/elasticsearch_kerberos/config/krb5.conf.template b/testing/environments/docker/elasticsearch_kerberos/config/krb5.conf.template deleted file mode 100644 index 75245ab7733..00000000000 --- a/testing/environments/docker/elasticsearch_kerberos/config/krb5.conf.template +++ /dev/null @@ -1,43 +0,0 @@ -# Licensed to Elasticsearch under one or more contributor -# license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright -# ownership. Elasticsearch licenses this file to you under -# the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - -[libdefaults] - default_realm = ${REALM_NAME} - dns_canonicalize_hostname = false - dns_lookup_kdc = false - dns_lookup_realm = false - dns_uri_lookup = false - forwardable = true - ignore_acceptor_hostname = true - rdns = false - default_tgs_enctypes = aes128-cts-hmac-sha1-96 - default_tkt_enctypes = aes128-cts-hmac-sha1-96 - permitted_enctypes = aes128-cts-hmac-sha1-96 - udp_preference_limit = 1 - kdc_timeout = 3000 - -[realms] - ${REALM_NAME} = { - kdc = localhost:1088 - admin_server = localhost:1749 - default_domain = ${BUILD_ZONE} - } - -[domain_realm] - .${ELASTIC_ZONE} = ${REALM_NAME} - ${ELASTIC_ZONE} = ${REALM_NAME} - diff --git a/testing/environments/docker/elasticsearch_kerberos/healthcheck.sh b/testing/environments/docker/elasticsearch_kerberos/healthcheck.sh deleted file mode 100755 index a0932afaa94..00000000000 --- a/testing/environments/docker/elasticsearch_kerberos/healthcheck.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/sh - -# check if service principal is OK -KRB5_CONFIG=/etc/krb5.conf \ - kinit -k -t /etc/HTTP_elasticsearch_kerberos.elastic.keytab HTTP/elasticsearch_kerberos.elastic@ELASTIC - - -# check if beats user can connect -echo testing | KRB5_CONFIG=/etc/krb5.conf kinit beats@ELASTIC -klist -curl --negotiate -u : -XGET http://elasticsearch_kerberos.elastic:9200/ diff --git a/testing/environments/docker/elasticsearch_kerberos/init.sh b/testing/environments/docker/elasticsearch_kerberos/init.sh deleted file mode 100755 index e69de29bb2d..00000000000 diff --git a/testing/environments/docker/elasticsearch_kerberos/scripts/addprinc.sh b/testing/environments/docker/elasticsearch_kerberos/scripts/addprinc.sh deleted file mode 100755 index 97493df7c51..00000000000 --- a/testing/environments/docker/elasticsearch_kerberos/scripts/addprinc.sh +++ /dev/null @@ -1,62 +0,0 @@ -#!/bin/bash - -# Licensed to Elasticsearch under one or more contributor -# license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright -# ownership. Elasticsearch licenses this file to you under -# the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - -set -e - -if [[ $# -lt 1 ]]; then - echo 'Usage: addprinc.sh principalName [password]' - echo ' principalName user principal name without realm' - echo ' password If provided then will set password for user else it will provision user with keytab' - exit 1 -fi - -PRINC="$1" -PASSWD="$2" -USER=$(echo $PRINC | tr "/" "_") -REALM=ELASTIC - -VDIR=/usr/share/kerberos -BUILD_DIR=/var/build -LOCALSTATEDIR=/etc -LOGDIR=/var/log/krb5 - -ADMIN_PRIN=admin/admin@$REALM -ADMIN_KTAB=$LOCALSTATEDIR/admin.keytab - -USER_PRIN=$PRINC@$REALM -USER_KTAB=$LOCALSTATEDIR/$USER.keytab - -if [ -f $USER_KTAB ] && [ -z "$PASSWD" ]; then - echo "Principal '${PRINC}@${REALM}' already exists. Re-copying keytab..." - sudo cp $USER_KTAB $KEYTAB_DIR/$USER.keytab -else - if [ -z "$PASSWD" ]; then - echo "Provisioning '${PRINC}@${REALM}' principal and keytab..." - sudo kadmin -p $ADMIN_PRIN -kt $ADMIN_KTAB -q "addprinc -randkey $USER_PRIN" - sudo kadmin -p $ADMIN_PRIN -kt $ADMIN_KTAB -q "ktadd -k $USER_KTAB $USER_PRIN" - sudo chmod 777 $USER_KTAB - sudo cp $USER_KTAB /usr/share/elasticsearch/config - sudo chown elasticsearch:elasticsearch /usr/share/elasticsearch/config/$USER.keytab - else - echo "Provisioning '${PRINC}@${REALM}' principal with password..." - sudo kadmin -p $ADMIN_PRIN -kt $ADMIN_KTAB -q "addprinc -pw $PASSWD $PRINC" - fi -fi - -echo "Done provisioning $USER" diff --git a/testing/environments/docker/elasticsearch_kerberos/scripts/addprincs.sh b/testing/environments/docker/elasticsearch_kerberos/scripts/addprincs.sh deleted file mode 100755 index 7ee85889f0d..00000000000 --- a/testing/environments/docker/elasticsearch_kerberos/scripts/addprincs.sh +++ /dev/null @@ -1,7 +0,0 @@ -set -e - -krb5kdc -kadmind - -addprinc.sh HTTP/elasticsearch_kerberos.elastic -addprinc.sh beats testing diff --git a/testing/environments/docker/elasticsearch_kerberos/scripts/installkdc.sh b/testing/environments/docker/elasticsearch_kerberos/scripts/installkdc.sh deleted file mode 100755 index 50ab0ff0a6a..00000000000 --- a/testing/environments/docker/elasticsearch_kerberos/scripts/installkdc.sh +++ /dev/null @@ -1,78 +0,0 @@ -#!/bin/bash - -# Licensed to Elasticsearch under one or more contributor -# license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright -# ownership. Elasticsearch licenses this file to you under -# the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - -set -e - -LOCALSTATEDIR=/etc -KDC_CONFIG=/var/kerberos -LOGDIR=/var/log/krb5 - -#MARKER_FILE=/etc/marker - -# Transfer and interpolate krb5.conf -cp /config/krb5.conf.template $LOCALSTATEDIR/krb5.conf -sed -i 's/${REALM_NAME}/'$REALM_NAME'/g' $LOCALSTATEDIR/krb5.conf -sed -i 's/${KDC_NAME}/'$KDC_NAME'/g' $LOCALSTATEDIR/krb5.conf -sed -i 's/${BUILD_ZONE}/'$BUILD_ZONE'/g' $LOCALSTATEDIR/krb5.conf -sed -i 's/${ELASTIC_ZONE}/'$ELASTIC_ZONE'/g' $LOCALSTATEDIR/krb5.conf - - -# Transfer and interpolate the kdc.conf -mkdir -p $KDC_CONFIG/krb5kdc -cp /config/kdc.conf.template $KDC_CONFIG/krb5kdc/kdc.conf -sed -i 's/${REALM_NAME}/'$REALM_NAME'/g' $KDC_CONFIG/krb5kdc/kdc.conf -sed -i 's/${KDC_NAME}/'$KDC_NAME'/g' $KDC_CONFIG/krb5kdc/kdc.conf -sed -i 's/${BUILD_ZONE}/'$BUILD_ZONE'/g' $KDC_CONFIG/krb5kdc/kdc.conf -sed -i 's/${ELASTIC_ZONE}/'$ELASTIC_ZONE'/g' $LOCALSTATEDIR/krb5.conf - -# Touch logging locations -mkdir -p $LOGDIR -touch $LOGDIR/kadmin.log -touch $LOGDIR/krb5kdc.log -touch $LOGDIR/krb5lib.log - -# Update package manager -yum update -qqy - -# Install krb5 packages -yum install -qqy krb5-{server,libs,workstation} sudo - -# Create kerberos database with stash file and garbage password -kdb5_util create -s -r $REALM_NAME -P zyxwvutsrpqonmlk9876 - -# Set up admin acls -cat << EOF > /var/kerberos/krb5kdc/kadm5.acl -*/admin@$REALM_NAME * -*@$REALM_NAME * -*/*@$REALM_NAME i -EOF - -# Create admin principal -kadmin.local -q "addprinc -pw elastic admin/admin@$REALM_NAME" -kadmin.local -q "ktadd -k /etc/admin.keytab admin/admin@$REALM_NAME" - -# set ownership for ES -chown -R elasticsearch:elasticsearch $LOGDIR -chown -R elasticsearch:elasticsearch $KDC_CONFIG -chown -R elasticsearch:elasticsearch $LOCALSTATEDIR/krb5.conf -chown -R elasticsearch:elasticsearch $LOCALSTATEDIR/admin.keytab - - -# Create a link so addprinc.sh is on path -ln -s /scripts/addprinc.sh /usr/bin/ diff --git a/testing/environments/docker/elasticsearch_kerberos/start.sh b/testing/environments/docker/elasticsearch_kerberos/start.sh deleted file mode 100755 index 522f6c20474..00000000000 --- a/testing/environments/docker/elasticsearch_kerberos/start.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh - -# start Kerberos services -krb5kdc -kadmind - -# start ES -/usr/local/bin/docker-entrypoint.sh eswrapper diff --git a/testing/environments/docker/kafka/Dockerfile b/testing/environments/docker/kafka/Dockerfile deleted file mode 100644 index eba9ef58a66..00000000000 --- a/testing/environments/docker/kafka/Dockerfile +++ /dev/null @@ -1,35 +0,0 @@ -FROM debian:11.5 - -ENV KAFKA_HOME /kafka -# The advertised host is kafka. This means it will not work if container is started locally and connected from localhost to it -ENV KAFKA_ADVERTISED_HOST kafka -ENV KAFKA_LOGS_DIR="/kafka-logs" -ENV KAFKA_VERSION 2.2.2 -ENV _JAVA_OPTIONS "-Djava.net.preferIPv4Stack=true" -ENV TERM=linux - -RUN apt-get update && apt-get install -y curl openjdk-8-jre-headless netcat - -RUN mkdir -p ${KAFKA_LOGS_DIR} && mkdir -p ${KAFKA_HOME} && \ - curl -J -L -s -f -o - https://github.com/kadwanev/retry/releases/download/1.0.1/retry-1.0.1.tar.gz | tar xfz - -C /usr/local/bin && \ - retry --min 1 --max 180 -- curl -J -L -s -f --show-error -o $INSTALL_DIR/kafka.tgz \ - "https://archive.apache.org/dist/kafka/${KAFKA_VERSION}/kafka_2.11-${KAFKA_VERSION}.tgz" && \ - tar xzf ${INSTALL_DIR}/kafka.tgz -C ${KAFKA_HOME} --strip-components 1 - -ADD run.sh /run.sh -ADD healthcheck.sh /healthcheck.sh -ADD certs/broker.keystore.jks /broker.keystore.jks -ADD certs/client.truststore.jks /broker.truststore.jks - -EXPOSE 9092 -EXPOSE 9093 -EXPOSE 2181 - -# healthcheck.sh tries to create and delete an empty kafka topic (the topic -# string is based on the timestamp), and reports healthy if topic creation -# was successful. -# With these parameters, Docker will consider the container unhealthy if the -# Kafka server is unresponsive for 3 minutes. -HEALTHCHECK --start-period=10s --interval=5s --timeout=5s --retries=36 CMD /healthcheck.sh - -ENTRYPOINT ["/run.sh"] diff --git a/testing/environments/docker/kafka/README.md b/testing/environments/docker/kafka/README.md deleted file mode 100644 index 6a7306e2423..00000000000 --- a/testing/environments/docker/kafka/README.md +++ /dev/null @@ -1,35 +0,0 @@ -# Kafka test container - -This Docker container provides an environment for testing with Kafka. It exposes two ports to the host system, `9092` for `PLAINTEXT` and `9093` for `SASL/SSL` with username `beats` and password `KafkaTest`. - -## Certificates - -The test environment uses a self-signed SSL certificate in the broker. To connect, clients will need to set `certs/client.truststore.jks` as their trust store. - -The files in the `certs` directory were generated with these commands: - -```sh -# create the broker's key -keytool -keystore broker.keystore.jks -storepass KafkaTest -alias broker -validity 5000 -keyalg RSA -genkey - -What is your first and last name? - [Unknown]: kafka - ... - -# create a new certificate authority -openssl req -new -x509 -keyout ca-key -out ca-cert -days 5000 - -# add the CA to the kafka client's trust store -keytool -keystore client.truststore.jks -storepass KafkaTest -alias CARoot -keyalg RSA -import -file ca-cert - -# export the server certificate -keytool -keystore broker.keystore.jks -storepass KafkaTest -alias broker -certreq -file broker-cert - -# sign it with the CA -openssl x509 -req -CA ca-cert -CAkey ca-key -in broker-cert -out broker-cert-signed -days 5000 -CAcreateserial -passin pass:KafkaTest - -# import CA and signed cert back into server keystore -keytool -keystore broker.keystore.jks -storepass KafkaTest -alias CARoot -import -file ca-cert -keytool -keystore broker.keystore.jks -storepass KafkaTest -alias broker -import -file broker-cert-signed - -``` diff --git a/testing/environments/docker/kafka/certs/broker-cert b/testing/environments/docker/kafka/certs/broker-cert deleted file mode 100644 index 3a7d9e2498a..00000000000 --- a/testing/environments/docker/kafka/certs/broker-cert +++ /dev/null @@ -1,18 +0,0 @@ ------BEGIN NEW CERTIFICATE REQUEST----- -MIIC3zCCAccCAQAwajEQMA4GA1UEBhMHVW5rbm93bjEQMA4GA1UECBMHVW5rbm93 -bjEQMA4GA1UEBxMHVW5rbm93bjEQMA4GA1UEChMHVW5rbm93bjEQMA4GA1UECxMH -VW5rbm93bjEOMAwGA1UEAxMFa2Fma2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw -ggEKAoIBAQCH8VYN9FMHXjnLUwT0AJDKM0u/jXE0ng1UfWPVQaVI+Eny+vmf1zDm -d/AoqXaYKzVNvyRXCy1BZGaLVA3go1U7+tVjtniuLTmveE07PuX4w9/ukZPKlUxf -KCjYCmh38BeYiJA2inaxScDO2hxHfB2pulsM+l9+q0NMXFe6RSUAKS0pAeY8KLz9 -yWg9hfq6JPuPT14HZmyxLn+1SwRbZZ+TQjlAHfZFpu/igg6cif/ez30z5Gqci+2i -VPlwl9peEsaXn5wbuP6J2Uo6dMoGiFyxFdGCWVWP9WDncvfYKJwQs09QdbFLxAst -BYSmOTszUP+h0SohaxpdC4AOcJxs+MwhAgMBAAGgMDAuBgkqhkiG9w0BCQ4xITAf -MB0GA1UdDgQWBBRFzbnwQXp+h4xE233eH3D+KfozxTANBgkqhkiG9w0BAQsFAAOC -AQEAQti4SPU8KfSoeLbLUic7UciVmwO0TZtiG+Y6fCTdRm7SYovg2zXH576ERClf -JQCzUuMH1Fi6k5adhMUxopJrVirZWOANoffe3yY/PUuFPMv5rvjmG7JqRNloNFYC -4Jah/XeITkw3BcwYxvY3lOZeXgBoRI+PwaD4JNHYf9ruc8cxY59lbWGCQOdbWYuk -ex/Y/rdmiv1cZpVAYY3VkdUnISXf4eePz4+hUdyuNGYt8Rh/dCj0D/1Xdo9jguUw -IWihuXNfH5hBzBp2hX49tCa7j8stOQW6+AS+ysUBRseFNnsu9j95PD+ue9GU5ZLR -mQzlkeZcfimH796e6XF81oCDkA== ------END NEW CERTIFICATE REQUEST----- diff --git a/testing/environments/docker/kafka/certs/broker-cert-signed b/testing/environments/docker/kafka/certs/broker-cert-signed deleted file mode 100644 index b023f3c146d..00000000000 --- a/testing/environments/docker/kafka/certs/broker-cert-signed +++ /dev/null @@ -1,18 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIC8zCCAdsCCQC1GCJdAf28SzANBgkqhkiG9w0BAQUFADANMQswCQYDVQQGEwJV -UzAeFw0yMTEwMjEyMDM0MTBaFw0zNTA2MzAyMDM0MTBaMGoxEDAOBgNVBAYTB1Vu -a25vd24xEDAOBgNVBAgTB1Vua25vd24xEDAOBgNVBAcTB1Vua25vd24xEDAOBgNV -BAoTB1Vua25vd24xEDAOBgNVBAsTB1Vua25vd24xDjAMBgNVBAMTBWthZmthMIIB -IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh/FWDfRTB145y1ME9ACQyjNL -v41xNJ4NVH1j1UGlSPhJ8vr5n9cw5nfwKKl2mCs1Tb8kVwstQWRmi1QN4KNVO/rV -Y7Z4ri05r3hNOz7l+MPf7pGTypVMXygo2Apod/AXmIiQNop2sUnAztocR3wdqbpb -DPpffqtDTFxXukUlACktKQHmPCi8/cloPYX6uiT7j09eB2ZssS5/tUsEW2Wfk0I5 -QB32Rabv4oIOnIn/3s99M+RqnIvtolT5cJfaXhLGl5+cG7j+idlKOnTKBohcsRXR -gllVj/Vg53L32CicELNPUHWxS8QLLQWEpjk7M1D/odEqIWsaXQuADnCcbPjMIQID -AQABMA0GCSqGSIb3DQEBBQUAA4IBAQCMGbXC2YdC9+jJjUvuEJIQGwpapJ5Dejng -cnvE//+x8A4W9vC7OJUHcML2GGQIrgvYWlmsCEWX1lJtcVIbqkTqq9Sq99htdMfM -ay4fJB/ey005bhcbEP+19342HkmoOUkEg7qGWZhhL05y0m1vxKvKSUX3p+4TyW1Y -AheRbb9j41Ld3E8+COGwqIWpMNfsGjLqWjUIajemFH91Eo2FFvshM/5ly12GZEil -ivmUqSzV7o6ri0V7DZ5NPOSXEbiMQj5FfmImqXbo7JtBqM/H9S2yAPXZBfAloVNv -XvjG0dY8cnYwGL5MSRiZEuJdimptWnMzFXbD8zyRxSIUMpbDcHNf ------END CERTIFICATE----- diff --git a/testing/environments/docker/kafka/certs/broker.keystore.jks b/testing/environments/docker/kafka/certs/broker.keystore.jks deleted file mode 100644 index aa03364e3ac6ee205cc523ec676f66f0b953dee5..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 3959 zcmY+EcQ71|w#TjA)vfZ=yF{<6EFx-@T_rlv%PPTQ^&Vx39tqI}(M2b^Xh9YcEjmH8 z5G6!!*_-#~y?f`*nKNhR^F8PM`GI06eDDE4D276afLI^~5pzKfAOyU{P_Tk96pVi{ zEffQG`L76U4#I#<{$hi_twTWie^+EA0Q|QY&^T(8?fdxmT z`tAhTbd4et>h(Pw!3W~?>wz$!q1~GI;_FO;^f={LaJq|*nW$D8{^c;vg(RxWIZ%}& zq)ldNwNLoYY@->jD2=UV=wpjv-we%r*k|gr2vBIW;=avzz<^pGuvxFaX z+I{FdYqxY*66bE?G9cbpK#J!2NtXjR^CYkS)_-E>sJgPF4(86lI3lwHOPgN-!qH$BbL464k5K7YC~ZR*hc1 zN)*S|r+qS|-0#k+X@BIdqD(-!>2BlG4rgm@&#qq;_{JSveV}zvDUY7~=l!A#y8>gi z(T|kA{F`o=ZnBt6?wjiF)Ixyq-n&Egd=mV=Sk|;(j@0(HRopQlCcDpSz|K2|?l6)z ze3Kc9&mDZm?$WL0_lBheRKg^vI(dhrrSu-rawo-)%+^BM5r}8~XE$DA(ufAHN1oee zr4_=a%f@T>hq-qN1z9W*&C@7KadJs%H1MiPUTq~d%57J!ZK6G!tL>L=655rk%<;V2ez71MiwJ77-fVjB8e;fr zK%27QR_F&BH}?p~ve3N;LNS8dR02EWn--@%j|Y|Mc*XpiIpG_7M|@ky_HutH84o{) z*SnK$Q8j$>A7172U>RmX550N3?ZIW~#4NMGR;8&ei{?p<=9MsA2h1u)Ooo2X%O#w; z^P5u4+LO%SZ>3kJ9+jMS;FvOItsOdAF;TteF84>24)Y}OM#f?c@$gSG_R4aniOrB z7!&T%wlaou;mAK@4--^dSulDT%rXtxxn^GJx6)ubGWA~bWS`@;IjH*lsj<21Lkx`f&3n%Q* zj)2X{5(Z=a(G=8fzBMS^U7duW(iJQbZxt!&g9z#nwscz`mz^@ZYx|(b2&O$w+7rNB zTb3Pq2m{`s&>>B=uMQq0)uyL3Jpb92URPX#lKY!?K$n3g??O$+ zkLj=n9Aj~M)8K?ZQLhfABmJ+m9u#w`pE~HewUjY-+_^A`q9bFofhD~RdtcJ*cOnN`DoP=E927d;^pU8n5c!oH%4`2!BBSlo(=k$hvW=YJ((qca zC@9yfXW@ky3KqgqxBltuf0(B!nMzG6yH z=6|b_m_`i3MuvyP^TtEtq3|5>yrG=`32DV>K-5Mq?v5N{QWBCfe@jYQN?HPnAujp% z5+T7`3~~Bjl!6by`#Tc;lK}q9umt~OSf>+iwVFLzfg#p| zdivIFD>{DSR1IeJiUhJKn^ld@ZGy-enW7vQ=lj{)H?7>Trxsaj#;J;eL;Nnqw(x41`~cVRxK2u$6snp z!vmF^0D_cgO2|!dw6rA3NL*Xy^<4w6LD^n@ua5+0n$f&^ zNtEAEHM0XT7`0|EOJUc=*%CJWsBM0^wOcybb+7KeiJkf^y+JyHjPd) zm;tZ1lwDS}b1L`GbEz3dm)R(uwJrfxy#UoP%oGvlw`V7>!tKeMX7=cElz5ZwXL(67 z28#Vt7FWAs^iXr24ycVSs*KXgWN-})mUrNIHZ$ATL(Cn5#ceu|u#l0k;^yzKt2{O@ z*i4$k15AFSB;!9j4z1ZRuZ3)!%fB5C&Xr(^mphP(RQqb@CJ(LJSg>V2@vVftDKU3c zdDxP@LsqSTK1>)sVF6nG|A5=@uOoHberOu6o7; zxgRRM*2ubynYH){e5}e6RJP?=|}0UcW# zxvuDxI=8blWN{M}C9bdjcB-Q0TfU2ZO|Hj=I% z=rVN&XxhB5X!{~YM$_aj3YJ?8v|grRXF@aUaDY zLknZ1o@y{*9wzBkhWFd@bsUn(V@`4@-yVoV1I$ z+i}?E%RhqIXzE%B5$@R;fttUA3I;j}W7gpl?n~DTir|d7O^sur3{Ey8 z;zlQQ#rkX}M{8J{N-!@T?R8B1Ej1>aW2Mm|i}o`W-c!?=OH1G%eQu5q6lL;?4<4G5 zP!x3bKii_E0Ux~9H3&PR@NCH}6*GJT7gn2Z3(Rs0ks}pTDt{5w{X9Il9u0)EnIj8G z$st_~ig}Hca=(zXo&gr>QhW_@g@z9_6(*!eB)T%SE_;F1wx!ldd9;<0IZ7wy%Y}JT7NO?O%+&R%|dCZZ1?it!*kX=3kwXTx*l;_mx`e z{1!Com1s$~tRyi($xi3yN3a|#=&2(8q|h1Q6#GS568-9TmP_84JXhmHTrb7ehqT=4 zrdc=fK(eS5zLTjEQZwB^RAV9QKg5rgBUlwwvczy2DzzU3UxQAH2!-K1W`_etuEtL5|J)4tS*;cgnfYlAlPj0(?uYvh=`kuTW zx)8mu98q0AE}Dh8&t%ZSM&r(`qixZtf5**{D2>QbRcONoxuF&yfqJ)ad~UwE0*SFF zPxI97qXfhIbbAFo9UVPL8wk9vpEH-b>5@lr2~}EwrMhTq6~r zuC3Rst2Mlp#kJ@!@DlFg=qtd;@tTVYmT?oX#>1|Tq40t*@E}Gxax);TyruYXE2?bj z(VK00mRPDbtt#~Rm?Be~0cBjLq0)xF3c0lSqJ=MymI)#rItCMq*NFyfG3a1RBzyGi zVv-|Om%(-JeQ9$Aj{>agBQ-y%O4M$BB!7pqF+Aq)J4IFj5%FpB{C5=a=?UEjxT-~c zU;1C^tEWkdmXF9K58eDJ1T8J)hpT(Tmi#d;140@hMjpcC1QJy_0ndjY?NY&)M&OWN zryXTo+Sz_xg*YzO94_&<;4q&)5Ikc+6p;JE7W;xSy|*(zxs^STe)=ga&^atE9W3qW zBVHiK9imG!fVH0An}*DhTcKdm1gbP?gx3i^L1)fR+QxW$LIAs^HvZ)O`X$?PG4m?o zlZPB7h?|)khN1_I=YZe=4eIqOwr_6U!UKtSWo$DVJ@r9|F}BuBujRTd;{)X`*S0{I(9(3bH5}zTNDolGEGOD7 zKc%u=-1z>*#nqE=Ay(Yyd5cu>O^C(CZVm8~2cEGecBYlwh?qH!tW@mKTw?a6ruC>Y z0NM_b>Q2->W7O`xjK?bip9?c0lPxW7ZbmW;>ekUWImrz}FCgsbWW8YF`2uq$UC)X zLKB){fa40gqkpc17~w&^uWmonTBJKvXUOy7j-LDgJ>Re~&sP4FkLBt-X*H>c2*LZi zp8VoCndDn+h-v(nKLI+VK0IAZlU6b!#ICa}gHJ&OL&g5fSLdCesv~^4pmC)7jw#w7 z;uoiQn#_4(VeFPT=^3PZ!*#p$GT*Ga<~};i!}m;nFkFa23LbRH4^@D2LWv2$f)F4+ z6BrLf6SeqA)=2hV(QpJ;cw=Z9^+;-^HHgLvOWJX&AS4Bm?7)(R2t`W-&gw8(raW-Buc&2R zo>Zfp2n@^5C%th@uPM3yQZ0^A&Lzob`S#@*gCJEmTdCSY|F|z4e%<^6+qi`t&GZom z*c(7GpesOvpqasBmRYCBf?+O>gtO7nnbr~q{4YJ3$8kgav{N4FdfS2k~FM`(9d zSJNj=b7jShY0h;X{=b1Z-RycKB}Mav`$2_}9L0FiM$1i1OLq6%YrZmZ9d&CnPN91K zwC^xIYcqLao>RZ|5YSwQa09HJ_b!14^KyE-Wl#N(obsr2%`qyV7g$TAi^oT{%i5Jo z@a#1f5~1oaqV~!niva#2oGBXytybf`Ah#H*A0#3GxU)nvqHmuhigy(f)lRt%$zV7f zFEBpQTuUD=riHUDhu^>R{cjCr_0hUbA3|j&bP(jM%J>TcasX%|o{`)jT-A~cH)fVf zbY__-v`HZe_$+~Nnewyk7H3FlU6gHM3+Q@Qn*Wu975-@2&o;S&E}8 zl=0duyg>-KJyMyBYjU61I>+p6eF+WoWv5U&{J>f5;3GHrNAP|+XAEHBYYm{Av&4Aix^YSsnXWLc0RR?<4?Fb=Bv|EM*${em7x=9bwtVCZ%!*gLDULftoe~64S5rOTol-0|#`# z|NWdCi}8qyXmM;nu?dU&SCpmIx34kUNSh8Uqm#ye7Y}+-lcs7Cw+l4N8~~2Ed&V96 z*))#Y?^8NaNpnVVCv`so6mlu2xf@(Z1iy4Fa79r4Dc)^{y(cka|lG3Js2|t!!S1A}Is^J^N zRP9166@8|=It-c=+($EL4V8Nybud0KAutIB1uG5%0vZJX1Qf(d7W0m(qqVf$Q<7It kl2zELI3@%XZh(h<)Pz_Z+=jYfu|-Rig@)#*0s{etpj~>g2><{9 diff --git a/testing/environments/docker/kafka/healthcheck.sh b/testing/environments/docker/kafka/healthcheck.sh deleted file mode 100755 index 99e533c4634..00000000000 --- a/testing/environments/docker/kafka/healthcheck.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/bash - -TOPIC="foo-`date '+%s-%N'`" - -${KAFKA_HOME}/bin/kafka-topics.sh --zookeeper=127.0.0.1:2181 --create --partitions 1 --topic "${TOPIC}" --replication-factor 1 -rc=$? -if [[ $rc != 0 ]]; then - exit $rc -fi - -${KAFKA_HOME}/bin/kafka-topics.sh --zookeeper=127.0.0.1:2181 --delete --topic "${TOPIC}" -exit 0 diff --git a/testing/environments/docker/kafka/run.sh b/testing/environments/docker/kafka/run.sh deleted file mode 100755 index bfacf2a7242..00000000000 --- a/testing/environments/docker/kafka/run.sh +++ /dev/null @@ -1,50 +0,0 @@ -#!/bin/bash - -wait_for_port() { - count=20 - port=$1 - while ! nc -z localhost $port && [[ $count -ne 0 ]]; do - count=$(( $count - 1 )) - [[ $count -eq 0 ]] && return 1 - sleep 0.5 - done - # just in case, one more time - nc -z localhost $port -} - -echo "Starting ZooKeeper" -${KAFKA_HOME}/bin/zookeeper-server-start.sh ${KAFKA_HOME}/config/zookeeper.properties & -wait_for_port 2181 - -# create a user beats with password KafkaTest, for use in client SASL authentication -/kafka/bin/kafka-configs.sh \ - --zookeeper localhost:2181 \ - --alter --add-config 'SCRAM-SHA-512=[password=KafkaTest]' \ - --entity-type users \ - --entity-name beats - -echo "Starting Kafka broker" -mkdir -p ${KAFKA_LOGS_DIR} -${KAFKA_HOME}/bin/kafka-server-start.sh ${KAFKA_HOME}/config/server.properties \ - --override delete.topic.enable=true \ - --override advertised.host.name=${KAFKA_ADVERTISED_HOST} \ - --override listeners=PLAINTEXT://0.0.0.0:9092,SASL_SSL://0.0.0.0:9093 \ - --override advertised.listeners=PLAINTEXT://${KAFKA_ADVERTISED_HOST}:9092,SASL_SSL://${KAFKA_ADVERTISED_HOST}:9093 \ - --override inter.broker.listener.name=PLAINTEXT \ - --override sasl.enabled.mechanisms=SCRAM-SHA-512 \ - --override listener.name.sasl_ssl.scram-sha-512.sasl.jaas.config="org.apache.kafka.common.security.scram.ScramLoginModule required;" \ - --override logs.dir=${KAFKA_LOGS_DIR} \ - --override log4j.logger.kafka=DEBUG,kafkaAppender \ - --override log.flush.interval.ms=200 \ - --override num.partitions=3 \ - --override ssl.keystore.location=/broker.keystore.jks \ - --override ssl.keystore.password=KafkaTest \ - --override ssl.truststore.location=/broker.truststore.jks \ - --override ssl.truststore.password=KafkaTest & - -wait_for_port 9092 - -echo "Kafka load status code $?" - -# Make sure the container keeps running -tail -f /dev/null diff --git a/testing/environments/docker/kerberos_kdc/Dockerfile b/testing/environments/docker/kerberos_kdc/Dockerfile deleted file mode 100644 index 629fbaebcd5..00000000000 --- a/testing/environments/docker/kerberos_kdc/Dockerfile +++ /dev/null @@ -1,15 +0,0 @@ -FROM ubuntu:14.04 -ADD scripts /scripts - -ENV REALM_NAME ELASTIC -ENV KDC_NAME kerberos_kdc -ENV BUILD_ZONE elastic -ENV ELASTIC_ZONE $BUILD_ZONE - -RUN echo kerberos_kdc.elastic > /etc/hostname && echo "127.0.0.1 kerberos_kdc.elastic" >> /etc/hosts -RUN bash /scripts/installkdc.sh - -EXPOSE 88 -EXPOSE 749 - -CMD sleep infinity diff --git a/testing/environments/docker/logstash/gencerts.sh b/testing/environments/docker/logstash/gencerts.sh deleted file mode 100755 index fa53523e979..00000000000 --- a/testing/environments/docker/logstash/gencerts.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/sh - -mkdir -p pki/tls/certs -mkdir -p pki/tls/private -openssl req -subj '/CN=logstash/' -x509 -days $((100 * 365)) -batch -nodes -newkey rsa:2048 -keyout pki/tls/private/logstash.key -out pki/tls/certs/logstash.crt -config ssl.conf diff --git a/testing/environments/docker/logstash/pipeline-xpack/default.conf b/testing/environments/docker/logstash/pipeline-xpack/default.conf deleted file mode 100644 index 01d46fc4c4b..00000000000 --- a/testing/environments/docker/logstash/pipeline-xpack/default.conf +++ /dev/null @@ -1,26 +0,0 @@ -input { - beats { - port => 5044 - ssl => false - } - - beats { - port => 5055 - ssl => true - ssl_certificate => "/etc/pki/tls/certs/logstash.crt" - ssl_key => "/etc/pki/tls/private/logstash.key" - } -} - - -output { - elasticsearch { - hosts => ["${ES_HOST:elasticsearch}:${ES_PORT:9200}"] - index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}" - user => admin - password => testing - } - - # Used for easier debugging - #stdout { codec => rubydebug { metadata => true } } -} diff --git a/testing/environments/docker/logstash/pipeline/default.conf b/testing/environments/docker/logstash/pipeline/default.conf deleted file mode 100644 index 08edff764bf..00000000000 --- a/testing/environments/docker/logstash/pipeline/default.conf +++ /dev/null @@ -1,24 +0,0 @@ -input { - beats { - port => 5044 - ssl => false - } - - beats { - port => 5055 - ssl => true - ssl_certificate => "/etc/pki/tls/certs/logstash.crt" - ssl_key => "/etc/pki/tls/private/logstash.key" - } -} - - -output { - elasticsearch { - hosts => ["${ES_HOST:elasticsearch}:${ES_PORT:9200}"] - index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}" - } - - # Used for easier debugging - #stdout { codec => rubydebug { metadata => true } } -} diff --git a/testing/environments/docker/logstash/pki/tls/certs/logstash.crt b/testing/environments/docker/logstash/pki/tls/certs/logstash.crt deleted file mode 100644 index 08d2903c7d7..00000000000 --- a/testing/environments/docker/logstash/pki/tls/certs/logstash.crt +++ /dev/null @@ -1,18 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIC+jCCAeKgAwIBAgIUImV3iegTZ0b1zTQna2L4aVKmq1owDQYJKoZIhvcNAQEL -BQAwEzERMA8GA1UEAwwIbG9nc3Rhc2gwIBcNMjAxMTEwMDkwMDQ4WhgPMjEyMDEw -MTcwOTAwNDhaMBMxETAPBgNVBAMMCGxvZ3N0YXNoMIIBIjANBgkqhkiG9w0BAQEF -AAOCAQ8AMIIBCgKCAQEAxYKH925nceZVxHZZskBaMuUIlI8tLRMY6EeXBvsDzrqi -4+pRFSCJU45wZKhOFi/EigWxk8TqfrHqYbpe9Cbxmngup2xvhgDC2Kmr3R/SKARW -zKCAbwLiDcf0yiJyT98AVOdUXuQ7HHC9m8D3Ohp1knYEmV8dJGtiFE1vW3FtYsUW -p0MOu5WG2iOitaWTIdXmqxwxuK6Jo4I3znReS0PSBwLFXKwWzjEcM9yvXPtubIc6 -1mbbF1Stf0GvGxmOs9u3JCNJXQvTuyJ+O7OrUbnk9vN8nmS/w9GSlM1PqwUNrWIB -X0uHazTU8mSFk3QI8M3kBFfFIN5dL9zIXLGFdJYvfwIDAQABo0QwQjALBgNVHQ8E -BAMCBDAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwHgYDVR0RBBcwFYIIbG9nc3Rhc2iC -CWxvY2FsaG9zdDANBgkqhkiG9w0BAQsFAAOCAQEATBSnhUXJuf5whNmBE9OdoMJK -tgSaBx/FGq1tJp6jHkI1i4Oii3Wizs6K4tmWEqepu8MB0IVXJUkxGgh70DD3svKV -1En1zNOkUoI/lAwPBMHOl9oq2Z/u4E1dOydzyLQLDBg0fLC1Ui06NfdJRONOovoX -g3DD4IR6DODVtlGqRnON24H04OvZ3VWfbumkurp2XMvv8cooKQOLcMZ4dLVEyJxm -AEyC6pxuMsY32p/vtVjKarElqOnNAJ9xxS6IPczMgAXUMaxr5cZFMQSrdju9lVh4 -kpY5UglFiIJ/yHdlD5c4O8tK93qJ0Xgo7I7ujm38S38itrShpclXiAfW1rJ/2w== ------END CERTIFICATE----- diff --git a/testing/environments/docker/logstash/pki/tls/private/logstash.key b/testing/environments/docker/logstash/pki/tls/private/logstash.key deleted file mode 100644 index 83d14841286..00000000000 --- a/testing/environments/docker/logstash/pki/tls/private/logstash.key +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDFgof3bmdx5lXE -dlmyQFoy5QiUjy0tExjoR5cG+wPOuqLj6lEVIIlTjnBkqE4WL8SKBbGTxOp+seph -ul70JvGaeC6nbG+GAMLYqavdH9IoBFbMoIBvAuINx/TKInJP3wBU51Re5DsccL2b -wPc6GnWSdgSZXx0ka2IUTW9bcW1ixRanQw67lYbaI6K1pZMh1earHDG4romjgjfO -dF5LQ9IHAsVcrBbOMRwz3K9c+25shzrWZtsXVK1/Qa8bGY6z27ckI0ldC9O7In47 -s6tRueT283yeZL/D0ZKUzU+rBQ2tYgFfS4drNNTyZIWTdAjwzeQEV8Ug3l0v3Mhc -sYV0li9/AgMBAAECggEAXnrge7YuecfLQ12x7pjmDO6OujH7VFKMWaDVWBt/aMbS -4N/XxZl416WNkjkIkYhsJfIvThambdDB49n5TiXK8S+IccJnXtzCWE5hzjdImqfo -tZ4ZkgD5DcqXCJKNyDNOv06hh3r549LygK1AFmVN1K/r50oecKuFkVyxZjbOMq5o -pKuNOiYWYki1FXd0kVd2yLy4ZKejrgMqwKk06xpeY4o9UfWSeMHaG+rlYsxxO/Fe -3o1FueAFNdJv553xzzmjCDI6YVq43izoF11/Q6K0HHvqwPkpNEFo9ChzPuLmvwOd -3Pyif53aVyOWg01sIp7NXzrUMrBoku3QcDtvGvrm8QKBgQD5vyP6LqbaXZ33DX2N -NpxgEpp2H44KCSfuxc1+mu4IpwOKIdX2bqjkcfGqbU5uBammdwYB78ro++YP0qR/ -6MTVyJwbMxlutOHJY/FLDnh+KZdPSBmJmce62khU/+eCATwQJeHCiktK9GxLisq6 -nBlkWLfkLVtGMduq1JwO4lWf4wKBgQDKdI5yfj1GKkAR4DPUp+OBZo1RsSJj5A0H -qMS/eudKTGj9Gi6Xiw200+x6fpzRCWCzUmS3c+QfTXMgNJEBjhhIYSb3IRo1p7Gf -M3chbN53SZyYf6msQ4b7oRiGZFDtoYNm0v4lqIxuoNi98CGxGtmz1W6gejpFyb1Y -A+EkRbSMtQKBgQDb7WZROiPUx/wDQu39HMo4ECnVO5RpYga4TZfYlbZoCCslyQYS -LQCtq2mVGwyl9nafENFJg1C8Opct9+DEgsZTPIW7rhQHWWI7Zrdl0ShqcVW9i1Bx -y+oGsZJgx7mm0k+CKNnV5tLG/tce7un3yt7Rbw8A8LAf8Gfw16lVshqU4QKBgHzZ -WgrzHJhLb81WRMBMdHkVI+sP4FRXi02A3yvx//YKnugOoFLl9qLf2cJEmDI0pUSQ -d/nF5xUCrw9aO14JIaJo/x2BdWdHLbsugrXDLIHFjGNivuCzl+dPFg+yh1Gzu5PK -Y94XTdrfKCohjrVoCH7lDN674XmuCizf35R9w/TNAoGBAKqaP7TTSafEs9ugsAgt -u3RXBbd9OA8u9tLKEBys/f9XoDPYWZ5Ar8a0LjpubcC5V14S7KwBYdiTN0ynaPGK -NI89jze9Y4ByiBWIalXjR6CWh3VlBiUGYONUjxOHaoMGrbYxYACNvJYtqjlQS1yN -LJN6nFfCs4U6TgQ4XBCdVAFO ------END PRIVATE KEY----- diff --git a/testing/environments/docker/logstash/ssl.conf b/testing/environments/docker/logstash/ssl.conf deleted file mode 100644 index 13fbe0dd2bf..00000000000 --- a/testing/environments/docker/logstash/ssl.conf +++ /dev/null @@ -1,18 +0,0 @@ -[req] -distinguished_name = req_distinguished_name -x509_extensions = v3_req -prompt = no -[req_distinguished_name] -C = US -ST = VA -L = SomeCity -O = Elastic -OU = Observability -CN = elastic.co -[v3_req] -keyUsage = keyEncipherment, dataEncipherment -extendedKeyUsage = serverAuth -subjectAltName = @alt_names -[alt_names] -DNS.1 = logstash -DNS.2 = localhost diff --git a/testing/environments/docker/mosquitto/Dockerfile b/testing/environments/docker/mosquitto/Dockerfile deleted file mode 100644 index eac5d1e0d6c..00000000000 --- a/testing/environments/docker/mosquitto/Dockerfile +++ /dev/null @@ -1,2 +0,0 @@ -FROM eclipse-mosquitto:1.6.8 -HEALTHCHECK --interval=1s --retries=600 CMD nc -z localhost 1883 diff --git a/testing/environments/docker/sredis/Dockerfile b/testing/environments/docker/sredis/Dockerfile deleted file mode 100644 index 5abbc29468b..00000000000 --- a/testing/environments/docker/sredis/Dockerfile +++ /dev/null @@ -1,16 +0,0 @@ -FROM alpine:edge - -RUN apk add --no-cache stunnel - -COPY stunnel.conf /etc/stunnel/stunnel.conf -COPY pki /etc/pki - -RUN chmod 600 /etc/stunnel/stunnel.conf; \ - chmod 600 /etc/pki/tls/certs/*; \ - chmod 600 /etc/pki/tls/private/*; - -HEALTHCHECK --interval=1s --retries=600 CMD nc -z localhost 6380 -EXPOSE 6380 - -CMD ["stunnel"] - diff --git a/testing/environments/docker/sredis/gencerts.sh b/testing/environments/docker/sredis/gencerts.sh deleted file mode 100755 index 8617695a156..00000000000 --- a/testing/environments/docker/sredis/gencerts.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/sh - -mkdir -p pki/tls/certs -mkdir -p pki/tls/private -openssl req -subj '/CN=sredis/' -x509 -days $((100 * 365)) -batch -nodes -newkey rsa:2048 -keyout pki/tls/private/sredis.key -out pki/tls/certs/sredis.crt diff --git a/testing/environments/docker/sredis/pki/tls/certs/sredis.crt b/testing/environments/docker/sredis/pki/tls/certs/sredis.crt deleted file mode 100644 index e1fbc7211e2..00000000000 --- a/testing/environments/docker/sredis/pki/tls/certs/sredis.crt +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDGTCCAgGgAwIBAgIJAPEol/xrYMpMMA0GCSqGSIb3DQEBBQUAMBExDzANBgNV -BAMTBnNyZWRpczAgFw0xNjA0MDgyMjQxMzBaGA8yMTE2MDMxNTIyNDEzMFowETEP -MA0GA1UEAxMGc3JlZGlzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA -ygmNOjJ6r77/r/7FVykKynMTmUElFdspdVKYPB+iPbBU+Xwn3FdlzVvYBGAX+5kD -XLP9OX0qR18EUrBf0xsux0sEjvoydD7e9ZPoRn/PpD8T3mObtDOKe4UCY0j67Qj4 -uKT9dhqO6Gw/gVmktydhi3OHeCEHEb7sf3ydwBvradegVNFQZyjxD3x8N6b82roN -fZmVpYPoJaRI2UR+A8EbS95Rl7HjpxXrtchl/Fw+k3wS5OXHu36HdoAzkC6Hw3nV -MoKaqCSAuyVwGzd+csbp1+6S0TNZgfpHKjuSI9maYZqetJLA4rqg+hM1PbKkB605 -VjeKgNtLScjbrcXYfUBGQwIDAQABo3IwcDAdBgNVHQ4EFgQUYHI4wROpICq6l/sz -p8iNVUE8ySIwQQYDVR0jBDowOIAUYHI4wROpICq6l/szp8iNVUE8ySKhFaQTMBEx -DzANBgNVBAMTBnNyZWRpc4IJAPEol/xrYMpMMAwGA1UdEwQFMAMBAf8wDQYJKoZI -hvcNAQEFBQADggEBAFOc8jV5VKGIFt09ianhYYpr/1kld9o7zlzjHfyQbRTBvvYt -Ni22j3fshECZC9dBMuQObLpxtDAcJcncgl2LRCLcJSab/aa8jjH8qb+An4mbwdYA -bCNyItHVmPteDFWJgwSo/YHb6xpZ26fN8bi65RoUbsLtx14/wFiiEIO+rQ/20Pzi -3lOgGM7LXmYWYRhUd+LfBpNGWihZ3QL+ZkpsT6R4aFLwuWGEmGAPsgHyiOeMoR78 -0eYVnoY2oqTYARC/o+e2pCk6GWTycgSygwNRojH3ago1k5FMDk3rLWDOX0RNl9xj -A9qPE3tfnN1/Do5WsunIKuQNXmb16yQwz/AeHCM= ------END CERTIFICATE----- diff --git a/testing/environments/docker/sredis/pki/tls/private/sredis.key b/testing/environments/docker/sredis/pki/tls/private/sredis.key deleted file mode 100644 index 5f0e7c877ce..00000000000 --- a/testing/environments/docker/sredis/pki/tls/private/sredis.key +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAygmNOjJ6r77/r/7FVykKynMTmUElFdspdVKYPB+iPbBU+Xwn -3FdlzVvYBGAX+5kDXLP9OX0qR18EUrBf0xsux0sEjvoydD7e9ZPoRn/PpD8T3mOb -tDOKe4UCY0j67Qj4uKT9dhqO6Gw/gVmktydhi3OHeCEHEb7sf3ydwBvradegVNFQ -ZyjxD3x8N6b82roNfZmVpYPoJaRI2UR+A8EbS95Rl7HjpxXrtchl/Fw+k3wS5OXH -u36HdoAzkC6Hw3nVMoKaqCSAuyVwGzd+csbp1+6S0TNZgfpHKjuSI9maYZqetJLA -4rqg+hM1PbKkB605VjeKgNtLScjbrcXYfUBGQwIDAQABAoIBAG4ZWm72h0kyqp+8 -FMp0wT6mC24exBju/97Bjdhl3MIFT6lNcWNv9Tg97rAjta4UKnLgWwRzIxEVxINT -PkUKsSlFxkwsKEaU5GernI6epAb7oNY2Lem7lKHPUAfPA38cvn3Q25b6zhn2s3zH -3y04Nr4JzS83wGR5SOQIgubn0BgywvfuoeCUKj8BJ36vy6Dy/yIcquERwXnRzMHL -Q9oCrVAE86Dm1tQYHi5ougjSt3oKHIaUNC+PNlswiVEu+9MWhpdzBHbiEJkj3Y6H -XAkFFXqaf7Cc4RYVlGKvonjdSNk4k0zZIWmbGSOydCYlIuAhomvJ2Ar9xPZtAv/y -7zuUoBECgYEA8pLp2q82m+OEHmZOv573efBxpJxqTiIK61DMchljlhJNm6j1fwqJ -IqWoM+HTlrnA9rSA0lg900ASpp7H7IMiIr1MMBUr0JPTbqtENp3pHOOBe7gWuW5M -JtH/UyNFj/o7ewKpnDioDTW8CC2sKxKymwOOooX/hPN6PCKUTXl1yX0CgYEA1ThE -Fjs43EgAZ8v88c5I9mfBKKlb36IeYtN2A2tbnlnggg0cXGPmsxT6rMfwJVuXIwIR -tAfzSh9az0OLahP0mAWx2dK0vRcpA3+2piy9IAGSkA7qLb1M4ZCef14qixEZ3RRT -NtoCRY7IohWBvc3heAyymT1vz09ltV7o5Ln9Wr8CgYBWLJ7rU2eBBdh/vDSpml2s -ciDNK8wQKcPbSP74YdChFauAawubsDB7oIIavFUgrKjCe+lv0G1WSOLXUn0Ppp5P -3RPd2QeRt5JbNHitNngEDUaInyNjiK2A9QVRkaw6s9jBoHaEyxPYbYh5F1CclK3i -p+baEeRuZNi92EL7KvUPOQKBgAewFqxiiENRCUq0zTL+yByyUwGfUaO3mbbgfwHS -jiQgg3rM9DfUlk3gtMUkFGGUctedTHwcSUZj6QdOHSm+/HO6yNXcxg2HV0A8C57k -QBF2XQ16rDDoAWykpUJcZ9ZJ0I/rGrEAnVJaups1gU8RrE6CzrG9yFlGOJmYiXct -yZfLAoGBAJ/z+CIO9wbg8Ix0VzFFgM2W2Lt2gxmJH1jcdv6GrRbpIovAisImymNw -lqLrATxthc8PlOO1qUwHPBjeoIpZE2H1VqYMItujtdLm9UyJz3VZe7RcIzw//8KF -wndGFmWXt6Ztdlbkb29hZ7prjftZSpeuLo3vf3+BHueLPVHKGnda ------END RSA PRIVATE KEY----- diff --git a/testing/environments/docker/sredis/stunnel.conf b/testing/environments/docker/sredis/stunnel.conf deleted file mode 100644 index 3d07f0be6c1..00000000000 --- a/testing/environments/docker/sredis/stunnel.conf +++ /dev/null @@ -1,7 +0,0 @@ -foreground=yes - -[redis] -accept=:::6380 -connect=redis:6379 -key=/etc/pki/tls/private/sredis.key -cert=/etc/pki/tls/certs/sredis.crt diff --git a/testing/environments/docker/test.env b/testing/environments/docker/test.env deleted file mode 100644 index 5856225ceaf..00000000000 --- a/testing/environments/docker/test.env +++ /dev/null @@ -1,2 +0,0 @@ -ES_HOST=elasticsearch -ES_PORT=9200 diff --git a/testing/environments/latest.yml b/testing/environments/latest.yml deleted file mode 100644 index ced9cc680ee..00000000000 --- a/testing/environments/latest.yml +++ /dev/null @@ -1,37 +0,0 @@ -# This is the latest released environment. - -version: '2.3' -services: - elasticsearch: - image: docker.elastic.co/elasticsearch/elasticsearch:8.0.0 - healthcheck: - test: ["CMD-SHELL", "curl -s http://localhost:9200/_cat/health?h=status | grep -q green"] - retries: 300 - interval: 1s - environment: - - "ES_JAVA_OPTS=-Xms1g -Xmx1g" - - "network.host=" - - "transport.host=127.0.0.1" - - "http.host=0.0.0.0" - - "xpack.security.enabled=false" - - "script.context.template.max_compilations_rate=unlimited" - - "script.context.ingest.cache_max_size=2000" - - "script.context.processor_conditional.cache_max_size=2000" - - "script.context.template.cache_max_size=2000" - - logstash: - image: docker.elastic.co/logstash/logstash:8.0.0 - healthcheck: - test: ["CMD", "curl", "-f", "http://localhost:9600/_node/stats"] - retries: 300 - interval: 1s - volumes: - - ./docker/logstash/pipeline:/usr/share/logstash/pipeline:ro - - ./docker/logstash/pki:/etc/pki:ro - - kibana: - image: docker.elastic.co/kibana/kibana:8.0.0 - healthcheck: - test: ["CMD", "curl", "-f", "http://localhost:5601"] - retries: 300 - interval: 1s diff --git a/testing/environments/local.yml b/testing/environments/local.yml deleted file mode 100644 index 7d588a82987..00000000000 --- a/testing/environments/local.yml +++ /dev/null @@ -1,33 +0,0 @@ -# Defines if ports should be exported. -# This is useful for testing locally with a full elastic stack setup. -# All services can be reached through localhost like localhost:5601 for Kibana -# This is not used for CI as otherwise ports conflicts could happen. -version: '2.3' -services: - kibana: - ports: - - "127.0.0.1:5601:5601" - - elasticsearch: - ports: - - "127.0.0.1:9200:9200" - - logstash: - ports: - - "127.0.0.1:5044:5044" - - "127.0.0.1:5055:5055" - - "127.0.0.1:9600:9600" - depends_on: - elasticsearch: - condition: service_healthy - - # Makes sure containers keep running for manual testing - beat: - build: . - depends_on: - elasticsearch: - condition: service_healthy - kibana: - condition: service_healthy - logstash: - condition: service_healthy diff --git a/testing/environments/prev-minor.yml b/testing/environments/prev-minor.yml deleted file mode 100644 index 5daa3b37a3f..00000000000 --- a/testing/environments/prev-minor.yml +++ /dev/null @@ -1,38 +0,0 @@ -# This is the previous minor for compatibility tests. - -version: '2.3' -services: - elasticsearch: - image: docker.elastic.co/elasticsearch/elasticsearch:8.0.0-rc1 - healthcheck: - test: ["CMD-SHELL", "curl -s http://localhost:9200/_cat/health?h=status | grep -q green"] - retries: 300 - interval: 1s - environment: - - "ES_JAVA_OPTS=-Xms1g -Xmx1g" - - "network.host=" - - "transport.host=127.0.0.1" - - "http.host=0.0.0.0" - - "xpack.security.enabled=false" - - "script.context.template.max_compilations_rate=unlimited" - - "script.context.ingest.cache_max_size=2000" - - "script.context.processor_conditional.cache_max_size=2000" - - "script.context.template.cache_max_size=2000" - - "action.destructive_requires_name=false" - - logstash: - image: docker.elastic.co/logstash/logstash:8.0.0-rc1 - healthcheck: - test: ["CMD", "curl", "-f", "http://localhost:9600/_node/stats"] - retries: 600 - interval: 1s - volumes: - - ./docker/logstash/pipeline:/usr/share/logstash/pipeline:ro - - ./docker/logstash/pki:/etc/pki:ro - - kibana: - image: docker.elastic.co/kibana/kibana:8.0.0-rc1 - healthcheck: - test: ["CMD-SHELL", "curl -s http://localhost:5601/api/status?v8format=true | grep -q '\"overall\":{\"level\":\"available\"'"] - retries: 600 - interval: 1s diff --git a/testing/environments/snapshot.yml b/testing/environments/snapshot.yml deleted file mode 100644 index 92ad6009613..00000000000 --- a/testing/environments/snapshot.yml +++ /dev/null @@ -1,59 +0,0 @@ -# This should start the environment with the latest snapshots. - -version: '2.3' -services: - elasticsearch: - image: docker.elastic.co/elasticsearch/elasticsearch:8.7.0-61c35791-SNAPSHOT - # When extend is used it merges healthcheck.tests, see: - # https://github.com/docker/compose/issues/8962 - # healthcheck: - # test: ["CMD-SHELL", "curl -u admin:testing -s http://localhost:9200/_cat/health?h=status | grep -q green"] - # retries: 300 - # interval: 1s - environment: - - "ES_JAVA_OPTS=-Xms1g -Xmx1g" - - "network.host=" - - "transport.host=127.0.0.1" - - "http.host=0.0.0.0" - - "xpack.security.enabled=true" - # We want something as unlimited compilation rate, but 'unlimited' is not valid. - - "script.max_compilations_rate=100000/1m" - - "action.destructive_requires_name=false" - # Disable geoip updates to prevent golden file test failures when the database - # changes and prevent race conditions between tests and database updates. - - "ingest.geoip.downloader.enabled=false" - volumes: - # Test files from https://github.com/maxmind/MaxMind-DB/tree/2bf1713b3b5adcb022cf4bb77eb0689beaadcfef/test-data - - "./GeoLite2-ASN.mmdb:/usr/share/elasticsearch/config/ingest-geoip/GeoLite2-ASN.mmdb:ro" - - "./GeoLite2-City.mmdb:/usr/share/elasticsearch/config/ingest-geoip/GeoLite2-City.mmdb:ro" - - "./GeoLite2-Country.mmdb:/usr/share/elasticsearch/config/ingest-geoip/GeoLite2-Country.mmdb:ro" - - "./docker/elasticsearch/roles.yml:/usr/share/elasticsearch/config/roles.yml" - - "./docker/elasticsearch/users:/usr/share/elasticsearch/config/users" - - "./docker/elasticsearch/users_roles:/usr/share/elasticsearch/config/users_roles" - - logstash: - image: docker.elastic.co/logstash/logstash@sha256:e01cf165142edf8d67485115b938c94deeda66153e9516aa2ce69ee417c5fc33 - healthcheck: - test: ["CMD", "curl", "-f", "http://localhost:9600/_node/stats"] - retries: 600 - interval: 1s - volumes: - - ./docker/logstash/pipeline-xpack:/usr/share/logstash/pipeline:ro - - ./docker/logstash/pki:/etc/pki:ro - - kibana: - image: docker.elastic.co/kibana/kibana:8.7.0-61c35791-SNAPSHOT - environment: - - "ELASTICSEARCH_USERNAME=kibana_system_user" - - "ELASTICSEARCH_PASSWORD=testing" - - "XPACK_ENCRYPTEDSAVEDOBJECTS_ENCRYPTIONKEY=gwaXhuYzE6l3r1wh5ZdSkJvtK6uSw11d" - - "XPACK_SECURITY_ENCRYPTIONKEY=wZSVeczkXAmebqNgfcKEzNMmQCBZKkSH" -# - "XPACK_XPACK_MAIN_TELEMETRY_ENABLED=false" - - "XPACK_REPORTING_ENCRYPTIONKEY=xCyqJUFqrUJJKxjZVGfnhrRkyqqaKeAG" - - "LOGGING_ROOT_LEVEL=all" - # When extend is used it merges healthcheck.tests, see: - # https://github.com/docker/compose/issues/8962 - # healthcheck: - # test: ["CMD-SHELL", "curl -u beats:testing -s http://localhost:5601/api/status?v8format=true | grep -q '\"overall\":{\"level\":\"available\"'"] - # retries: 600 -