Skip to content

feat: Add Compose service name to Kibana's cert names #1002

feat: Add Compose service name to Kibana's cert names

feat: Add Compose service name to Kibana's cert names #1002

Workflow file for this run

name: CI
on:
push:
branches: [ tls ]
pull_request:
branches: [ tls ]
jobs:
test:
name: Test suite
# List of supported runners:
# https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners
runs-on: ubuntu-22.04
env:
COMPOSE_PROJECT_NAME: docker-elk
steps:
- uses: actions/checkout@v4
#####################################################
# #
# Install all dependencies required by test suites. #
# #
#####################################################
- name: Pre-build container images
run: >-
docker compose
--profile=setup
-f docker-compose.yml
-f extensions/fleet/fleet-compose.yml
-f extensions/fleet/agent-apmserver-compose.yml
-f extensions/metricbeat/metricbeat-compose.yml
-f extensions/filebeat/filebeat-compose.yml
-f extensions/heartbeat/heartbeat-compose.yml
-f extensions/enterprise-search/enterprise-search-compose.yml
build
- name: Generate X.509 assets for TLS communications
run: |
echo '::group::Generate certificates and private keys'
docker compose up tls
echo '::endgroup::'
echo '::group::Provide CA fingerprint for Fleet output'
declare ca_fingerprint
ca_fingerprint="$(openssl x509 -fingerprint -sha256 -noout -in tls/certs/ca/ca.crt \
| cut -d '=' -f2 \
| tr -d ':' \
| tr '[:upper:]' '[:lower:]'
)"
sed -i "s/#\(ca_trusted_fingerprint:\).*/\1 ${ca_fingerprint}/g" kibana/config/kibana.yml
git diff
echo '::endgroup::'
########################################################
# #
# Ensure §"Initial setup" of the README remains valid. #
# #
########################################################
- name: Set password of every built-in user to 'testpasswd'
run: >-
sed -i
-e 's/\(ELASTIC_PASSWORD=\)'\''changeme'\''/\1testpasswd/g'
-e 's/\(LOGSTASH_INTERNAL_PASSWORD=\)'\''changeme'\''/\1testpasswd/g'
-e 's/\(KIBANA_SYSTEM_PASSWORD=\)'\''changeme'\''/\1testpasswd/g'
-e 's/\(METRICBEAT_INTERNAL_PASSWORD=\)'\'\''/\1testpasswd/g'
-e 's/\(FILEBEAT_INTERNAL_PASSWORD=\)'\'\''/\1testpasswd/g'
-e 's/\(HEARTBEAT_INTERNAL_PASSWORD=\)'\'\''/\1testpasswd/g'
-e 's/\(MONITORING_INTERNAL_PASSWORD=\)'\'\''/\1testpasswd/g'
-e 's/\(BEATS_SYSTEM_PASSWORD=\)'\'\''/\1testpasswd/g'
.env
- name: Set up users and roles
run: docker compose up setup
#############################
# #
# Test core and extensions. #
# #
#############################
# Elasticsearch's high disk watermark gets regularly exceeded on GitHub Actions runners.
# https://www.elastic.co/guide/en/elasticsearch/reference/8.10/fix-watermark-errors.html
- name: Disable Elasticsearch disk allocation decider
run: .github/workflows/scripts/disable-disk-alloc-decider.sh
#
# Core components: Elasticsearch, Logstash, Kibana
#
- name: Execute core test suite
run: |
docker compose up -d
.github/workflows/scripts/run-tests-core.sh
# next steps don't need Logstash
docker compose stop logstash
#
# Fleet
#
- name: Execute Fleet test suite
run: |
docker compose -f docker-compose.yml -f extensions/fleet/fleet-compose.yml -f extensions/fleet/agent-apmserver-compose.yml up --remove-orphans -d fleet-server apm-server
.github/workflows/scripts/run-tests-fleet.sh
#
# Metricbeat
#
- name: Execute Metricbeat test suite
run: |
docker compose -f docker-compose.yml -f extensions/metricbeat/metricbeat-compose.yml up --remove-orphans -d metricbeat
.github/workflows/scripts/run-tests-metricbeat.sh
#
# Filebeat
#
- name: Execute Filebeat test suite
run: |
docker compose -f docker-compose.yml -f extensions/filebeat/filebeat-compose.yml up --remove-orphans -d filebeat
.github/workflows/scripts/run-tests-filebeat.sh
#
# Heartbeat
#
- name: Execute Heartbeat test suite
run: |
docker compose -f docker-compose.yml -f extensions/heartbeat/heartbeat-compose.yml up --remove-orphans -d heartbeat
.github/workflows/scripts/run-tests-heartbeat.sh
#
# Enterprise Search
#
- name: Execute Enterprise Search test suite
run: |
# Set mandatory Elasticsearch settings
sed -i '$ a xpack.security.authc.api_key.enabled: true' elasticsearch/config/elasticsearch.yml
# Restart Elasticsearch for changes to take effect
docker compose restart elasticsearch
# Run Enterprise Search and execute tests
sed -i 's/\(secret_management.encryption_keys:\)/\1 [test-encrypt]/g' extensions/enterprise-search/config/enterprise-search.yml
docker compose -f docker-compose.yml -f extensions/enterprise-search/enterprise-search-compose.yml up --remove-orphans -d enterprise-search
.github/workflows/scripts/run-tests-enterprise-search.sh
# Revert changes to Elasticsearch configuration
sed -i '/xpack.security.authc.api_key.enabled: true/d' elasticsearch/config/elasticsearch.yml
docker compose restart elasticsearch
- name: Collect troubleshooting data
id: debug-data
if: failure()
run: |
declare debug_data_dir="$(mktemp -d)"
docker compose \
-f docker-compose.yml \
-f extensions/fleet/fleet-compose.yml \
-f extensions/fleet/agent-apmserver-compose.yml \
-f extensions/metricbeat/metricbeat-compose.yml \
-f extensions/filebeat/filebeat-compose.yml \
-f extensions/heartbeat/heartbeat-compose.yml \
-f extensions/enterprise-search/enterprise-search-compose.yml \
ps >"$debug_data_dir"/docker_ps.log
docker compose \
-f docker-compose.yml \
-f extensions/fleet/fleet-compose.yml \
-f extensions/fleet/agent-apmserver-compose.yml \
-f extensions/metricbeat/metricbeat-compose.yml \
-f extensions/filebeat/filebeat-compose.yml \
-f extensions/heartbeat/heartbeat-compose.yml \
-f extensions/enterprise-search/enterprise-search-compose.yml \
logs >"$debug_data_dir"/docker_logs.log
echo "path=${debug_data_dir}" >>"$GITHUB_OUTPUT"
- name: Upload collected troubleshooting data
if: always() && steps.debug-data.outputs.path
uses: actions/upload-artifact@v4
with:
name: debug-data
path: ${{ steps.debug-data.outputs.path }}/*.*
##############
# #
# Tear down. #
# #
##############
- name: Terminate all components
if: always()
run: >-
docker compose
-f docker-compose.yml
-f extensions/fleet/fleet-compose.yml
-f extensions/fleet/agent-apmserver-compose.yml
-f extensions/metricbeat/metricbeat-compose.yml
-f extensions/filebeat/filebeat-compose.yml
-f extensions/heartbeat/heartbeat-compose.yml
-f extensions/enterprise-search/enterprise-search-compose.yml
down -v