iac
/
docker-elk
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat(fleet): collect Docker logs and metrics 

Mirrors the behaviour of the Metricsbeat and Filebeat extensions through
Elastic Agent, using the Docker integration.
This commit is contained in:
Antoine Cotten 2024-02-12 12:36:56 +01:00
parent 51f5978a52
commit bd55cfaf64
No known key found for this signature in database
4 changed files with 58 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
.github/workflows/scripts/run-tests-fleet.sh vendored
View File

@ -35,7 +35,7 @@ endgroup
# AND event.dataset:"system.cpu" # AND event.dataset:"system.cpu"
# AND metricset.name:"cpu" # AND metricset.name:"cpu"
# #
log 'Searching a document generated by Fleet Server' log 'Searching a system document generated by Fleet Server'
declare response declare response
declare -i count declare -i count
@ -70,3 +70,44 @@ if (( count == 0 )); then
echo 'Expected at least 1 document' echo 'Expected at least 1 document'
exit 1 exit 1
fi fi
# We expect to find log entries for the 'elasticsearch' Compose service using
# the following query:
#
# agent.name:"fleet-server"
# AND agent.type:"filebeat"
# AND container.name:"docker-elk-elasticsearch-1"
#
log 'Searching a container document generated by Fleet Server'
response=
count=0
was_retried=0
# retry for max 60s (30*2s)
for _ in $(seq 1 30); do
response="$(curl "http://${ip_es}:9200/logs-docker.container_logs-default/_search?q=agent.name:%22fleet-server%22%20AND%20agent.type:%22filebeat%22%20AND%20container.name:%22docker-elk-elasticsearch-1%22&pretty" -s -u elastic:testpasswd)"
set +u # prevent "unbound variable" if assigned value is not an integer
count="$(jq -rn --argjson data "${response}" '$data.hits.total.value')"
set -u
if (( count > 0 )); then
break
fi
was_retried=1
echo -n 'x' >&2
sleep 2
done
if ((was_retried)); then
# flush stderr, important in non-interactive environments (CI)
echo >&2
fi
echo "$response"
if (( count == 0 )); then
echo 'Expected at least 1 document'
exit 1
fi

7
extensions/fleet/README.md
View File

@ -37,11 +37,6 @@ management UI: [Fleet UI Settings][fleet-cfg].
## Known Issues ## Known Issues
- Logs and metrics are only collected within the Fleet Server's container. Ultimately, we want to emulate the behaviour
of the existing Metricsbeat and Filebeat extensions, and collect logs and metrics from all ELK containers
out-of-the-box. Unfortunately, this kind of use-case isn't (yet) well supported by Fleet, and most advanced
configurations currently require running Elastic Agents in [standalone mode][fleet-standalone].
(Relevant resource: [Migrate from Beats to Elastic Agent][fleet-beats])
- The Elastic Agent auto-enrolls using the `elastic` super-user. With this approach, you do not need to generate a - The Elastic Agent auto-enrolls using the `elastic` super-user. With this approach, you do not need to generate a
service token — either using the Fleet management UI or [CLI utility][es-svc-token] — prior to starting this service token — either using the Fleet management UI or [CLI utility][es-svc-token] — prior to starting this
extension. However convenient that is, this approach _does not follow security best practices_, and we recommend extension. However convenient that is, this approach _does not follow security best practices_, and we recommend
@ -64,6 +59,4 @@ management UI: [Fleet UI Settings][fleet-cfg].
[config-kbn]: ../../kibana/config/kibana.yml [config-kbn]: ../../kibana/config/kibana.yml
[fleet-standalone]: https://www.elastic.co/guide/en/fleet/current/elastic-agent-configuration.html
[fleet-beats]: https://www.elastic.co/guide/en/fleet/current/migrate-beats-to-agent.html
[es-svc-token]: https://www.elastic.co/guide/en/elasticsearch/reference/current/service-tokens-command.html [es-svc-token]: https://www.elastic.co/guide/en/elasticsearch/reference/current/service-tokens-command.html

11
extensions/fleet/fleet-compose.yml
View File

@ -6,8 +6,19 @@ services:
context: extensions/fleet/ context: extensions/fleet/
args: args:
ELASTIC_VERSION: ${ELASTIC_VERSION} ELASTIC_VERSION: ${ELASTIC_VERSION}
# Run as 'root' instead of 'elastic-agent' (uid 1000) to allow reading
# 'docker.sock' and the host's filesystem.
user: root
volumes: volumes:
- fleet-server:/usr/share/elastic-agent/state:Z - fleet-server:/usr/share/elastic-agent/state:Z
- type: bind
source: /var/lib/docker/containers
target: /var/lib/docker/containers
read_only: true
- type: bind
source: /var/run/docker.sock
target: /var/run/docker.sock
read_only: true
environment: environment:
FLEET_SERVER_ENABLE: '1' FLEET_SERVER_ENABLE: '1'
FLEET_SERVER_INSECURE_HTTP: '1' FLEET_SERVER_INSECURE_HTTP: '1'

5
kibana/config/kibana.yml
View File

@ -47,6 +47,8 @@ xpack.fleet.packages:
version: latest version: latest
- name: elastic_agent - name: elastic_agent
version: latest version: latest
- name: docker
version: latest
- name: apm - name: apm
version: latest version: latest
@ -67,6 +69,9 @@ xpack.fleet.agentPolicies:
- name: elastic_agent-1 - name: elastic_agent-1
package: package:
name: elastic_agent name: elastic_agent
- name: docker-1
package:
name: docker
- name: Agent Policy APM Server - name: Agent Policy APM Server
id: agent-policy-apm-server id: agent-policy-apm-server
description: Static agent policy for the APM Server integration description: Static agent policy for the APM Server integration