diff options
| author | Kim Lindberger <kim.lindberger@gmail.com> | 2021-12-16 16:20:52 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-12-17 00:20:52 +0900 |
| commit | ebaa2268539a1d7fcf81773afb0bea671a6ec340 (patch) | |
| tree | cf1bc7b1eadfbb8c1faee4fe53bd5f8f6028ceb3 /nixos/tests/elk.nix | |
| parent | 1a3873c93d9c2136fd58986cc73469a2deef0789 (diff) | |
| download | nixpkgs-ebaa2268539a1d7fcf81773afb0bea671a6ec340.tar nixpkgs-ebaa2268539a1d7fcf81773afb0bea671a6ec340.tar.gz nixpkgs-ebaa2268539a1d7fcf81773afb0bea671a6ec340.tar.bz2 nixpkgs-ebaa2268539a1d7fcf81773afb0bea671a6ec340.tar.lz nixpkgs-ebaa2268539a1d7fcf81773afb0bea671a6ec340.tar.xz nixpkgs-ebaa2268539a1d7fcf81773afb0bea671a6ec340.tar.zst nixpkgs-ebaa2268539a1d7fcf81773afb0bea671a6ec340.zip | |
elk7: 7.11.1 -> 7.16.1, 6.8.3 -> 6.8.21 + add filebeat module and tests (#150879)
* elk7: 7.11.1 -> 7.16.1 * nixosTests.elk: Improve reliability and compatibility with ELK 7.x - Use comparisons in jq instead of grepping - Match for `.hits.total.value` if version >= 7, otherwise it always passes - Make curl fail if requests fails * nixos/filebeat: Add initial module and test Filebeat is an open source file harvester, mostly used to fetch logs files and feed them into logstash. This module can be used instead of journalbeat if used with `filebeat7` and configured with the `journald` input. * python3Packages.parsedmarc.tests: Fix breakage - Don't use the deprecated elasticsearch7-oss package - Improve jq query robustness and add tracing * rl-2205: Note the addition of the filebeat service * elk6: 6.8.3 -> 6.8.21 The latest version includes a fix for CVE-2021-44228. * nixos/journalbeat: Add a loose dependency on elasticsearch Avoid unnecssary back-off when elasticsearch is running on the same host.
Diffstat (limited to 'nixos/tests/elk.nix')
| -rw-r--r-- | nixos/tests/elk.nix | 90 |
1 files changed, 69 insertions, 21 deletions
diff --git a/nixos/tests/elk.nix b/nixos/tests/elk.nix index ae746d7e1f0..f42be00f23b 100644 --- a/nixos/tests/elk.nix +++ b/nixos/tests/elk.nix @@ -40,9 +40,8 @@ let services = { - journalbeat = let lt6 = builtins.compareVersions - elk.journalbeat.version "6" < 0; in { - enable = true; + journalbeat = { + enable = elk ? journalbeat; package = elk.journalbeat; extraConfig = pkgs.lib.mkOptionDefault ('' logging: @@ -51,14 +50,29 @@ let metrics.enabled: false output.elasticsearch: hosts: [ "127.0.0.1:9200" ] - ${pkgs.lib.optionalString lt6 "template.enabled: false"} - '' + pkgs.lib.optionalString (!lt6) '' journalbeat.inputs: - paths: [] seek: cursor ''); }; + filebeat = { + enable = elk ? filebeat; + package = elk.filebeat; + inputs.journald.id = "everything"; + + inputs.log = { + enabled = true; + paths = [ + "/var/lib/filebeat/test" + ]; + }; + + settings = { + logging.level = "info"; + }; + }; + metricbeat = { enable = true; package = elk.metricbeat; @@ -142,27 +156,43 @@ let }; passthru.elkPackages = elk; - testScript = '' + testScript = + let + valueObject = lib.optionalString (lib.versionAtLeast elk.elasticsearch.version "7") ".value"; + in '' import json - def total_hits(message): + def expect_hits(message): + dictionary = {"query": {"match": {"message": message}}} + return ( + "curl --silent --show-error --fail-with-body '${esUrl}/_search' " + + "-H 'Content-Type: application/json' " + + "-d '{}' ".format(json.dumps(dictionary)) + + " | tee /dev/console" + + " | jq -es 'if . == [] then null else .[] | .hits.total${valueObject} > 0 end'" + ) + + + def expect_no_hits(message): dictionary = {"query": {"match": {"message": message}}} return ( - "curl --silent --show-error '${esUrl}/_search' " + "curl --silent --show-error --fail-with-body '${esUrl}/_search' " + "-H 'Content-Type: application/json' " + "-d '{}' ".format(json.dumps(dictionary)) - + "| jq .hits.total" + + " | tee /dev/console" + + " | jq -es 'if . == [] then null else .[] | .hits.total${valueObject} == 0 end'" ) def has_metricbeat(): dictionary = {"query": {"match": {"event.dataset": {"query": "system.cpu"}}}} return ( - "curl --silent --show-error '${esUrl}/_search' " + "curl --silent --show-error --fail-with-body '${esUrl}/_search' " + "-H 'Content-Type: application/json' " + "-d '{}' ".format(json.dumps(dictionary)) - + "| jq '.hits.total > 0'" + + " | tee /dev/console" + + " | jq -es 'if . == [] then null else .[] | .hits.total${valueObject} > 0 end'" ) @@ -178,7 +208,8 @@ let # TODO: extend this test with multiple elasticsearch nodes # and see if the status turns "green". one.wait_until_succeeds( - "curl --silent --show-error '${esUrl}/_cluster/health' | jq .status | grep -v red" + "curl --silent --show-error --fail-with-body '${esUrl}/_cluster/health'" + + " | jq -es 'if . == [] then null else .[] | .status != \"red\" end'" ) with subtest("Perform some simple logstash tests"): @@ -189,33 +220,50 @@ let with subtest("Kibana is healthy"): one.wait_for_unit("kibana.service") one.wait_until_succeeds( - "curl --silent --show-error 'http://localhost:5601/api/status' | jq .status.overall.state | grep green" + "curl --silent --show-error --fail-with-body 'http://localhost:5601/api/status'" + + " | jq -es 'if . == [] then null else .[] | .status.overall.state == \"green\" end'" ) with subtest("Metricbeat is running"): one.wait_for_unit("metricbeat.service") with subtest("Metricbeat metrics arrive in elasticsearch"): - one.wait_until_succeeds(has_metricbeat() + " | tee /dev/console | grep 'true'") + one.wait_until_succeeds(has_metricbeat()) with subtest("Logstash messages arive in elasticsearch"): - one.wait_until_succeeds(total_hits("flowers") + " | grep -v 0") - one.wait_until_succeeds(total_hits("dragons") + " | grep 0") + one.wait_until_succeeds(expect_hits("flowers")) + one.wait_until_succeeds(expect_no_hits("dragons")) + '' + lib.optionalString (elk ? journalbeat) '' with subtest( "A message logged to the journal is ingested by elasticsearch via journalbeat" ): one.wait_for_unit("journalbeat.service") one.execute("echo 'Supercalifragilisticexpialidocious' | systemd-cat") one.wait_until_succeeds( - total_hits("Supercalifragilisticexpialidocious") + " | grep -v 0" + expect_hits("Supercalifragilisticexpialidocious") ) - + '' + lib.optionalString (elk ? filebeat) '' + with subtest( + "A message logged to the journal is ingested by elasticsearch via filebeat" + ): + one.wait_for_unit("filebeat.service") + one.execute("echo 'Superdupercalifragilisticexpialidocious' | systemd-cat") + one.wait_until_succeeds( + expect_hits("Superdupercalifragilisticexpialidocious") + ) + one.execute( + "echo 'SuperdupercalifragilisticexpialidociousIndeed' >> /var/lib/filebeat/test" + ) + one.wait_until_succeeds( + expect_hits("SuperdupercalifragilisticexpialidociousIndeed") + ) + '' + '' with subtest("Elasticsearch-curator works"): one.systemctl("stop logstash") one.systemctl("start elasticsearch-curator") one.wait_until_succeeds( - '! curl --silent --show-error "${esUrl}/_cat/indices" | grep logstash | grep ^' + '! curl --silent --show-error --fail-with-body "${esUrl}/_cat/indices" | grep logstash | grep ^' ) ''; }) { inherit pkgs system; }; @@ -235,7 +283,7 @@ in { # elasticsearch = pkgs.elasticsearch7-oss; # logstash = pkgs.logstash7-oss; # kibana = pkgs.kibana7-oss; - # journalbeat = pkgs.journalbeat7; + # filebeat = pkgs.filebeat7; # metricbeat = pkgs.metricbeat7; # }; unfree = lib.dontRecurseIntoAttrs { @@ -250,7 +298,7 @@ in { elasticsearch = pkgs.elasticsearch7; logstash = pkgs.logstash7; kibana = pkgs.kibana7; - journalbeat = pkgs.journalbeat7; + filebeat = pkgs.filebeat7; metricbeat = pkgs.metricbeat7; }; }; |