From 19a7bb66d6110722a027cca670546c7604301e83 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?No=C3=A9mi=20V=C3=A1nyi?= Date: Tue, 4 Jan 2022 16:23:36 +0100 Subject: [PATCH 01/10] init check --- libbeat/cmd/instance/beat.go | 31 +++++++++++++++++++++++++ libbeat/outputs/elasticsearch/client.go | 6 ++++- libbeat/outputs/elasticsearch/config.go | 1 + 3 files changed, 37 insertions(+), 1 deletion(-) diff --git a/libbeat/cmd/instance/beat.go b/libbeat/cmd/instance/beat.go index eb126966094..1693c10763b 100644 --- a/libbeat/cmd/instance/beat.go +++ b/libbeat/cmd/instance/beat.go @@ -326,6 +326,8 @@ func (b *Beat) createBeater(bt beat.Creator) (beat.Beater, error) { logSystemInfo(b.Info) logp.Info("Setup Beat: %s; Version: %s", b.Info.Beat, b.Info.Version) + b.checkElasticsearchVersion() + err = b.registerESIndexManagement() if err != nil { return nil, err @@ -855,6 +857,35 @@ func (b *Beat) loadDashboards(ctx context.Context, force bool) error { return nil } +// checkElasticsearchVersion TODO +func (b *Beat) checkElasticsearchVersion() { + if b.Config.Output.Name() != "elasticsearch" || b.isConnectionToOlderVersionAllowed() { + return + } + + elasticsearch.RegisterGlobalCallback(func(conn *eslegclient.Connection) error { + esVersion := conn.GetVersion() + beatVersion, err := common.NewVersion(b.Info.Version) + if err != nil { + return err + } + if esVersion.LessThan(beatVersion) { + return elasticsearch.ErrTooOld + } + return nil + }) +} + +func (b *Beat) isConnectionToOlderVersionAllowed() bool { + config := struct { + AllowOlder bool `config:"allow_older_versions"` + }{false} + + b.Config.Output.Config().Unpack(&config) + + return config.AllowOlder +} + // registerESIndexManagement registers the loading of the template and ILM // policy as a callback with the elasticsearch output. It is important the // registration happens before the publisher is created. diff --git a/libbeat/outputs/elasticsearch/client.go b/libbeat/outputs/elasticsearch/client.go index 0d9d619b9f5..d4bdfea76a7 100644 --- a/libbeat/outputs/elasticsearch/client.go +++ b/libbeat/outputs/elasticsearch/client.go @@ -38,7 +38,11 @@ import ( "github.com/elastic/beats/v7/libbeat/testing" ) -var errPayloadTooLarge = errors.New("the bulk payload is too large for the server. Consider to adjust `http.max_content_length` parameter in Elasticsearch or `bulk_max_size` in the beat. The batch has been dropped") +var ( + errPayloadTooLarge = errors.New("the bulk payload is too large for the server. Consider to adjust `http.max_content_length` parameter in Elasticsearch or `bulk_max_size` in the beat. The batch has been dropped") + + ErrTooOld = errors.New("Elasticsearch is too old. If you would like to connect to older instances enable sdfsf.dsfsd.") +) // Client is an elasticsearch client. type Client struct { diff --git a/libbeat/outputs/elasticsearch/config.go b/libbeat/outputs/elasticsearch/config.go index 816078f9225..4e61467f679 100644 --- a/libbeat/outputs/elasticsearch/config.go +++ b/libbeat/outputs/elasticsearch/config.go @@ -43,6 +43,7 @@ type elasticsearchConfig struct { MaxRetries int `config:"max_retries"` Backoff Backoff `config:"backoff"` NonIndexablePolicy *common.ConfigNamespace `config:"non_indexable_policy"` + AllowOlderVersion bool `config:"allow_older_versions"` Transport httpcommon.HTTPTransportSettings `config:",inline"` } From ec119b1473f670c329fabc7fde35900935c4ef79 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?No=C3=A9mi=20V=C3=A1nyi?= Date: Tue, 4 Jan 2022 17:25:01 +0100 Subject: [PATCH 02/10] add to configuration reference --- auditbeat/auditbeat.reference.yml | 4 ++++ filebeat/filebeat.reference.yml | 4 ++++ heartbeat/heartbeat.reference.yml | 4 ++++ libbeat/_meta/config/output-elasticsearch.reference.yml.tmpl | 4 ++++ libbeat/cmd/instance/beat.go | 4 +++- metricbeat/metricbeat.reference.yml | 4 ++++ packetbeat/packetbeat.reference.yml | 4 ++++ winlogbeat/winlogbeat.reference.yml | 4 ++++ x-pack/auditbeat/auditbeat.reference.yml | 4 ++++ x-pack/filebeat/filebeat.reference.yml | 4 ++++ x-pack/functionbeat/functionbeat.reference.yml | 4 ++++ x-pack/heartbeat/heartbeat.reference.yml | 4 ++++ x-pack/metricbeat/metricbeat.reference.yml | 4 ++++ x-pack/osquerybeat/osquerybeat.reference.yml | 4 ++++ x-pack/packetbeat/packetbeat.reference.yml | 4 ++++ x-pack/winlogbeat/winlogbeat.reference.yml | 4 ++++ 16 files changed, 63 insertions(+), 1 deletion(-) diff --git a/auditbeat/auditbeat.reference.yml b/auditbeat/auditbeat.reference.yml index 27be08dd194..adbf2ef0327 100644 --- a/auditbeat/auditbeat.reference.yml +++ b/auditbeat/auditbeat.reference.yml @@ -460,6 +460,10 @@ output.elasticsearch: # Configure HTTP request timeout before failing a request to Elasticsearch. #timeout: 90 + # auditbeat expects Elasticseach to be the same version or newer than the Beat. + # Lift the version restriction by setting allow_older_versions to true. + #allow_older_versions: false + # Use SSL settings for HTTPS. #ssl.enabled: true diff --git a/filebeat/filebeat.reference.yml b/filebeat/filebeat.reference.yml index 87a50f91a08..46816709684 100644 --- a/filebeat/filebeat.reference.yml +++ b/filebeat/filebeat.reference.yml @@ -1404,6 +1404,10 @@ output.elasticsearch: # Configure HTTP request timeout before failing a request to Elasticsearch. #timeout: 90 + # filebeat expects Elasticseach to be the same version or newer than the Beat. + # Lift the version restriction by setting allow_older_versions to true. + #allow_older_versions: false + # Use SSL settings for HTTPS. #ssl.enabled: true diff --git a/heartbeat/heartbeat.reference.yml b/heartbeat/heartbeat.reference.yml index aca74cd9e63..1ccbf26d91a 100644 --- a/heartbeat/heartbeat.reference.yml +++ b/heartbeat/heartbeat.reference.yml @@ -606,6 +606,10 @@ output.elasticsearch: # Configure HTTP request timeout before failing a request to Elasticsearch. #timeout: 90 + # heartbeat expects Elasticseach to be the same version or newer than the Beat. + # Lift the version restriction by setting allow_older_versions to true. + #allow_older_versions: false + # Use SSL settings for HTTPS. #ssl.enabled: true diff --git a/libbeat/_meta/config/output-elasticsearch.reference.yml.tmpl b/libbeat/_meta/config/output-elasticsearch.reference.yml.tmpl index 943e6a16b47..8554a5865ee 100644 --- a/libbeat/_meta/config/output-elasticsearch.reference.yml.tmpl +++ b/libbeat/_meta/config/output-elasticsearch.reference.yml.tmpl @@ -77,6 +77,10 @@ output.elasticsearch: # Configure HTTP request timeout before failing a request to Elasticsearch. #timeout: 90 + # {{.BeatName}} expects Elasticseach to be the same version or newer than the Beat. + # Lift the version restriction by setting allow_older_versions to true. + #allow_older_versions: false + {{include "ssl.reference.yml.tmpl" . | indent 2 }} # Enable Kerberos support. Kerberos is automatically enabled if any Kerberos setting is set. #kerberos.enabled: true diff --git a/libbeat/cmd/instance/beat.go b/libbeat/cmd/instance/beat.go index 1693c10763b..6ecd9bca7f5 100644 --- a/libbeat/cmd/instance/beat.go +++ b/libbeat/cmd/instance/beat.go @@ -857,7 +857,9 @@ func (b *Beat) loadDashboards(ctx context.Context, force bool) error { return nil } -// checkElasticsearchVersion TODO +// checkElasticsearchVersion registers a global callback to make sure ES instance we are connecting +// to is at least on the same version as the Beat. +// If the check is disabled or the output is not Elasticsearch, nothing happens. func (b *Beat) checkElasticsearchVersion() { if b.Config.Output.Name() != "elasticsearch" || b.isConnectionToOlderVersionAllowed() { return diff --git a/metricbeat/metricbeat.reference.yml b/metricbeat/metricbeat.reference.yml index 2d4c51aea50..b729b960ba7 100644 --- a/metricbeat/metricbeat.reference.yml +++ b/metricbeat/metricbeat.reference.yml @@ -1323,6 +1323,10 @@ output.elasticsearch: # Configure HTTP request timeout before failing a request to Elasticsearch. #timeout: 90 + # metricbeat expects Elasticseach to be the same version or newer than the Beat. + # Lift the version restriction by setting allow_older_versions to true. + #allow_older_versions: false + # Use SSL settings for HTTPS. #ssl.enabled: true diff --git a/packetbeat/packetbeat.reference.yml b/packetbeat/packetbeat.reference.yml index 739fe5c5332..7775e7d0b54 100644 --- a/packetbeat/packetbeat.reference.yml +++ b/packetbeat/packetbeat.reference.yml @@ -955,6 +955,10 @@ output.elasticsearch: # Configure HTTP request timeout before failing a request to Elasticsearch. #timeout: 90 + # packetbeat expects Elasticseach to be the same version or newer than the Beat. + # Lift the version restriction by setting allow_older_versions to true. + #allow_older_versions: false + # Use SSL settings for HTTPS. #ssl.enabled: true diff --git a/winlogbeat/winlogbeat.reference.yml b/winlogbeat/winlogbeat.reference.yml index 51ca51897f8..88767e94ee8 100644 --- a/winlogbeat/winlogbeat.reference.yml +++ b/winlogbeat/winlogbeat.reference.yml @@ -391,6 +391,10 @@ output.elasticsearch: # Configure HTTP request timeout before failing a request to Elasticsearch. #timeout: 90 + # winlogbeat expects Elasticseach to be the same version or newer than the Beat. + # Lift the version restriction by setting allow_older_versions to true. + #allow_older_versions: false + # Use SSL settings for HTTPS. #ssl.enabled: true diff --git a/x-pack/auditbeat/auditbeat.reference.yml b/x-pack/auditbeat/auditbeat.reference.yml index b058641150c..b4957a36ad5 100644 --- a/x-pack/auditbeat/auditbeat.reference.yml +++ b/x-pack/auditbeat/auditbeat.reference.yml @@ -516,6 +516,10 @@ output.elasticsearch: # Configure HTTP request timeout before failing a request to Elasticsearch. #timeout: 90 + # auditbeat expects Elasticseach to be the same version or newer than the Beat. + # Lift the version restriction by setting allow_older_versions to true. + #allow_older_versions: false + # Use SSL settings for HTTPS. #ssl.enabled: true diff --git a/x-pack/filebeat/filebeat.reference.yml b/x-pack/filebeat/filebeat.reference.yml index cabffe369c9..9ddc8c9b533 100644 --- a/x-pack/filebeat/filebeat.reference.yml +++ b/x-pack/filebeat/filebeat.reference.yml @@ -3634,6 +3634,10 @@ output.elasticsearch: # Configure HTTP request timeout before failing a request to Elasticsearch. #timeout: 90 + # filebeat expects Elasticseach to be the same version or newer than the Beat. + # Lift the version restriction by setting allow_older_versions to true. + #allow_older_versions: false + # Use SSL settings for HTTPS. #ssl.enabled: true diff --git a/x-pack/functionbeat/functionbeat.reference.yml b/x-pack/functionbeat/functionbeat.reference.yml index 090ab1cc877..ac63e168af3 100644 --- a/x-pack/functionbeat/functionbeat.reference.yml +++ b/x-pack/functionbeat/functionbeat.reference.yml @@ -638,6 +638,10 @@ output.elasticsearch: # Configure HTTP request timeout before failing a request to Elasticsearch. #timeout: 90 + # functionbeat expects Elasticseach to be the same version or newer than the Beat. + # Lift the version restriction by setting allow_older_versions to true. + #allow_older_versions: false + # Use SSL settings for HTTPS. #ssl.enabled: true diff --git a/x-pack/heartbeat/heartbeat.reference.yml b/x-pack/heartbeat/heartbeat.reference.yml index aca74cd9e63..1ccbf26d91a 100644 --- a/x-pack/heartbeat/heartbeat.reference.yml +++ b/x-pack/heartbeat/heartbeat.reference.yml @@ -606,6 +606,10 @@ output.elasticsearch: # Configure HTTP request timeout before failing a request to Elasticsearch. #timeout: 90 + # heartbeat expects Elasticseach to be the same version or newer than the Beat. + # Lift the version restriction by setting allow_older_versions to true. + #allow_older_versions: false + # Use SSL settings for HTTPS. #ssl.enabled: true diff --git a/x-pack/metricbeat/metricbeat.reference.yml b/x-pack/metricbeat/metricbeat.reference.yml index 2c3a35d801b..a09271c2a57 100644 --- a/x-pack/metricbeat/metricbeat.reference.yml +++ b/x-pack/metricbeat/metricbeat.reference.yml @@ -1844,6 +1844,10 @@ output.elasticsearch: # Configure HTTP request timeout before failing a request to Elasticsearch. #timeout: 90 + # metricbeat expects Elasticseach to be the same version or newer than the Beat. + # Lift the version restriction by setting allow_older_versions to true. + #allow_older_versions: false + # Use SSL settings for HTTPS. #ssl.enabled: true diff --git a/x-pack/osquerybeat/osquerybeat.reference.yml b/x-pack/osquerybeat/osquerybeat.reference.yml index 53f7f52f922..e3c1fa63f43 100644 --- a/x-pack/osquerybeat/osquerybeat.reference.yml +++ b/x-pack/osquerybeat/osquerybeat.reference.yml @@ -357,6 +357,10 @@ output.elasticsearch: # Configure HTTP request timeout before failing a request to Elasticsearch. #timeout: 90 + # osquerybeat expects Elasticseach to be the same version or newer than the Beat. + # Lift the version restriction by setting allow_older_versions to true. + #allow_older_versions: false + # Use SSL settings for HTTPS. #ssl.enabled: true diff --git a/x-pack/packetbeat/packetbeat.reference.yml b/x-pack/packetbeat/packetbeat.reference.yml index 739fe5c5332..7775e7d0b54 100644 --- a/x-pack/packetbeat/packetbeat.reference.yml +++ b/x-pack/packetbeat/packetbeat.reference.yml @@ -955,6 +955,10 @@ output.elasticsearch: # Configure HTTP request timeout before failing a request to Elasticsearch. #timeout: 90 + # packetbeat expects Elasticseach to be the same version or newer than the Beat. + # Lift the version restriction by setting allow_older_versions to true. + #allow_older_versions: false + # Use SSL settings for HTTPS. #ssl.enabled: true diff --git a/x-pack/winlogbeat/winlogbeat.reference.yml b/x-pack/winlogbeat/winlogbeat.reference.yml index d74e971638a..bff06e0b44b 100644 --- a/x-pack/winlogbeat/winlogbeat.reference.yml +++ b/x-pack/winlogbeat/winlogbeat.reference.yml @@ -434,6 +434,10 @@ output.elasticsearch: # Configure HTTP request timeout before failing a request to Elasticsearch. #timeout: 90 + # winlogbeat expects Elasticseach to be the same version or newer than the Beat. + # Lift the version restriction by setting allow_older_versions to true. + #allow_older_versions: false + # Use SSL settings for HTTPS. #ssl.enabled: true From 3fba2df267a08cbd6a995aea27acfbf8ca9614ea Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?No=C3=A9mi=20V=C3=A1nyi?= Date: Tue, 4 Jan 2022 17:36:23 +0100 Subject: [PATCH 03/10] adjust docs --- libbeat/outputs/elasticsearch/client.go | 2 +- .../outputs/elasticsearch/docs/elasticsearch.asciidoc | 11 +++++++++++ 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/libbeat/outputs/elasticsearch/client.go b/libbeat/outputs/elasticsearch/client.go index d4bdfea76a7..13ddca5cbae 100644 --- a/libbeat/outputs/elasticsearch/client.go +++ b/libbeat/outputs/elasticsearch/client.go @@ -41,7 +41,7 @@ import ( var ( errPayloadTooLarge = errors.New("the bulk payload is too large for the server. Consider to adjust `http.max_content_length` parameter in Elasticsearch or `bulk_max_size` in the beat. The batch has been dropped") - ErrTooOld = errors.New("Elasticsearch is too old. If you would like to connect to older instances enable sdfsf.dsfsd.") + ErrTooOld = errors.New("Elasticsearch is too old. If you would like to connect to older instances set output.elasticsearch.allow_older_versions to true.") ) // Client is an elasticsearch client. diff --git a/libbeat/outputs/elasticsearch/docs/elasticsearch.asciidoc b/libbeat/outputs/elasticsearch/docs/elasticsearch.asciidoc index a3c89dad67e..c465be2dddd 100644 --- a/libbeat/outputs/elasticsearch/docs/elasticsearch.asciidoc +++ b/libbeat/outputs/elasticsearch/docs/elasticsearch.asciidoc @@ -60,6 +60,9 @@ This output works with all compatible versions of Elasticsearch. See the https://www.elastic.co/support/matrix#matrix_compatibility[Elastic Support Matrix]. +For optimal experience, {beatname_uc} only connects to instances that are at least on the +same version as the Beat. The check can be disabled by setting `output.elasticsearch.allow_older_versions`. + ==== Configuration options You can specify the following options in the `elasticsearch` section of the +{beatname_lc}.yml+ config file: @@ -668,6 +671,14 @@ Elasticsearch after a network error. The default is `60s`. The http request timeout in seconds for the Elasticsearch request. The default is 90. +==== `allow_older_versions` + +By default, {beatname_uc} expects the Elasticsearch instance to be on the same or newer version to provide +optimal experience. We suggest you connect to the same version to make sure all features {beatname_uc} is using are +available in your Elasticsearch instance. + +You can disable the check for example during updating the Elastic Stack, so data collection can go on. + ===== `ssl` Configuration options for SSL parameters like the certificate authority to use From 3f9445daacb97b248848f167b7d662a6a7806c13 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?No=C3=A9mi=20V=C3=A1nyi?= Date: Thu, 6 Jan 2022 15:07:41 +0100 Subject: [PATCH 04/10] more follow pu --- libbeat/cmd/instance/beat.go | 1 + libbeat/tests/system/config/mockbeat.yml.j2 | 2 ++ 2 files changed, 3 insertions(+) diff --git a/libbeat/cmd/instance/beat.go b/libbeat/cmd/instance/beat.go index 6ecd9bca7f5..4c24131a0f3 100644 --- a/libbeat/cmd/instance/beat.go +++ b/libbeat/cmd/instance/beat.go @@ -872,6 +872,7 @@ func (b *Beat) checkElasticsearchVersion() { return err } if esVersion.LessThan(beatVersion) { + logp.Err("Elasticsearch instance is too old. ES=%v Beat=%s", esVersion, b.Info.Version) return elasticsearch.ErrTooOld } return nil diff --git a/libbeat/tests/system/config/mockbeat.yml.j2 b/libbeat/tests/system/config/mockbeat.yml.j2 index 8aee28a276f..50c3bccc609 100644 --- a/libbeat/tests/system/config/mockbeat.yml.j2 +++ b/libbeat/tests/system/config/mockbeat.yml.j2 @@ -42,6 +42,8 @@ output: {% for k, v in elasticsearch.items() -%} {{ k }}: {{ v }} {% endfor -%} + # older versions have to be alloed because mockbeat is on v9.9.9 + allow_older_versions: true {%- endif %} # Redis as output From 5e09ebfffc66c2d12f0603ebc49afd7a2dbc02a4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?No=C3=A9mi=20V=C3=A1nyi?= Date: Fri, 7 Jan 2022 12:03:41 +0100 Subject: [PATCH 05/10] for backward compatibility testss allow connecting to older versions --- filebeat/Jenkinsfile.yml | 1 + filebeat/tests/system/test_modules.py | 3 +++ x-pack/filebeat/Jenkinsfile.yml | 1 + 3 files changed, 5 insertions(+) diff --git a/filebeat/Jenkinsfile.yml b/filebeat/Jenkinsfile.yml index f5843c43b18..6ce43047d18 100644 --- a/filebeat/Jenkinsfile.yml +++ b/filebeat/Jenkinsfile.yml @@ -48,6 +48,7 @@ stages: mage: >- ## Run module integration tests under previous minor of ES to ensure ingest pipeline compatibility. STACK_ENVIRONMENT=prev-minor TESTING_FILEBEAT_SKIP_DIFF=1 + TESTING_ALLOW_OLDER=1 PYTEST_ADDOPTS='-k test_modules' mage pythonIntegTest withModule: true diff --git a/filebeat/tests/system/test_modules.py b/filebeat/tests/system/test_modules.py index b4ee0c7b487..46cef31ea98 100644 --- a/filebeat/tests/system/test_modules.py +++ b/filebeat/tests/system/test_modules.py @@ -124,6 +124,9 @@ def run_on_file(self, module, fileset, test_file, cfgfile): module=module, fileset=fileset, test_file=test_file), "-M", "*.*.input.close_eof=true", ] + # allow connecting older versions of Elasticsearch + if os.getenv("TESTING_ALLOW_OLDER"): + cmd.extend(["-E", "output.elasticsearch.allow_older_versions=true"]) # Based on the convention that if a name contains -json the json format is needed. Currently used for LS. if "-json" in test_file: diff --git a/x-pack/filebeat/Jenkinsfile.yml b/x-pack/filebeat/Jenkinsfile.yml index c5647d9a854..801463c7e6b 100644 --- a/x-pack/filebeat/Jenkinsfile.yml +++ b/x-pack/filebeat/Jenkinsfile.yml @@ -48,6 +48,7 @@ stages: mage: >- ## Run module integration tests under previous minor of ES to ensure ingest pipeline compatibility. STACK_ENVIRONMENT=prev-minor TESTING_FILEBEAT_SKIP_DIFF=1 + TESTING_ALLOW_OLDER=1 PYTEST_ADDOPTS='-k test_xpack_modules' mage pythonIntegTest withModule: true From 7729768143b2eda1c7f6c597d4c9fe729d1d3b4e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?No=C3=A9mi=20V=C3=A1nyi?= Date: Mon, 10 Jan 2022 14:50:36 +0100 Subject: [PATCH 06/10] Update libbeat/tests/system/config/mockbeat.yml.j2 Co-authored-by: Craig MacKenzie --- libbeat/tests/system/config/mockbeat.yml.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libbeat/tests/system/config/mockbeat.yml.j2 b/libbeat/tests/system/config/mockbeat.yml.j2 index 50c3bccc609..5657105832e 100644 --- a/libbeat/tests/system/config/mockbeat.yml.j2 +++ b/libbeat/tests/system/config/mockbeat.yml.j2 @@ -42,7 +42,7 @@ output: {% for k, v in elasticsearch.items() -%} {{ k }}: {{ v }} {% endfor -%} - # older versions have to be alloed because mockbeat is on v9.9.9 + # older versions have to be allowed because mockbeat is on v9.9.9 allow_older_versions: true {%- endif %} From 480ea244717806fb2e5f6f71a9527fde450d8861 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?No=C3=A9mi=20V=C3=A1nyi?= Date: Mon, 10 Jan 2022 14:52:15 +0100 Subject: [PATCH 07/10] Update libbeat/_meta/config/output-elasticsearch.reference.yml.tmpl Co-authored-by: Craig MacKenzie --- libbeat/_meta/config/output-elasticsearch.reference.yml.tmpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libbeat/_meta/config/output-elasticsearch.reference.yml.tmpl b/libbeat/_meta/config/output-elasticsearch.reference.yml.tmpl index 8554a5865ee..be9ede7dba8 100644 --- a/libbeat/_meta/config/output-elasticsearch.reference.yml.tmpl +++ b/libbeat/_meta/config/output-elasticsearch.reference.yml.tmpl @@ -77,7 +77,7 @@ output.elasticsearch: # Configure HTTP request timeout before failing a request to Elasticsearch. #timeout: 90 - # {{.BeatName}} expects Elasticseach to be the same version or newer than the Beat. + # {{.BeatName}} expects Elasticsearch to be the same version or newer than the Beat. # Lift the version restriction by setting allow_older_versions to true. #allow_older_versions: false From c225dbe13b877460e9dbe55d013f10e6341e9ae4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?No=C3=A9mi=20V=C3=A1nyi?= Date: Mon, 10 Jan 2022 16:49:09 +0100 Subject: [PATCH 08/10] address review notes --- auditbeat/auditbeat.reference.yml | 2 +- filebeat/filebeat.reference.yml | 2 +- heartbeat/heartbeat.reference.yml | 2 +- libbeat/cmd/instance/beat.go | 3 +-- libbeat/outputs/elasticsearch/client.go | 2 +- metricbeat/metricbeat.reference.yml | 2 +- packetbeat/packetbeat.reference.yml | 2 +- winlogbeat/winlogbeat.reference.yml | 2 +- x-pack/auditbeat/auditbeat.reference.yml | 2 +- x-pack/filebeat/filebeat.reference.yml | 2 +- x-pack/functionbeat/functionbeat.reference.yml | 2 +- x-pack/heartbeat/heartbeat.reference.yml | 2 +- x-pack/metricbeat/metricbeat.reference.yml | 2 +- x-pack/osquerybeat/osquerybeat.reference.yml | 2 +- x-pack/packetbeat/packetbeat.reference.yml | 2 +- x-pack/winlogbeat/winlogbeat.reference.yml | 2 +- 16 files changed, 16 insertions(+), 17 deletions(-) diff --git a/auditbeat/auditbeat.reference.yml b/auditbeat/auditbeat.reference.yml index adbf2ef0327..cce2bc58144 100644 --- a/auditbeat/auditbeat.reference.yml +++ b/auditbeat/auditbeat.reference.yml @@ -460,7 +460,7 @@ output.elasticsearch: # Configure HTTP request timeout before failing a request to Elasticsearch. #timeout: 90 - # auditbeat expects Elasticseach to be the same version or newer than the Beat. + # auditbeat expects Elasticsearch to be the same version or newer than the Beat. # Lift the version restriction by setting allow_older_versions to true. #allow_older_versions: false diff --git a/filebeat/filebeat.reference.yml b/filebeat/filebeat.reference.yml index 46816709684..11273253e6a 100644 --- a/filebeat/filebeat.reference.yml +++ b/filebeat/filebeat.reference.yml @@ -1404,7 +1404,7 @@ output.elasticsearch: # Configure HTTP request timeout before failing a request to Elasticsearch. #timeout: 90 - # filebeat expects Elasticseach to be the same version or newer than the Beat. + # filebeat expects Elasticsearch to be the same version or newer than the Beat. # Lift the version restriction by setting allow_older_versions to true. #allow_older_versions: false diff --git a/heartbeat/heartbeat.reference.yml b/heartbeat/heartbeat.reference.yml index 1ccbf26d91a..415ca4cb69d 100644 --- a/heartbeat/heartbeat.reference.yml +++ b/heartbeat/heartbeat.reference.yml @@ -606,7 +606,7 @@ output.elasticsearch: # Configure HTTP request timeout before failing a request to Elasticsearch. #timeout: 90 - # heartbeat expects Elasticseach to be the same version or newer than the Beat. + # heartbeat expects Elasticsearch to be the same version or newer than the Beat. # Lift the version restriction by setting allow_older_versions to true. #allow_older_versions: false diff --git a/libbeat/cmd/instance/beat.go b/libbeat/cmd/instance/beat.go index 4c24131a0f3..ab52b4f545c 100644 --- a/libbeat/cmd/instance/beat.go +++ b/libbeat/cmd/instance/beat.go @@ -872,8 +872,7 @@ func (b *Beat) checkElasticsearchVersion() { return err } if esVersion.LessThan(beatVersion) { - logp.Err("Elasticsearch instance is too old. ES=%v Beat=%s", esVersion, b.Info.Version) - return elasticsearch.ErrTooOld + return fmt.Errorf("%v ES=%s, Beat=%s.", elasticsearch.ErrTooOld, esVersion.String(), b.Info.Version) } return nil }) diff --git a/libbeat/outputs/elasticsearch/client.go b/libbeat/outputs/elasticsearch/client.go index 13ddca5cbae..f13a5db56ec 100644 --- a/libbeat/outputs/elasticsearch/client.go +++ b/libbeat/outputs/elasticsearch/client.go @@ -41,7 +41,7 @@ import ( var ( errPayloadTooLarge = errors.New("the bulk payload is too large for the server. Consider to adjust `http.max_content_length` parameter in Elasticsearch or `bulk_max_size` in the beat. The batch has been dropped") - ErrTooOld = errors.New("Elasticsearch is too old. If you would like to connect to older instances set output.elasticsearch.allow_older_versions to true.") + ErrTooOld = errors.New("Elasticsearch is too old. Please upgrade the instance. If you would like to connect to older instances set output.elasticsearch.allow_older_versions to true.") ) // Client is an elasticsearch client. diff --git a/metricbeat/metricbeat.reference.yml b/metricbeat/metricbeat.reference.yml index b729b960ba7..b98461466cf 100644 --- a/metricbeat/metricbeat.reference.yml +++ b/metricbeat/metricbeat.reference.yml @@ -1323,7 +1323,7 @@ output.elasticsearch: # Configure HTTP request timeout before failing a request to Elasticsearch. #timeout: 90 - # metricbeat expects Elasticseach to be the same version or newer than the Beat. + # metricbeat expects Elasticsearch to be the same version or newer than the Beat. # Lift the version restriction by setting allow_older_versions to true. #allow_older_versions: false diff --git a/packetbeat/packetbeat.reference.yml b/packetbeat/packetbeat.reference.yml index 7775e7d0b54..fd9ed4b20fe 100644 --- a/packetbeat/packetbeat.reference.yml +++ b/packetbeat/packetbeat.reference.yml @@ -955,7 +955,7 @@ output.elasticsearch: # Configure HTTP request timeout before failing a request to Elasticsearch. #timeout: 90 - # packetbeat expects Elasticseach to be the same version or newer than the Beat. + # packetbeat expects Elasticsearch to be the same version or newer than the Beat. # Lift the version restriction by setting allow_older_versions to true. #allow_older_versions: false diff --git a/winlogbeat/winlogbeat.reference.yml b/winlogbeat/winlogbeat.reference.yml index 88767e94ee8..21358d6e416 100644 --- a/winlogbeat/winlogbeat.reference.yml +++ b/winlogbeat/winlogbeat.reference.yml @@ -391,7 +391,7 @@ output.elasticsearch: # Configure HTTP request timeout before failing a request to Elasticsearch. #timeout: 90 - # winlogbeat expects Elasticseach to be the same version or newer than the Beat. + # winlogbeat expects Elasticsearch to be the same version or newer than the Beat. # Lift the version restriction by setting allow_older_versions to true. #allow_older_versions: false diff --git a/x-pack/auditbeat/auditbeat.reference.yml b/x-pack/auditbeat/auditbeat.reference.yml index b4957a36ad5..1fd3bfcc92c 100644 --- a/x-pack/auditbeat/auditbeat.reference.yml +++ b/x-pack/auditbeat/auditbeat.reference.yml @@ -516,7 +516,7 @@ output.elasticsearch: # Configure HTTP request timeout before failing a request to Elasticsearch. #timeout: 90 - # auditbeat expects Elasticseach to be the same version or newer than the Beat. + # auditbeat expects Elasticsearch to be the same version or newer than the Beat. # Lift the version restriction by setting allow_older_versions to true. #allow_older_versions: false diff --git a/x-pack/filebeat/filebeat.reference.yml b/x-pack/filebeat/filebeat.reference.yml index 9ddc8c9b533..7aa5350e19f 100644 --- a/x-pack/filebeat/filebeat.reference.yml +++ b/x-pack/filebeat/filebeat.reference.yml @@ -3634,7 +3634,7 @@ output.elasticsearch: # Configure HTTP request timeout before failing a request to Elasticsearch. #timeout: 90 - # filebeat expects Elasticseach to be the same version or newer than the Beat. + # filebeat expects Elasticsearch to be the same version or newer than the Beat. # Lift the version restriction by setting allow_older_versions to true. #allow_older_versions: false diff --git a/x-pack/functionbeat/functionbeat.reference.yml b/x-pack/functionbeat/functionbeat.reference.yml index ac63e168af3..5f0e7bfd13e 100644 --- a/x-pack/functionbeat/functionbeat.reference.yml +++ b/x-pack/functionbeat/functionbeat.reference.yml @@ -638,7 +638,7 @@ output.elasticsearch: # Configure HTTP request timeout before failing a request to Elasticsearch. #timeout: 90 - # functionbeat expects Elasticseach to be the same version or newer than the Beat. + # functionbeat expects Elasticsearch to be the same version or newer than the Beat. # Lift the version restriction by setting allow_older_versions to true. #allow_older_versions: false diff --git a/x-pack/heartbeat/heartbeat.reference.yml b/x-pack/heartbeat/heartbeat.reference.yml index 1ccbf26d91a..415ca4cb69d 100644 --- a/x-pack/heartbeat/heartbeat.reference.yml +++ b/x-pack/heartbeat/heartbeat.reference.yml @@ -606,7 +606,7 @@ output.elasticsearch: # Configure HTTP request timeout before failing a request to Elasticsearch. #timeout: 90 - # heartbeat expects Elasticseach to be the same version or newer than the Beat. + # heartbeat expects Elasticsearch to be the same version or newer than the Beat. # Lift the version restriction by setting allow_older_versions to true. #allow_older_versions: false diff --git a/x-pack/metricbeat/metricbeat.reference.yml b/x-pack/metricbeat/metricbeat.reference.yml index a09271c2a57..18b6d9704a8 100644 --- a/x-pack/metricbeat/metricbeat.reference.yml +++ b/x-pack/metricbeat/metricbeat.reference.yml @@ -1844,7 +1844,7 @@ output.elasticsearch: # Configure HTTP request timeout before failing a request to Elasticsearch. #timeout: 90 - # metricbeat expects Elasticseach to be the same version or newer than the Beat. + # metricbeat expects Elasticsearch to be the same version or newer than the Beat. # Lift the version restriction by setting allow_older_versions to true. #allow_older_versions: false diff --git a/x-pack/osquerybeat/osquerybeat.reference.yml b/x-pack/osquerybeat/osquerybeat.reference.yml index e3c1fa63f43..b81f31c7d16 100644 --- a/x-pack/osquerybeat/osquerybeat.reference.yml +++ b/x-pack/osquerybeat/osquerybeat.reference.yml @@ -357,7 +357,7 @@ output.elasticsearch: # Configure HTTP request timeout before failing a request to Elasticsearch. #timeout: 90 - # osquerybeat expects Elasticseach to be the same version or newer than the Beat. + # osquerybeat expects Elasticsearch to be the same version or newer than the Beat. # Lift the version restriction by setting allow_older_versions to true. #allow_older_versions: false diff --git a/x-pack/packetbeat/packetbeat.reference.yml b/x-pack/packetbeat/packetbeat.reference.yml index 7775e7d0b54..fd9ed4b20fe 100644 --- a/x-pack/packetbeat/packetbeat.reference.yml +++ b/x-pack/packetbeat/packetbeat.reference.yml @@ -955,7 +955,7 @@ output.elasticsearch: # Configure HTTP request timeout before failing a request to Elasticsearch. #timeout: 90 - # packetbeat expects Elasticseach to be the same version or newer than the Beat. + # packetbeat expects Elasticsearch to be the same version or newer than the Beat. # Lift the version restriction by setting allow_older_versions to true. #allow_older_versions: false diff --git a/x-pack/winlogbeat/winlogbeat.reference.yml b/x-pack/winlogbeat/winlogbeat.reference.yml index bff06e0b44b..d44f301dd2d 100644 --- a/x-pack/winlogbeat/winlogbeat.reference.yml +++ b/x-pack/winlogbeat/winlogbeat.reference.yml @@ -434,7 +434,7 @@ output.elasticsearch: # Configure HTTP request timeout before failing a request to Elasticsearch. #timeout: 90 - # winlogbeat expects Elasticseach to be the same version or newer than the Beat. + # winlogbeat expects Elasticsearch to be the same version or newer than the Beat. # Lift the version restriction by setting allow_older_versions to true. #allow_older_versions: false From 20fd85ec0c73a96111369586f1e64b931ada1b3b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?No=C3=A9mi=20V=C3=A1nyi?= Date: Mon, 10 Jan 2022 16:50:17 +0100 Subject: [PATCH 09/10] add changelog entry --- CHANGELOG.next.asciidoc | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index 1c73e56a5ec..d6cb347f636 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -138,6 +138,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Add FIPS configuration option for all AWS API calls. {pull}28899[28899] - Add `default_region` config to AWS common module. {pull}29415[29415] - Add support for latest k8s versions v1.23 and v1.22 {pull}29575[29575] +- Only connect to Elasticsearch instances with the same version or newer. {pull}29683[29683] *Auditbeat* From f331836bde48a8c5d88679d67055c82a0e310144 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?No=C3=A9mi=20V=C3=A1nyi?= Date: Wed, 12 Jan 2022 17:28:06 +0100 Subject: [PATCH 10/10] fix env variable prefix --- filebeat/Jenkinsfile.yml | 2 +- filebeat/tests/system/test_modules.py | 2 +- x-pack/filebeat/Jenkinsfile.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/filebeat/Jenkinsfile.yml b/filebeat/Jenkinsfile.yml index 6ce43047d18..b77dc29f160 100644 --- a/filebeat/Jenkinsfile.yml +++ b/filebeat/Jenkinsfile.yml @@ -48,7 +48,7 @@ stages: mage: >- ## Run module integration tests under previous minor of ES to ensure ingest pipeline compatibility. STACK_ENVIRONMENT=prev-minor TESTING_FILEBEAT_SKIP_DIFF=1 - TESTING_ALLOW_OLDER=1 + TESTING_FILEBEAT_ALLOW_OLDER=1 PYTEST_ADDOPTS='-k test_modules' mage pythonIntegTest withModule: true diff --git a/filebeat/tests/system/test_modules.py b/filebeat/tests/system/test_modules.py index 46cef31ea98..213a5c04024 100644 --- a/filebeat/tests/system/test_modules.py +++ b/filebeat/tests/system/test_modules.py @@ -125,7 +125,7 @@ def run_on_file(self, module, fileset, test_file, cfgfile): "-M", "*.*.input.close_eof=true", ] # allow connecting older versions of Elasticsearch - if os.getenv("TESTING_ALLOW_OLDER"): + if os.getenv("TESTING_FILEBEAT_ALLOW_OLDER"): cmd.extend(["-E", "output.elasticsearch.allow_older_versions=true"]) # Based on the convention that if a name contains -json the json format is needed. Currently used for LS. diff --git a/x-pack/filebeat/Jenkinsfile.yml b/x-pack/filebeat/Jenkinsfile.yml index 801463c7e6b..79276187dfe 100644 --- a/x-pack/filebeat/Jenkinsfile.yml +++ b/x-pack/filebeat/Jenkinsfile.yml @@ -48,7 +48,7 @@ stages: mage: >- ## Run module integration tests under previous minor of ES to ensure ingest pipeline compatibility. STACK_ENVIRONMENT=prev-minor TESTING_FILEBEAT_SKIP_DIFF=1 - TESTING_ALLOW_OLDER=1 + TESTING_FILEBEAT_ALLOW_OLDER=1 PYTEST_ADDOPTS='-k test_xpack_modules' mage pythonIntegTest withModule: true