openmpf · jrobble · Dec 29, 2020 · Dec 29, 2020 · Dec 29, 2020 · Dec 29, 2020
diff --git a/activemq/Dockerfile b/activemq/Dockerfile
@@ -49,6 +49,12 @@ RUN curl --location https://archive.apache.org/dist/activemq/5.16.0/apache-activ
     # which prevented access to Web UI outside of container.
     sed -i '119s/.*/        <property name="host" value="0.0.0.0"\/>/' \
             /opt/activemq/conf/jetty.xml; \
+    # Remove the following to enable ActiveMQ Metricbeat access to Jolokia:
+    # <!-- Enforce that an Origin/Referer header is present to prevent CSRF -->
+    # <cors>
+    #   <strict-checking/>
+    # </cors>
+    sed -i '20,23d' /opt/activemq/webapps/api/WEB-INF/classes/jolokia-access.xml; \
     cd /opt/activemq; \
     rm --recursive docs examples webapps-demo;
 

diff --git a/docker-compose.elk.yml b/docker-compose.elk.yml
@@ -2,7 +2,7 @@ version: '3.7'
 
 services:
   elasticsearch:
-    image: docker.elastic.co/elasticsearch/elasticsearch:7.6.0
+    image: docker.elastic.co/elasticsearch/elasticsearch:7.10.1
     command:
       - elasticsearch
       - -E
@@ -26,12 +26,24 @@ services:
       # Disable Kibana apps we don't use. Not all Kibana apps can be disabled.
       TELEMETRY_OPTIN: 'false'
       TELEMETRY_ENABLED: 'false'
-      XPACK_APM_UI_ENABLED: 'false'
+      XPACK_APM_ENABLED: 'false'
+      XPACK_CANVAS_ENABLED: 'false'
+      XPACK_FLEET_ENABLED: 'false'
+      XPACK_FLEET_AGENTS_ENABLED: 'false'
+      XPACK_GRAPH_ENABLED: 'false'
+      XPACK_MAPS_ENABLED: 'false'
       XPACK_ML_ENABLED: 'false'
       XPACK_MONITORING_ENABLED: 'false'
       XPACK_REPORTING_ENABLED: 'false'
-      XPACK_GRAPH_ENABLED: 'false'
+      XPACK_ROLLUP_ENABLED: 'false'
       NEWSFEED_ENABLED: 'false'
+      MONITORING_ENABLED: 'false'
+      # NOTE: Do not use this stack in production without first enabling security:
+      # https://www.elastic.co/guide/en/kibana/current/security-settings-kb.html
+      XPACK_SECURITY_ENABLED: 'false'
+      # The following two settings are needed for Logs view:
+      XPACK_INFRA_ENABLED: 'true'
+      XPACK_SPACES_ENABLED: 'true'
     ports:
       - '5601:5601'
     depends_on:
@@ -42,7 +54,7 @@ services:
           - node.role == manager
 
   filebeat:
-    image: docker.elastic.co/beats/filebeat:7.6.0
+    image: docker.elastic.co/beats/filebeat:7.10.1
     command:
       # Allow filebeat's own logs to be collected
       - -e
@@ -62,6 +74,22 @@ services:
     depends_on:
       - elasticsearch
 
+  metricbeat:
+    image: ${REGISTRY}openmpf_metricbeat:${TAG}
+    build: metricbeat
+    command:
+      - -e
+      - -E
+      - logging.level=warning
+    user: root
+    depends_on:
+      - activemq
+      - elasticsearch
+      - kibana
+    deploy:
+      placement:
+        constraints:
+          - node.role == manager
 
 volumes:
   elastic_search_data:
diff --git a/kibana/Dockerfile b/kibana/Dockerfile
@@ -26,7 +26,7 @@
 # limitations under the License.                                            #
 #############################################################################
 
-FROM docker.elastic.co/kibana/kibana:7.6.0
+FROM docker.elastic.co/kibana/kibana:7.10.1
 
 COPY docker-entrypoint.sh /scripts/
 

diff --git a/metricbeat/Dockerfile b/metricbeat/Dockerfile
@@ -0,0 +1,53 @@
+# syntax=docker/dockerfile:1.2
+
+#############################################################################
+# NOTICE                                                                    #
+#                                                                           #
+# This software (or technical data) was produced for the U.S. Government    #
+# under contract, and is subject to the Rights in Data-General Clause       #
+# 52.227-14, Alt. IV (DEC 2007).                                            #
+#                                                                           #
+# Copyright 2020 The MITRE Corporation. All Rights Reserved.                #
+#############################################################################
+
+#############################################################################
+# Copyright 2020 The MITRE Corporation                                      #
+#                                                                           #
+# Licensed under the Apache License, Version 2.0 (the "License");           #
+# you may not use this file except in compliance with the License.          #
+# You may obtain a copy of the License at                                   #
+#                                                                           #
+#    http://www.apache.org/licenses/LICENSE-2.0                             #
+#                                                                           #
+# Unless required by applicable law or agreed to in writing, software       #
+# distributed under the License is distributed on an "AS IS" BASIS,         #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.  #
+# See the License for the specific language governing permissions and       #
+# limitations under the License.                                            #
+#############################################################################
+
+FROM docker.elastic.co/beats/metricbeat:7.10.1
+
+COPY docker-entrypoint.sh /scripts/
+
+COPY metricbeat.yml /usr/share/metricbeat/metricbeat.yml
+
+# Metricbeat performs security checks:
+# - config file ("metricbeat.yml") must be owned by the user identifier (uid=0) or root
+# - config file ("metricbeat.yml") can only be writable by the owner
+USER root
+RUN chmod 0644 /usr/share/metricbeat/metricbeat.yml
+USER metricbeat
+
+ENTRYPOINT ["/scripts/docker-entrypoint.sh"]
+
+# Taken from base image
+CMD ["-e"]
+
+# Inherit "license", "org.label-schema.license", and "org.label-schema.usage" from base image.
+LABEL org.label-schema.build-date="" \
+      org.label-schema.name="OpenMPF Metricbeat" \
+      org.label-schema.schema-version="1.0" \
+      org.label-schema.url="https://openmpf.github.io" \
+      org.label-schema.vcs-url="https://github.com/openmpf" \
+      org.label-schema.vendor="MITRE"
diff --git a/metricbeat/docker-entrypoint.sh b/metricbeat/docker-entrypoint.sh
@@ -0,0 +1,51 @@
+#!/bin/bash
+
+#############################################################################
+# NOTICE                                                                    #
+#                                                                           #
+# This software (or technical data) was produced for the U.S. Government    #
+# under contract, and is subject to the Rights in Data-General Clause       #
+# 52.227-14, Alt. IV (DEC 2007).                                            #
+#                                                                           #
+# Copyright 2020 The MITRE Corporation. All Rights Reserved.                #
+#############################################################################
+
+#############################################################################
+# Copyright 2020 The MITRE Corporation                                      #
+#                                                                           #
+# Licensed under the Apache License, Version 2.0 (the "License");           #
+# you may not use this file except in compliance with the License.          #
+# You may obtain a copy of the License at                                   #
+#                                                                           #
+#    http://www.apache.org/licenses/LICENSE-2.0                             #
+#                                                                           #
+# Unless required by applicable law or agreed to in writing, software       #
+# distributed under the License is distributed on an "AS IS" BASIS,         #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.  #
+# See the License for the specific language governing permissions and       #
+# limitations under the License.                                            #
+#############################################################################
+
+set -o errexit -o pipefail
+
+KIBANA_HOST="${KIBANA_HOST:-kibana:5601}"
+
+until curl --silent --fail --head "http://${KIBANA_HOST}" > /dev/null ; do
+    echo "Kibana is unavailable. Sleeping."
+    sleep 5
+done
+
+echo "Checking if index pattern exists..."
+index_url="http://${KIBANA_HOST}/api/saved_objects/index-pattern/metricbeat-*"
+if curl --silent --fail --head "$index_url"; then
+    echo "Index pattern already exists."
+else
+    echo "Creating index pattern and visualizations..."
+    metricbeat setup
+    echo "Successfully created index pattern and visualizations"
+fi
+
+set -o xtrace
+
+# Call base image's entry point
+exec /usr/local/bin/docker-entrypoint "$@"
diff --git a/metricbeat/metricbeat.yml b/metricbeat/metricbeat.yml
@@ -0,0 +1,21 @@
+metricbeat.config:
+  modules:
+    path: ${path.config}/modules.d/*.yml
+    # Reload module configs as they change:
+    reload.enabled: false
+
+metricbeat.modules:
+- module: activemq
+  metricsets: ['broker', 'queue', 'topic']
+  period: 10s
+  hosts: ['activemq:8161']
+  path: "api/jolokia"
+  username: admin # default username
+  password: admin # default password
+
+setup.kibana.host: '${KIBANA_HOST:kibana:5601}'
+
+output.elasticsearch:
+  hosts: '${ELASTICSEARCH_HOSTS:elasticsearch:9200}'
+  username: '${ELASTICSEARCH_USERNAME:}'
+  password: '${ELASTICSEARCH_PASSWORD:}'