Log monitoring bulk failures

[ycombinator]

Resolves #14303.

As reported in #14303, when the Elasticsearch monitoring reporter in libbeat sends a bulk API request to Elasticsearch, and that request fails, the errors are currently swallowed. This is because the actual response code for the bulk API request is 200 OK; the actual errors are embedded in the request's response body.

This PR teaches the Elasticsearch monitoring reporter to parse the bulk API response and log any errors. For the parsing, the same code as the Elasticsearch output is reused.

Testing this PR

1. Start up Elasticsearch with security enabled. Make sure you know the password for the elastic superuser.

2. Create a role that grants necessary privileges for managing and writing to metricbeat-* indices.

   curl -s -u elastic -H 'Content-Type: application/json' 'http://localhost:9200/_security/role/mb_writer' -d '{ "cluster": [ "monitor", "manage_ilm", "manage_index_templates" ], "indices": [ { "names": [ "metricbeat-*" ], "privileges": [ "all" ] } ] }'
   

3. Create a user with the above role.

   curl -s -u elastic -H 'Content-Type: application/json' 'http://localhost:9200/_security/user/mb_writer' -d '{ "password": "mb_writer", "roles": [ "mb_writer" ] }'
   

4. Build Metricbeat with this PR.

   cd $GOPATH/src/github.com/elastic/beats/metricbeat
   mage build
   

5. Start Metricbeat with monitoring enabled and specifying the credentials of the above user for the elasticsearch output.

   ./metricbeat -e -E output.elasticsearch.username=mb_writer -E output.elasticsearch.password=mb_writer -E monitoring.enabled=true
   

6. Verify that metricbeat-* indices are being created and populated in Elasticsearch but no .monitoring-beats-* indices are being created.

   curl -s -u elastic 'http://localhost:9200/_cat/indices'
   

7. Verify that there are warnings in the log like so:

   2019-11-01T08:57:43.910-0700    WARN    elasticsearch/client.go:258     monitoring bulk item insert failed (i=0, status=403): {"type":"security_exception","reason":"action [indices:admin/create] is unauthorized for user [mb_writer]"}
   

[houndci-bot]

exported function ItemStatus should have comment or be unexported

[houndci-bot]

should omit 2nd value from range; this loop is equivalent to for i := range ...

[elasticmachine]

Pinging @elastic/stack-monitoring (Stack monitoring)

[ycombinator]

jenkins, test this

[ph]

Code is OK to me, but I think we should have some tests added to cover that behavior and especially if the remote system changes his behavior. I don't link how the 200 vs the 403 response code is handled in this scenario.

Looking at existing code, there is currently no unit tests for the ES/reporter and adding that to the existing python system tests might be complicated but still worth investigating.

Also for BulkReadToItems we can surely add a test for it?

[ph]

+1 nice change

[ph]

LGTM, we need to find a better way with system test, I think its a problem and we need to have a proposal for that. Maybe a way to use a specific docker-compose file for a set of test.

[ycombinator]

Travis CI is green. Jenkins CI failures are unrelated. Merging.