[deb/rpm] Create keystore after installation by jbudz · Pull Request #76465 · elastic/kibana

jbudz · 2020-09-02T00:36:51Z

Create keystore during package installation

A common source of permission errors stem from creating files after
package installation under a user that runtime kibana won't be able to
read or write to. Under package installations this is usually root.

This PR contains two changes:

Create the keystore during deb/rpm installation with permissions
consistent with other stack products
Limit the force-root flag to the server CLI. The force-root flag is
a good precaution for long running and global processes, but for local
writes we can pre-enforce this by setting install permissions.

Closes #77392
Closes #75448

elasticmachine · 2020-09-02T00:36:52Z

Pinging @elastic/kibana-operations (Team:Operations)

jbudz · 2020-09-17T18:19:13Z

@elasticmachine merge upstream

jbudz · 2020-09-21T16:04:20Z

@elasticmachine merge upstream

jbudz · 2020-09-29T15:47:54Z

@elasticmachine merge upstream

jbudz · 2020-09-29T15:49:55Z

ADding a build here in ~90, just going down the whole list.

tylersmalley · 2020-10-05T20:06:18Z

You will want to merge these changes in: #79409

tylersmalley · 2020-10-05T22:34:16Z

#79409 has been merged and the conflicts need to be resolved.

A common source of permission errors stem from creating files after package installation under a user that runtime kibana won't be able to read or write to. Under package installations this is usually root. This PR contains two changes: 1) Create the keystore during deb/rpm installation with permissions consistent with other stack products 2) Limit the force-root flag to the server CLI. The force-root flag is a good precaution for long running and global processes, but for local writes we can pre-enforce this by setting install permissions.

This reverts commit 96a2546.

jbudz · 2020-11-02T15:30:15Z

https://s3-us-west-1.amazonaws.com/kibana.budzenski.com/76465/290aa61/kibana-8.0.0-SNAPSHOT-amd64.deb
https://s3-us-west-1.amazonaws.com/kibana.budzenski.com/76465/290aa61/kibana-8.0.0-SNAPSHOT-x86_64.rpm

jon@debd1:~/kibana$ sudo ls -lah /etc/kibana
total 28K
drwxr-s---   2 root kibana 4.0K Nov  2 15:16 .
drwxr-xr-x 100 root root   4.0K Nov  2 15:08 ..
-rw-rw----   1 root kibana  130 Nov  2 15:08 kibana.keystore
-rw-r--r--   1 root kibana   62 Nov  2 15:08 .kibana.keystore.initial_md5sum
-rw-rw----   1 root kibana 4.8K Nov  2 15:16 kibana.yml
-rw-rw-r--   1 root kibana  216 Nov  2 14:59 node.options
jon@debd1:~/kibana$ sudo /usr/share/kibana/bin/kibana-keystore add foo.bar
Enter value for foo.bar: ***
jon@debd1:~/kibana$ sudo service kibana start
jon@debd1:~/kibana$ sudo service kibana status
● kibana.service - Kibana
     Loaded: loaded (/etc/systemd/system/kibana.service; disabled; vendor preset: enabled)
     Active: failed (Result: exit-code) since Mon 2020-11-02 15:28:16 UTC; 24s ago
       Docs: https://www.elastic.co
    Process: 7718 ExecStart=/usr/share/kibana/bin/kibana --logging.dest=/var/log/kibana/kibana.log (code>
   Main PID: 7718 (code=exited, status=64)

Nov 02 15:28:16 debd1 systemd[1]: kibana.service: Scheduled restart job, restart counter is at 3.
Nov 02 15:28:16 debd1 systemd[1]: Stopped Kibana.
Nov 02 15:28:16 debd1 systemd[1]: kibana.service: Start request repeated too quickly.
Nov 02 15:28:16 debd1 systemd[1]: kibana.service: Failed with result 'exit-code'.
Nov 02 15:28:16 debd1 systemd[1]: Failed to start Kibana.
jon@debd1:~/kibana$ sudo /usr/share/kibana/bin/kibana-keystore remove foo.bar
jon@debd1:~/kibana$ sudo service kibana start
jon@debd1:~/kibana$ sudo service kibana status
● kibana.service - Kibana
     Loaded: loaded (/etc/systemd/system/kibana.service; disabled; vendor preset: enabled)
     Active: active (running) since Mon 2020-11-02 15:29:30 UTC; 3s ago
       Docs: https://www.elastic.co
   Main PID: 7773 (node)
      Tasks: 11 (limit: 9334)
     Memory: 148.1M
     CGroup: /system.slice/kibana.service
             └─7773 /usr/share/kibana/bin/../node/bin/node /usr/share/kibana/bin/../src/cli/dist --loggi>

Nov 02 15:29:30 debd1 systemd[1]: Started Kibana.
jon@debd1:~/kibana$ curl -XGET localhost:5601/api/status
Kibana server is not ready yet

jbudz · 2020-11-04T17:57:05Z

@elasticmachine merge upstream

jbudz · 2020-11-06T13:06:12Z

@elasticmachine merge upstream

src/cli/dev.js

tylersmalley · 2020-11-06T22:52:58Z

src/cli_keystore/dev.js

 */

-require('../setup_node_env');
+require('../setup_node_env/cli');


Can we drop the new cli and instead require no_transpilation?

Pushed with 7bcf044

tylersmalley

Possible suggestion on dropping requirement of new cli file.

jbudz · 2020-11-09T13:10:56Z

@elasticmachine merge upstream

jbudz · 2020-11-09T13:51:18Z

https://s3-us-west-1.amazonaws.com/kibana.budzenski.com/76465/7bcf044/kibana-8.0.0-SNAPSHOT-amd64.deb
https://s3-us-west-1.amazonaws.com/kibana.budzenski.com/76465/7bcf044/kibana-8.0.0-SNAPSHOT-x86_64.rpm

jbudz · 2020-11-11T15:41:58Z

@elasticmachine merge upstream

jbudz · 2020-11-16T14:36:15Z

@elasticmachine merge upstream

kibanamachine · 2020-11-16T16:14:01Z

💚 Build Succeeded

continuous-integration/kibana-ci/pull-request
Commit: 1a7c7f4

Metrics [docs]

✅ unchanged

History

💚 Build #87364 succeeded 8746c22
💚 Build #86744 succeeded 7bcf044
💚 Build #86380 succeeded bedc1de
💚 Build #85889 succeeded a5b4425
💚 Build #85197 succeeded 290aa61

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

tylersmalley

LGTM - tested both deb and rpm.

jbudz · 2020-11-17T20:18:09Z

7.x/7.11: dd9434a

…o-node-details * 'master' of github.com:elastic/kibana: (65 commits) update chromedriver dependency to 87 (elastic#83624) [TSVB] use new Search API for rollup search (elastic#83275) [TSVB] Y-axis has number formatting not considering all series formatters in the group (elastic#83438) [Logs UI] Update <LogStream /> internal state when its props change (elastic#83302) Add tag bulk action context menu (elastic#82816) [code coverage] adding plugin to flush coverage data (elastic#83447) [UsageCollection] Expose `KibanaRequest` to explicitly opted-in collectors (elastic#83413) Added eventBus to trigger and listen plotHandler event (elastic#83435) [Runtime fields] Editor phase 1 (elastic#81472) [Maps] Fix threshold alert issue resolving nested fields (elastic#83577) chore(NA): remove usage of unverified es snapshots (elastic#83589) [DOCS] Adds Elastic Contributor Program link (elastic#83561) Upgrade EUI to v30.2.0 (elastic#82730) Don't show loading screen during auto-reload (elastic#83376) Functional tests - fix esArchive mappings with runtime fields (elastic#83530) [deb/rpm] Create keystore after installation (elastic#76465) [rpm] Create default environment file at "/etc/sysconfig/kibana" (elastic#82144) [docker] removes workaround for missing crypto-policies-scripts subpackage (elastic#83455) [ML] Persisted URL state for the Data frame analytics jobs and models pages (elastic#83439) adds xpack.security.authc.selector.enabled setting (elastic#83551) ...

Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>

Relates: elastic/kibana#76465

This commit updates the versions of the Elastic Stack that the template deploys. - Add 7.11.1 - Update 7.10 version to 7.10.2 - Remove EOL versions, 7.2.1 and 7.3.2 - Don't use --allow root for 7.11 Relates: elastic/kibana#76465

Alex089616

Need all accounts containing fundsa

jbudz added Team:Operations Kibana-Operations Team release_note:fix v8.0.0 v7.10.0 labels Sep 2, 2020

jbudz requested a review from a team as a code owner September 2, 2020 00:36

tylersmalley added v7.11.0 and removed v7.10.0 labels Oct 12, 2020

jbudz added 2 commits October 26, 2020 06:41

temporarily build --all-platforms for testing

96a2546

jbudz force-pushed the keystore/create branch from 5182464 to 96a2546 Compare October 26, 2020 11:47

jbudz added 5 commits October 27, 2020 10:22

Merge branch 'master' into keystore/create

c054175

Revert "temporarily build --all-platforms for testing"

a9e6af2

This reverts commit 96a2546.

Merge branch 'master' into keystore/create

a4719cc

Merge branch 'master' into keystore/create

802b437

remove force-root flag from keystore and plugin cli

4a89378

jbudz changed the title ~~[deb/rpm] create keystore after installation~~ [deb/rpm] Create keystore after installation Nov 2, 2020

fix merge conflict

290aa61

jbudz added the review label Nov 2, 2020

kibanamachine added 2 commits November 4, 2020 12:57

Merge branch 'master' into keystore/create

9ef3ba9

Merge branch 'master' into keystore/create

a5b4425

Merge branch 'master' into keystore/create

bedc1de

tylersmalley reviewed Nov 6, 2020

View reviewed changes

src/cli/dev.js Show resolved Hide resolved

tylersmalley reviewed Nov 6, 2020

View reviewed changes

tylersmalley requested changes Nov 6, 2020

View reviewed changes

kibanamachine and others added 2 commits November 9, 2020 08:11

Merge branch 'master' into keystore/create

6adb311

reuse no_transpilation instead of creating cli

7bcf044

Merge branch 'master' into keystore/create

8746c22

Merge branch 'master' into keystore/create

1a7c7f4

tylersmalley approved these changes Nov 17, 2020

View reviewed changes

jbudz merged commit b328492 into elastic:master Nov 17, 2020

jbudz deleted the keystore/create branch November 17, 2020 20:14

jbudz added the backported label Nov 17, 2020

jbudz mentioned this pull request Nov 23, 2020

Unable to write Kibana UUID file when using keystore #76829

Closed

jbudz added a commit that referenced this pull request Dec 2, 2020

[deb/rpm] Create keystore after installation (#76465)

dd9434a

Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>

jbudz mentioned this pull request Dec 3, 2020

kibana does not start due to wrong permissions of optimize dir #77590

Closed

russcam added a commit to elastic/azure-marketplace that referenced this pull request Feb 11, 2021

don't use --allow root for 7.11

d5a1adb

Relates: elastic/kibana#76465

Alex089616 suggested changes Oct 10, 2024

View reviewed changes

Conversation

jbudz commented Sep 2, 2020 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

elasticmachine commented Sep 2, 2020

Uh oh!

jbudz commented Sep 17, 2020

Uh oh!

jbudz commented Sep 21, 2020

Uh oh!

jbudz commented Sep 29, 2020 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

jbudz commented Sep 29, 2020

Uh oh!

tylersmalley commented Oct 5, 2020

Uh oh!

tylersmalley commented Oct 5, 2020

Uh oh!

jbudz commented Nov 2, 2020 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

jbudz commented Nov 4, 2020

Uh oh!

jbudz commented Nov 6, 2020

Uh oh!

Uh oh!

tylersmalley Nov 6, 2020

Choose a reason for hiding this comment

Uh oh!

jbudz Nov 9, 2020

Choose a reason for hiding this comment

Uh oh!

tylersmalley left a comment

Choose a reason for hiding this comment

Uh oh!

jbudz commented Nov 9, 2020

Uh oh!

jbudz commented Nov 9, 2020

Uh oh!

jbudz commented Nov 11, 2020

Uh oh!

jbudz commented Nov 16, 2020

Uh oh!

kibanamachine commented Nov 16, 2020

💚 Build Succeeded

Metrics [docs]

History

Uh oh!

tylersmalley left a comment

Choose a reason for hiding this comment

Uh oh!

jbudz commented Nov 17, 2020 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Alex089616 left a comment

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

5 participants

jbudz commented Sep 2, 2020 •

edited

Loading

jbudz commented Sep 29, 2020 •

edited

Loading

jbudz commented Nov 2, 2020 •

edited

Loading

jbudz commented Nov 17, 2020 •

edited

Loading