diff --git a/activemq/Dockerfile b/activemq/Dockerfile
index 49845668..84c722c3 100644
--- a/activemq/Dockerfile
+++ b/activemq/Dockerfile
@@ -49,6 +49,12 @@ RUN curl --location https://archive.apache.org/dist/activemq/5.16.0/apache-activ
# which prevented access to Web UI outside of container.
sed -i '119s/.*/ /' \
/opt/activemq/conf/jetty.xml; \
+ # Remove the following to enable ActiveMQ Metricbeat access to Jolokia:
+ #
+ #
+ #
+ #
+ sed -i '20,23d' /opt/activemq/webapps/api/WEB-INF/classes/jolokia-access.xml; \
cd /opt/activemq; \
rm --recursive docs examples webapps-demo;
diff --git a/docker-compose.elk.yml b/docker-compose.elk.yml
index db6e64ec..8f6d7762 100644
--- a/docker-compose.elk.yml
+++ b/docker-compose.elk.yml
@@ -2,7 +2,7 @@ version: '3.7'
services:
elasticsearch:
- image: docker.elastic.co/elasticsearch/elasticsearch:7.6.0
+ image: docker.elastic.co/elasticsearch/elasticsearch:7.10.1
command:
- elasticsearch
- -E
@@ -26,12 +26,24 @@ services:
# Disable Kibana apps we don't use. Not all Kibana apps can be disabled.
TELEMETRY_OPTIN: 'false'
TELEMETRY_ENABLED: 'false'
- XPACK_APM_UI_ENABLED: 'false'
+ XPACK_APM_ENABLED: 'false'
+ XPACK_CANVAS_ENABLED: 'false'
+ XPACK_FLEET_ENABLED: 'false'
+ XPACK_FLEET_AGENTS_ENABLED: 'false'
+ XPACK_GRAPH_ENABLED: 'false'
+ XPACK_MAPS_ENABLED: 'false'
XPACK_ML_ENABLED: 'false'
XPACK_MONITORING_ENABLED: 'false'
XPACK_REPORTING_ENABLED: 'false'
- XPACK_GRAPH_ENABLED: 'false'
+ XPACK_ROLLUP_ENABLED: 'false'
NEWSFEED_ENABLED: 'false'
+ MONITORING_ENABLED: 'false'
+ # NOTE: Do not use this stack in production without first enabling security:
+ # https://www.elastic.co/guide/en/kibana/current/security-settings-kb.html
+ XPACK_SECURITY_ENABLED: 'false'
+ # The following two settings are needed for Logs view:
+ XPACK_INFRA_ENABLED: 'true'
+ XPACK_SPACES_ENABLED: 'true'
ports:
- '5601:5601'
depends_on:
@@ -42,7 +54,7 @@ services:
- node.role == manager
filebeat:
- image: docker.elastic.co/beats/filebeat:7.6.0
+ image: docker.elastic.co/beats/filebeat:7.10.1
command:
# Allow filebeat's own logs to be collected
- -e
@@ -62,6 +74,22 @@ services:
depends_on:
- elasticsearch
+ metricbeat:
+ image: ${REGISTRY}openmpf_metricbeat:${TAG}
+ build: metricbeat
+ command:
+ - -e
+ - -E
+ - logging.level=warning
+ user: root
+ depends_on:
+ - activemq
+ - elasticsearch
+ - kibana
+ deploy:
+ placement:
+ constraints:
+ - node.role == manager
volumes:
elastic_search_data:
diff --git a/kibana/Dockerfile b/kibana/Dockerfile
index 60fac165..1cac7c55 100644
--- a/kibana/Dockerfile
+++ b/kibana/Dockerfile
@@ -26,7 +26,7 @@
# limitations under the License. #
#############################################################################
-FROM docker.elastic.co/kibana/kibana:7.6.0
+FROM docker.elastic.co/kibana/kibana:7.10.1
COPY docker-entrypoint.sh /scripts/
diff --git a/metricbeat/Dockerfile b/metricbeat/Dockerfile
new file mode 100644
index 00000000..e989cfd3
--- /dev/null
+++ b/metricbeat/Dockerfile
@@ -0,0 +1,53 @@
+# syntax=docker/dockerfile:1.2
+
+#############################################################################
+# NOTICE #
+# #
+# This software (or technical data) was produced for the U.S. Government #
+# under contract, and is subject to the Rights in Data-General Clause #
+# 52.227-14, Alt. IV (DEC 2007). #
+# #
+# Copyright 2020 The MITRE Corporation. All Rights Reserved. #
+#############################################################################
+
+#############################################################################
+# Copyright 2020 The MITRE Corporation #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+#############################################################################
+
+FROM docker.elastic.co/beats/metricbeat:7.10.1
+
+COPY docker-entrypoint.sh /scripts/
+
+COPY metricbeat.yml /usr/share/metricbeat/metricbeat.yml
+
+# Metricbeat performs security checks:
+# - config file ("metricbeat.yml") must be owned by the user identifier (uid=0) or root
+# - config file ("metricbeat.yml") can only be writable by the owner
+USER root
+RUN chmod 0644 /usr/share/metricbeat/metricbeat.yml
+USER metricbeat
+
+ENTRYPOINT ["/scripts/docker-entrypoint.sh"]
+
+# Taken from base image
+CMD ["-e"]
+
+# Inherit "license", "org.label-schema.license", and "org.label-schema.usage" from base image.
+LABEL org.label-schema.build-date="" \
+ org.label-schema.name="OpenMPF Metricbeat" \
+ org.label-schema.schema-version="1.0" \
+ org.label-schema.url="https://openmpf.github.io" \
+ org.label-schema.vcs-url="https://github.com/openmpf" \
+ org.label-schema.vendor="MITRE"
diff --git a/metricbeat/docker-entrypoint.sh b/metricbeat/docker-entrypoint.sh
new file mode 100755
index 00000000..7c9edf84
--- /dev/null
+++ b/metricbeat/docker-entrypoint.sh
@@ -0,0 +1,51 @@
+#!/bin/bash
+
+#############################################################################
+# NOTICE #
+# #
+# This software (or technical data) was produced for the U.S. Government #
+# under contract, and is subject to the Rights in Data-General Clause #
+# 52.227-14, Alt. IV (DEC 2007). #
+# #
+# Copyright 2020 The MITRE Corporation. All Rights Reserved. #
+#############################################################################
+
+#############################################################################
+# Copyright 2020 The MITRE Corporation #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+#############################################################################
+
+set -o errexit -o pipefail
+
+KIBANA_HOST="${KIBANA_HOST:-kibana:5601}"
+
+until curl --silent --fail --head "http://${KIBANA_HOST}" > /dev/null ; do
+ echo "Kibana is unavailable. Sleeping."
+ sleep 5
+done
+
+echo "Checking if index pattern exists..."
+index_url="http://${KIBANA_HOST}/api/saved_objects/index-pattern/metricbeat-*"
+if curl --silent --fail --head "$index_url"; then
+ echo "Index pattern already exists."
+else
+ echo "Creating index pattern and visualizations..."
+ metricbeat setup
+ echo "Successfully created index pattern and visualizations"
+fi
+
+set -o xtrace
+
+# Call base image's entry point
+exec /usr/local/bin/docker-entrypoint "$@"
diff --git a/metricbeat/metricbeat.yml b/metricbeat/metricbeat.yml
new file mode 100644
index 00000000..5dee5a38
--- /dev/null
+++ b/metricbeat/metricbeat.yml
@@ -0,0 +1,21 @@
+metricbeat.config:
+ modules:
+ path: ${path.config}/modules.d/*.yml
+ # Reload module configs as they change:
+ reload.enabled: false
+
+metricbeat.modules:
+- module: activemq
+ metricsets: ['broker', 'queue', 'topic']
+ period: 10s
+ hosts: ['activemq:8161']
+ path: "api/jolokia"
+ username: admin # default username
+ password: admin # default password
+
+setup.kibana.host: '${KIBANA_HOST:kibana:5601}'
+
+output.elasticsearch:
+ hosts: '${ELASTICSEARCH_HOSTS:elasticsearch:9200}'
+ username: '${ELASTICSEARCH_USERNAME:}'
+ password: '${ELASTICSEARCH_PASSWORD:}'