Initial commit

.env

@@ -0,0 +1,42 @@
+ELASTIC_VERSION=8.15.1
+
+## Passwords for stack users
+#
+
+# User 'elastic' (built-in)
+#
+# Superuser role, full access to cluster management and data indices.
+# https://www.elastic.co/guide/en/elasticsearch/reference/current/built-in-users.html
+ELASTIC_PASSWORD='changeme'
+
+# User 'logstash_internal' (custom)
+#
+# The user Logstash uses to connect and send data to Elasticsearch.
+# https://www.elastic.co/guide/en/logstash/current/ls-security.html
+LOGSTASH_INTERNAL_PASSWORD='changeme'
+
+# User 'kibana_system' (built-in)
+#
+# The user Kibana uses to connect and communicate with Elasticsearch.
+# https://www.elastic.co/guide/en/elasticsearch/reference/current/built-in-users.html
+KIBANA_SYSTEM_PASSWORD='changeme'
+
+# Users 'metricbeat_internal', 'filebeat_internal' and 'heartbeat_internal' (custom)
+#
+# The users Beats use to connect and send data to Elasticsearch.
+# https://www.elastic.co/guide/en/beats/metricbeat/current/feature-roles.html
+METRICBEAT_INTERNAL_PASSWORD=''
+FILEBEAT_INTERNAL_PASSWORD=''
+HEARTBEAT_INTERNAL_PASSWORD=''
+
+# User 'monitoring_internal' (custom)
+#
+# The user Metricbeat uses to collect monitoring data from stack components.
+# https://www.elastic.co/guide/en/elasticsearch/reference/current/how-monitoring-works.html
+MONITORING_INTERNAL_PASSWORD=''
+
+# User 'beats_system' (built-in)
+#
+# The user the Beats use when storing monitoring information in Elasticsearch.
+# https://www.elastic.co/guide/en/elasticsearch/reference/current/built-in-users.html
+BEATS_SYSTEM_PASSWORD=''

.gitattributes

@@ -0,0 +1,2 @@
+# Declare files that will always have LF line endings on checkout.
+*.sh text eol=lf

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,11 @@
+blank_issues_enabled: false
+contact_links:
+- name: Discuss the Elastic Stack
+  url: https://discuss.elastic.co
+  about: Please ask questions related to the usage of Elastic products in those forums.
+- name: Docker Community Forums
+  url: https://forums.docker.com
+  about: Please ask questions related to the usage of Docker products in those forums.
+- name: docker-elk Gitter chat room
+  url: https://app.gitter.im/#/room/#deviantony_docker-elk:gitter.im
+  about: General questions regarding this project can also be asked in the chat.

.github/ISSUE_TEMPLATE/issue_report.md

@@ -0,0 +1,87 @@
+---
+name: Issue report
+about: Report a problem with the docker-elk integration or its documentation.
+---
+
+<!--
+Thanks for your issue report!
+
+In order for us to be able to reproduce the problem and identify the root cause
+quickly, we kindly ask you to include *all* the information requested below in
+your issue report. It saves us a lot of effort and allows us to provide you
+with a solution with as little delay as possible.
+
+Issues submitted without the requested information will be closed.
+Thank you for your understanding.
+-->
+
+
+### Problem description
+
+<!--
+Please be as descriptive as possible regarding the encountered issue versus the
+expected outcome.
+-->
+
+### Extra information
+
+#### Stack configuration
+
+<!--
+Please mention all changes performed to the default configuration, including to Dockerfiles.
+If possible, provide the output of the `git diff` command.
+-->
+
+#### Docker setup
+
+<!--
+Please paste the full output of the `docker version` command below.
+
+Example:
+
+Client: Docker Engine - Community
+ Version:           20.10.2
+ API version:       1.41
+ ...
+-->
+
+```console
+$ docker version
+
+[OUTPUT HERE]
+```
+
+<!--
+Please paste the full output of the `docker-compose version` command below.
+
+Example:
+
+docker-compose version 1.27.4, build 40524192
+docker-py version: 4.3.1
+...
+-->
+
+```console
+$ docker-compose version
+
+[OUTPUT HERE]
+```
+
+#### Container logs
+
+<!--
+Please paste the full output of the `docker-compose logs` command below.
+
+Example:
+
+elasticsearch_1  | Created elasticsearch keystore in /usr/share/elasticsearch/config/elasticsearch.keystore
+elasticsearch_1  | {"@timestamp":"2021-01-16T21:53:38.331Z", "log.level": "INFO", "message":"version...
+kibana_1         | {"type":"log","@timestamp":"2021-01-16T21:54:10+00:00","tags":["info","plugins-system"],...
+...
+-->
+
+```console
+$ docker-compose logs
+
+[OUTPUT HERE]
+```

.github/dependabot.yml

@@ -0,0 +1,14 @@
+# Dependabot configuration
+#
+# For more information, please refer to:
+#   https://docs.github.com/en/code-security/dependabot/dependabot-version-updates
+
+version: 2
+
+updates:
+
+# Maintain dependencies for GitHub Actions
+- package-ecosystem: github-actions
+  directory: /
+  schedule:
+    interval: weekly

.github/workflows/ci.yml

@@ -0,0 +1,200 @@
+name: CI
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    branches: [ main ]
+
+jobs:
+
+  test:
+    name: Test suite
+    # List of supported runners:
+    # https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners
+    runs-on: ubuntu-22.04
+
+    env:
+      COMPOSE_PROJECT_NAME: docker-elk
+
+    steps:
+      - uses: actions/checkout@v4
+
+      #####################################################
+      #                                                   #
+      # Install all dependencies required by test suites. #
+      #                                                   #
+      #####################################################
+
+      - name: Pre-build container images
+        run: >-
+          docker compose
+          -f docker-compose.yml
+          -f extensions/fleet/fleet-compose.yml
+          -f extensions/fleet/agent-apmserver-compose.yml
+          -f extensions/metricbeat/metricbeat-compose.yml
+          -f extensions/filebeat/filebeat-compose.yml
+          -f extensions/heartbeat/heartbeat-compose.yml
+          -f extensions/enterprise-search/enterprise-search-compose.yml
+          build
+
+      ########################################################
+      #                                                      #
+      # Ensure §"Initial setup" of the README remains valid. #
+      #                                                      #
+      ########################################################
+
+      - name: Set password of every built-in user to 'testpasswd'
+        run: >-
+          sed -i
+          -e 's/\(ELASTIC_PASSWORD=\)'\''changeme'\''/\1testpasswd/g'
+          -e 's/\(LOGSTASH_INTERNAL_PASSWORD=\)'\''changeme'\''/\1testpasswd/g'
+          -e 's/\(KIBANA_SYSTEM_PASSWORD=\)'\''changeme'\''/\1testpasswd/g'
+          -e 's/\(METRICBEAT_INTERNAL_PASSWORD=\)'\'\''/\1testpasswd/g'
+          -e 's/\(FILEBEAT_INTERNAL_PASSWORD=\)'\'\''/\1testpasswd/g'
+          -e 's/\(HEARTBEAT_INTERNAL_PASSWORD=\)'\'\''/\1testpasswd/g'
+          -e 's/\(MONITORING_INTERNAL_PASSWORD=\)'\'\''/\1testpasswd/g'
+          -e 's/\(BEATS_SYSTEM_PASSWORD=\)'\'\''/\1testpasswd/g'
+          .env
+
+      - name:  Set up users and roles
+        run: docker compose up setup
+
+      #############################
+      #                           #
+      # Test core and extensions. #
+      #                           #
+      #############################
+
+      # Elasticsearch's high disk watermark gets regularly exceeded on GitHub Actions runners.
+      # https://www.elastic.co/guide/en/elasticsearch/reference/8.10/fix-watermark-errors.html
+      - name: Disable Elasticsearch disk allocation decider
+        run: .github/workflows/scripts/disable-disk-alloc-decider.sh
+
+      #
+      # Core components: Elasticsearch, Logstash, Kibana
+      #
+
+      - name: Execute core test suite
+        run: |
+          docker compose up -d
+          .github/workflows/scripts/run-tests-core.sh
+          # next steps don't need Logstash
+          docker compose stop logstash
+
+      #
+      # Fleet
+      #
+
+      - name: Execute Fleet test suite
+        run: |
+          docker compose -f docker-compose.yml -f extensions/fleet/fleet-compose.yml -f extensions/fleet/agent-apmserver-compose.yml up --remove-orphans -d fleet-server apm-server
+          .github/workflows/scripts/run-tests-fleet.sh
+
+      #
+      # Metricbeat
+      #
+
+      - name: Execute Metricbeat test suite
+        run: |
+          docker compose -f docker-compose.yml -f extensions/metricbeat/metricbeat-compose.yml up --remove-orphans -d metricbeat
+          .github/workflows/scripts/run-tests-metricbeat.sh
+
+      #
+      # Filebeat
+      #
+
+      - name: Execute Filebeat test suite
+        run: |
+          docker compose -f docker-compose.yml -f extensions/filebeat/filebeat-compose.yml up --remove-orphans -d filebeat
+          .github/workflows/scripts/run-tests-filebeat.sh
+
+      #
+      # Heartbeat
+      #
+
+      - name: Execute Heartbeat test suite
+        run: |
+          docker compose -f docker-compose.yml -f extensions/heartbeat/heartbeat-compose.yml up --remove-orphans -d heartbeat
+          .github/workflows/scripts/run-tests-heartbeat.sh
+
+      #
+      # Enterprise Search
+      #
+
+      - name: Execute Enterprise Search test suite
+        run: |
+
+          # Set mandatory Elasticsearch settings
+
+          sed -i '$ a xpack.security.authc.api_key.enabled: true' elasticsearch/config/elasticsearch.yml
+
+          # Restart Elasticsearch for changes to take effect
+
+          docker compose restart elasticsearch
+
+          # Run Enterprise Search and execute tests
+
+          sed -i 's/\(secret_management.encryption_keys:\)/\1 [test-encrypt]/g' extensions/enterprise-search/config/enterprise-search.yml
+
+          docker compose -f docker-compose.yml -f extensions/enterprise-search/enterprise-search-compose.yml up --remove-orphans -d enterprise-search
+          .github/workflows/scripts/run-tests-enterprise-search.sh
+
+          # Revert changes to Elasticsearch configuration
+
+          sed -i '/xpack.security.authc.api_key.enabled: true/d' elasticsearch/config/elasticsearch.yml
+          docker compose restart elasticsearch
+
+      - name: Collect troubleshooting data
+        id: debug-data
+        if: failure()
+        run: |
+          declare debug_data_dir="$(mktemp -d)"
+
+          docker compose \
+          -f docker-compose.yml \
+          -f extensions/fleet/fleet-compose.yml \
+          -f extensions/fleet/agent-apmserver-compose.yml \
+          -f extensions/metricbeat/metricbeat-compose.yml \
+          -f extensions/filebeat/filebeat-compose.yml \
+          -f extensions/heartbeat/heartbeat-compose.yml \
+          -f extensions/enterprise-search/enterprise-search-compose.yml \
+          ps >"$debug_data_dir"/docker_ps.log
+
+          docker compose \
+          -f docker-compose.yml \
+          -f extensions/fleet/fleet-compose.yml \
+          -f extensions/fleet/agent-apmserver-compose.yml \
+          -f extensions/metricbeat/metricbeat-compose.yml \
+          -f extensions/filebeat/filebeat-compose.yml \
+          -f extensions/heartbeat/heartbeat-compose.yml \
+          -f extensions/enterprise-search/enterprise-search-compose.yml \
+          logs >"$debug_data_dir"/docker_logs.log
+
+          echo "path=${debug_data_dir}" >>"$GITHUB_OUTPUT"
+
+      - name: Upload collected troubleshooting data
+        if: always() && steps.debug-data.outputs.path
+        uses: actions/upload-artifact@v4
+        with:
+          name: debug-data
+          path: ${{ steps.debug-data.outputs.path }}/*.*
+
+        ##############
+        #            #
+        # Tear down. #
+        #            #
+        ##############
+
+      - name: Terminate all components
+        if: always()
+        run: >-
+          docker compose
+          -f docker-compose.yml
+          -f extensions/fleet/fleet-compose.yml
+          -f extensions/fleet/agent-apmserver-compose.yml
+          -f extensions/metricbeat/metricbeat-compose.yml
+          -f extensions/filebeat/filebeat-compose.yml
+          -f extensions/heartbeat/heartbeat-compose.yml
+          -f extensions/enterprise-search/enterprise-search-compose.yml
+          down -v

.github/workflows/docs.yml

@@ -0,0 +1,29 @@
+name: Documentation
+
+on:
+  schedule:
+    - cron: '0 0 * * 0'  # At 00:00 every Sunday
+  push:
+    branches: [ main ]
+  pull_request:
+    branches: [ main ]
+
+jobs:
+
+  markdown-check:
+    name: Check Markdown
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Check links
+        uses: gaurav-nelson/github-action-markdown-link-check@v1
+        with:
+          config-file: .github/workflows/mlc_config.json
+
+      - name: Lint
+        uses: avto-dev/markdown-lint@v1
+        with:
+          args: '**/*.md'
+          config: .github/workflows/lint/markdown.yaml