logstash-output-elasticsearch 0.2.7-java → 0.2.8-java

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 3f1be8f824568cc3854051fe53682413cdcf9fd4
4
- data.tar.gz: 292fccfa2f2bce0dd60fd6b8218ad5e296667272
3
+ metadata.gz: d77d5d461770a2ff1f5305fc51bfd2d26ee30765
4
+ data.tar.gz: 5f7fc066a058c2858684080f7ff428019e44541d
5
5
  SHA512:
6
- metadata.gz: c48395f88ebf9f24563f62ec72146015a91c55244b0c963c063ebc8717fa7beedd7cd4d56486245a57de55e68d8a5cd785a2d30370768c8eaa75cc0c7911a0a2
7
- data.tar.gz: 507f08e66490334416bfc6f64bb5364cf0dd1126ebf7496ab45f98cd750850cd86c858a2a00d4c57951c97132975d0c5a202576e1f48e55febe39185a7b49bfd
6
+ metadata.gz: bb51c75b6dabfe4dd33f96322ebe920cb64bfb580aaed2215ecc8bb36ae0fb3f58533ef501dbe93b9c56450b7a54333c56ffd72f31b8206574656b5cc5654b6a
7
+ data.tar.gz: aaf694ad4c3113b7d25a2320d05c66bf4906e5714901f6ba4f6cb2343f302561375128a0002d5eda6c31bceb0b5ea0d984cc1a0c6bd46c43fd623d38e57e4ff1
data/CHANGELOG.md ADDED
@@ -0,0 +1,9 @@
1
+ ## 0.2.8 (June 12, 2015)
2
+ - Add option to enable and disable SSL certificate verification during handshake (#160)
3
+ - Doc improvements for clarifying round robin behavior using hosts config
4
+
5
+ ## 0.2.7 (May 28, 2015)
6
+ - Bump es-ruby version to 1.0.10
7
+
8
+ ## 0.2.6 (May 28, 2015)
9
+ - Disable timeouts when using http protocol which would cause bulk requests to fail (#103)
data/README.md CHANGED
@@ -13,7 +13,7 @@ Logstash provides infrastructure to automatically generate documentation for thi
13
13
 
14
14
  ## Need Help?
15
15
 
16
- Need help? Try #logstash on freenode IRC or the logstash-users@googlegroups.com mailing list.
16
+ Need help? Try #logstash on freenode IRC or the https://discuss.elastic.co/c/logstash discussion forum.
17
17
 
18
18
  ## Developing
19
19
 
@@ -94,23 +94,43 @@ class LogStash::Outputs::ElasticSearch < LogStash::Outputs::Base
94
94
  config :routing, :validate => :string
95
95
 
96
96
  # The name of your cluster if you set it on the Elasticsearch side. Useful
97
- # for discovery.
97
+ # for discovery when using `node` or `transport` protocols.
98
+ # By default, it looks for a cluster named 'elasticsearch'.
98
99
  config :cluster, :validate => :string
99
100
 
100
- # The hostname or IP address of the host to use for Elasticsearch unicast discovery
101
- # This is only required if the normal multicast/cluster discovery stuff won't
102
- # work in your environment.
103
- #
104
- # The plugin will use multicast discovery to connect to Elasticsearch
105
- # when using `protocol => node` without setting a host. When setting unicast
106
- # hosts for `node` protocol, it is important to confirm that at least one non-client
107
- # node is listed in the `:host` list. client nodes are filtered by default in zen-discovery.
108
- # You need to set `discovery.zen.master_election.filter_client` to `false` to override this behavior.
109
- #
110
- # http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/modules-discovery-zen.html#multicast[Multicast Discovery Docs]
111
- #
101
+ # For the `node` protocol, if you do not specify `host`, it will attempt to use
102
+ # multicast discovery to connect to Elasticsearch. If http://www.elastic.co/guide/en/elasticsearch/guide/current/_important_configuration_changes.html#_prefer_unicast_over_multicast[multicast is disabled] in Elasticsearch,
103
+ # you must include the hostname or IP address of the host(s) to use for Elasticsearch unicast discovery.
104
+ # Remember the `node` protocol uses the http://www.elastic.co/guide/en/elasticsearch/reference/current/modules-transport.html#modules-transport[transport] address (eg. 9300, not 9200).
105
+ # `"127.0.0.1"`
106
+ # `["127.0.0.1:9300","127.0.0.2:9300"]`
107
+ # When setting hosts for `node` protocol, it is important to confirm that at least one non-client
108
+ # node is listed in the `host` list. Also keep in mind that the `host` parameter when used with
109
+ # the `node` protocol is for *discovery purposes only* (not for load balancing). When multiple hosts
110
+ # are specified, it will contact the first host to see if it can use it to discover the cluster. If not,
111
+ # then it will contact the second host in the list and so forth. With the `node` protocol,
112
+ # Logstash will join the Elasticsearch cluster as a node client (which has a copy of the cluster
113
+ # state) and this node client is the one that will automatically handle the load balancing of requests
114
+ # across data nodes in the cluster.
115
+ # If you are looking for a high availability setup, our recommendation is to use the `transport` protocol (below),
116
+ # set up multiple http://www.elastic.co/guide/en/elasticsearch/reference/current/modules-node.html[client nodes] and list the client nodes in the `host` parameter.
117
+ #
118
+ # For the `transport` protocol, it will load balance requests across the hosts specified in the `host` parameter.
119
+ # Remember the `transport` protocol uses the http://www.elastic.co/guide/en/elasticsearch/reference/current/modules-transport.html#modules-transport[transport] address (eg. 9300, not 9200).
112
120
  # `"127.0.0.1"`
113
121
  # `["127.0.0.1:9300","127.0.0.2:9300"]`
122
+ # There is also a `sniffing` option (see below) that can be used with the transport protocol to instruct it to use the host to sniff for
123
+ # "alive" nodes in the cluster and automatically use it as the hosts list (but will skip the dedicated master nodes).
124
+ # If you do not use the sniffing option, it is important to exclude http://www.elastic.co/guide/en/elasticsearch/reference/current/modules-node.html[dedicated master nodes] from the `host` list
125
+ # to prevent Logstash from sending bulk requests to the master nodes. So this parameter should only reference either data or client nodes.
126
+ #
127
+ # For the `http` protocol, it will load balance requests across the hosts specified in the `host` parameter.
128
+ # Remember the `http` protocol uses the http://www.elastic.co/guide/en/elasticsearch/reference/current/modules-http.html#modules-http[http] address (eg. 9200, not 9300).
129
+ # `"127.0.0.1"`
130
+ # `["127.0.0.1:9200","127.0.0.2:9200"]`
131
+ # It is important to exclude http://www.elastic.co/guide/en/elasticsearch/reference/current/modules-node.html[dedicated master nodes] from the `host` list
132
+ # to prevent LS from sending bulk requests to the master nodes. So this parameter should only reference either data or client nodes.
133
+
114
134
  config :host, :validate => :array
115
135
 
116
136
  # The port for Elasticsearch transport to use.
@@ -171,12 +191,16 @@ class LogStash::Outputs::ElasticSearch < LogStash::Outputs::Base
171
191
 
172
192
  # Choose the protocol used to talk to Elasticsearch.
173
193
  #
174
- # The 'node' protocol will connect to the cluster as a normal Elasticsearch
175
- # node (but will not store data). This allows you to use things like
176
- # multicast discovery. If you use the `node` protocol, you must permit
194
+ # The 'node' protocol (default) will connect to the cluster as a normal Elasticsearch
195
+ # node (but will not store data). If you use the `node` protocol, you must permit
177
196
  # bidirectional communication on the port 9300 (or whichever port you have
178
197
  # configured).
179
198
  #
199
+ # If you do not specify the `host` parameter, it will use multicast for http://www.elastic.co/guide/en/elasticsearch/reference/current/modules-discovery-zen.html[Elasticsearch discovery]. While this may work in a test/dev environment where multicast is enabled in
200
+ # Elasticsearch, we strongly recommend http://www.elastic.co/guide/en/elasticsearch/guide/current/_important_configuration_changes.html#_prefer_unicast_over_multicast[disabling multicast]
201
+ # in Elasticsearch. To connect to an Elasticsearch cluster with multicast disabled,
202
+ # you must include the `host` parameter (see relevant section above).
203
+ #
180
204
  # The 'transport' protocol will connect to the host you specify and will
181
205
  # not show up as a 'node' in the Elasticsearch cluster. This is useful
182
206
  # in situations where you cannot permit connections outbound from the
@@ -216,6 +240,11 @@ class LogStash::Outputs::ElasticSearch < LogStash::Outputs::Base
216
240
  # Enable SSL
217
241
  config :ssl, :validate => :boolean, :default => false
218
242
 
243
+ # Validate the server's certificate
244
+ # Disabling this severely compromises security
245
+ # For more information read https://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf
246
+ config :ssl_certificate_verification, :validate => :boolean, :default => true
247
+
219
248
  # The .cer or .pem file to validate the server's certificate
220
249
  config :cacert, :validate => :path
221
250
 
@@ -533,7 +562,15 @@ class LogStash::Outputs::ElasticSearch < LogStash::Outputs::Base
533
562
  elsif @truststore
534
563
  ssl_options[:truststore_password] = @truststore_password.value if @truststore_password
535
564
  end
536
- ssl_options[:truststore] = @truststore
565
+ ssl_options[:truststore] = @truststore if @truststore
566
+ if @ssl_certificate_verification == false
567
+ @logger.warn [
568
+ "** WARNING ** Detected UNSAFE options in elasticsearch output configuration!",
569
+ "** WARNING ** You have enabled encryption but DISABLED certificate verification.",
570
+ "** WARNING ** To make sure your data is secure change :ssl_certificate_verification to true"
571
+ ].join("\n")
572
+ ssl_options[:verify] = false
573
+ end
537
574
  { ssl: ssl_options }
538
575
  end
539
576
 
@@ -1,7 +1,7 @@
1
1
  Gem::Specification.new do |s|
2
2
 
3
3
  s.name = 'logstash-output-elasticsearch'
4
- s.version = '0.2.7'
4
+ s.version = '0.2.8'
5
5
  s.licenses = ['apache-2.0']
6
6
  s.summary = "Logstash Output to Elasticsearch"
7
7
  s.description = "Output events to elasticsearch"
@@ -900,6 +900,34 @@ describe "ship lots of events w/ default index_type and dynamic routing key usin
900
900
  end
901
901
  end
902
902
  end
903
+
904
+ context "when using http protocol" do
905
+ protocol = "http"
906
+ context "when using ssl without cert verification" do
907
+ subject do
908
+ require "logstash/outputs/elasticsearch"
909
+ settings = {
910
+ "protocol" => protocol,
911
+ "host" => "node01",
912
+ "ssl" => true,
913
+ "ssl_certificate_verification" => false
914
+ }
915
+ next LogStash::Outputs::ElasticSearch.new(settings)
916
+ end
917
+
918
+ it "should pass the flag to the ES client" do
919
+ expect(::Elasticsearch::Client).to receive(:new) do |args|
920
+ expect(args[:ssl]).to eq(:verify => false)
921
+ end
922
+ subject.register
923
+ end
924
+
925
+ it "print a warning" do
926
+ expect(subject.logger).to receive(:warn)
927
+ subject.register
928
+ end
929
+ end
930
+ end
903
931
  end
904
932
 
905
933
  describe "send messages to ElasticSearch using HTTPS", :elasticsearch_secure => true do
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: logstash-output-elasticsearch
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.7
4
+ version: 0.2.8
5
5
  platform: java
6
6
  authors:
7
7
  - Elastic
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2015-05-28 00:00:00.000000000 Z
11
+ date: 2015-06-12 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: concurrent-ruby
@@ -161,6 +161,7 @@ extensions: []
161
161
  extra_rdoc_files: []
162
162
  files:
163
163
  - .gitignore
164
+ - CHANGELOG.md
164
165
  - CONTRIBUTORS
165
166
  - Gemfile
166
167
  - LICENSE