Update Beats tutorials for security on by default #120388
Conversation
joshdover
added
Team:Core
| defaultMessage: | ||
| 'First time using Filebeat? See the [Quick Start]({guideLinkUrl}).\n\ | ||
| export const createFilebeatInstructions = (context: TutorialContext) => { | ||
| const SSL_DOC_URL = `https://www.elastic.co/guide/en/beats/filebeat/${context.kibanaVersion}/configuration-ssl.html#ca-sha256`; |
There was a problem hiding this comment.
Here's where we use the Kibana version
There was a problem hiding this comment.
Another use case for #95389
| textPost: i18n.translate( | ||
| 'home.tutorials.common.filebeatInstructions.config.osxTextPostMarkdown', | ||
| { | ||
| defaultMessage: | ||
| 'Where {passwordTemplate} is the password of the `elastic` user, {esUrlTemplate} is the URL of \ | ||
| Elasticsearch, and {kibanaUrlTemplate} is the URL of Kibana. To [configure SSL]({configureSslUrl}) with the \ | ||
| default certificate generated by Elasticsearch, add its fingerprint in {esCertFingerprintTemplate} and set the \ | ||
| verification mode to {selfSignedCaTemplate}.', | ||
| values: { | ||
| passwordTemplate: '`<password>`', | ||
| esUrlTemplate: '`<es_url>`', | ||
| kibanaUrlTemplate: '`<kibana_url>`', | ||
| configureSslUrl: SSL_DOC_URL, | ||
| esCertFingerprintTemplate: '`<es cert fingerprint>`', | ||
| selfSignedCaTemplate: '`self_signed_ca`', | ||
| }, | ||
| } | ||
| ), |
There was a problem hiding this comment.
And here's where we actually update the instructions (similar below for each OS). Apologize for all the whitespace changes 😄
There was a problem hiding this comment.
Adding the kibana version makes sense and, yes, this is another use-case for server-side doclinks.
nit: we need to make sure the tutorials give info about what is required and what isn't. I imagine someone going through a tutorial to get their data indexed and only finding out later that they missed a required config.
| { | ||
| defaultMessage: | ||
| 'Where {passwordTemplate} is the password of the `elastic` user, {esUrlTemplate} is the URL of \ | ||
| Elasticsearch, and {kibanaUrlTemplate} is the URL of Kibana. To [configure SSL]({configureSslUrl}) with the \ |
There was a problem hiding this comment.
We should mention when configuring SSL is required for the deployment, if possible. Tutorials help guide folks through the process flow and giving more information around what is required and what isn't.
There was a problem hiding this comment.
I've added a comment to the yaml block that indicates this, let me know what you think. Additionally, the docs that we're linking to here will be updated with additional information before the 8.0 release.
There was a problem hiding this comment.
@mostlyjason Feel free to let me know if you think we should make any adjustments to the copy here.
| { | ||
| defaultMessage: | ||
| 'Where {passwordTemplate} is the password of the `elastic` user, {esUrlTemplate} is the URL of \ | ||
| Elasticsearch, and {kibanaUrlTemplate} is the URL of Kibana. To [configure SSL]({configureSslUrl}) with the \ |
There was a problem hiding this comment.
Same comment about guiding folks about required vs optional config
| { | ||
| defaultMessage: | ||
| 'Where {passwordTemplate} is the password of the `elastic` user, {esUrlTemplate} is the URL of \ | ||
| Elasticsearch, and {kibanaUrlTemplate} is the URL of Kibana. To [configure SSL]({configureSslUrl}) with the \ |
There was a problem hiding this comment.
optional or required?
joshdover
force-pushed
the
sec-by-default/beats-tutorials
branch
from
adb2809 to
abdc9a2
Compare
|
Pinging @elastic/kibana-core (Team:Core) |
|
Pinging @elastic/fleet (Team:Fleet) |
src/plugins/home/server/services/tutorials/tutorials_registry.ts
Outdated
Show resolved
Hide resolved
|
I've updated this to use the new |
💚 Build Succeeded
Metrics [docs]Public APIs missing comments
History
To update your PR or re-run it, just comment with: cc @joshdover |
💚 Backport successful
This backport PR will be merged automatically after passing CI. |
Co-authored-by: Josh Dover <[email protected]>
Summary
Adds YAML block, copy, and doc links to on-prem Beats tutorials about how to configure Beats for the self-signed cert generated by Elasticsearch in secure-by-default mode for 8.0. There's a lot of whitespace changes and it's all mostly copy and paste, not nearly as big as looks.
Checklist
Delete any items that are not applicable to this PR.