The following files were added/modified for elastic 'v7.0.1'.

.env

@@ -1,2 +1,2 @@
-TAG=6.6.0
-ELASTIC_VERSION=6.6.0
+TAG=7.0.1
+ELASTIC_VERSION=7.0.1

.gitignore

@@ -15,9 +15,10 @@ config/ssl/ca/ca.key
 config/ssl/docker-cluster-ca.zip
 config/ssl/docker-cluster.zip
 
-config/auditbeat/auditbeat.keystore
-config/filebeat/filebeat.keystore
-config/heartbeat/heartbeat.keystore
-config/metricbeat/metricbeat.keystore
-config/packetbeat/packetbeat.keystore
-config/apm-server/apm-server.keystore
+config/apm-server/beats.keystore
+config/auditbeat/beats.keystore
+config/filebeat/beats.keystore
+config/heartbeat/beats.keystore
+config/journalbeat/beats.keystore
+config/metricbeat/beats.keystore
+config/packetbeat/beats.keystore

config/apm-server/apm-server.yml

@@ -1,6 +1,8 @@
 apm-server.frontend.enabled: true
 apm-server.host: "0.0.0.0:8200"
 
+keystore.path: "/usr/share/apm-server/data/beats.keystore"
+
 output.elasticsearch:
   hosts: ['elasticsearch:9200']
   protocol: "https"
@@ -16,3 +18,5 @@ setup.kibana:
   protocol: "http"
   ssl.enabled: false
   ssl.certificate_authorities: ["/usr/share/apm-server/certs/ca/ca.crt"]
+
+xpack.monitoring.enabled: true

config/auditbeat/auditbeat.yml

@@ -13,12 +13,14 @@ auditbeat.modules:
   - /usr/sbin
   - /etc
 
+keystore.path: "/usr/share/auditbeat/data/beats.keystore"
+
 output.elasticsearch:
   hosts: ['elasticsearch:9200']
   protocol: "https"
   username: elastic
-  # Read PW from auditbeat.keystore
   password: "${ELASTIC_PASSWORD}"
+  # Read PW from auditbeat.keystore
   ssl.certificate_authorities: ["/usr/share/auditbeat/certs/ca/ca.crt"]
 
 setup.kibana:
@@ -30,3 +32,4 @@ setup.kibana:
   ssl.certificate_authorities: ["/usr/share/auditbeat/certs/ca/ca.crt"]
 
 xpack.monitoring.enabled: true
+xpack.monitoring.elasticsearch:

config/elasticsearch/elasticsearch.yml

@@ -1,16 +1,18 @@
+
 cluster.name: "docker-cluster"
 network.host: 0.0.0.0
 transport.host: 0.0.0.0
 
 # minimum_master_nodes need to be explicitly set when bound on a public IP
 # set to 1 to allow single node clusters
 # Details: https://github.com/elastic/elasticsearch/pull/17288
+cluster.initial_master_nodes: ["es-cluster01"]
 discovery.zen.minimum_master_nodes: 1
 xpack.license.self_generated.type: trial
 xpack.security.enabled: true
 xpack.security.http.ssl.enabled: true
 xpack.security.http.ssl.verification_mode: certificate
-xpack.security.http.ssl.key:  certs/elasticsearch/elasticsearch.key
+xpack.security.http.ssl.key: certs/elasticsearch/elasticsearch.key
 xpack.security.http.ssl.certificate: certs/elasticsearch/elasticsearch.crt
 xpack.security.http.ssl.certificate_authorities: [ "certs/ca/ca.crt" ]
 

config/filebeat/filebeat.yml

@@ -1,28 +1,33 @@
-filebeat.config:
-  prospectors:
-    path: ${path.config}/prospectors.d/*.yml
-    reload.enabled: false
-  modules:
-    path: ${path.config}/modules.d/*.yml
-    reload.enabled: false
+filebeat.inputs:
+- type: log
+  enabled: true
+  paths: 
+    - ${path.config}/prospectors.d/*.yml
+
+filebeat.config.modules:
+  path: ${path.config}/modules.d/*.yml
+  reload.enabled: false
 
 processors:
-- add_cloud_metadata:
+  - add_cloud_metadata:
+
+keystore.path: "/usr/share/filebeat/data/beats.keystore"
 
 output.elasticsearch:
-  hosts: ['elasticsearch:9200']
-  protocol: "https"
   username: elastic
-  # Read PW from filebeat.keystore
   password: "${ELASTIC_PASSWORD}"
+  hosts: ["elasticsearch:9200"]
+  protocol: https
+  # Read PW from auditbeat.keystore
   ssl.certificate_authorities: ["/usr/share/filebeat/certs/ca/ca.crt"]
 
 setup.kibana:
-  host: "http://kibana:5601"
   username: elastic
   password: "${ELASTIC_PASSWORD}"
-  protocol: "http"
+  protocol: http
+  host: "http://kibana:5601"
   ssl.enabled: false
   ssl.certificate_authorities: ["/usr/share/filebeat/certs/ca/ca.crt"]
 
 xpack.monitoring.enabled: true
+xpack.monitoring.elasticsearch:

config/heartbeat/heartbeat.yml

@@ -14,7 +14,9 @@ heartbeat.monitors:
     - kibana
 
 processors:
-- add_cloud_metadata:
+  - add_cloud_metadata:
+
+keystore.path: "/usr/share/heartbeat/data/beats.keystore"
 
 output.elasticsearch:
   hosts: ['elasticsearch:9200']

config/journalbeat/journalbeat.yml

@@ -0,0 +1,30 @@
+journalbeat.inputs:
+- paths: []
+  seek: cursor
+
+setup.template.settings:
+  index.number_of_shards: 1
+
+processors:
+  - add_host_metadata: ~
+  - add_cloud_metadata: ~
+
+keystore.path: "/usr/share/journalbeat/data/beats.keystore"
+
+output.elasticsearch:
+  hosts: ['elasticsearch:9200']
+  protocol: "https"
+  username: elastic
+  # Read PW from beats.keystore
+  password: "${ELASTIC_PASSWORD}"
+  ssl.certificate_authorities: ["/usr/share/journalbeat/certs/ca/ca.crt"]
+
+setup.kibana:
+  host: "http://kibana:5601"
+  username: elastic
+  password: "${ELASTIC_PASSWORD}"
+  protocol: "http"
+  ssl.enabled: false
+  ssl.certificate_authorities: ["/usr/share/journalbeat/certs/ca/ca.crt"]
+
+xpack.monitoring.enabled: true

config/kibana/kibana.yml

@@ -2,7 +2,7 @@
 
 server.name: kibana
 server.host: "0"
-elasticsearch.url: https://elasticsearch:9200
+elasticsearch.hosts: [ "https://elasticsearch:9200" ]
 # elasticsearch.password is stored in `kibana.keystore`
 elasticsearch.username: kibana
 elasticsearch.ssl.certificateAuthorities: ["/usr/share/kibana/config/certs/ca/ca.crt"]

config/logstash/logstash.yml

@@ -1,7 +1,6 @@
 http.host: 0.0.0.0
 # read password from logstash.keystore
 xpack.monitoring.elasticsearch.password: ${ELASTIC_PASSWORD}
-xpack.monitoring.elasticsearch.url: https://elasticsearch:9200
+xpack.monitoring.elasticsearch.hosts: ["https://elasticsearch:9200"]
 xpack.monitoring.elasticsearch.username: logstash_system
-xpack.monitoring.elasticsearch.ssl.ca: /usr/share/logstash/config/certs/ca/ca.crt
-
+xpack.monitoring.elasticsearch.ssl.certificate_authority: /usr/share/logstash/config/certs/ca/ca.crt

config/metricbeat/metricbeat.yml

@@ -5,6 +5,8 @@ metricbeat.config.modules:
 processors:
 - add_cloud_metadata:
 
+keystore.path: "/usr/share/metricbeat/data/beats.keystore"
+
 output.elasticsearch:
   hosts: ['elasticsearch:9200']
   protocol: "https"

config/packetbeat/packetbeat.yml

@@ -35,7 +35,9 @@ packetbeat.protocols.cassandra:
 
 
 processors:
-- add_cloud_metadata:
+  - add_cloud_metadata:
+
+keystore.path: "/usr/share/packetbeat/data/beats.keystore"
 
 output.elasticsearch:
   hosts: ['elasticsearch:9200']

docker-compose.setup.yml

@@ -54,7 +54,7 @@ services:
     command: ['/bin/bash', '-c', 'cat /usr/local/bin/setup-beat.sh | tr -d "\r" | bash -s auditbeat']
     environment: ['ELASTIC_PASSWORD=${ELASTIC_PASSWORD}']
     networks: ['stack']
-    depends_on: ['kibana']
+    depends_on: ['elasticsearch', 'kibana']
 
   setup_filebeat:
     image: docker.elastic.co/beats/filebeat:${TAG}
@@ -65,10 +65,11 @@ services:
       - './scripts/setup-beat.sh:/usr/local/bin/setup-beat.sh:ro'
       - './config/filebeat/filebeat.yml:/usr/share/filebeat/filebeat.yml'
       - './config/ssl/ca/ca.crt:/usr/share/filebeat/certs/ca/ca.crt'
+    command: ['/bin/bash', '-c', 'chown root:filebeat /usr/share/filebeat/filebeat.yml']
     command: ['/bin/bash', '-c', 'cat /usr/local/bin/setup-beat.sh | tr -d "\r" | bash -s filebeat']
     environment: ['ELASTIC_PASSWORD=${ELASTIC_PASSWORD}']
     networks: ['stack']
-    depends_on: ['kibana']
+    depends_on: ['elasticsearch', 'kibana']
 
   setup_heartbeat:
     image: docker.elastic.co/beats/heartbeat:${TAG}
@@ -113,6 +114,22 @@ services:
     networks: ['stack']
     depends_on: ['kibana']
 
+  setup_journalbeat:
+    image: docker.elastic.co/beats/journalbeat:${TAG}
+    container_name: setup_journalbeat
+    user: root
+    pid: host
+    cap_add: ['AUDIT_CONTROL', 'AUDIT_READ']
+    volumes:
+      - './config:/config'
+      - './scripts/setup-beat.sh:/usr/local/bin/setup-beat.sh:ro'
+      - './config/journalbeat/journalbeat.yml:/usr/share/journalbeat/journalbeat.yml'
+      - './config/ssl/ca/ca.crt:/usr/share/journalbeat/certs/ca/ca.crt'
+    command: ['/bin/bash', '-c', 'cat /usr/local/bin/setup-beat.sh | tr -d "\r" | bash -s journalbeat']
+    environment: ['ELASTIC_PASSWORD=${ELASTIC_PASSWORD}']
+    networks: ['stack']
+    depends_on: ['elasticsearch', 'kibana']
+
   setup_apm_server:
     image: docker.elastic.co/apm/apm-server:${TAG}
     container_name: setup_apm_server
@@ -125,4 +142,4 @@ services:
       - './config/ssl/ca/ca.crt:/usr/share/apm-server/certs/ca/ca.crt'
     environment: ['ELASTIC_PASSWORD=${ELASTIC_PASSWORD}']
     networks: ['stack']
-    depends_on: ['kibana']
+    depends_on: ['kibana']