search

peasead / elastic-container

Stand up a simple Elastic container with Kibana, Fleet, and the Detection Engine
Apache License 2.0
395 stars 71 forks source link

[BUG] KIBANA_HOST: unbound variable prevents deployment #49

Closed kernel-sanders closed 3 months ago

kernel-sanders commented 4 months ago

48 introduced a bug. Output of ./elastic-container start after removing the > /dev/null 2>&1 from the set_fleet_values > /dev/null 2>&1 line:

Attempting to enable the Detection Engine and install prebuilt Detection Rules.

Kibana is up. Proceeding.

Detection engine enabled. Installing prepackaged rules.

Prepackaged rules installed!

Enabling detection rules

Successfully enabled Linux detection rules

Successfully enabled Windows detection rules

Successfully enabled MacOS detection rules

Waiting 40 seconds for Fleet Server setup.

Populating Fleet Settings.
./elastic-container.sh: line 143: KIBANA_HOST: unbound variable

KIBANA_HOST is only defined in the docker-compose for the fleet-server, but is used in the elastic-container.sh file.

To Reproduce Steps to reproduce the behavior:

  1. Run ./elastic-container.sh start on a fresh system

Expected behavior The script should not exit with status 1 on first run. It should setup the container in the same was as before #48.

Some CI testing (build from scratch in a github actions runner, validate success) could be used to catch these types of issues before they make it to main.

peasead commented 3 months ago

It's defined in the .env file. Are you seeing this in other OS' or just Debian?

peasead commented 3 months ago

I take it back, not it's not.

peasead commented 3 months ago

@DefSecSentinel why would we not be defining this? It definitely was at some point.

I wonder if this is causing any of the Fleet shakiness?

kOld commented 3 months ago

KIBANA_HOST is only defined in the docker-compose for the fleet-server, but is used in the elastic-container.sh file.

My apologies, the last commit should have used LOCAL_KBN_URL. I've already created a pull request (#51) to address this. Could you please confirm if it works @DefSecSentinel?

peasead commented 3 months ago

I just ran this off of main and it deployed the rules properly.

While I agree the bug should be fixed, are you not seeing the rules enabled?

DefSecSentinel commented 3 months ago

I fixed this issue and validated the fix by standing up a fresh 8.15.0 stack on macOS with all Fleet settings properly populated and the expected output shown in the terminal.