Page MenuHomePhabricator

[epic] Update Elasticsearch to 1.6.1 or 1.7.1
Closed, ResolvedPublic

Description

1.6.1 or 1.7.0 fixes two security issues:
https://www.elastic.co/blog/elasticsearch-1-7-0-and-1-6-1-released

Stakeholders: Operations/Security
Outcome: Security in depth issues fixed. Security problem isn't glaring, just bad in depth.
Estimate: Two days total

Event Timeline

MoritzMuehlenhoff raised the priority of this task from to Needs Triage.
MoritzMuehlenhoff updated the task description. (Show Details)
Manybubbles renamed this task from Update Elasticsearch to 1.6.1 to Update Elasticsearch to 1.6.1 or 1.7. 0.Jul 16 2015, 8:36 PM
Manybubbles triaged this task as Medium priority.
Manybubbles updated the task description. (Show Details)

I was thinking we could time this with the rolling restart the shuts down dynamic scripting.

There's also a new round of security fixes for Java; the OpenJDK updates will probably be available beginning of next week, so can combine that,

Cool. You can upgrade java anytime you like so long as its still a 1.7. If
1.8 is in apt and not a mess we can validate cirrus against it too. That is
a simple task but we should do it before going to 1.8.

We don't have Java 1.8 in Debian jessie yet, so this will be the latest security bugfix release for 1.7 as packaged by OpenJDK 7

Cool. Then the jdk upgrade can hit the machines any time. We can do it when
we're logged in for the the rolling restart or you can. Or puppet can if we
use puppet for that sort of thing.

I'll update the Java packages once the updates are available and update this task once done.

Manybubbles renamed this task from Update Elasticsearch to 1.6.1 or 1.7. 0 to [epic] Update Elasticsearch to 1.6.1 or 1.7. 0.Jul 17 2015, 4:58 PM

Still on the plate for this week, right?

I would like to help with this so I understand where things are at, even if it's just gettin the coffee :)

2 creams, 1 sugar?

We scheduled the upgrade on Thu, Jul 30, 5PM UTC.
Should be 7PM CET (for me)
and 10AM PST (for Erik)

@chasemp is this ok for you?

We scheduled the upgrade on Thu, Jul 30, 5PM UTC.
Should be 7PM CET (for me)
and 10AM PST (for Erik)

@chasemp is this ok for you?

sounds good thanks guys. I'm planning to be around as an extra set of hands. Mostly for my own edification.

If Ubuntu has released their security updates by then (and I hope they will), I'll install the updates before you start, so that the cluster nodes pick up the fixed JDK.

dcausse renamed this task from [epic] Update Elasticsearch to 1.6.1 or 1.7. 0 to [epic] Update Elasticsearch to 1.6.1 or 1.7. 1.Jul 30 2015, 9:35 AM
dcausse renamed this task from [epic] Update Elasticsearch to 1.6.1 or 1.7. 1 to [epic] Update Elasticsearch to 1.6.1 or 1.7.1.

Upgrade is delayed to next week because we'll switch directly to elasticsearch-1.7.1.
I propose Tue, Aug 4, same time (5PM UTC)
I will test that everything runs smoothly on beta in the meantime.

Upgrade is delayed to next week because we'll switch directly to elasticsearch-1.7.1.
I propose Tue, Aug 4, same time (5PM UTC)
I will test that everything runs smoothly on beta in the meantime.

Makes sense. Thanks and sounds good.

All "Blocked by" tickets closed; what's left here?

Deskana claimed this task.
Deskana added a subscriber: Deskana.

Thanks @Aklapper. As far as I know, this is resolved. @EBernhardson can correct me if I'm wrong.