ELK7 ships a bundled version of Java, which we need to avoid. Otherwise
- We need to constantly upgrade Elastic to use an up-to-date Java (which we can't always do due to inter dependencies or similar), e.g. the current Java included in the elastic debs we're running is from October 2018
- We'll end up with two different Java versions on systems which run other Java services (could cause issues when pulling metrics)
- We have no idea how the bundled Java works or how it was built and all customisations that we're doing in java::profile (such as the hardenered security settings) will fail to apply
Setting this to High, we should not switch over the main Kibana service in the current form. Also adding Guillaume, David and Ryan to the task as this will eventually also apply to the main ELK7 stack.
Fortunately running a non-bundled Java is supported: https://www.elastic.co/guide/en/elasticsearch/reference/current/setup.html#jvm-version
for that we need to:
- Apply profile::java to the ELK7 hosts, looking at https://www.elastic.co/support/matrix#matrix_jvm we can simply use the stock Java 11 from Buster. we don't actually need the forward ported Java 8 (after all, it's currently running Java 13in the bundled version) and remove the current Java 8 packages
- Set JAVA_HOME in the elasticsearch.service using an override shipped with systemd::service which points to the default_java_home setting from the profile::java