Page MenuHomePhabricator
Create Task
Maniphest T272238

Elasticsearch and Kibana are switching to non-OSI-approved SSPL licence
Closed, ResolvedPublic
Actions

Description

Per https://www.elastic.co/blog/licensing-change Elasticsearch (which stores data collected by Logstash) and Kibana (which displays log data) will be switching to the Server Side Public License which according to Wikipedia is not OSI approved nor Debian Free Software Guidelines compatible.

Starting with the upcoming Elastic 7.11 release, we will be moving the Apache 2.0-licensed code of Elasticsearch and Kibana to be dual licensed under SSPL and the Elastic License, giving users the choice of which license to apply.

see also T272111: Elasticsearch, a CirrusSearch dependency, is switching to SSPL/Custom licence for use of Elasticsearch in MediaWiki extensions

Related Objects
Search...

Event Timeline

taavi created this task.Jan 17 2021, 11:55 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJan 17 2021, 11:55 AM
taavi mentioned this in T272111: Elasticsearch, a CirrusSearch dependency, is switching to SSPL/Custom licence.Jan 17 2021, 11:56 AM
Nikerabbit subscribed.Jan 17 2021, 12:45 PM
Tgr subscribed.Jan 18 2021, 5:26 AM
jcrespo added a project: observability.Jan 18 2021, 6:29 PM
jcrespo subscribed.

Adding observability team, although for initial reactions not sure if a separate ticket for infrastructure logs vs search code is the right approach...

dpifke subscribed.Jan 19 2021, 1:08 AM
dcausse subscribed.Jan 19 2021, 1:18 PM
Base subscribed.Jan 19 2021, 4:21 PM
dpifke added a comment.Jan 19 2021, 5:33 PM

This may affect plans to use the Elastic Common Schema for logging.

https://github.com/elastic/ecs still appears to be Apache 2.0 licensed. (But https://github.com/elastic/elasticsearch hasn't been updated either, so maybe a change is pending.) If we use ECS and its license changes to SSPL, that may create headaches for downstream users of MediaWiki.

(Legal can chime in, but copyrightability of a logging schema—and thus whether or not the license even matters—is probably directly dependent on the outcome of https://en.wikipedia.org/wiki/Google_LLC_v._Oracle_America,_Inc.)

Volans subscribed.Jan 19 2021, 6:58 PM

Related: https://www.elastic.co/blog/why-license-change-AWS

Volans unsubscribed.Jan 19 2021, 6:59 PM
Ottomata subscribed.Jan 19 2021, 7:36 PM

Confluent did the same thing a few years ago: https://www.confluent.io/blog/license-changes-confluent-platform/
This has prevented us from using some of their free products, even though they were the best solutions.

Mholloway subscribed.Jan 19 2021, 8:02 PM
colewhite subscribed.Jan 19 2021, 11:32 PM
MoritzMuehlenhoff subscribed.Jan 20 2021, 8:19 AM

OSI statement: https://opensource.org/node/1099

revi subscribed.Jan 20 2021, 3:12 PM
jmnote subscribed.Jan 20 2021, 4:24 PM
Bawolff awarded a token.Jan 20 2021, 4:54 PM
WMDE-leszek subscribed.Jan 21 2021, 6:06 AM
akosiaris subscribed.Jan 21 2021, 9:46 AM
akosiaris added a parent task: T272111: Elasticsearch, a CirrusSearch dependency, is switching to SSPL/Custom licence.Jan 21 2021, 9:54 AM

I 've marked T272111 as a parent of this task for greater visibility. This one seems more generic than the specific one to CirrusSearch hence this relationship, but feel free to undo.

AntiCompositeNumber subscribed.Jan 21 2021, 12:38 PM
AntiCompositeNumber added a comment.Jan 22 2021, 2:10 AM

Amazon has announced plans to fork Elasticsearch and Kibana under the original Apache 2.0 license (starting from ES 7.10)
https://aws.amazon.com/blogs/opensource/stepping-up-for-a-truly-open-source-elasticsearch/

Tgr added a comment.Jan 22 2021, 4:11 AM

Apparently there is a more community-oriented fork in the works, too: https://logz.io/blog/open-source-elasticsearch-doubling-down/

Ladsgroup subscribed.Jan 22 2021, 4:13 AM
Kronoss subscribed.Jan 22 2021, 10:06 AM
Nemo_bis subscribed.EditedJan 24 2021, 4:45 PM
In T272238#6764574, @akosiaris wrote:

I 've marked T272111 as a parent of this task for greater visibility. This one seems more generic than the specific one to CirrusSearch hence this relationship, but feel free to undo.

Can't we just mark this as dupe? It's pretty clear there will be a viable fork, so it will "only" be a matter of picking a new upstream (or possibly joining the formation of one). Unless we end up with multiple incompatible upstreams (seems unlikely in the short term), I doubt we'd pick different ones for the various pieces of software.

akosiaris added a comment.Jan 25 2021, 11:12 AM
In T272238#6771873, @Nemo_bis wrote:
In T272238#6764574, @akosiaris wrote:

I 've marked T272111 as a parent of this task for greater visibility. This one seems more generic than the specific one to CirrusSearch hence this relationship, but feel free to undo.

Can't we just mark this as dupe? It's pretty clear there will be a viable fork, so it will "only" be a matter of picking a new upstream (or possibly joining the formation of one). Unless we end up with multiple incompatible upstreams (seems unlikely in the short term), I doubt we'd pick different ones for the various pieces of software.

While that scenario may indeed (and I actually hope) pan out, assuming that it will without input from the respective teams would be presumptuous of me. I 'd much rather each interested party/team became aware of the issue, the potential solutions, benefits as well as concerns (pooling efforts and adopting the same solution, whatever that may be, is a very valid concern in my book and I guess yours as well) and came to a decision weighing all of those instead of just assuming from the beginning that 1 solution will be adequate for everyone.

Legoktm triaged this task as Medium priority.Jan 25 2021, 7:30 PM
Legoktm subscribed.

Have they announced when the 7.11 release is happening? It's not clear to me how long we have to figure out what to do next.

EBernhardson subscribed.EditedJan 25 2021, 7:42 PM

We have as long as we want to figure out what to do next, I don't think the day they drop 7.11 changes anything. CirrusSearch doesn't even support 7.x today, other uses at WMF may differ.

AntiCompositeNumber added a comment.EditedJan 25 2021, 7:58 PM

Elastic does not announce release dates in advance.

CirrusSearch is still on ES 6, which will become EOL on 2020-11-20.
Production logging is on ELK 7.10 as of two weeks ago (T234854). It will become EOL on 2022-05-11, but won't be maintained after the 7.11 release.

It appears that the two groups that announced forks (AWS and logz.io) may end up are working together on the same fork (per https://logz.io/blog/truly-doubling-down-on-open-source-2/, https://twitter.com/horovits/status/1353780274686001152). Both have said that more details are coming "in the next few weeks".

bd808 mentioned this in T271374: Mirror toolinfo records into Elasticsearch.Feb 15 2021, 7:54 PM
bd808 mentioned this in T127717: Move Cloud VPS auth.logs to central logging.Feb 16 2021, 8:41 PM
Addshore subscribed.Feb 22 2021, 10:16 AM
Peachey88 moved this task from Backlog to License switches on the Software-Licensing board.Apr 10 2021, 6:23 AM
Legoktm added a comment.Apr 13 2021, 7:54 AM

https://aws.amazon.com/blogs/opensource/introducing-opensearch/

Today, we are introducing the OpenSearch project, a community-driven, open source fork of Elasticsearch and Kibana. We are making a long-term investment in OpenSearch to ensure users continue to have a secure, high-quality, fully open source search and analytics suite with a rich roadmap of new and innovative functionality. This project includes OpenSearch (derived from Elasticsearch 7.10.2) and OpenSearch Dashboards (derived from Kibana 7.10.2).
...
The entire code base is under the Apache 2.0 license, and we don’t ask for a contributor license agreement (CLA).

Krenair subscribed.Apr 13 2021, 7:55 AM
lmata moved this task from Inbox to In progress on the observability board.Jun 7 2021, 5:44 AM
lmata edited projects, added SRE Observability (FY2021/2022-Q1); removed observability.Jul 12 2021, 2:20 AM
lmata moved this task from Inbox to In progress on the SRE Observability (FY2021/2022-Q1) board.
Maintenance_bot added a project: observability.Jul 12 2021, 2:47 AM
lmata moved this task from In progress to Epics In Progress on the SRE Observability (FY2021/2022-Q1) board.Aug 18 2021, 2:09 PM
Mholloway mentioned this in T267602: Client-side error logging should use Elastic Common Schema (ECS) fields when possible.Aug 19 2021, 2:40 PM
herron mentioned this in T225125: Migrate Elasticsearch from deprecated Gelf logstash input to rsyslog Kafka logging pipeline.Aug 30 2021, 6:41 PM
colewhite edited projects, added SRE Observability (FY2021/2022-Q2); removed SRE Observability (FY2021/2022-Q1).Oct 1 2021, 12:19 AM
lmata edited projects, added SRE Observability; removed SRE Observability (FY2021/2022-Q2).Jan 17 2022, 4:11 PM
lmata moved this task from FY2021/2022-Q2 to Inbox on the SRE Observability board.
lmata edited projects, added Observability-Logging; removed SRE Observability.Jan 17 2022, 11:18 PM
lmata claimed this task.Feb 10 2022, 1:41 PM
lmata added a project: SRE Observability (FY2021/2022-Q3).
lmata subscribed.

Pulling this in as it's to reflect its actual progress.

lmata closed this task as Resolved.Feb 14 2022, 4:16 AM
lmata moved this task from Inbox to Done on the SRE Observability (FY2021/2022-Q3) board.

About a year ago, the SRE Observability team sent out to mitigate risk for the upcoming SSPL change in licensing to Elasticsearch as SSPL is not an Open Source Initiative (OSI) approved license. The Wikimedia Foundation, finding the SSPL incompatible with our values to use and produce open source software, sought and evaluated replacement solutions in Q4 FY2020/2021.

The selection process began in discussion amongst the Observability team. It was deemed preferable to continue to self-host the solution rather than purchase or subscribe to a vendor-supplied tool due to the requirement to protect PII and the expectation that the sheer volume of logs and data would be prohibitively expensive. The Observability team identified two potential options: OpenSearch and Grafana Loki.

In conjunction with the SSPL working group, the Observability team reached out to the folks working on OpenSearch -- a fork of ElasticSearch 7.10 with the express goal of backward compatibility with existing clusters. After some initial testing, we determined OpenSearch was a good candidate for evaluation. In addition, OpenSearch used ElasticSearch for its foundation, a solid production-ready product, making OpenSearch a viable solution.

Members of the Observability team had experience running Grafana Loki. Still a very young project, Loki promised incredible ingest capability and a greatly simplified pipeline that purported to reduce the cost of maintenance over the long term. For these reasons, Loki was made a candidate and evaluated.

We built a cluster of each solution in parallel with both of these selections and duplicated a log stream.

In conclusion, the SRE Observability team recommended moving forward with OpenSearch for centralized logging. Primarily because it is effectively identical to the solution, we had. OpenSearch is based on production-tested technology, is licensed with an OSI-approved license, and has reached GA. We collectively have the experience through our experience with ElasticSearch and Kibana to operate, instrument, use, and teach others to use OpenSearch. Using more of the same technology reduces the burden of adopting multiple new technologies on our team and users.

After this evaluation, we implemented a testing environment in beta T288618, followed by deployments to production T288621. Both codfw T288621#7551881 and equiad T288621#7618282 have been migrated to OpenSearch, thus removing the observability stack of scope for SSPL concerns.

With this note, I will boldly proceed to close this task.

herron awarded a token.Feb 16 2022, 3:17 PM
RhinosF1 subscribed.Apr 10 2022, 4:47 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits