-
Notifications
You must be signed in to change notification settings - Fork 24.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Upgrade assistant should warn of incompatible system indices settings when migrating from 7 to 8 (the index will become red) #88324
Comments
Pinging @elastic/es-core-infra (Team:Core/Infra) |
We had a discussion on this at the core/infra meeting and there are few follow-up bugs/issues we need to resolve here:
|
I did some debugging on why the upgrade assistant didn't warn us on these deprecated options on a system index, and it turns out that Elasticsearch correctly reports the critical deprecation, however the following code in upgrade assistant ignores deprecations on system indices: We correctly reported in Elasticsearch:
|
That's great @grcevski - I'm sorry I've not tried to call the API on ES side when reproducing. My biggest concern here is allowing the node to start and lead to a red index and we have no way to fix the settings once the index is migrated. Is there something I didn't try to do in the reproduction which would allow a user to remove the problematic settings if they've already upgraded? |
Oh no problem @lucabelluccini, I was just mentioning what I had found. We'll need to fix this one way or another. It seems that the upgrade assistant code expects that all problems related to system indices will be mentioned in the system index migration section, while these particular ones are generic for all indices and we report them in the normal deprecations. I'll have a team discussion on this to see what's the best way to fix this. |
found this issue too late :( Edit: Some more details - I stumbled into this issue today on our staging cluster which is running on Kubernetes/ECK. The upgrade worked pretty well until only a none-data holding master node-pod and the last hot node-pod with version 7.17.6 was left where the indices with the After thorough consultation with the marvelous Elastic-support ( <3 ) I was told to do a "full-cluster-restart" - I just stopped event ingestion via some logstash-pods by scaling them to 0, set Magically the Elasticsearch-cluster fixed itself (as always) in a few minutes and then I removed the |
We ran into this at @GitLab as well during the ES 7 => 8 upgrade. |
Elasticsearch Version
7.x, 8.x
Installed Plugins
No response
Java Version
bundled
OS Version
N/A
Problem Description
System indices do not accept several settings to be overridden in 8.x - only few are allowed at the time of writing:
When migrating from 7.x to 8.x, it can happen that for some reason a system index (e.g.
.security-7
) has some setting which is allowed in 7.x but the shards fail to be allocated while upgrading to 8.xSteps to Reproduce
Create a 7.17.5 cluster.
Perform:
Go to the Upgrade Assistant - All good
Upgrade to 8.3.1
The upgrade will at a given point trigger a cluster
red
state.The cluster allocation explain will be:
"allow_restricted_indices": true
and using a user from thefile
realm (as thenative
realm is unavailable due to.security
index beingred
).But the API request below, executed with a role having
"allow_restricted_indices": true
:Is still rejected again with:
We get:
The request is acknowledged.
green
:We get:
We get the acknowledge, but the index has still the broken settings.
Logs (if relevant)
No response
The text was updated successfully, but these errors were encountered: