Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Handle '.geoip_database' index when creating alias #24

Merged
merged 1 commit into from
Dec 14, 2021
Merged

fix: Handle '.geoip_database' index when creating alias #24

merged 1 commit into from
Dec 14, 2021

Conversation

orangejulius
Copy link
Member

Newer versions of Elasticsearch (somewhere between 7.9 and 7.16) natively include a GeoIP database.

The code to set up the convenient 'pelias' Elasticsearch index alias gets tripped up by this, as it wasn't expecting any other indices to exist besides the main Pelias index.

We don't want to require people to name their Pelias indices anything specific (though they generally start with pelias- according to our project conventions).

What we can do is filter out the '.geoip_database' index when creating the alias. Then the first index seen will be a Pelias index.

This will allow us to support Elasticsearch 7.16.1 to mitigate the log4j security vulnerability pelias/pelias#921

@orangejulius
fix: Handle '.geoip_database' index when creating alias
afca4dc 
Newer versions of Elasticsearch natively include a GeoIP database.

The code to set up the convenient 'pelias' Elasticsearch index alias
gets tripped up by this, as it wasn't expecting any other indices to
exist besides the main Pelias index.

We don't want to require people to name their Pelias indices anything
specific (though they generally start with `pelias-` according to our
project conventions).

What we can do is filter out the '.geoip_database' index when creating
the alias. Then the first index seen will be a Pelias index.
@orangejulius orangejulius merged commit 031269d into master Dec 14, 2021
@orangejulius orangejulius deleted the handle-geoip-database branch December 14, 2021 15:34
@missinglink
Copy link
Member

would it make sense to filter any indices starting with a dot? is that some sort of convention they may use again?

@missinglink
Copy link
Member

agh yeah they're called dot indices: elastic/elasticsearch#50251

@orangejulius
Copy link
Member Author

orangejulius commented Dec 14, 2021
edited
Loading

That might make sense. I actually noticed some views in ES 7.16.1 show even more indices, but they are apparently hidden and don't show up in every case.

For example, here's a list of shards on a recently set up cluster:

index                                                         shard prirep state       docs  store ip            node
.ds-.logs-deprecation.elasticsearch-default-2021.12.14-000001 0     p      STARTED                 172.20.32.136 ip-172-20-32-136
.ds-.logs-deprecation.elasticsearch-default-2021.12.14-000001 0     r      STARTED                 172.20.57.65  ip-172-20-57-65
.ds-ilm-history-5-2021.12.14-000001                           0     p      STARTED                 172.20.32.136 ip-172-20-32-136
.ds-ilm-history-5-2021.12.14-000001                           0     r      STARTED                 172.20.52.24  ip-172-20-52-24
.geoip_databases                                              0     p      STARTED       42 41.1mb 172.20.52.24  ip-172-20-52-24
.geoip_databases                                              0     r      STARTED       42 41.1mb 172.20.54.8   ip-172-20-54-8

@missinglink
Copy link
Member

just make sure that regex dot is a dot dot and not a whatever dot! 😆

@missinglink missinglink mentioned this pull request Dec 15, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@orangejulius @missinglink