Can I propose to add one system environment variable to allow users to turn off run this script in their production? By doing this, users can easily just use the same docker image in their production environment.

https://github.com/opendistro-for-elasticsearch/opendistro-build/blob/master/elasticsearch/docker/build/elasticsearch/bin/docker-entrypoint.sh#L88

If you guys agree, I can have one PR and ask for a review.

I install opendistro 1.0 and elasticsearch-oss 7.0.1 and when i tried to run securityadmin i get this error.

Command:

./securityadmin.sh -migrate ~/elastic_backup -nhnv -cacert /etc/elasticsearch/root-ca.pem -cert /etc/elasticsearch/kirk.pem -key /etc/elasticsearch/kirk-key.pem

opendistro_security index already exists, so we do not need to create one.
Legacy index '.opendistro_security' (ES 6) detected (or forced). You should migrate the configuration!

Will retrieve 'security/internalusers' into ~/elastic_backup/internal_users.yml (legacy mode)
ERR: Seems internalusers from cluster is not in legacy format: >com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException: Unrecognized field >"password" (class >com.amazon.opendistroforelasticsearch.security.securityconf.impl.v6.InternalUserV6), not marked >as ignorable (6 known properties: "readonly", "username", "attributes", "hidden", "roles", "hash"])
at [Source: {"logstash":{"roles":["logstash"],"test":{"password":"","roles":[],"snapshotrestore": {"roles":["snapshotrestore"],"admin":{"readonly":"true","roles":["admin"],"attributes":{"attribute1":"value1","attribute3":"value3","attribute2":"value2"},"kibanaserver":{"readonly":"true","kibanaro":{"roles":["kibanauser","readall"]},"readall":{"roles":["readall"]; line: 1, column: 126] (through reference chain: >com.amazon.opendistroforelasticsearch.security.securityconf.impl.SecurityDynamicConfiguration["test"]->com.amazon.opendistroforelasticsearch.security.securityconf.impl.v6.InternalUserV6["password"])
Will retrieve 'security/actiongroups' into ~/elastic_backup/action_groups.yml (legacy mode)
SUCC: Configuration for 'actiongroups' stored in ~/elastic_backup/action_groups.yml

I've been trying to deploy Kibana and Elasticsearch containers in different hosts, but Kibana container has not been able to find (or connect with) Elasticsearch. Any pointers?

The helm chart is using api's still that are disabled in newer versions of kubernetes:
apiVersion: apps/v1beta1

This means the chart does not work on newer kubernetes clusters.

Please update and use the tags for project.

As per this comment > https://discuss.opendistrocommunity.dev/t/rpm-packages-dependencies-issues/1105/2

Can the dependency trees for distro's be optimised before release? As ongoing patching becomes an issue on rpm distros. This happens on brand new, fresh installs.

When running the container as non root, ie with securityContext.runAsUser: 1000 the supervisord process was starting up as the passed in user.
This caused supervisord to fail because the /usr/share/supervisor directory was owned by root.

Hi,

We've deployed OD, we confirmed we can Authenticate and manage roles inside Kibana's GUI. We tried to assigne user according to roles/group they are part inside our AzureAD but we were unsuccessful. To us it seems we need to configure the authz sections but since we are using Azure we do not know how we can configure OD to retrieve the roles/group. Everything we do ends up having the user get Missing Tenant error.

SAML responde w/ Claim

</Signature>
      <Subject>
         <NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">[email protected]</NameID>
         <SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
            <SubjectConfirmationData InResponseTo="ONELOGIN_242fa5b0-6835-4083-8f54-83a4f8182032" NotOnOrAfter="2019-11-19T16:37:33.620Z" Recipient="https://ki.something.com/_opendistro/_security/saml/acs"/>
         </SubjectConfirmation>
      </Subject>
      <Conditions NotBefore="2019-11-19T15:32:33.620Z" NotOnOrAfter="2019-11-19T16:37:33.620Z">
         <AudienceRestriction>
            <Audience>elasticid</Audience>
         </AudienceRestriction>
      </Conditions>
      <AttributeStatement>
         <Attribute Name="http://schemas.microsoft.com/identity/claims/tenantid">
            <AttributeValue>TENANTID</AttributeValue>
         </Attribute>
         <Attribute Name="http://schemas.microsoft.com/identity/claims/objectidentifier">
            <AttributeValue>1b07ebbd-80f0-4abb-9e50-27bbe7b42db0</AttributeValue>
         </Attribute>
         <Attribute Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/role">
            <AttributeValue>3bcfa085-15b3-4d8e-a39b-cddb7983d496</AttributeValue>
            <AttributeValue>9228f068-5369-40e6-b621-674352cd46fd</AttributeValue>
            <AttributeValue>d135bf4c-4858-4a7f-ba3c-545f1afbf516</AttributeValue>
            <AttributeValue>ddb302f5-d240-4b29-bf5d-3c2fcb49fadb</AttributeValue>
            <AttributeValue>106debfc-3017-41d8-b689-0983264bcc1e</AttributeValue>
            <AttributeValue>cd691cbe-76bf-46b0-998d-181707b91be6</AttributeValue>
            <AttributeValue>5ac8d8a4-76d2-4200-93f8-b5ce1efc52ec</AttributeValue>
            <AttributeValue>0685b95e-e7b3-4615-9b5b-7a78765ae116</AttributeValue>
            <AttributeValue>99972c68-bf81-42fe-a30f-59a49424d237</AttributeValue>
            <AttributeValue>0494f86a-fab8-4ea9-9a63-32587a4ba96e</AttributeValue>
            <AttributeValue>1608f37a-4444-41b1-ae7a-2708ff4e3afe</AttributeValue>
         </Attribute>
         <Attribute Name="http://schemas.microsoft.com/identity/claims/identityprovider">
            <AttributeValue>https://sts.windows.net/737c6905-f186-4bcf-afb3-43e349ee23a3/</AttributeValue>
         </Attribute>
         <Attribute Name="http://schemas.microsoft.com/claims/authnmethodsreferences">
            <AttributeValue>http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/password</AttributeValue>
         </Attribute>
         <Attribute Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/roles">
            <AttributeValue>admin</AttributeValue>
         </Attribute>
      </AttributeStatement>
      <AuthnStatement AuthnInstant="2019-11-18T13:25:56.625Z" SessionIndex="_3f05d72c-bd52-43a2-8cf4-ad8802d79d00">
         <AuthnContext>
            <AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</AuthnContextClassRef>
         </AuthnContext>
      </AuthnStatement>
   </Assertion>
</samlp:Response>

    _meta:
      type: "config"
      config_version: 2

    config:
      dynamic:
        # Set filtered_alias_mode to 'disallow' to forbid more than 2 filtered aliases per index
        # Set filtered_alias_mode to 'warn' to allow more than 2 filtered aliases per index but warns about it (default)
        # Set filtered_alias_mode to 'nowarn' to allow more than 2 filtered aliases per index silently
        #filtered_alias_mode: warn
        do_not_fail_on_forbidden: true
        kibana:
        # Kibana multitenancy
          multitenancy_enabled: true
          server_username: kibanaserver
          index: '.kibana'
        http:
          anonymous_auth_enabled: false
          xff:
            enabled: false
            internalProxies: '192\.168\.0\.10|192\.168\.0\.11' # regex pattern
            #internalProxies: '.*' # trust all internal proxies, regex pattern
            remoteIpHeader:  'x-forwarded-for'
            ###### see https://docs.oracle.com/javase/7/docs/api/java/util/regex/Pattern.html for regex help
            ###### more information about XFF https://en.wikipedia.org/wiki/X-Forwarded-For
            ###### and here https://tools.ietf.org/html/rfc7239
            ###### and https://tomcat.apache.org/tomcat-8.0-doc/config/valve.html#Remote_IP_Valve
        authc:
          saml_auth_domain:
            http_enabled: true
            transport_enabled: false
            order: 0
            http_authenticator:
              type: saml
              challenge: true
              config:
                role_keys: ["roles","roles","groups","group","Group ID"]
                idp:
                  metadata_url: "https://login.microsoftonline.com/TENANTID/federationmetadata/2007-06/federationmetadata.xml?appid=812da130-9f99-44e4-b403-7db135979c96"
                  entity_id: "https://sts.windows.net/TENANTID/"
                sp:
                  entity_id: "elasticid"
                kibana_url: "https://ki.something.com"
                exchange_key: ANEXCHANGEKEY
            authentication_backend:
              type: noop
        authz:
          roles_from_myldap:
            description: "Authorize via LDAP or Active Directory"
            http_enabled: false
            transport_enabled: false
            authorization_backend:
              # LDAP authorization backend (gather roles from a LDAP or Active Directory, you have to configure the above LDAP authentication backend settings too)
              type: ldap
              config:
                # enable ldaps
                enable_ssl: false
                # enable start tls, enable_ssl should be false
                enable_start_tls: false
                # send client certificate
                enable_ssl_client_auth: false
                # verify ldap hostname
                verify_hostnames: true
                hosts:
                - localhost:8389
                bind_dn: null
                password: null
                rolebase: 'ou=groups,dc=example,dc=com'
                # Filter to search for roles (currently in the whole subtree beneath rolebase)
                # {0} is substituted with the DN of the user
                # {1} is substituted with the username
                # {2} is substituted with an attribute value from user's directory entry, of the authenticated user. Use userroleattribute to specify the name of the attribute
                rolesearch: '(member={0})'
                # Specify the name of the attribute which value should be substituted with {2} above
                userroleattribute: null
                # Roles as an attribute of the user entry
                userrolename: disabled
                #userrolename: memberOf
                # The attribute in a role entry containing the name of that role, Default is "name".
                # Can also be "dn" to use the full DN as rolename.
                rolename: cn
                # Resolve nested roles transitive (roles which are members of other roles and so on ...)
                resolve_nested_roles: true
                userbase: 'ou=people,dc=example,dc=com'
                # Filter to search for users (currently in the whole subtree beneath userbase)
                # {0} is substituted with the username
                usersearch: '(uid={0})'
                # Skip users matching a user name, a wildcard or a regex pattern
                #skip_users:
                #  - 'cn=Michael Jackson,ou*people,o=TEST'
                #  - '/\S*/'

I tried running elastic+kibana locally in docker with the following docker-compose.yml:

version: '3'
services:
  odfe-node1:
    image: amazon/opendistro-for-elasticsearch:1.3.0
    container_name: odfe-node1
    environment:
      - cluster.name=odfe-cluster
      - node.name=odfe-node1
      - discovery.seed_hosts=odfe-node1,odfe-node2
      - cluster.initial_master_nodes=odfe-node1,odfe-node2
      - bootstrap.memory_lock=true # along with the memlock settings below, disables swapping
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m" # minimum and maximum Java heap size, recommend setting both to 50% of system RAM
    ulimits:
      memlock:
        soft: -1
        hard: -1
      nofile:
        soft: 65536 # maximum number of open files for the Elasticsearch user, set to at least 65536 on modern systems
        hard: 65536
    volumes:
      - odfe-data1:/usr/share/elasticsearch/data
    ports:
      - 9200:9200
      - 9600:9600 # required for Performance Analyzer
    networks:
      - odfe-net
  odfe-node2:
    image: amazon/opendistro-for-elasticsearch:1.3.0
    container_name: odfe-node2
    environment:
      - cluster.name=odfe-cluster
      - node.name=odfe-node2
      - discovery.seed_hosts=odfe-node1,odfe-node2
      - cluster.initial_master_nodes=odfe-node1,odfe-node2
      - bootstrap.memory_lock=true
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
    ulimits:
      memlock:
        soft: -1
        hard: -1
      nofile:
        soft: 65536
        hard: 65536
    volumes:
      - odfe-data2:/usr/share/elasticsearch/data
    networks:
      - odfe-net
  kibana:
    image: amazon/opendistro-for-elasticsearch-kibana:1.3.0
    container_name: odfe-kibana
    ports:
      - 5601:5601
    expose:
      - "5601"
    environment:
      ELASTICSEARCH_URL: https://odfe-node1:9200
      ELASTICSEARCH_HOSTS: https://odfe-node1:9200
    networks:
      - odfe-net

volumes:
  odfe-data1:
  odfe-data2:

networks:
  odfe-net:

The nodes come up fine, no errors in the logs for either elastic or kibana, and I can access elastic by running curl https://localhost:9200 -u admin:admin --insecure

When I try to access Kibana from the browser or command line (curl) I get "Kibana server is not ready yet" message. I see the same message in the logs.

Any idea what might be wrong?

The same helm chart is currently published in two places, I don't know which one I should be submitting my PRs to:

https://github.com/opendistro-for-elasticsearch/community
https://github.com/opendistro-for-elasticsearch/opendistro-build

?????

Hello,
For now, everything i've read about running opendistro for elasticsearch on windows imply running it using a docker image.

So can you answer the following questions:

• Do/will you support running your distribution directly on Windows platforms?
• Do/will you support running all your custom plugins directly on Windows platforms?
• Can i expect the same level of support/testing/tooling on Windows platforms?

PS: I know java is meant to run the same on Windows than on Linux but the real life is more crual than the start of this sentence.

Hi Guys,

I am trying to install OpenDistros ES into an EC2 instance via RPM package.
While creating the repository file via the command: sudo curl https://d3g5vo6xdbdb9a.cloudfront.net/yum/opendistroforelasticsearch-artifacts.repo -o /etc/yum.repos.d/opendistroforelasticsearch-artifacts.repo I am getting the below error:

Retrieving key from https://d3g5vo6xdbdb9a.cloudfront.net/GPG-KEY-opendistroforelasticsearch Importing GPG key 0xE370325E: Userid : "OpenDistroForElasticsearch (Key For signing OpenDistroForElasticsearch artifacts.) <[email protected]>" Fingerprint: 5120 9ccb 28fb c2dc 8ccd 9a6c 472c fdfc e370 325e From : https://d3g5vo6xdbdb9a.cloudfront.net/GPG-KEY-opendistroforelasticsearch https://d3g5vo6xdbdb9a.cloudfront.net/yum/noarch/repodata/repomd.xml: [Errno -1] Gpg Keys not imported, cannot verify repomd.xml for repo opendistroforelasticsearch-artifacts- repo Trying other mirror. failure: repodata/repomd.xml from opendistroforelasticsearch-artifacts-repo: [Errno 256] No more mirrors to try. https://d3g5vo6xdbdb9a.cloudfront.net/yum/noarch/repodata/repomd.xml: [Errno -1] Gpg Keys not imported, cannot verify repomd.xml for repo opendistroforelasticsearch-artifacts- repo

I tried executing https://d3g5vo6xdbdb9a.cloudfront.net/GPG-KEY-opendistroforelasticsearch which is the GPG Key url for OpenDistros ES in my local and it is getting installed fine.

I am not sure why the import is failing in EC2. Any leads would be appreciated.

Attaching the artefact file.
opendistroses.docx

the default kibana.yml in opendistroforelasticsearch-kibana-1.0.0-1.x86_64 (installed on Fedora 30) says:

elasticsearch.url: https://localhost:9200

which should be:

elasticsearch.hosts: https://localhost:9200

to make it work with Elasticsearch 7.0.1. The Docker file seems to overwrite this, but when you are not using the Docker file, but installing it from a package (like I do), then this is not automatically changed.

Currently opendistro_security/securityconfig/internal_users.yml is only read for password hashes on the initial load.

All the documentation to date relies docker containers getting destroyed in-between edits to this file. This is not an expected usage pattern in any commonly used open source project configuration.

The expectation would be that editing this file takes effect after a service restart (or live). At a minimum, I'd expect the documentation around this to be much clearer that the container actually needs to be destroyed for this to take.

Also useful would be a method (or documentation if it already exists) on how to change the admin password after a cluster has been brought up for docker without destroying or stopping the container and related volumes as the docs I've seen seem for outside of docker seem to use tools not present in the docker container.

I would imagine changing a password without downtime would be a common maintenance task for production systems.

You need a CI/CD that would build java binary blobs so that they could be installed later into ES.

https://opendistro.github.io/for-elasticsearch-docs/docs/install/plugins/#plugin-compatibility

Setup a hook on ES repos and build your stuff against it once ES pushes a new patchver/releasever.

Thanks.

Upon upgrading, kibana is shutdown and not restarted. I'm not sure why you don't follow standard practice and do something like this (taken from openssh-server):

postinstall scriptlet (using /bin/sh):

if [ $1 -eq 1 ] ; then
        # Initial installation
        systemctl preset sshd.service sshd.socket >/dev/null 2>&1 || :
fi
preuninstall scriptlet (using /bin/sh):

if [ $1 -eq 0 ] ; then
        # Package removal, not upgrade
        systemctl --no-reload disable sshd.service sshd.socket > /dev/null 2>&1 || :
        systemctl stop sshd.service sshd.socket > /dev/null 2>&1 || :
fi
postuninstall scriptlet (using /bin/sh):

systemctl daemon-reload >/dev/null 2>&1 || :
if [ $1 -ge 1 ] ; then
        # Package upgrade, not uninstall
        systemctl try-restart sshd.service >/dev/null 2>&1 || :
fi

Hi , Thanks for perfect job. I need help for kubernetes azure implementation. I I tried but can't.
Do you think , or plan for azure.

The services for Elasticsearch clients, masters and data nodes use a too broad selector, only the role, which means that if multiple Helm releases are deployed to the same namespace, all above services will point to all pods (with the specified role) in all deployed ES clusters in that namespace.

See

• https://github.com/opendistro-for-elasticsearch/community/blob/master/open-distro-elasticsearch-kubernetes/helm/opendistro-es/templates/elasticsearch/es-service.yaml#L35
• https://github.com/opendistro-for-elasticsearch/community/blob/master/open-distro-elasticsearch-kubernetes/helm/opendistro-es/templates/elasticsearch/master-svc.yaml#L30
• https://github.com/opendistro-for-elasticsearch/community/blob/master/open-distro-elasticsearch-kubernetes/helm/opendistro-es/templates/elasticsearch/es-data-svc.yaml#L34

I suggest using the app label already defined in opendistro-es.labels.standard, to be used as selector for the above services, in the same way as for the kibana service:
https://github.com/opendistro-for-elasticsearch/community/blob/master/open-distro-elasticsearch-kubernetes/helm/opendistro-es/templates/kibana/kibana-service.yaml#L30

Running centos 7 and tried to update to 1.2. I followed the update instructions but now get the below. Any advice?

However, I get the following;

--> Running transaction check
---> Package avahi-libs.x86_64 0:0.6.31-19.el7 will be installed
---> Package elasticsearch-oss.x86_64 0:7.2.0-1 will be updated
--> Processing Dependency: elasticsearch-oss = 7.2.0 for package: opendistro-alerting-1.2.0.0-1.noarch
--> Processing Dependency: elasticsearch-oss = 7.2.0 for package: opendistro-security-1.2.0.0-0.noarch
--> Processing Dependency: elasticsearch-oss = 7.2.0 for package: opendistro-job-scheduler-1.2.0.0-1.noarch
--> Processing Dependency: elasticsearch-oss = 7.2.0 for package: opendistro-sql-1.2.0.0-1.noarch
--> Processing Dependency: elasticsearch-oss = 7.2.0 for package: opendistroforelasticsearch-1.2.0-1.noarch
--> Processing Dependency: elasticsearch-oss = 7.2.0 for package: opendistro-performance-analyzer-1.2.0.0-1.noarch
--> Finished Dependency Resolution
Error: Package: opendistro-sql-1.2.0.0-1.noarch (@opendistroforelasticsearch-artifacts-repo)
Requires: elasticsearch-oss = 7.2.0
Removing: elasticsearch-oss-7.2.0-1.x86_64 (@elasticsearch-7.x)
elasticsearch-oss = 7.2.0-1
Updated By: elasticsearch-oss-7.3.2-1.x86_64 (elasticsearch-7.x)
elasticsearch-oss = 7.3.2-1
Available: elasticsearch-oss-7.0.0-1.x86_64 (elasticsearch-7.x)
elasticsearch-oss = 7.0.0-1
Available: elasticsearch-oss-7.0.1-1.x86_64 (elasticsearch-7.x)
elasticsearch-oss = 7.0.1-1
Available: elasticsearch-oss-7.1.0-1.x86_64 (elasticsearch-7.x)
elasticsearch-oss = 7.1.0-1
Available: elasticsearch-oss-7.1.1-1.x86_64 (elasticsearch-7.x)
elasticsearch-oss = 7.1.1-1
Available: elasticsearch-oss-7.2.1-1.x86_64 (elasticsearch-7.x)
elasticsearch-oss = 7.2.1-1
Available: elasticsearch-oss-7.3.0-1.x86_64 (elasticsearch-7.x)
elasticsearch-oss = 7.3.0-1
Available: elasticsearch-oss-7.3.1-1.x86_64 (elasticsearch-7.x)
elasticsearch-oss = 7.3.1-1
Error: Package: opendistroforelasticsearch-1.2.0-1.noarch (@opendistroforelasticsearch-artifacts-repo)
Requires: elasticsearch-oss = 7.2.0
Removing: elasticsearch-oss-7.2.0-1.x86_64 (@elasticsearch-7.x)
elasticsearch-oss = 7.2.0-1
Updated By: elasticsearch-oss-7.3.2-1.x86_64 (elasticsearch-7.x)
elasticsearch-oss = 7.3.2-1
Available: elasticsearch-oss-7.0.0-1.x86_64 (elasticsearch-7.x)
elasticsearch-oss = 7.0.0-1
Available: elasticsearch-oss-7.0.1-1.x86_64 (elasticsearch-7.x)
elasticsearch-oss = 7.0.1-1
Available: elasticsearch-oss-7.1.0-1.x86_64 (elasticsearch-7.x)
elasticsearch-oss = 7.1.0-1
Available: elasticsearch-oss-7.1.1-1.x86_64 (elasticsearch-7.x)
elasticsearch-oss = 7.1.1-1
Available: elasticsearch-oss-7.2.1-1.x86_64 (elasticsearch-7.x)
elasticsearch-oss = 7.2.1-1
Available: elasticsearch-oss-7.3.0-1.x86_64 (elasticsearch-7.x)
elasticsearch-oss = 7.3.0-1
Available: elasticsearch-oss-7.3.1-1.x86_64 (elasticsearch-7.x)
elasticsearch-oss = 7.3.1-1
Error: Package: opendistro-job-scheduler-1.2.0.0-1.noarch (@opendistroforelasticsearch-artifacts-repo)
Requires: elasticsearch-oss = 7.2.0
Removing: elasticsearch-oss-7.2.0-1.x86_64 (@elasticsearch-7.x)
elasticsearch-oss = 7.2.0-1
Updated By: elasticsearch-oss-7.3.2-1.x86_64 (elasticsearch-7.x)
elasticsearch-oss = 7.3.2-1
Available: elasticsearch-oss-7.0.0-1.x86_64 (elasticsearch-7.x)
elasticsearch-oss = 7.0.0-1
Available: elasticsearch-oss-7.0.1-1.x86_64 (elasticsearch-7.x)
elasticsearch-oss = 7.0.1-1
Available: elasticsearch-oss-7.1.0-1.x86_64 (elasticsearch-7.x)
elasticsearch-oss = 7.1.0-1
Available: elasticsearch-oss-7.1.1-1.x86_64 (elasticsearch-7.x)
elasticsearch-oss = 7.1.1-1
Available: elasticsearch-oss-7.2.1-1.x86_64 (elasticsearch-7.x)
elasticsearch-oss = 7.2.1-1
Available: elasticsearch-oss-7.3.0-1.x86_64 (elasticsearch-7.x)
elasticsearch-oss = 7.3.0-1
Available: elasticsearch-oss-7.3.1-1.x86_64 (elasticsearch-7.x)
elasticsearch-oss = 7.3.1-1
Error: Package: opendistro-alerting-1.2.0.0-1.noarch (@opendistroforelasticsearch-artifacts-repo)
Requires: elasticsearch-oss = 7.2.0
Removing: elasticsearch-oss-7.2.0-1.x86_64 (@elasticsearch-7.x)
elasticsearch-oss = 7.2.0-1
Updated By: elasticsearch-oss-7.3.2-1.x86_64 (elasticsearch-7.x)
elasticsearch-oss = 7.3.2-1
Available: elasticsearch-oss-7.0.0-1.x86_64 (elasticsearch-7.x)
elasticsearch-oss = 7.0.0-1
Available: elasticsearch-oss-7.0.1-1.x86_64 (elasticsearch-7.x)
elasticsearch-oss = 7.0.1-1
Available: elasticsearch-oss-7.1.0-1.x86_64 (elasticsearch-7.x)
elasticsearch-oss = 7.1.0-1
Available: elasticsearch-oss-7.1.1-1.x86_64 (elasticsearch-7.x)
elasticsearch-oss = 7.1.1-1
Available: elasticsearch-oss-7.2.1-1.x86_64 (elasticsearch-7.x)
elasticsearch-oss = 7.2.1-1
Available: elasticsearch-oss-7.3.0-1.x86_64 (elasticsearch-7.x)
elasticsearch-oss = 7.3.0-1
Available: elasticsearch-oss-7.3.1-1.x86_64 (elasticsearch-7.x)
elasticsearch-oss = 7.3.1-1
Error: Package: opendistro-security-1.2.0.0-0.noarch (@opendistroforelasticsearch-artifacts-repo)
Requires: elasticsearch-oss = 7.2.0
Removing: elasticsearch-oss-7.2.0-1.x86_64 (@elasticsearch-7.x)
elasticsearch-oss = 7.2.0-1
Updated By: elasticsearch-oss-7.3.2-1.x86_64 (elasticsearch-7.x)
elasticsearch-oss = 7.3.2-1
Available: elasticsearch-oss-7.0.0-1.x86_64 (elasticsearch-7.x)
elasticsearch-oss = 7.0.0-1
Available: elasticsearch-oss-7.0.1-1.x86_64 (elasticsearch-7.x)
elasticsearch-oss = 7.0.1-1
Available: elasticsearch-oss-7.1.0-1.x86_64 (elasticsearch-7.x)
elasticsearch-oss = 7.1.0-1
Available: elasticsearch-oss-7.1.1-1.x86_64 (elasticsearch-7.x)
elasticsearch-oss = 7.1.1-1
Available: elasticsearch-oss-7.2.1-1.x86_64 (elasticsearch-7.x)
elasticsearch-oss = 7.2.1-1
Available: elasticsearch-oss-7.3.0-1.x86_64 (elasticsearch-7.x)
elasticsearch-oss = 7.3.0-1
Available: elasticsearch-oss-7.3.1-1.x86_64 (elasticsearch-7.x)
elasticsearch-oss = 7.3.1-1
Error: Package: opendistro-performance-analyzer-1.2.0.0-1.noarch (@opendistroforelasticsearch-artifacts-repo)
Requires: elasticsearch-oss = 7.2.0
Removing: elasticsearch-oss-7.2.0-1.x86_64 (@elasticsearch-7.x)
elasticsearch-oss = 7.2.0-1
Updated By: elasticsearch-oss-7.3.2-1.x86_64 (elasticsearch-7.x)
elasticsearch-oss = 7.3.2-1
Available: elasticsearch-oss-7.0.0-1.x86_64 (elasticsearch-7.x)
elasticsearch-oss = 7.0.0-1
Available: elasticsearch-oss-7.0.1-1.x86_64 (elasticsearch-7.x)
elasticsearch-oss = 7.0.1-1
Available: elasticsearch-oss-7.1.0-1.x86_64 (elasticsearch-7.x)
elasticsearch-oss = 7.1.0-1
Available: elasticsearch-oss-7.1.1-1.x86_64 (elasticsearch-7.x)
elasticsearch-oss = 7.1.1-1
Available: elasticsearch-oss-7.2.1-1.x86_64 (elasticsearch-7.x)
elasticsearch-oss = 7.2.1-1
Available: elasticsearch-oss-7.3.0-1.x86_64 (elasticsearch-7.x)
elasticsearch-oss = 7.3.0-1
Available: elasticsearch-oss-7.3.1-1.x86_64 (elasticsearch-7.x)
elasticsearch-oss = 7.3.1-1

It would make sense to be able to build a source archive instead of only dealing with binaries.
It does not instill confidence to have an open source project without source code handy.

Hi,
there is no repository for docker images so I think that it is the best place.

During amazon/opendistro-for-elasticsearch container start process there is a few warning messages which should be fixed in Dockerfile. It is about proper permissions on configuration directory and files.

[2019-03-20T12:05:13,377][WARN ][c.a.o.s.OpenDistroSecurityPlugin] [es03.dev.logs.local] Directory /usr/share/elasticsearch/config has insecure file permissions (should be 0700)
[2019-03-20T12:05:13,377][WARN ][c.a.o.s.OpenDistroSecurityPlugin] [es03.dev.logs.local] File /usr/share/elasticsearch/config/log4j2.properties has insecure file permissions (should be 0600)
[2019-03-20T12:05:13,377][WARN ][c.a.o.s.OpenDistroSecurityPlugin] [es03.dev.logs.local] File /usr/share/elasticsearch/config/kirk.pem has insecure file permissions (should be 0600)
[2019-03-20T12:05:13,377][WARN ][c.a.o.s.OpenDistroSecurityPlugin] [es03.dev.logs.local] File /usr/share/elasticsearch/config/esnode.pem has insecure file permissions (should be 0600)
[2019-03-20T12:05:13,377][WARN ][c.a.o.s.OpenDistroSecurityPlugin] [es03.dev.logs.local] File /usr/share/elasticsearch/config/root-ca.pem has insecure file permissions (should be 0600)
[2019-03-20T12:05:13,377][WARN ][c.a.o.s.OpenDistroSecurityPlugin] [es03.dev.logs.local] File /usr/share/elasticsearch/config/esnode-key.pem has insecure file permissions (should be 0600)
[2019-03-20T12:05:13,377][WARN ][c.a.o.s.OpenDistroSecurityPlugin] [es03.dev.logs.local] File /usr/share/elasticsearch/config/kirk-key.pem has insecure file permissions (should be 0600)

Permission problems with certificates could be resolved when mounting own certificates. Same solution for elasticsearch.yml file (not visible in example log) or other files.

But still there is a problem with config directory and I think that there is no need to overwrite log4j2.properties file. So proper file permissions should be set in Dockerfile.

      volumes:
      - name: config
        secret:
          secretName: {{ template "opendistro-es.fullname" . }}-es-config

If this is config, why not use a configmap? That would make it easier to edit in the web interfaces of some Kubernetes web interfaces.

Provide an Amazon EC2 AMI with Open Distro for Elasticsearch RPMs and the AWS plugins preconfigured to make it easy to deploy and test on AWS.

Hi,

I am using the helm documentation here: https://github.com/opendistro-for-elasticsearch/opendistro-build/blob/master/helm/README.md and opendistro-docs (https://opendistro.github.io/for-elasticsearch-docs/docs/security-configuration/openid-connect/#elasticsearch-configuration) to setup ES in my k8s cluster.

I am using the securityConfig in my values.yaml to assign the secrets that should be loaded when a pod starts, e.g.:

securityConfig:
    enabled: true
    path: "/usr/share/elasticsearch/plugins/opendistro_security/securityconfig"
    configSecret: "security-config"
    rolesSecret: "roles-config"
    rolesMappingSecret: "roles-mapping-config"
    internalUsersSecret: "internal-users-config"
    actionGroupsSecret: "action-groups-config"
    tenantsSecret: "tenants-config"

However, this is only picked up by the master nodes. All other nodes continue with the default values in the files.

Looking through the helm template I can see where in the es-master-sts.yaml template it mounts the secret into the pod:

{{- if .Values.elasticsearch.securityConfig.configSecret }}
        - mountPath: {{ .Values.elasticsearch.securityConfig.path }}/config.yml
          name: security-config
          subPath: config.yml
       {{- end }}

However this logic is not present in any of the other charts. The same goes for all of the other values in the securityConfig section

support ELK 7.6

Hi,

I think the title of my question is pretty self explanatory. I'm keen to know if an Opendistro 1.3 (7.3.2) node can co-exist with a current ES cluster and the migration from ES to Opendistro could be done on a node-by-node basis.

Thanks,

Is it possible to provide a download for Windows? I can't run Docker on my environment, but we use Windows.

(Migrated from opendistro/for-elasticsearch#45)

FreeBSD has stock ELK 6, OpenDistro would be a good alternative for it, FreeBSD has OpenJDK 8 and 11 in the stock repositories so getting OpenDistro run on it should be straight forward.

I can help in testing out the packages, the current .tar.gz files are too GNU/Linux specific and won't work without major changes, like the shell scripts to launch the Elasticsearch service.

Hello. I'm trying to run opendistro in docker, run commands from documentation:

docker pull amazon/opendistro-for-elasticsearch:1.2.0
docker run -p 9200:9200 -p 9600:9600 -e "discovery.type=single-node" amazon/opendistro-for-elasticsearch:1.2.0

And get this:

OpenDistro for Elasticsearch Security Demo Installer
 ** Warning: Do not use on production or public reachable systems **
Basedir: /usr/share/elasticsearch
Elasticsearch install type: rpm/deb on CentOS Linux release 7.6.1810 (Core) 
Elasticsearch config dir: /usr/share/elasticsearch/config
Elasticsearch config file: /usr/share/elasticsearch/config/elasticsearch.yml
Elasticsearch bin dir: /usr/share/elasticsearch/bin
Elasticsearch plugins dir: /usr/share/elasticsearch/plugins
Elasticsearch lib dir: /usr/share/elasticsearch/lib
Detected Elasticsearch Version: x-content-7.2.0
Detected Open Distro Security Version: 1.2.0.0

### Success
### Execute this script now on all your nodes and then start all nodes
### Open Distro Security will be automatically initialized.
### If you like to change the runtime configuration 
### change the files in ../securityconfig and execute: 
"/usr/share/elasticsearch/plugins/opendistro_security/tools/securityadmin.sh" -cd "/usr/share/elasticsearch/plugins/opendistro_security/securityconfig" -icl -key "/usr/share/elasticsearch/config/kirk-key.pem" -cert "/usr/share/elasticsearch/config/kirk.pem" -cacert "/usr/share/elasticsearch/config/root-ca.pem" -nhnv
### or run ./securityadmin_demo.sh
### To use the Security Plugin ConfigurationGUI
### To access your secured cluster open https://<hostname>:<HTTP port> and log in with admin/admin.
### (Ignore the SSL certificate warning because we installed self-signed demo certificates)
Exception in thread "main" java.nio.file.AccessDeniedException: /usr/share/elasticsearch/config/jvm.options
	at java.base/sun.nio.fs.UnixException.translateToIOException(UnixException.java:90)
	at java.base/sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:111)
	at java.base/sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:116)
	at java.base/sun.nio.fs.UnixFileSystemProvider.newByteChannel(UnixFileSystemProvider.java:215)
	at java.base/java.nio.file.Files.newByteChannel(Files.java:370)
	at java.base/java.nio.file.Files.newByteChannel(Files.java:421)
	at java.base/java.nio.file.spi.FileSystemProvider.newInputStream(FileSystemProvider.java:420)
	at java.base/java.nio.file.Files.newInputStream(Files.java:155)
	at org.elasticsearch.tools.launchers.JvmOptionsParser.main(JvmOptionsParser.java:61)

Hello!

@mohit0193,
Same image of elasticsearch as 1.1.0 was tagged as 1.2.0 on hub.docker.com (https://hub.docker.com/r/amazon/opendistro-for-elasticsearch/tags).

1.2.0 604.77 MB
69ab257b3ccf

AND

1.1.0 604.77 MB
69ab257b3ccf

Currently I have a cluster running of 3 nodes on OpenDistro v0.9.0.
Today I have tried to upgrade to v1.0.0 but without success.
It looks like the wrong dependencies are set on the v1.0.0 package.
It wants to update the security & sql package to 1.1 and they have a requirement of ES 7.1.1 which is conflicting with version 7.0.1 it should be.

This is the output when I try to upgrade:

# yum install opendistroforelasticsearch-1.0.0
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirror.netcologne.de
 * epel: mirror.de.leaseweb.net
 * extras: mirror.23media.com
 * updates: mirror.23media.com
Resolving Dependencies
--> Running transaction check
---> Package opendistroforelasticsearch.noarch 0:0.9.0-1 will be updated
---> Package opendistroforelasticsearch.noarch 0:1.0.0-1 will be an update
--> Processing Dependency: elasticsearch-oss = 7.0.1 for package: opendistroforelasticsearch-1.0.0-1.noarch
--> Processing Dependency: opendistro-job-scheduler < 1.0.1 for package: opendistroforelasticsearch-1.0.0-1.noarch
--> Processing Dependency: opendistro-sql >= 1.0.0 for package: opendistroforelasticsearch-1.0.0-1.noarch
--> Processing Dependency: opendistro-security >= 1.0.0 for package: opendistroforelasticsearch-1.0.0-1.noarch
--> Processing Dependency: opendistro-performance-analyzer >= 1.0.0 for package: opendistroforelasticsearch-1.0.0-1.noarch
--> Processing Dependency: opendistro-job-scheduler >= 1.0.0 for package: opendistroforelasticsearch-1.0.0-1.noarch
--> Processing Dependency: opendistro-alerting >= 1.0.0 for package: opendistroforelasticsearch-1.0.0-1.noarch
--> Running transaction check
---> Package opendistro-alerting.noarch 0:0.9.0.0-1 will be updated
---> Package opendistro-alerting.noarch 0:1.0.0.0-1 will be an update
--> Processing Dependency: elasticsearch-oss = 7.0.1 for package: opendistro-alerting-1.0.0.0-1.noarch
---> Package opendistro-job-scheduler.noarch 0:1.0.0.0-1 will be installed
--> Processing Dependency: elasticsearch-oss = 7.0.1 for package: opendistro-job-scheduler-1.0.0.0-1.noarch
---> Package opendistro-performance-analyzer.noarch 0:0.9.0.0-1 will be updated
---> Package opendistro-performance-analyzer.noarch 0:1.0.0.0-1 will be an update
--> Processing Dependency: elasticsearch-oss = 7.0.1 for package: opendistro-performance-analyzer-1.0.0.0-1.noarch
---> Package opendistro-security.noarch 0:0.9.0.0-0 will be updated
--> Processing Dependency: opendistro-security < 1.0.1 for package: opendistroforelasticsearch-1.0.0-1.noarch
---> Package opendistro-security.noarch 0:1.1.0.0-0 will be an update
--> Processing Dependency: elasticsearch-oss = 7.1.1 for package: opendistro-security-1.1.0.0-0.noarch
---> Package opendistro-sql.noarch 0:0.9.0.0-1 will be updated
--> Processing Dependency: opendistro-sql < 1.0.1 for package: opendistroforelasticsearch-1.0.0-1.noarch
---> Package opendistro-sql.noarch 0:1.1.0.0-1 will be an update
--> Processing Dependency: elasticsearch-oss = 7.1.1 for package: opendistro-sql-1.1.0.0-1.noarch
---> Package opendistroforelasticsearch.noarch 0:1.0.0-1 will be an update
--> Processing Dependency: elasticsearch-oss = 7.0.1 for package: opendistroforelasticsearch-1.0.0-1.noarch
--> Processing Dependency: opendistro-sql < 1.0.1 for package: opendistroforelasticsearch-1.0.0-1.noarch
--> Processing Dependency: opendistro-security < 1.0.1 for package: opendistroforelasticsearch-1.0.0-1.noarch
--> Finished Dependency Resolution
Error: Package: opendistro-performance-analyzer-1.0.0.0-1.noarch (opendistroforelasticsearch-artifacts-repo)
           Requires: elasticsearch-oss = 7.0.1
           Installed: elasticsearch-oss-6.7.1-1.noarch (@elasticsearch-6.x)
               elasticsearch-oss = 6.7.1-1
           Available: elasticsearch-oss-6.3.0-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.3.0-1
           Available: elasticsearch-oss-6.3.1-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.3.1-1
           Available: elasticsearch-oss-6.3.2-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.3.2-1
           Available: elasticsearch-oss-6.4.0-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.4.0-1
           Available: elasticsearch-oss-6.4.1-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.4.1-1
           Available: elasticsearch-oss-6.4.2-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.4.2-1
           Available: elasticsearch-oss-6.4.3-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.4.3-1
           Available: elasticsearch-oss-6.5.0-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.5.0-1
           Available: elasticsearch-oss-6.5.1-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.5.1-1
           Available: elasticsearch-oss-6.5.2-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.5.2-1
           Available: elasticsearch-oss-6.5.3-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.5.3-1
           Available: elasticsearch-oss-6.5.4-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.5.4-1
           Available: elasticsearch-oss-6.6.0-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.6.0-1
           Available: elasticsearch-oss-6.6.1-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.6.1-1
           Available: elasticsearch-oss-6.6.2-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.6.2-1
           Available: elasticsearch-oss-6.7.0-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.7.0-1
           Available: elasticsearch-oss-6.7.2-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.7.2-1
           Available: elasticsearch-oss-6.8.0-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.8.0-1
           Available: elasticsearch-oss-6.8.1-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.8.1-1
           Available: elasticsearch-oss-7.0.0-1.x86_64 (elasticsearch-7.x)
               elasticsearch-oss = 7.0.0-1
           Available: elasticsearch-oss-7.0.1-1.x86_64 (elasticsearch-7.x)
               elasticsearch-oss = 7.0.1-1
           Available: elasticsearch-oss-7.1.0-1.x86_64 (elasticsearch-7.x)
               elasticsearch-oss = 7.1.0-1
           Available: elasticsearch-oss-7.1.1-1.x86_64 (elasticsearch-7.x)
               elasticsearch-oss = 7.1.1-1
           Available: elasticsearch-oss-7.2.0-1.x86_64 (elasticsearch-7.x)
               elasticsearch-oss = 7.2.0-1
Error: Package: opendistro-security-1.1.0.0-0.noarch (opendistroforelasticsearch-artifacts-repo)
           Requires: elasticsearch-oss = 7.1.1
           Installed: elasticsearch-oss-6.7.1-1.noarch (@elasticsearch-6.x)
               elasticsearch-oss = 6.7.1-1
           Available: elasticsearch-oss-6.3.0-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.3.0-1
           Available: elasticsearch-oss-6.3.1-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.3.1-1
           Available: elasticsearch-oss-6.3.2-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.3.2-1
           Available: elasticsearch-oss-6.4.0-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.4.0-1
           Available: elasticsearch-oss-6.4.1-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.4.1-1
           Available: elasticsearch-oss-6.4.2-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.4.2-1
           Available: elasticsearch-oss-6.4.3-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.4.3-1
           Available: elasticsearch-oss-6.5.0-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.5.0-1
           Available: elasticsearch-oss-6.5.1-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.5.1-1
           Available: elasticsearch-oss-6.5.2-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.5.2-1
           Available: elasticsearch-oss-6.5.3-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.5.3-1
           Available: elasticsearch-oss-6.5.4-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.5.4-1
           Available: elasticsearch-oss-6.6.0-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.6.0-1
           Available: elasticsearch-oss-6.6.1-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.6.1-1
           Available: elasticsearch-oss-6.6.2-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.6.2-1
           Available: elasticsearch-oss-6.7.0-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.7.0-1
           Available: elasticsearch-oss-6.7.2-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.7.2-1
           Available: elasticsearch-oss-6.8.0-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.8.0-1
           Available: elasticsearch-oss-6.8.1-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.8.1-1
           Available: elasticsearch-oss-7.0.0-1.x86_64 (elasticsearch-7.x)
               elasticsearch-oss = 7.0.0-1
           Available: elasticsearch-oss-7.0.1-1.x86_64 (elasticsearch-7.x)
               elasticsearch-oss = 7.0.1-1
           Available: elasticsearch-oss-7.1.0-1.x86_64 (elasticsearch-7.x)
               elasticsearch-oss = 7.1.0-1
           Available: elasticsearch-oss-7.1.1-1.x86_64 (elasticsearch-7.x)
               elasticsearch-oss = 7.1.1-1
           Available: elasticsearch-oss-7.2.0-1.x86_64 (elasticsearch-7.x)
               elasticsearch-oss = 7.2.0-1
Error: Package: opendistro-sql-1.1.0.0-1.noarch (opendistroforelasticsearch-artifacts-repo)
           Requires: elasticsearch-oss = 7.1.1
           Installed: elasticsearch-oss-6.7.1-1.noarch (@elasticsearch-6.x)
               elasticsearch-oss = 6.7.1-1
           Available: elasticsearch-oss-6.3.0-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.3.0-1
           Available: elasticsearch-oss-6.3.1-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.3.1-1
           Available: elasticsearch-oss-6.3.2-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.3.2-1
           Available: elasticsearch-oss-6.4.0-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.4.0-1
           Available: elasticsearch-oss-6.4.1-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.4.1-1
           Available: elasticsearch-oss-6.4.2-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.4.2-1
           Available: elasticsearch-oss-6.4.3-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.4.3-1
           Available: elasticsearch-oss-6.5.0-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.5.0-1
           Available: elasticsearch-oss-6.5.1-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.5.1-1
           Available: elasticsearch-oss-6.5.2-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.5.2-1
           Available: elasticsearch-oss-6.5.3-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.5.3-1
           Available: elasticsearch-oss-6.5.4-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.5.4-1
           Available: elasticsearch-oss-6.6.0-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.6.0-1
           Available: elasticsearch-oss-6.6.1-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.6.1-1
           Available: elasticsearch-oss-6.6.2-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.6.2-1
           Available: elasticsearch-oss-6.7.0-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.7.0-1
           Available: elasticsearch-oss-6.7.2-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.7.2-1
           Available: elasticsearch-oss-6.8.0-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.8.0-1
           Available: elasticsearch-oss-6.8.1-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.8.1-1
           Available: elasticsearch-oss-7.0.0-1.x86_64 (elasticsearch-7.x)
               elasticsearch-oss = 7.0.0-1
           Available: elasticsearch-oss-7.0.1-1.x86_64 (elasticsearch-7.x)
               elasticsearch-oss = 7.0.1-1
           Available: elasticsearch-oss-7.1.0-1.x86_64 (elasticsearch-7.x)
               elasticsearch-oss = 7.1.0-1
           Available: elasticsearch-oss-7.1.1-1.x86_64 (elasticsearch-7.x)
               elasticsearch-oss = 7.1.1-1
           Available: elasticsearch-oss-7.2.0-1.x86_64 (elasticsearch-7.x)
               elasticsearch-oss = 7.2.0-1
Error: Package: opendistro-job-scheduler-1.0.0.0-1.noarch (opendistroforelasticsearch-artifacts-repo)
           Requires: elasticsearch-oss = 7.0.1
           Installed: elasticsearch-oss-6.7.1-1.noarch (@elasticsearch-6.x)
               elasticsearch-oss = 6.7.1-1
           Available: elasticsearch-oss-6.3.0-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.3.0-1
           Available: elasticsearch-oss-6.3.1-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.3.1-1
           Available: elasticsearch-oss-6.3.2-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.3.2-1
           Available: elasticsearch-oss-6.4.0-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.4.0-1
           Available: elasticsearch-oss-6.4.1-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.4.1-1
           Available: elasticsearch-oss-6.4.2-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.4.2-1
           Available: elasticsearch-oss-6.4.3-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.4.3-1
           Available: elasticsearch-oss-6.5.0-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.5.0-1
           Available: elasticsearch-oss-6.5.1-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.5.1-1
           Available: elasticsearch-oss-6.5.2-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.5.2-1
           Available: elasticsearch-oss-6.5.3-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.5.3-1
           Available: elasticsearch-oss-6.5.4-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.5.4-1
           Available: elasticsearch-oss-6.6.0-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.6.0-1
           Available: elasticsearch-oss-6.6.1-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.6.1-1
           Available: elasticsearch-oss-6.6.2-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.6.2-1
           Available: elasticsearch-oss-6.7.0-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.7.0-1
           Available: elasticsearch-oss-6.7.2-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.7.2-1
           Available: elasticsearch-oss-6.8.0-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.8.0-1
           Available: elasticsearch-oss-6.8.1-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.8.1-1
           Available: elasticsearch-oss-7.0.0-1.x86_64 (elasticsearch-7.x)
               elasticsearch-oss = 7.0.0-1
           Available: elasticsearch-oss-7.0.1-1.x86_64 (elasticsearch-7.x)
               elasticsearch-oss = 7.0.1-1
           Available: elasticsearch-oss-7.1.0-1.x86_64 (elasticsearch-7.x)
               elasticsearch-oss = 7.1.0-1
           Available: elasticsearch-oss-7.1.1-1.x86_64 (elasticsearch-7.x)
               elasticsearch-oss = 7.1.1-1
           Available: elasticsearch-oss-7.2.0-1.x86_64 (elasticsearch-7.x)
               elasticsearch-oss = 7.2.0-1
Error: Package: opendistro-alerting-1.0.0.0-1.noarch (opendistroforelasticsearch-artifacts-repo)
           Requires: elasticsearch-oss = 7.0.1
           Installed: elasticsearch-oss-6.7.1-1.noarch (@elasticsearch-6.x)
               elasticsearch-oss = 6.7.1-1
           Available: elasticsearch-oss-6.3.0-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.3.0-1
           Available: elasticsearch-oss-6.3.1-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.3.1-1
           Available: elasticsearch-oss-6.3.2-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.3.2-1
           Available: elasticsearch-oss-6.4.0-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.4.0-1
           Available: elasticsearch-oss-6.4.1-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.4.1-1
           Available: elasticsearch-oss-6.4.2-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.4.2-1
           Available: elasticsearch-oss-6.4.3-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.4.3-1
           Available: elasticsearch-oss-6.5.0-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.5.0-1
           Available: elasticsearch-oss-6.5.1-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.5.1-1
           Available: elasticsearch-oss-6.5.2-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.5.2-1
           Available: elasticsearch-oss-6.5.3-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.5.3-1
           Available: elasticsearch-oss-6.5.4-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.5.4-1
           Available: elasticsearch-oss-6.6.0-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.6.0-1
           Available: elasticsearch-oss-6.6.1-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.6.1-1
           Available: elasticsearch-oss-6.6.2-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.6.2-1
           Available: elasticsearch-oss-6.7.0-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.7.0-1
           Available: elasticsearch-oss-6.7.2-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.7.2-1
           Available: elasticsearch-oss-6.8.0-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.8.0-1
           Available: elasticsearch-oss-6.8.1-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.8.1-1
           Available: elasticsearch-oss-7.0.0-1.x86_64 (elasticsearch-7.x)
               elasticsearch-oss = 7.0.0-1
           Available: elasticsearch-oss-7.0.1-1.x86_64 (elasticsearch-7.x)
               elasticsearch-oss = 7.0.1-1
           Available: elasticsearch-oss-7.1.0-1.x86_64 (elasticsearch-7.x)
               elasticsearch-oss = 7.1.0-1
           Available: elasticsearch-oss-7.1.1-1.x86_64 (elasticsearch-7.x)
               elasticsearch-oss = 7.1.1-1
           Available: elasticsearch-oss-7.2.0-1.x86_64 (elasticsearch-7.x)
               elasticsearch-oss = 7.2.0-1
Error: Package: opendistroforelasticsearch-1.0.0-1.noarch (opendistroforelasticsearch-artifacts-repo)
           Requires: opendistro-security < 1.0.1
           Removing: opendistro-security-0.9.0.0-0.noarch (@opendistroforelasticsearch-artifacts-repo)
               opendistro-security = 0.9.0.0-0
           Updated By: opendistro-security-1.1.0.0-0.noarch (opendistroforelasticsearch-artifacts-repo)
               opendistro-security = 1.1.0.0-0
           Available: opendistro-security-0.7.0.0-1.noarch (opendistroforelasticsearch-artifacts-repo)
               opendistro-security = 0.7.0.0-1
           Available: opendistro-security-0.7.0.1-1.noarch (opendistroforelasticsearch-artifacts-repo)
               opendistro-security = 0.7.0.1-1
           Available: opendistro-security-0.8.0.0-1.noarch (opendistroforelasticsearch-artifacts-repo)
               opendistro-security = 0.8.0.0-1
           Available: opendistro-security-1.0.0.0-0.noarch (opendistroforelasticsearch-artifacts-repo)
               opendistro-security = 1.0.0.0-0
Error: Package: opendistroforelasticsearch-1.0.0-1.noarch (opendistroforelasticsearch-artifacts-repo)
           Requires: elasticsearch-oss = 7.0.1
           Installed: elasticsearch-oss-6.7.1-1.noarch (@elasticsearch-6.x)
               elasticsearch-oss = 6.7.1-1
           Available: elasticsearch-oss-6.3.0-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.3.0-1
           Available: elasticsearch-oss-6.3.1-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.3.1-1
           Available: elasticsearch-oss-6.3.2-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.3.2-1
           Available: elasticsearch-oss-6.4.0-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.4.0-1
           Available: elasticsearch-oss-6.4.1-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.4.1-1
           Available: elasticsearch-oss-6.4.2-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.4.2-1
           Available: elasticsearch-oss-6.4.3-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.4.3-1
           Available: elasticsearch-oss-6.5.0-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.5.0-1
           Available: elasticsearch-oss-6.5.1-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.5.1-1
           Available: elasticsearch-oss-6.5.2-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.5.2-1
           Available: elasticsearch-oss-6.5.3-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.5.3-1
           Available: elasticsearch-oss-6.5.4-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.5.4-1
           Available: elasticsearch-oss-6.6.0-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.6.0-1
           Available: elasticsearch-oss-6.6.1-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.6.1-1
           Available: elasticsearch-oss-6.6.2-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.6.2-1
           Available: elasticsearch-oss-6.7.0-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.7.0-1
           Available: elasticsearch-oss-6.7.2-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.7.2-1
           Available: elasticsearch-oss-6.8.0-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.8.0-1
           Available: elasticsearch-oss-6.8.1-1.noarch (elasticsearch-6.x)
               elasticsearch-oss = 6.8.1-1
           Available: elasticsearch-oss-7.0.0-1.x86_64 (elasticsearch-7.x)
               elasticsearch-oss = 7.0.0-1
           Available: elasticsearch-oss-7.0.1-1.x86_64 (elasticsearch-7.x)
               elasticsearch-oss = 7.0.1-1
           Available: elasticsearch-oss-7.1.0-1.x86_64 (elasticsearch-7.x)
               elasticsearch-oss = 7.1.0-1
           Available: elasticsearch-oss-7.1.1-1.x86_64 (elasticsearch-7.x)
               elasticsearch-oss = 7.1.1-1
           Available: elasticsearch-oss-7.2.0-1.x86_64 (elasticsearch-7.x)
               elasticsearch-oss = 7.2.0-1
Error: Package: opendistroforelasticsearch-1.0.0-1.noarch (opendistroforelasticsearch-artifacts-repo)
           Requires: opendistro-sql < 1.0.1
           Removing: opendistro-sql-0.9.0.0-1.noarch (@opendistroforelasticsearch-artifacts-repo)
               opendistro-sql = 0.9.0.0-1
           Updated By: opendistro-sql-1.1.0.0-1.noarch (opendistroforelasticsearch-artifacts-repo)
               opendistro-sql = 1.1.0.0-1
           Available: opendistro-sql-0.7.0.0-1.noarch (opendistroforelasticsearch-artifacts-repo)
               opendistro-sql = 0.7.0.0-1
           Available: opendistro-sql-0.8.0.0-1.noarch (opendistroforelasticsearch-artifacts-repo)
               opendistro-sql = 0.8.0.0-1
           Available: opendistro-sql-1.0.0.0-1.noarch (opendistroforelasticsearch-artifacts-repo)
               opendistro-sql = 1.0.0.0-1
 You could try using --skip-broken to work around the problem
 You could try running: rpm -Va --nofiles --nodigest

The lastest version of the helm chart 1.3.0 has 2 busybox init containers, the first instance of busybox init container has a templatized image version and templatized image tag. The 2nd instance of busybox init container is hard coded.
(This error shows up on es-master-sts.yaml & es-data-sts.yaml)

It looks like
https://github.com/opendistro-for-elasticsearch/community/blob/master/open-distro-elasticsearch-kubernetes/helm/opendistro-es/templates/elasticsearch/es-data-sts.yaml
line 63 should be templated out same as line 54
https://github.com/opendistro-for-elasticsearch/community/blob/master/open-distro-elasticsearch-kubernetes/helm/opendistro-es/templates/elasticsearch/es-master-sts.yaml
line 76 should be templated out same as line 67

As a user, it would be great to have elasticsearch and kibana packaged in a single docker image. so that it can be ran in cloud environment easily with minimal configuration and compute resources where logs can be hosted from cloud services like cloudwatch, etc.

Following the installation steps from the tarball guide (at https://opendistro.github.io/for-elasticsearch-docs/docs/install/tar/) fails at step 3 "verify the tarball against the checksum".

The checksum file seems to assume that the downloaded tarball sits in a tarfiles/ subdirectory.

$ shasum -a 512 -c opendistroforelasticsearch-1.4.0.tar.gz.sha512
shasum: ./tarfiles/opendistroforelasticsearch-1.4.0.tar.gz: 
./tarfiles/opendistroforelasticsearch-1.4.0.tar.gz: FAILED open or read
shasum: WARNING: 1 listed file could not be read

1.2.0 works. 1.3.0 doesn't, so the issue cropped up between those two releases.

It would be useful to provide open distro packages for Windows Servers 2012/2016 as there are many current users of Elasticsearch running on windows and may want to switch from native to Open Distro because of the added features.

Thanks!

I was trying installing in CentOS Linux release 7.6.1810 (Two days ago, I installed version 1.4.0 without problems).
With this doc:
https://opendistro.github.io/for-elasticsearch-docs/docs/install/rpm/
opendistroforelasticsearch 1.4.0-1

`Elasticsearch plugins dir: /usr/share/elasticsearch/plugins
Elasticsearch lib dir: /usr/share/elasticsearch/lib
Detected Elasticsearch Version: x-content-7.4.2
Detected Open Distro Security Version: 1.4.0.0

Success
Execute this script now on all your nodes and then start all nodes
Open Distro Security will be automatically initialized.
If you like to change the runtime configuration change the files in ../securityconfig and execute:
sudo "/usr/share/elasticsearch/plugins/opendistro_security/tools/securityadmin.sh" -cd "/usr/share/elasticsearch/plugins/opendistro_security/securityconfig" -icl -key "/etc/elasticsearch/kirk-key.pem" -cert "/etc/elasticsearch/kirk.pem" -cacert "/etc/elasticsearch/root-ca.pem" -nhnv
or run ./securityadmin_demo.sh
To use the Security Plugin ConfigurationGUI
To access your secured cluster open https://: and log in with admin/admin.(Ignore the SSL certificate warning because we installed self-signed demo certificates)
Fetching kNN library
/var/tmp/rpm-tmp.55SQiA: línea 20: wget: no se encontró la orden
error: %pre(opendistroforelasticsearch-0:1.4.0-1.noarch) scriptlet failed, exit status 127
Error in PREIN scriptlet in rpm package opendistroforelasticsearch-1.4.0-1.noarch
error: opendistroforelasticsearch-0:1.4.0-1.noarch: install failed
Created elasticsearch keystore in /etc/elasticsearch
Comprobando : opendistro-alerting-1.4.0.0-1.noarch 1/8
Comprobando : opendistro-knn-1.4.0.0-1.noarch 2/8
Comprobando : opendistro-sql-1.4.0.0-1.noarch 3/8
Comprobando : opendistro-index-management-1.4.0.0-1.noarch 4/8
Comprobando : opendistro-job-scheduler-1.4.0.0-1.noarch 5/8
Comprobando : opendistro-security-1.4.0.0-0.noarch 6/8
Comprobando : elasticsearch-oss-7.4.2-1.x86_64 7/8
Comprobando : opendistroforelasticsearch-1.4.0-1.noarch 8/8

Dependencia(s) instalada(s):
elasticsearch-oss.x86_64 0:7.4.2-1 opendistro-alerting.noarch 0:1.4.0.0-1 opendistro-index-management.noarch 0:1.4.0.0-1 opendistro-job-scheduler.noarch 0:1.4.0.0-1 opendistro-knn.noarch 0:1.4.0.0-1
opendistro-security.noarch 0:1.4.0.0-0 opendistro-sql.noarch 0:1.4.0.0-1

Falló:
opendistroforelasticsearch.noarch 0:1.4.0-1 `

And then I tried with opendistroforelasticsearch 1.6.0-1:

`Detected Open Distro Security Version: 1.6.0.0
/etc/elasticsearch/elasticsearch.yml seems to be already configured for Security. Quit.
Actualizando : opendistro-job-scheduler-1.6.0.0-1.noarch 8/16
Fetching kNN library
/var/tmp/rpm-tmp.SpTBsM: línea 20: wget: no se encontró la orden
error: %pre(opendistroforelasticsearch-0:1.6.0-1.noarch) scriptlet failed, exit status 127
Error in PREIN scriptlet in rpm package opendistroforelasticsearch-1.6.0-1.noarch
Limpieza : opendistro-job-scheduler-1.4.0.0-1.noarch 10/16
error: opendistroforelasticsearch-0:1.6.0-1.noarch: install failed
Limpieza : opendistro-security-1.4.0.0-0.noarch 11/16
Limpieza : opendistro-alerting-1.4.0.0-1.noarch 12/16
Limpieza : opendistro-index-management-1.4.0.0-1.noarch 13/16
Limpieza : opendistro-knn-1.4.0.0-1.noarch 14/16
Limpieza : opendistro-sql-1.4.0.0-1.noarch 15/16
Limpieza : elasticsearch-oss-7.4.2-1.x86_64 16/16
Created elasticsearch keystore in /etc/elasticsearch
Comprobando : opendistro-performance-analyzer-1.6.0.0-1.noarch 1/16
Comprobando : opendistro-sql-1.6.0.0-1.noarch 2/16
Comprobando : opendistro-knn-1.6.0.0-1.noarch 3/16
Comprobando : opendistro-index-management-1.6.0.0-1.noarch 4/16
Comprobando : elasticsearch-oss-7.6.1-1.x86_64 5/16
Comprobando : opendistro-alerting-1.6.0.0-1.noarch 6/16
Comprobando : opendistro-security-1.6.0.1-0.noarch 7/16
Comprobando : opendistro-job-scheduler-1.6.0.0-1.noarch 8/16
Comprobando : opendistro-alerting-1.4.0.0-1.noarch 9/16
Comprobando : opendistro-job-scheduler-1.4.0.0-1.noarch 10/16
Comprobando : opendistro-sql-1.4.0.0-1.noarch 11/16
Comprobando : opendistroforelasticsearch-1.6.0-1.noarch 12/16
Comprobando : opendistro-index-management-1.4.0.0-1.noarch 13/16
Comprobando : opendistro-knn-1.4.0.0-1.noarch 14/16
Comprobando : opendistro-security-1.4.0.0-0.noarch 15/16
Comprobando : elasticsearch-oss-7.4.2-1.x86_64 16/16

Dependencia(s) instalada(s):
opendistro-performance-analyzer.noarch 0:1.6.0.0-1

Dependencia(s) actualizada(s):
elasticsearch-oss.x86_64 0:7.6.1-1 opendistro-alerting.noarch 0:1.6.0.0-1 opendistro-index-management.noarch 0:1.6.0.0-1 opendistro-job-scheduler.noarch 0:1.6.0.0-1 opendistro-knn.noarch 0:1.6.0.0-1
opendistro-security.noarch 0:1.6.0.1-0 opendistro-sql.noarch 0:1.6.0.0-1

Falló:
opendistroforelasticsearch.noarch 0:1.6.0-1 `

Then I install wget and the result was (I think that wget should be a dependency):
`Fetching kNN library
--2020-04-03 12:28:56-- https://d3g5vo6xdbdb9a.cloudfront.net/downloads/k-NN-lib/libKNNIndexV1_7_3_6.zip
Resolviendo d3g5vo6xdbdb9a.cloudfront.net (d3g5vo6xdbdb9a.cloudfront.net)... 13.33.232.121, 13.33.232.102, 13.33.232.69, ...
Conectando con d3g5vo6xdbdb9a.cloudfront.net (d3g5vo6xdbdb9a.cloudfront.net)[13.33.232.121]:443... conectado.
Petición HTTP enviada, esperando respuesta... 200 OK
Longitud: 1401803 (1,3M) [application/zip]
Grabando a: “libKNNIndexV1_7_3_6.zip”

 0K .......... .......... .......... .......... ..........  3% 2,90M 0s
50K .......... .......... .......... .......... ..........  7% 6,12M 0s

100K .......... .......... .......... .......... .......... 10% 10,5M 0s
150K .......... .......... .......... .......... .......... 14% 9,97M 0s
200K .......... .......... .......... .......... .......... 18% 15,1M 0s
250K .......... .......... .......... .......... .......... 21% 15,9M 0s
300K .......... .......... .......... .......... .......... 25% 22,2M 0s
350K .......... .......... .......... .......... .......... 29% 18,6M 0s
400K .......... .......... .......... .......... .......... 32% 21,8M 0s
450K .......... .......... .......... .......... .......... 36% 33,7M 0s
500K .......... .......... .......... .......... .......... 40% 27,9M 0s
550K .......... .......... .......... .......... .......... 43% 34,1M 0s
600K .......... .......... .......... .......... .......... 47% 40,1M 0s
650K .......... .......... .......... .......... .......... 51% 36,0M 0s
700K .......... .......... .......... .......... .......... 54% 47,7M 0s
750K .......... .......... .......... .......... .......... 58% 35,2M 0s
800K .......... .......... .......... .......... .......... 62% 51,3M 0s
850K .......... .......... .......... .......... .......... 65% 53,3M 0s
900K .......... .......... .......... .......... .......... 69% 29,3M 0s
950K .......... .......... .......... .......... .......... 73% 85,0M 0s
1000K .......... .......... .......... .......... .......... 76% 82,6M 0s
1050K .......... .......... .......... .......... .......... 80% 57,6M 0s
1100K .......... .......... .......... .......... .......... 84% 62,1M 0s
1150K .......... .......... .......... .......... .......... 87% 51,1M 0s
1200K .......... .......... .......... .......... .......... 91% 49,5M 0s
1250K .......... .......... .......... .......... .......... 94% 81,5M 0s
1300K .......... .......... .......... .......... .......... 98% 69,5M 0s
1350K .......... ........ 100% 106M=0,07s

2020-04-03 12:28:56 (19,9 MB/s) - “libKNNIndexV1_7_3_6.zip” guardado [1401803/1401803]

/var/tmp/rpm-tmp.mwuLMm: línea 21: unzip: no se encontró la orden
error: %pre(opendistroforelasticsearch-0:1.6.0-1.noarch) scriptlet failed, exit status 127
Error in PREIN scriptlet in rpm package opendistroforelasticsearch-1.6.0-1.noarch
Comprobando : opendistroforelasticsearch-1.6.0-1.noarch 1/1

Falló:
opendistroforelasticsearch.noarch 0:1.6.0-1 `

I reverted the virtual machine and I have the next error:
`Resolviendo dependencias
--> Ejecutando prueba de transacción
---> Paquete opendistroforelasticsearch.noarch 0:1.4.0-1 debe ser instalado
--> Resolución de dependencias finalizada

Dependencias resueltas

Package Arquitectura Versión Repositorio Tamaño
Instalando:
opendistroforelasticsearch noarch 1.4.0-1 opendistroforelasticsearch-artifacts-repo 3.5 k

Resumen de la transacción
Instalar 1 Paquete

Tamaño total de la descarga: 3.5 k
Tamaño instalado: 0
Is this ok [y/d/N]: y
Downloading packages:
opendistroforelasticsearch-1.4.0.rpm | 3.5 kB 00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Fetching kNN library
--2020-04-03 12:38:53-- https://d3g5vo6xdbdb9a.cloudfront.net/downloads/k-NN-lib/libKNNIndex1_7_3_6.zip
Resolviendo d3g5vo6xdbdb9a.cloudfront.net (d3g5vo6xdbdb9a.cloudfront.net)... 13.33.232.121, 13.33.232.130, 13.33.232.69, ...
Conectando con d3g5vo6xdbdb9a.cloudfront.net (d3g5vo6xdbdb9a.cloudfront.net)[13.33.232.121]:443... conectado.
Petición HTTP enviada, esperando respuesta... 403 Forbidden
2020-04-03 12:38:53 ERROR 403: Forbidden.

error: %pre(opendistroforelasticsearch-0:1.4.0-1.noarch) scriptlet failed, exit status 8
Error in PREIN scriptlet in rpm package opendistroforelasticsearch-1.4.0-1.noarch
Comprobando : opendistroforelasticsearch-1.4.0-1.noarch 1/1

Falló:
opendistroforelasticsearch.noarch 0:1.4.0-1 `

It seems that I can not install older versions?

With Elasticsearch not allow the install to run as a custom user/group, is there an easy way to configure that through these build scripts?

I'm assuming not but wanted to check.

The Windows zip file download for 1.6.0 is missing Windows java jdk\bin executables (DLLs and EXEs) and the other executables under the bin folder, i.e. - elasaticsearch-service-mgr.exe, etc. I first noticed this issue with 1.4.0.

ref url: https://d3g5vo6xdbdb9a.cloudfront.net/downloads/odfe-windows/ode-windows-zip/odfe-1.6.0.zip

It would be nice if the Helm chart for opendistro was hosted on a Helm chart repository. Ideally the existing chart would be migrated to the default stable repo for easy consumption but a project specific repo would be a step in the right direction as well. Check out Helm Hub for a list of companies/communities running their own repos.

Thank you!

I try to run opendistro-for-elasticsearch on a openshift-container but I get this error:
Browserslist: caniuse-lite is outdated. Please run next command npm update caniuse-lite browserslist

The chart currently requires privilege to deploy an elasticsearch. There is no way to disable the sysctl init container even if your hosts have already been preconfigured for it.

https://opendistro.github.io/elasticsearch/downloads is a 404
Actually https://opendistroforelasticsearch.github.io is too

All configuration files stores in my host machine, and replaced inside of containers by volumes:

 volumes:
-./roles.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/roles.yml
-./roles_mapping.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/roles_mapping.yml
-./internal_users.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/internal_users.yml
-./config.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/config.yml

After editing configuration files in a host machine, and restarting nodes, It doesn't apply any changes. The files actually replaced inside of containers, but nothing changed.

Hello,

I need to install opendistroforelasticsearch package in a disconnected environment. The package is retrieved via an apt proxy, however the package directly does some wget in the preInstall script. Could opendistro-build embed the knn library directly in its package and avoid this wget ?

Thanks.

Hi,

is it correct, that opendistro-build repo misses changes for 1.0.0?

Regards
Andreas

Support Elasticsearch 7.4.0

While I can't seem to find any reference to a volume of type hostPath, the PodSecurityPolicy admission controller cannot find a PSP to use when global.psp.create is set to true.

Thanks!

Error:

Events:
  Type     Reason        Age                  From                    Message
  ----     ------        ----                 ----                    -------
  Warning  FailedCreate  76s (x5 over 118s)   statefulset-controller  create Pod opendistro-es-data-0 in StatefulSet opendistro-es-data failed error: pods "opendistro-es-data-0" is forbidden: unable to validate against any pod security policy: [spec.initContainers[0].securityContext.privileged: Invalid value: true: Privileged containers are not allowed spec.volumes[4]: Invalid value: "hostPath": hostPath volumes are not allowed to be used]
  Warning  FailedCreate  35s (x10 over 118s)  statefulset-controller  create Pod opendistro-es-data-0 in StatefulSet opendistro-es-data failed error: pods "opendistro-es-data-0" is forbidden: unable to validate against any pod security policy: [spec.volumes[4]: Invalid value: "hostPath": hostPath volumes are not allowed to be used spec.initContainers[0].securityContext.privileged: Invalid value: true: Privileged containers are not allowed]

Proof of default storage class:

❯ k get storageclasses.storage.k8s.io 
NAME                    PROVISIONER                            RECLAIMPOLICY   VOLUMEBINDINGMODE   ALLOWVOLUMEEXPANSION   AGE
nfs-freenas (default)   cluster.local/nfs-client-provisioner   Retain          Immediate           true                   4d17h

Helm values:

apiVersion: helm.fluxcd.io/v1
kind: HelmRelease
metadata:
  name: es
  namespace: elasticsearch
  annotations:
    flux.weave.works/automated: "false"
spec:
  releaseName: opendistro-es
  chart:
    git: https://github.com/opendistro-for-elasticsearch/opendistro-build.git
    ref: 287f90ac17c470ec5e6ce642ec573d39d08f43ac
    path: helm/opendistro-es
  values:
    kibana:
      enabled: true
      elasticsearchAccount:
        secret: ""
        keyPassphrase:
          enabled: false
      ssl:
        kibana:
          enabled: false
        elasticsearch:
          enabled: false

      ingress:
        enabled: false

      config: {}

      serviceAccount:
        create: true

    global:
      clusterName: elasticsearch

      psp:
        create: true

      rbac:
        enabled: true

    elasticsearch:
      securityConfig:
        enabled: true
        path: "/usr/share/elasticsearch/plugins/opendistro_security/securityconfig"
        actionGroupsSecret:
        configSecret:
        internalUsersSecret:
        rolesSecret:
        rolesMappingSecret:
        tenantsSecret:

      extraEnvs: []

      initContainer:
        image: busybox
        imageTag: 1.27.2

      ssl:
        transport:
          enabled: false
          existingCertSecret:
        rest:
          enabled: false
          existingCertSecret:
        admin:
          enabled: false
          existingCertSecret:

      master:
        enabled: true
        replicas: 1

        persistence:
          enabled: true
          size: 10Gi

        javaOpts: "-Xms512m -Xmx512m"

      data:
        enabled: true
        replicas: 1

        persistence:
          enabled: true
          size: 50Gi

        javaOpts: "-Xms512m -Xmx512m"

      client:
        enabled: true
        replicas: 1

        javaOpts: "-Xms512m -Xmx512m"
        ingress:
          enabled: false

      config: {}

      serviceAccount:
        create: true

I have a service

apiVersion: v1
kind: Service
metadata:
  name: elasticsearch
  namespace: es-test
  labels:
    component: elasticsearch
    role: master
spec:
  selector:
    component: elasticsearch
    role: master
  ports:
  - name: transport
    port: 9300
    protocol: TCP
  clusterIP: None # Don't allocate a fixed IP address
  publishNotReadyAddresses: true

and a configmap

apiVersion: v1
kind: ConfigMap
metadata:
  name: elasticsearch
  namespace: es-test
  labels:
    app: elasticsearch
data:
  elasticsearch.yml: |-
    cluster:
      name: ${CLUSTER_NAME}
    node:
      master: ${NODE_MASTER}
      data: ${NODE_DATA}
      name: ${NODE_NAME}
      ingest: ${NODE_INGEST}
      max_local_storage_nodes: 1
      attr.box_type: hot

    processors: ${PROCESSORS:1}

    network.host: ${NETWORK_HOST}

    path:
      data: /usr/share/elasticsearch/data
      logs: /usr/share/elasticsearch/logs

    http:
      compression: true

    discovery:
      seed_hosts: ["es-master-0.elasticsearch.es-test.svc.k8s-dc.example.co.nz","es-master-1.elasticsearch.es-test.svc.k8s-dc.example.co.nz","es-master-2.elasticsearch.es-test.svc.k8s-dc.example.co.nz","es-master-0","es-master-1","es-master-2"]
      zen:
        minimum_master_nodes: ${NUMBER_OF_MASTERS}

    cluster.initial_master_nodes:
      - es-master-0.elasticsearch.es-test.svc.k8s-dc.example.co.nz
      - es-master-1.elasticsearch.es-test.svc.k8s-dc.example.co.nz
      - es-master-2.elasticsearch.es-test.svc.k8s-dc.example.co.nz
      - es-master-0
      - es-master-1
      - es-master-2

    # TLS Configuration Transport Layer
    opendistro_security.ssl.transport.pemcert_filepath: elk-crt.pem
    opendistro_security.ssl.transport.pemkey_filepath: elk-key.key
    opendistro_security.ssl.transport.pemtrustedcas_filepath: elk-root-ca.pem
    opendistro_security.ssl.transport.pemkey_password: ${TRANSPORT_TLS_PEM_PASS}
    opendistro_security.ssl.transport.enforce_hostname_verification: true

    # TLS Configuration REST Layer
    opendistro_security.ssl.http.enabled: true
    opendistro_security.ssl.http.pemcert_filepath: elk-crt.pem
    opendistro_security.ssl.http.pemkey_filepath: elk-key.key
    opendistro_security.ssl.http.pemtrustedcas_filepath: elk-root-ca.pem
    opendistro_security.ssl.http.pemkey_password: ${HTTP_TLS_PEM_PASS}

    # Demo Certificate Option Disabled
    opendistro_security.allow_unsafe_democertificates: false

    opendistro_security.allow_default_init_securityindex: true

    # Certificate to change the the Security plugin configuration
    opendistro_security.authcz.admin_dn:
    - elasticsearch-admin.es-test.svc.k8s-dc.example.co.nz,OU=Technology,O=Example NZ,L=Auckland,ST=Auckland,C=NZ

    # Identify inter-cluster requests
    opendistro_security.nodes_dn:
    - elasticsearch.es-test.svc.k8s-dc.example.co.nz,OU=Technology,O=Example NZ,L=Auckland,ST=Auckland,C=NZ

However masters are trying to form a cluster based on IP

javax.net.ssl.SSLHandshakeException: No subject alternative names matching IP address 172.32.29.142 found

Hence why I cannot set hostname verification to true

Kubernetes: v1.16.3 (Rancher)
DNS: CoreDNS

I've tried to check es-client but got an empty reply:
curl -XPOST "http://127.0.0.1:9200/_search" -d' { "query": { "match_all": {} } }'
curl: (52) Empty reply from server

kubectl get pods -A | grep opendistro
default              opendistro-es-client-6644657b48-2vklw               1/1     Running     0          4d17h
default              opendistro-es-client-6644657b48-sz5wd               1/1     Running     0          4d17h
default              opendistro-es-data-0                                1/1     Running     0          4d17h
default              opendistro-es-data-1                                1/1     Running     0          28h
default              opendistro-es-data-2                                1/1     Running     0          46m
default              opendistro-es-kibana-5d7c698847-bk4kw               1/1     Running     14         4d17h
default              opendistro-es-master-0                              1/1     Running     0          4d17h
default              opendistro-es-master-1                              1/1     Running     0          26h
default              opendistro-es-master-2                              1/1     Running     0          49m

And the error from opendistro-es-client-6644657b48-2vklw pod:

[2020-01-04T19:20:47,327][WARN ][o.e.d.SeedHostsResolver  ] [opendistro-es-client-6644657b48-2vklw] failed to resolve host [opendistro-es-discovery]
java.net.UnknownHostException: opendistro-es-discovery: Name or service not known

the default helm chart values for kibana ingress contain kibana.ingress.path: /

this value is non-functional and misleading. the path is derived from the entries in kibana.ingress.hosts if they have an additional path beyond the domain.

for example a value of chart-example.local/kibana would result in the path being set to /kibana

please consider removing the kibana.ingress.path value entirely and adding a better example to the file.