[Sessions] Reindexing the .kibana_security_session_1 index to the 8.x format. #204097
+39
−53
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
SiddharthMantri
added
v9.0.0
Feature:Security/Session Management
|
@elasticmachine merge upstream |
|
@elasticmachine merge upstream |
|
/ci |
|
@elasticmachine merge upstream |
|
/ci |
azasypkin
added
Team:Security
|
Pinging @elastic/kibana-security (Team:Security) |
💚 Build Succeeded
Metrics [docs]
History
|
jeramysoucy
approved these changes
Jan 21, 2025
There was a problem hiding this comment.
LGTM! Thanks for your patience and help with this one, Sid! I tested following your updated instructions (thank for that!). To confirm the issue and the fix, after deleting the problematic event log index and two data streams and running the index migration in UA from the 8.x branch, I copied the es data twice - once to run with main, and the other to run with your PR. This allowed me to run from both main and your PR without additional errors and see the difference. From main we get the following (expected) error when starting Kibana:
illegal_argument_exception: The provided expression [.kibana_security_session_1] matches an alias, specify the corresponding concrete indices instead.
[2025-01-21T10:30:27.820+01:00][ERROR][plugins.security.session.index] Failed to attach alias to session index: illegal_argument_exception
From your PR, all goes well and I can log in and see the total session count reflected accurately. 🚀
|
@elasticmachine merge upstream |
|
Starting backport for target branches: 8.x |
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Jan 22, 2025
… format. (elastic#204097) Closes elastic#200603 ## Summary Reindexes the Kibana Security session system index to the 8.x format to support 9.0 readiness. ### Release note Creates Kibana Security session index to only if the `kibana_security_session_1` index or the reindexed version do not exist. ### Notes ### How to test For this test, you'll need at least 3 copies of Kibana cloned locally. One each on 7.17, 8.x and main - ensuring you've run `yarn kbn bootstrap` on each of them. Step 0. Verify on the PR branch ----- - Start ES as `yarn es snapshot --license=trial` - Start kibana `yarn start --no-base-path` - Login to kibana in a private browsing window - Navigate to dev tools and run ``` GET .kibana_security_session/_alias ``` - You should see ``` { ".kibana_security_session_1": { "aliases": { ".kibana_security_session": { "is_write_index": true, "is_hidden": true } } } } ``` This indicates that there were no aliases/index present and the new index was created. Step 1. On 7.17 ----- - Run ES with `yarn es snapshot --license=trial -E path.data=/tmp/esdata` - Run kibana - Login with the `elastic` user - Navigate to dev tools and run the following query ``` GET .kibana_security_session_1/_search { "query": { "match_all": {} } } ``` - You should see your current session being returned as the result for this query - You can now shut down ES and kibana. Step 2. On 8.x ----- - Run ES with `yarn es snapshot --license=trial -E path.data=/tmp/esdata` <--- point to the same folder as the previous run - Run kibana, open a private browser window and login. - Navigate to Kibana upgrade assistant and Migrate system indices and wait for it to run. - Now in Dev tools, run the same query. You should see two sessions. - One with the idleSessionTimeout returned as null and the other one containing a value - indicating one was created on 7.x and the other in 8.x - Make a backup of the data folder `cp -r /tmp/esdata /tmp/esdatabkp` Step 3(OPTIONAL). On main (without the changes in this PR) ----- - Run ES with `yarn es snapshot --license=trial -E path.data=/tmp/esdata` - This should throw an error Step 4. On 8.x ----- - First use the backup for the path `cp -r /tmp/esdatabkp /tmp/esdata2` - Start ES only (do not run Kibana yet) by pointing to the copy: `yarn es snapshot --license=trial -E path.data=/tmp/esdata2` - ES should start up and you need to delete 1 index and 2 datastreams using the ES APIs and any method you prefer. For your convenience, you can use the same script as mine: ```ts import axios from 'axios'; const clearIndexAndDatastream = async () => { { const res = await axios.delete( "http://localhost:9200/.kibana-event-log-7.17.28-000001", { headers: { Authorization: "Basic ZWxhc3RpYzpjaGFuZ2VtZQ==", accept: "*/*", "Content-Type": "application/json", "Kbn-Xsrf": "true", }, } ); console.log("deleted index:", JSON.stringify(res.data)); } { const res = await axios.delete( "http://localhost:9200/_data_stream/ilm-history-5", { headers: { Authorization: "Basic ZWxhc3RpYzpjaGFuZ2VtZQ==", accept: "*/*", "Content-Type": "application/json", "Kbn-Xsrf": "true", }, } ); console.log("deleted ds1:", JSON.stringify(res.data)); } { const res = await axios.delete( "http://localhost:9200/_data_stream/.logs-deprecation.elasticsearch-default", { headers: { Authorization: "Basic ZWxhc3RpYzpjaGFuZ2VtZQ==", accept: "*/*", "Content-Type": "application/json", "Kbn-Xsrf": "true", }, } ); console.log("deleted ds2:", JSON.stringify(res.data)); } }; clearIndexAndDatastream(); ``` You should see the result as: ``` deleted index: {"acknowledged":true} deleted ds1: {"acknowledged":true} deleted ds2: {"acknowledged":true} ``` - Now login to Kibana in a private browsing window and navigate to Upgrade assistant and run the migration. - Navigating to devtools and running the same query as above will show you three results. One with no idleTimeout and 2 with timeouts (One on 7.x and two on 8.x format respectively) ``` GET .kibana_security_session_1/_search { "query": { "match_all": {} } } ``` - You can now shut ES and kibana at this point. Step 5. On the branch of this PR ----- - Run ES with `yarn es snapshot --license=trial -E path.data=/tmp/esdata2` - Run Kibana and login using a private window. - Navigating to dev tools and run: ``` GET .kibana_security_session/_alias ``` To show a result as: ``` { ".kibana_security_session_1-reindexed-for-9": { "aliases": { ".kibana_security_session": { "is_hidden": true }, ".kibana_security_session_1": { "is_hidden": true } } } } ``` This indicates that no new index was created and we are using the reindexed version from 8.x. - You should also run the query to check for sessions: ``` GET .kibana_security_session_1/_search { "query": { "match_all": {} } } ``` - This should return 4 sessions in the results This confirms that the session was re-indexed correctly using the right aliases. ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [ ] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) ### Identify risks Does this PR introduce any risks? For example, consider risks like hard to test bugs, performance regression, potential of data loss. Describe the risk, its severity, and mitigation for each identified risk. Invite stakeholders and evaluate how to proceed before merging. - [ ] [See some risk examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx) - [ ] ... --------- Co-authored-by: Elastic Machine <[email protected]> (cherry picked from commit 26350ff)
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
kibanamachine
added a commit
that referenced
this pull request
Jan 22, 2025
…he 8.x format. (#204097) (#207784) # Backport This will backport the following commits from `main` to `8.x`: - [[Sessions] Reindexing the .kibana_security_session_1 index to the 8.x format. (#204097)](#204097) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Sid","email":"[email protected]"},"sourceCommit":{"committedDate":"2025-01-22T13:03:42Z","message":"[Sessions] Reindexing the .kibana_security_session_1 index to the 8.x format. (#204097)\n\nCloses https://github.com/elastic/kibana/issues/200603\r\n\r\n\r\n## Summary\r\n\r\nReindexes the Kibana Security session system index to the 8.x format to\r\nsupport 9.0 readiness.\r\n\r\n### Release note\r\nCreates Kibana Security session index to only if the\r\n`kibana_security_session_1` index or the reindexed version do not exist.\r\n\r\n### Notes\r\n\r\n\r\n### How to test\r\n\r\nFor this test, you'll need at least 3 copies of Kibana cloned locally.\r\nOne each on 7.17, 8.x and main - ensuring you've run `yarn kbn\r\nbootstrap` on each of them.\r\n\r\n\r\nStep 0. Verify on the PR branch\r\n-----\r\n- Start ES as `yarn es snapshot --license=trial`\r\n- Start kibana `yarn start --no-base-path`\r\n- Login to kibana in a private browsing window\r\n- Navigate to dev tools and run\r\n```\r\nGET .kibana_security_session/_alias\r\n```\r\n- You should see \r\n```\r\n{\r\n \".kibana_security_session_1\": {\r\n \"aliases\": {\r\n \".kibana_security_session\": {\r\n \"is_write_index\": true,\r\n \"is_hidden\": true\r\n }\r\n }\r\n }\r\n}\r\n```\r\nThis indicates that there were no aliases/index present and the new\r\nindex was created.\r\n\r\nStep 1. On 7.17\r\n-----\r\n- Run ES with `yarn es snapshot --license=trial -E\r\npath.data=/tmp/esdata`\r\n- Run kibana\r\n- Login with the `elastic` user\r\n- Navigate to dev tools and run the following query\r\n```\r\nGET .kibana_security_session_1/_search\r\n{\r\n \"query\": {\r\n \"match_all\": {}\r\n }\r\n}\r\n```\r\n- You should see your current session being returned as the result for\r\nthis query\r\n- You can now shut down ES and kibana.\r\n\r\n\r\nStep 2. On 8.x\r\n-----\r\n- Run ES with `yarn es snapshot --license=trial -E\r\npath.data=/tmp/esdata` <--- point to the same folder as the previous run\r\n- Run kibana, open a private browser window and login.\r\n- Navigate to Kibana upgrade assistant and Migrate system indices and\r\nwait for it to run.\r\n- Now in Dev tools, run the same query. You should see two sessions. \r\n- One with the idleSessionTimeout returned as null and the other one\r\ncontaining a value - indicating one was created on 7.x and the other in\r\n8.x\r\n- Make a backup of the data folder `cp -r /tmp/esdata /tmp/esdatabkp`\r\n\r\nStep 3(OPTIONAL). On main (without the changes in this PR)\r\n-----\r\n- Run ES with `yarn es snapshot --license=trial -E\r\npath.data=/tmp/esdata`\r\n- This should throw an error \r\n\r\n\r\nStep 4. On 8.x\r\n-----\r\n- First use the backup for the path `cp -r /tmp/esdatabkp /tmp/esdata2`\r\n- Start ES only (do not run Kibana yet) by pointing to the copy: `yarn\r\nes snapshot --license=trial -E path.data=/tmp/esdata2`\r\n- ES should start up and you need to delete 1 index and 2 datastreams\r\nusing the ES APIs and any method you prefer. For your convenience, you\r\ncan use the same script as mine:\r\n```ts\r\nimport axios from 'axios';\r\n\r\nconst clearIndexAndDatastream = async () => {\r\n {\r\n const res = await axios.delete(\r\n \"http://localhost:9200/.kibana-event-log-7.17.28-000001\",\r\n {\r\n headers: {\r\n Authorization: \"Basic ZWxhc3RpYzpjaGFuZ2VtZQ==\",\r\n accept: \"*/*\",\r\n \"Content-Type\": \"application/json\",\r\n \"Kbn-Xsrf\": \"true\",\r\n },\r\n }\r\n );\r\n console.log(\"deleted index:\", JSON.stringify(res.data));\r\n }\r\n\r\n {\r\n const res = await axios.delete(\r\n \"http://localhost:9200/_data_stream/ilm-history-5\",\r\n {\r\n headers: {\r\n Authorization: \"Basic ZWxhc3RpYzpjaGFuZ2VtZQ==\",\r\n accept: \"*/*\",\r\n \"Content-Type\": \"application/json\",\r\n \"Kbn-Xsrf\": \"true\",\r\n },\r\n }\r\n );\r\n console.log(\"deleted ds1:\", JSON.stringify(res.data));\r\n }\r\n {\r\n const res = await axios.delete(\r\n \"http://localhost:9200/_data_stream/.logs-deprecation.elasticsearch-default\",\r\n {\r\n headers: {\r\n Authorization: \"Basic ZWxhc3RpYzpjaGFuZ2VtZQ==\",\r\n accept: \"*/*\",\r\n \"Content-Type\": \"application/json\",\r\n \"Kbn-Xsrf\": \"true\",\r\n },\r\n }\r\n );\r\n console.log(\"deleted ds2:\", JSON.stringify(res.data));\r\n }\r\n};\r\n\r\nclearIndexAndDatastream();\r\n```\r\nYou should see the result as:\r\n\r\n```\r\ndeleted index: {\"acknowledged\":true}\r\ndeleted ds1: {\"acknowledged\":true}\r\ndeleted ds2: {\"acknowledged\":true}\r\n```\r\n- Now login to Kibana in a private browsing window and navigate to\r\nUpgrade assistant and run the migration.\r\n- Navigating to devtools and running the same query as above will show\r\nyou three results. One with no idleTimeout and 2 with timeouts (One on\r\n7.x and two on 8.x format respectively)\r\n```\r\nGET .kibana_security_session_1/_search\r\n{\r\n \"query\": {\r\n \"match_all\": {}\r\n }\r\n}\r\n```\r\n- You can now shut ES and kibana at this point. \r\n\r\nStep 5. On the branch of this PR\r\n-----\r\n- Run ES with `yarn es snapshot --license=trial -E\r\npath.data=/tmp/esdata2`\r\n- Run Kibana and login using a private window. \r\n- Navigating to dev tools and run:\r\n```\r\nGET .kibana_security_session/_alias\r\n```\r\nTo show a result as:\r\n```\r\n{\r\n \".kibana_security_session_1-reindexed-for-9\": {\r\n \"aliases\": {\r\n \".kibana_security_session\": {\r\n \"is_hidden\": true\r\n },\r\n \".kibana_security_session_1\": {\r\n \"is_hidden\": true\r\n }\r\n }\r\n }\r\n}\r\n```\r\nThis indicates that no new index was created and we are using the\r\nreindexed version from 8.x.\r\n\r\n- You should also run the query to check for sessions:\r\n```\r\nGET .kibana_security_session_1/_search\r\n{\r\n \"query\": {\r\n \"match_all\": {}\r\n }\r\n}\r\n```\r\n- This should return 4 sessions in the results\r\n\r\nThis confirms that the session was re-indexed correctly using the right\r\naliases.\r\n\r\n\r\n\r\n### Checklist\r\n\r\nCheck the PR satisfies following conditions. \r\n\r\nReviewers should verify this PR satisfies this list as well.\r\n\r\n- [ ] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios\r\n- [ ] [Flaky Test\r\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\r\nused on any tests changed\r\n- [ ] The PR description includes the appropriate Release Notes section,\r\nand the correct `release_note:*` label is applied per the\r\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\r\n\r\n### Identify risks\r\n\r\nDoes this PR introduce any risks? For example, consider risks like hard\r\nto test bugs, performance regression, potential of data loss.\r\n\r\nDescribe the risk, its severity, and mitigation for each identified\r\nrisk. Invite stakeholders and evaluate how to proceed before merging.\r\n\r\n- [ ] [See some risk\r\nexamples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx)\r\n- [ ] ...\r\n\r\n---------\r\n\r\nCo-authored-by: Elastic Machine <[email protected]>","sha":"26350ff3ba6e422c419f75cc44ae22ce3da53d9f","branchLabelMapping":{"^v9.0.0$":"main","^v8.18.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:enhancement","Team:Security","v9.0.0","Feature:Security/Session Management","backport:prev-minor"],"title":"[Sessions] Reindexing the .kibana_security_session_1 index to the 8.x format.","number":204097,"url":"https://github.com/elastic/kibana/pull/204097","mergeCommit":{"message":"[Sessions] Reindexing the .kibana_security_session_1 index to the 8.x format. (#204097)\n\nCloses https://github.com/elastic/kibana/issues/200603\r\n\r\n\r\n## Summary\r\n\r\nReindexes the Kibana Security session system index to the 8.x format to\r\nsupport 9.0 readiness.\r\n\r\n### Release note\r\nCreates Kibana Security session index to only if the\r\n`kibana_security_session_1` index or the reindexed version do not exist.\r\n\r\n### Notes\r\n\r\n\r\n### How to test\r\n\r\nFor this test, you'll need at least 3 copies of Kibana cloned locally.\r\nOne each on 7.17, 8.x and main - ensuring you've run `yarn kbn\r\nbootstrap` on each of them.\r\n\r\n\r\nStep 0. Verify on the PR branch\r\n-----\r\n- Start ES as `yarn es snapshot --license=trial`\r\n- Start kibana `yarn start --no-base-path`\r\n- Login to kibana in a private browsing window\r\n- Navigate to dev tools and run\r\n```\r\nGET .kibana_security_session/_alias\r\n```\r\n- You should see \r\n```\r\n{\r\n \".kibana_security_session_1\": {\r\n \"aliases\": {\r\n \".kibana_security_session\": {\r\n \"is_write_index\": true,\r\n \"is_hidden\": true\r\n }\r\n }\r\n }\r\n}\r\n```\r\nThis indicates that there were no aliases/index present and the new\r\nindex was created.\r\n\r\nStep 1. On 7.17\r\n-----\r\n- Run ES with `yarn es snapshot --license=trial -E\r\npath.data=/tmp/esdata`\r\n- Run kibana\r\n- Login with the `elastic` user\r\n- Navigate to dev tools and run the following query\r\n```\r\nGET .kibana_security_session_1/_search\r\n{\r\n \"query\": {\r\n \"match_all\": {}\r\n }\r\n}\r\n```\r\n- You should see your current session being returned as the result for\r\nthis query\r\n- You can now shut down ES and kibana.\r\n\r\n\r\nStep 2. On 8.x\r\n-----\r\n- Run ES with `yarn es snapshot --license=trial -E\r\npath.data=/tmp/esdata` <--- point to the same folder as the previous run\r\n- Run kibana, open a private browser window and login.\r\n- Navigate to Kibana upgrade assistant and Migrate system indices and\r\nwait for it to run.\r\n- Now in Dev tools, run the same query. You should see two sessions. \r\n- One with the idleSessionTimeout returned as null and the other one\r\ncontaining a value - indicating one was created on 7.x and the other in\r\n8.x\r\n- Make a backup of the data folder `cp -r /tmp/esdata /tmp/esdatabkp`\r\n\r\nStep 3(OPTIONAL). On main (without the changes in this PR)\r\n-----\r\n- Run ES with `yarn es snapshot --license=trial -E\r\npath.data=/tmp/esdata`\r\n- This should throw an error \r\n\r\n\r\nStep 4. On 8.x\r\n-----\r\n- First use the backup for the path `cp -r /tmp/esdatabkp /tmp/esdata2`\r\n- Start ES only (do not run Kibana yet) by pointing to the copy: `yarn\r\nes snapshot --license=trial -E path.data=/tmp/esdata2`\r\n- ES should start up and you need to delete 1 index and 2 datastreams\r\nusing the ES APIs and any method you prefer. For your convenience, you\r\ncan use the same script as mine:\r\n```ts\r\nimport axios from 'axios';\r\n\r\nconst clearIndexAndDatastream = async () => {\r\n {\r\n const res = await axios.delete(\r\n \"http://localhost:9200/.kibana-event-log-7.17.28-000001\",\r\n {\r\n headers: {\r\n Authorization: \"Basic ZWxhc3RpYzpjaGFuZ2VtZQ==\",\r\n accept: \"*/*\",\r\n \"Content-Type\": \"application/json\",\r\n \"Kbn-Xsrf\": \"true\",\r\n },\r\n }\r\n );\r\n console.log(\"deleted index:\", JSON.stringify(res.data));\r\n }\r\n\r\n {\r\n const res = await axios.delete(\r\n \"http://localhost:9200/_data_stream/ilm-history-5\",\r\n {\r\n headers: {\r\n Authorization: \"Basic ZWxhc3RpYzpjaGFuZ2VtZQ==\",\r\n accept: \"*/*\",\r\n \"Content-Type\": \"application/json\",\r\n \"Kbn-Xsrf\": \"true\",\r\n },\r\n }\r\n );\r\n console.log(\"deleted ds1:\", JSON.stringify(res.data));\r\n }\r\n {\r\n const res = await axios.delete(\r\n \"http://localhost:9200/_data_stream/.logs-deprecation.elasticsearch-default\",\r\n {\r\n headers: {\r\n Authorization: \"Basic ZWxhc3RpYzpjaGFuZ2VtZQ==\",\r\n accept: \"*/*\",\r\n \"Content-Type\": \"application/json\",\r\n \"Kbn-Xsrf\": \"true\",\r\n },\r\n }\r\n );\r\n console.log(\"deleted ds2:\", JSON.stringify(res.data));\r\n }\r\n};\r\n\r\nclearIndexAndDatastream();\r\n```\r\nYou should see the result as:\r\n\r\n```\r\ndeleted index: {\"acknowledged\":true}\r\ndeleted ds1: {\"acknowledged\":true}\r\ndeleted ds2: {\"acknowledged\":true}\r\n```\r\n- Now login to Kibana in a private browsing window and navigate to\r\nUpgrade assistant and run the migration.\r\n- Navigating to devtools and running the same query as above will show\r\nyou three results. One with no idleTimeout and 2 with timeouts (One on\r\n7.x and two on 8.x format respectively)\r\n```\r\nGET .kibana_security_session_1/_search\r\n{\r\n \"query\": {\r\n \"match_all\": {}\r\n }\r\n}\r\n```\r\n- You can now shut ES and kibana at this point. \r\n\r\nStep 5. On the branch of this PR\r\n-----\r\n- Run ES with `yarn es snapshot --license=trial -E\r\npath.data=/tmp/esdata2`\r\n- Run Kibana and login using a private window. \r\n- Navigating to dev tools and run:\r\n```\r\nGET .kibana_security_session/_alias\r\n```\r\nTo show a result as:\r\n```\r\n{\r\n \".kibana_security_session_1-reindexed-for-9\": {\r\n \"aliases\": {\r\n \".kibana_security_session\": {\r\n \"is_hidden\": true\r\n },\r\n \".kibana_security_session_1\": {\r\n \"is_hidden\": true\r\n }\r\n }\r\n }\r\n}\r\n```\r\nThis indicates that no new index was created and we are using the\r\nreindexed version from 8.x.\r\n\r\n- You should also run the query to check for sessions:\r\n```\r\nGET .kibana_security_session_1/_search\r\n{\r\n \"query\": {\r\n \"match_all\": {}\r\n }\r\n}\r\n```\r\n- This should return 4 sessions in the results\r\n\r\nThis confirms that the session was re-indexed correctly using the right\r\naliases.\r\n\r\n\r\n\r\n### Checklist\r\n\r\nCheck the PR satisfies following conditions. \r\n\r\nReviewers should verify this PR satisfies this list as well.\r\n\r\n- [ ] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios\r\n- [ ] [Flaky Test\r\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\r\nused on any tests changed\r\n- [ ] The PR description includes the appropriate Release Notes section,\r\nand the correct `release_note:*` label is applied per the\r\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\r\n\r\n### Identify risks\r\n\r\nDoes this PR introduce any risks? For example, consider risks like hard\r\nto test bugs, performance regression, potential of data loss.\r\n\r\nDescribe the risk, its severity, and mitigation for each identified\r\nrisk. Invite stakeholders and evaluate how to proceed before merging.\r\n\r\n- [ ] [See some risk\r\nexamples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx)\r\n- [ ] ...\r\n\r\n---------\r\n\r\nCo-authored-by: Elastic Machine <[email protected]>","sha":"26350ff3ba6e422c419f75cc44ae22ce3da53d9f"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/204097","number":204097,"mergeCommit":{"message":"[Sessions] Reindexing the .kibana_security_session_1 index to the 8.x format. (#204097)\n\nCloses https://github.com/elastic/kibana/issues/200603\r\n\r\n\r\n## Summary\r\n\r\nReindexes the Kibana Security session system index to the 8.x format to\r\nsupport 9.0 readiness.\r\n\r\n### Release note\r\nCreates Kibana Security session index to only if the\r\n`kibana_security_session_1` index or the reindexed version do not exist.\r\n\r\n### Notes\r\n\r\n\r\n### How to test\r\n\r\nFor this test, you'll need at least 3 copies of Kibana cloned locally.\r\nOne each on 7.17, 8.x and main - ensuring you've run `yarn kbn\r\nbootstrap` on each of them.\r\n\r\n\r\nStep 0. Verify on the PR branch\r\n-----\r\n- Start ES as `yarn es snapshot --license=trial`\r\n- Start kibana `yarn start --no-base-path`\r\n- Login to kibana in a private browsing window\r\n- Navigate to dev tools and run\r\n```\r\nGET .kibana_security_session/_alias\r\n```\r\n- You should see \r\n```\r\n{\r\n \".kibana_security_session_1\": {\r\n \"aliases\": {\r\n \".kibana_security_session\": {\r\n \"is_write_index\": true,\r\n \"is_hidden\": true\r\n }\r\n }\r\n }\r\n}\r\n```\r\nThis indicates that there were no aliases/index present and the new\r\nindex was created.\r\n\r\nStep 1. On 7.17\r\n-----\r\n- Run ES with `yarn es snapshot --license=trial -E\r\npath.data=/tmp/esdata`\r\n- Run kibana\r\n- Login with the `elastic` user\r\n- Navigate to dev tools and run the following query\r\n```\r\nGET .kibana_security_session_1/_search\r\n{\r\n \"query\": {\r\n \"match_all\": {}\r\n }\r\n}\r\n```\r\n- You should see your current session being returned as the result for\r\nthis query\r\n- You can now shut down ES and kibana.\r\n\r\n\r\nStep 2. On 8.x\r\n-----\r\n- Run ES with `yarn es snapshot --license=trial -E\r\npath.data=/tmp/esdata` <--- point to the same folder as the previous run\r\n- Run kibana, open a private browser window and login.\r\n- Navigate to Kibana upgrade assistant and Migrate system indices and\r\nwait for it to run.\r\n- Now in Dev tools, run the same query. You should see two sessions. \r\n- One with the idleSessionTimeout returned as null and the other one\r\ncontaining a value - indicating one was created on 7.x and the other in\r\n8.x\r\n- Make a backup of the data folder `cp -r /tmp/esdata /tmp/esdatabkp`\r\n\r\nStep 3(OPTIONAL). On main (without the changes in this PR)\r\n-----\r\n- Run ES with `yarn es snapshot --license=trial -E\r\npath.data=/tmp/esdata`\r\n- This should throw an error \r\n\r\n\r\nStep 4. On 8.x\r\n-----\r\n- First use the backup for the path `cp -r /tmp/esdatabkp /tmp/esdata2`\r\n- Start ES only (do not run Kibana yet) by pointing to the copy: `yarn\r\nes snapshot --license=trial -E path.data=/tmp/esdata2`\r\n- ES should start up and you need to delete 1 index and 2 datastreams\r\nusing the ES APIs and any method you prefer. For your convenience, you\r\ncan use the same script as mine:\r\n```ts\r\nimport axios from 'axios';\r\n\r\nconst clearIndexAndDatastream = async () => {\r\n {\r\n const res = await axios.delete(\r\n \"http://localhost:9200/.kibana-event-log-7.17.28-000001\",\r\n {\r\n headers: {\r\n Authorization: \"Basic ZWxhc3RpYzpjaGFuZ2VtZQ==\",\r\n accept: \"*/*\",\r\n \"Content-Type\": \"application/json\",\r\n \"Kbn-Xsrf\": \"true\",\r\n },\r\n }\r\n );\r\n console.log(\"deleted index:\", JSON.stringify(res.data));\r\n }\r\n\r\n {\r\n const res = await axios.delete(\r\n \"http://localhost:9200/_data_stream/ilm-history-5\",\r\n {\r\n headers: {\r\n Authorization: \"Basic ZWxhc3RpYzpjaGFuZ2VtZQ==\",\r\n accept: \"*/*\",\r\n \"Content-Type\": \"application/json\",\r\n \"Kbn-Xsrf\": \"true\",\r\n },\r\n }\r\n );\r\n console.log(\"deleted ds1:\", JSON.stringify(res.data));\r\n }\r\n {\r\n const res = await axios.delete(\r\n \"http://localhost:9200/_data_stream/.logs-deprecation.elasticsearch-default\",\r\n {\r\n headers: {\r\n Authorization: \"Basic ZWxhc3RpYzpjaGFuZ2VtZQ==\",\r\n accept: \"*/*\",\r\n \"Content-Type\": \"application/json\",\r\n \"Kbn-Xsrf\": \"true\",\r\n },\r\n }\r\n );\r\n console.log(\"deleted ds2:\", JSON.stringify(res.data));\r\n }\r\n};\r\n\r\nclearIndexAndDatastream();\r\n```\r\nYou should see the result as:\r\n\r\n```\r\ndeleted index: {\"acknowledged\":true}\r\ndeleted ds1: {\"acknowledged\":true}\r\ndeleted ds2: {\"acknowledged\":true}\r\n```\r\n- Now login to Kibana in a private browsing window and navigate to\r\nUpgrade assistant and run the migration.\r\n- Navigating to devtools and running the same query as above will show\r\nyou three results. One with no idleTimeout and 2 with timeouts (One on\r\n7.x and two on 8.x format respectively)\r\n```\r\nGET .kibana_security_session_1/_search\r\n{\r\n \"query\": {\r\n \"match_all\": {}\r\n }\r\n}\r\n```\r\n- You can now shut ES and kibana at this point. \r\n\r\nStep 5. On the branch of this PR\r\n-----\r\n- Run ES with `yarn es snapshot --license=trial -E\r\npath.data=/tmp/esdata2`\r\n- Run Kibana and login using a private window. \r\n- Navigating to dev tools and run:\r\n```\r\nGET .kibana_security_session/_alias\r\n```\r\nTo show a result as:\r\n```\r\n{\r\n \".kibana_security_session_1-reindexed-for-9\": {\r\n \"aliases\": {\r\n \".kibana_security_session\": {\r\n \"is_hidden\": true\r\n },\r\n \".kibana_security_session_1\": {\r\n \"is_hidden\": true\r\n }\r\n }\r\n }\r\n}\r\n```\r\nThis indicates that no new index was created and we are using the\r\nreindexed version from 8.x.\r\n\r\n- You should also run the query to check for sessions:\r\n```\r\nGET .kibana_security_session_1/_search\r\n{\r\n \"query\": {\r\n \"match_all\": {}\r\n }\r\n}\r\n```\r\n- This should return 4 sessions in the results\r\n\r\nThis confirms that the session was re-indexed correctly using the right\r\naliases.\r\n\r\n\r\n\r\n### Checklist\r\n\r\nCheck the PR satisfies following conditions. \r\n\r\nReviewers should verify this PR satisfies this list as well.\r\n\r\n- [ ] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios\r\n- [ ] [Flaky Test\r\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\r\nused on any tests changed\r\n- [ ] The PR description includes the appropriate Release Notes section,\r\nand the correct `release_note:*` label is applied per the\r\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\r\n\r\n### Identify risks\r\n\r\nDoes this PR introduce any risks? For example, consider risks like hard\r\nto test bugs, performance regression, potential of data loss.\r\n\r\nDescribe the risk, its severity, and mitigation for each identified\r\nrisk. Invite stakeholders and evaluate how to proceed before merging.\r\n\r\n- [ ] [See some risk\r\nexamples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx)\r\n- [ ] ...\r\n\r\n---------\r\n\r\nCo-authored-by: Elastic Machine <[email protected]>","sha":"26350ff3ba6e422c419f75cc44ae22ce3da53d9f"}}]}] BACKPORT--> Co-authored-by: Sid <[email protected]>
viduni94
pushed a commit
to viduni94/kibana
that referenced
this pull request
Jan 23, 2025
… format. (elastic#204097) Closes elastic#200603 ## Summary Reindexes the Kibana Security session system index to the 8.x format to support 9.0 readiness. ### Release note Creates Kibana Security session index to only if the `kibana_security_session_1` index or the reindexed version do not exist. ### Notes ### How to test For this test, you'll need at least 3 copies of Kibana cloned locally. One each on 7.17, 8.x and main - ensuring you've run `yarn kbn bootstrap` on each of them. Step 0. Verify on the PR branch ----- - Start ES as `yarn es snapshot --license=trial` - Start kibana `yarn start --no-base-path` - Login to kibana in a private browsing window - Navigate to dev tools and run ``` GET .kibana_security_session/_alias ``` - You should see ``` { ".kibana_security_session_1": { "aliases": { ".kibana_security_session": { "is_write_index": true, "is_hidden": true } } } } ``` This indicates that there were no aliases/index present and the new index was created. Step 1. On 7.17 ----- - Run ES with `yarn es snapshot --license=trial -E path.data=/tmp/esdata` - Run kibana - Login with the `elastic` user - Navigate to dev tools and run the following query ``` GET .kibana_security_session_1/_search { "query": { "match_all": {} } } ``` - You should see your current session being returned as the result for this query - You can now shut down ES and kibana. Step 2. On 8.x ----- - Run ES with `yarn es snapshot --license=trial -E path.data=/tmp/esdata` <--- point to the same folder as the previous run - Run kibana, open a private browser window and login. - Navigate to Kibana upgrade assistant and Migrate system indices and wait for it to run. - Now in Dev tools, run the same query. You should see two sessions. - One with the idleSessionTimeout returned as null and the other one containing a value - indicating one was created on 7.x and the other in 8.x - Make a backup of the data folder `cp -r /tmp/esdata /tmp/esdatabkp` Step 3(OPTIONAL). On main (without the changes in this PR) ----- - Run ES with `yarn es snapshot --license=trial -E path.data=/tmp/esdata` - This should throw an error Step 4. On 8.x ----- - First use the backup for the path `cp -r /tmp/esdatabkp /tmp/esdata2` - Start ES only (do not run Kibana yet) by pointing to the copy: `yarn es snapshot --license=trial -E path.data=/tmp/esdata2` - ES should start up and you need to delete 1 index and 2 datastreams using the ES APIs and any method you prefer. For your convenience, you can use the same script as mine: ```ts import axios from 'axios'; const clearIndexAndDatastream = async () => { { const res = await axios.delete( "http://localhost:9200/.kibana-event-log-7.17.28-000001", { headers: { Authorization: "Basic ZWxhc3RpYzpjaGFuZ2VtZQ==", accept: "*/*", "Content-Type": "application/json", "Kbn-Xsrf": "true", }, } ); console.log("deleted index:", JSON.stringify(res.data)); } { const res = await axios.delete( "http://localhost:9200/_data_stream/ilm-history-5", { headers: { Authorization: "Basic ZWxhc3RpYzpjaGFuZ2VtZQ==", accept: "*/*", "Content-Type": "application/json", "Kbn-Xsrf": "true", }, } ); console.log("deleted ds1:", JSON.stringify(res.data)); } { const res = await axios.delete( "http://localhost:9200/_data_stream/.logs-deprecation.elasticsearch-default", { headers: { Authorization: "Basic ZWxhc3RpYzpjaGFuZ2VtZQ==", accept: "*/*", "Content-Type": "application/json", "Kbn-Xsrf": "true", }, } ); console.log("deleted ds2:", JSON.stringify(res.data)); } }; clearIndexAndDatastream(); ``` You should see the result as: ``` deleted index: {"acknowledged":true} deleted ds1: {"acknowledged":true} deleted ds2: {"acknowledged":true} ``` - Now login to Kibana in a private browsing window and navigate to Upgrade assistant and run the migration. - Navigating to devtools and running the same query as above will show you three results. One with no idleTimeout and 2 with timeouts (One on 7.x and two on 8.x format respectively) ``` GET .kibana_security_session_1/_search { "query": { "match_all": {} } } ``` - You can now shut ES and kibana at this point. Step 5. On the branch of this PR ----- - Run ES with `yarn es snapshot --license=trial -E path.data=/tmp/esdata2` - Run Kibana and login using a private window. - Navigating to dev tools and run: ``` GET .kibana_security_session/_alias ``` To show a result as: ``` { ".kibana_security_session_1-reindexed-for-9": { "aliases": { ".kibana_security_session": { "is_hidden": true }, ".kibana_security_session_1": { "is_hidden": true } } } } ``` This indicates that no new index was created and we are using the reindexed version from 8.x. - You should also run the query to check for sessions: ``` GET .kibana_security_session_1/_search { "query": { "match_all": {} } } ``` - This should return 4 sessions in the results This confirms that the session was re-indexed correctly using the right aliases. ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [ ] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) ### Identify risks Does this PR introduce any risks? For example, consider risks like hard to test bugs, performance regression, potential of data loss. Describe the risk, its severity, and mitigation for each identified risk. Invite stakeholders and evaluate how to proceed before merging. - [ ] [See some risk examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx) - [ ] ... --------- Co-authored-by: Elastic Machine <[email protected]>
This was referenced Jan 24, 2025
SiddharthMantri
added a commit
that referenced
this pull request
Jan 29, 2025
Closes #208243 ## Summary [This PR](#204097) introduced an unintended issue for users running 8.x with a 7.x archive. This has been fixed by correctly searching for existing index by both name and alias. ### To test: You can follow the same steps as the above PR: #204097 ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [ ] This was checked for breaking HTTP API changes, and any breaking changes have been approved by the breaking-change committee. The `release_note:breaking` label should be applied in these situations. - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [ ] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) ### Identify risks Does this PR introduce any risks? For example, consider risks like hard to test bugs, performance regression, potential of data loss. Describe the risk, its severity, and mitigation for each identified risk. Invite stakeholders and evaluate how to proceed before merging. - [ ] [See some risk examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx) - [ ] ...
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Jan 29, 2025
…08244) Closes elastic#208243 ## Summary [This PR](elastic#204097) introduced an unintended issue for users running 8.x with a 7.x archive. This has been fixed by correctly searching for existing index by both name and alias. ### To test: You can follow the same steps as the above PR: elastic#204097 ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [ ] This was checked for breaking HTTP API changes, and any breaking changes have been approved by the breaking-change committee. The `release_note:breaking` label should be applied in these situations. - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [ ] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) ### Identify risks Does this PR introduce any risks? For example, consider risks like hard to test bugs, performance regression, potential of data loss. Describe the risk, its severity, and mitigation for each identified risk. Invite stakeholders and evaluate how to proceed before merging. - [ ] [See some risk examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx) - [ ] ... (cherry picked from commit 449ac98)
kibanamachine
added a commit
that referenced
this pull request
Jan 29, 2025
…8244) (#208780) # Backport This will backport the following commits from `main` to `8.x`: - [[Session Management] Fix session index creation and update (#208244)](#208244) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Sid","email":"[email protected]"},"sourceCommit":{"committedDate":"2025-01-29T15:28:30Z","message":"[Session Management] Fix session index creation and update (#208244)\n\nCloses https://github.com/elastic/kibana/issues/208243\r\n\r\n## Summary\r\n\r\n[This PR](#204097) introduced an\r\nunintended issue for users running 8.x with a 7.x archive. This has been\r\nfixed by correctly searching for existing index by both name and alias.\r\n\r\n\r\n### To test:\r\nYou can follow the same steps as the above PR:\r\nhttps://github.com//pull/204097\r\n\r\n### Checklist\r\n\r\nCheck the PR satisfies following conditions. \r\n\r\nReviewers should verify this PR satisfies this list as well.\r\n\r\n- [ ] Any text added follows [EUI's writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\r\nsentence case text and includes [i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\r\n- [ ]\r\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\r\nwas added for features that require explanation or tutorials\r\n- [ ] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios\r\n- [ ] If a plugin configuration key changed, check if it needs to be\r\nallowlisted in the cloud and added to the [docker\r\nlist](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)\r\n- [ ] This was checked for breaking HTTP API changes, and any breaking\r\nchanges have been approved by the breaking-change committee. The\r\n`release_note:breaking` label should be applied in these situations.\r\n- [ ] [Flaky Test\r\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\r\nused on any tests changed\r\n- [ ] The PR description includes the appropriate Release Notes section,\r\nand the correct `release_note:*` label is applied per the\r\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\r\n\r\n### Identify risks\r\n\r\nDoes this PR introduce any risks? For example, consider risks like hard\r\nto test bugs, performance regression, potential of data loss.\r\n\r\nDescribe the risk, its severity, and mitigation for each identified\r\nrisk. Invite stakeholders and evaluate how to proceed before merging.\r\n\r\n- [ ] [See some risk\r\nexamples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx)\r\n- [ ] ...","sha":"449ac985723f561d7dc02303c194fc21c7e2cb02","branchLabelMapping":{"^v9.0.0$":"main","^v8.18.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["Team:Security","release_note:skip","v9.0.0","Feature:Security/Session Management","backport:prev-minor"],"title":"[Session Management] Fix session index creation and update","number":208244,"url":"https://github.com/elastic/kibana/pull/208244","mergeCommit":{"message":"[Session Management] Fix session index creation and update (#208244)\n\nCloses https://github.com/elastic/kibana/issues/208243\r\n\r\n## Summary\r\n\r\n[This PR](#204097) introduced an\r\nunintended issue for users running 8.x with a 7.x archive. This has been\r\nfixed by correctly searching for existing index by both name and alias.\r\n\r\n\r\n### To test:\r\nYou can follow the same steps as the above PR:\r\nhttps://github.com//pull/204097\r\n\r\n### Checklist\r\n\r\nCheck the PR satisfies following conditions. \r\n\r\nReviewers should verify this PR satisfies this list as well.\r\n\r\n- [ ] Any text added follows [EUI's writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\r\nsentence case text and includes [i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\r\n- [ ]\r\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\r\nwas added for features that require explanation or tutorials\r\n- [ ] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios\r\n- [ ] If a plugin configuration key changed, check if it needs to be\r\nallowlisted in the cloud and added to the [docker\r\nlist](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)\r\n- [ ] This was checked for breaking HTTP API changes, and any breaking\r\nchanges have been approved by the breaking-change committee. The\r\n`release_note:breaking` label should be applied in these situations.\r\n- [ ] [Flaky Test\r\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\r\nused on any tests changed\r\n- [ ] The PR description includes the appropriate Release Notes section,\r\nand the correct `release_note:*` label is applied per the\r\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\r\n\r\n### Identify risks\r\n\r\nDoes this PR introduce any risks? For example, consider risks like hard\r\nto test bugs, performance regression, potential of data loss.\r\n\r\nDescribe the risk, its severity, and mitigation for each identified\r\nrisk. Invite stakeholders and evaluate how to proceed before merging.\r\n\r\n- [ ] [See some risk\r\nexamples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx)\r\n- [ ] ...","sha":"449ac985723f561d7dc02303c194fc21c7e2cb02"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/208244","number":208244,"mergeCommit":{"message":"[Session Management] Fix session index creation and update (#208244)\n\nCloses https://github.com/elastic/kibana/issues/208243\r\n\r\n## Summary\r\n\r\n[This PR](#204097) introduced an\r\nunintended issue for users running 8.x with a 7.x archive. This has been\r\nfixed by correctly searching for existing index by both name and alias.\r\n\r\n\r\n### To test:\r\nYou can follow the same steps as the above PR:\r\nhttps://github.com//pull/204097\r\n\r\n### Checklist\r\n\r\nCheck the PR satisfies following conditions. \r\n\r\nReviewers should verify this PR satisfies this list as well.\r\n\r\n- [ ] Any text added follows [EUI's writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\r\nsentence case text and includes [i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\r\n- [ ]\r\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\r\nwas added for features that require explanation or tutorials\r\n- [ ] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios\r\n- [ ] If a plugin configuration key changed, check if it needs to be\r\nallowlisted in the cloud and added to the [docker\r\nlist](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)\r\n- [ ] This was checked for breaking HTTP API changes, and any breaking\r\nchanges have been approved by the breaking-change committee. The\r\n`release_note:breaking` label should be applied in these situations.\r\n- [ ] [Flaky Test\r\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\r\nused on any tests changed\r\n- [ ] The PR description includes the appropriate Release Notes section,\r\nand the correct `release_note:*` label is applied per the\r\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\r\n\r\n### Identify risks\r\n\r\nDoes this PR introduce any risks? For example, consider risks like hard\r\nto test bugs, performance regression, potential of data loss.\r\n\r\nDescribe the risk, its severity, and mitigation for each identified\r\nrisk. Invite stakeholders and evaluate how to proceed before merging.\r\n\r\n- [ ] [See some risk\r\nexamples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx)\r\n- [ ] ...","sha":"449ac985723f561d7dc02303c194fc21c7e2cb02"}}]}] BACKPORT--> Co-authored-by: Sid <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Closes #200603
Summary
Reindexes the Kibana Security session system index to the 8.x format to support 9.0 readiness.
Release note
Creates Kibana Security session index to only if the
kibana_security_session_1index or the reindexed version do not exist.Notes
How to test
For this test, you'll need at least 3 copies of Kibana cloned locally. One each on 7.17, 8.x and main - ensuring you've run
yarn kbn bootstrapon each of them.Step 0. Verify on the PR branch
yarn es snapshot --license=trialyarn start --no-base-pathThis indicates that there were no aliases/index present and the new index was created.
Step 1. On 7.17
yarn es snapshot --license=trial -E path.data=/tmp/esdataelasticuserStep 2. On 8.x
yarn es snapshot --license=trial -E path.data=/tmp/esdata<--- point to the same folder as the previous runcp -r /tmp/esdata /tmp/esdatabkpStep 3(OPTIONAL). On main (without the changes in this PR)
yarn es snapshot --license=trial -E path.data=/tmp/esdataStep 4. On 8.x
cp -r /tmp/esdatabkp /tmp/esdata2yarn es snapshot --license=trial -E path.data=/tmp/esdata2You should see the result as:
Step 5. On the branch of this PR
yarn es snapshot --license=trial -E path.data=/tmp/esdata2To show a result as:
This indicates that no new index was created and we are using the reindexed version from 8.x.
This confirms that the session was re-indexed correctly using the right aliases.
Checklist
Check the PR satisfies following conditions.
Reviewers should verify this PR satisfies this list as well.
release_note:*label is applied per the guidelinesIdentify risks
Does this PR introduce any risks? For example, consider risks like hard to test bugs, performance regression, potential of data loss.
Describe the risk, its severity, and mitigation for each identified risk. Invite stakeholders and evaluate how to proceed before merging.