Version 7.13 broke compatibility with 7.10 or earlier open source distributions of Elasticsearch [1]. To point at the elephant, 7.13 doesn't connect to AWS ElasticSearch any more. This is a breaking change on a minor version with no warning to users, not even the standard message in UPDATING as far as I can tell. Not nice. That means that some users of quarterly pkgs will soon find that beats7 isn't working any more with no documented workaround and no warning. Are there any plans to mitigate this? [1] https://www.elastic.co/guide/en/beats/libbeat/current/breaking-changes-7.13.html#breaking-changes-7.13
^Triage: Request feedback from committer of ports afd8461bb @Reporter Have you seen reports, conversations, issues, or other references online with respect to what the community may be doing, or have already done with respect to this change? That might help identify possible / appropriate options for us.
(In reply to Kubilay Kocak from comment #1) Yes, I can add more details, but I can't yet confirm the workaround works. Pretty sure it does. Basically we downgraded to beats 7.10. The error that shows up in logs is this: ERROR [publisher_pipeline_output] pipeline/output.go:154 Failed to connect to backoff(elasticsearch(https://my.elasticsearch.url:443)): Connection marked as failed because the onConnect callback failed: could not connect to a compatible version of Elasticsearch: unauthorized access, could not connect to the xpack endpoint, verify your credentials The pull request that broke it is: https://github.com/elastic/beats/pull/25351/files This other pull request that would have restored functionality was rejected: https://github.com/elastic/beats/pull/26305 (I don't know what the code does or if it works as intended) My workaround is to downgrade to 7.10, which is thankfully still available in quarterly repo, then lock the package: sudo service filebeat stop sudo pkg remove beats7 fetch https://pkg.freebsd.org/FreeBSD:12:amd/quarterly/All/beats7-7.10.1.txz sudo pkg install -y beats7-7.10.1.txz sudo pkg lock -y beats7-7.10.1 I guess one way forward would be to provide a 'beats7-oss' package or similar which would only be upgraded after beats7 is (inevitably) forked to be patched to work with non-Elastic distributions of ES.
(In reply to bgdnlp from comment #2) Looks like I can't edit my comment. The link to the package in quarterly is wrong. For x64 it's, of course, https://pkg.freebsd.org/FreeBSD:12:amd64/quarterly/All/beats7-7.10.1.txz
I will update the ports to 7.13.4 in my WIP area, then you can test them (as I don't have any access to AWS elasticsearch) so they can be committed.
If it helps I can provide a small 1-node cluster for testing for a week or two. Public access, completely open. Something like 2 CPU, 4 GB RAM, 20 GB disk. Should be enough, right? It would probably take me a couple of days to have it up and running. If that would be useful I just need a private point of contact to send access details to when ready, like an email or something.
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=4d2b3e8552d27330a6732a9a7ae67be27d1a0c61 commit 4d2b3e8552d27330a6732a9a7ae67be27d1a0c61 Author: Juraj Lutter <otis@FreeBSD.org> AuthorDate: 2021-08-05 15:59:34 +0000 Commit: Juraj Lutter <otis@FreeBSD.org> CommitDate: 2021-08-05 16:00:17 +0000 UPDATING: Document sysutils/beats7 breaking change Reported by: bgdnlp <freebsd.org@neant.ro> PR: 257309 UPDATING | 17 +++++++++++++++++ 1 file changed, 17 insertions(+)
We now have OpenSearch in ports so I can make a progress on this.
Per https://opensearch.org/docs/latest/clients/agents-and-ingestion-tools/index/ the latest beats 7.17.x are supported (they are already in ports).