-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Fleet] Import settings component templates from Elasticsearch #163141
Comments
Pinging @elastic/fleet (Team:Fleet) |
Hey @joshdover what do you think about this proposal? Any concerns? Do you think this is something we could contribute from the observability team? |
Now that elastic/elasticsearch#97602 is merged, we should import that component template for TSDB data streams. This will bring an important performance improvement of using |
@dakrone one challenge that we've identified is whether Fleet can actually rely on these assets to be always available. For example, users could set |
Plan is to keep the
I was hoping that disabling this setting already broke Fleet due to the built in ILM policies not being present, but this seems to be tolerant to non-existent ILM policies. Only way we can handle this scenario in a non-breaking way would be to populate the Another question what should we do for |
We could also use |
I thought about that but it will change the codec and may be considered breaking? |
I guess strictly speaking yes but I'd assume that most users that set While a change in codec can be unexpected and lead to higher disk usage, it can be mitigated easily (by manually creating that component template) and usually doesn't immediately break stuff. |
FYI the implementation in the draft PR will use |
Thanks for digging up the history. I agree this helps improve the situation, though I'm not sure if we can rely on users only using this option only for that reason. Even though the mitigation is straightforward, it may not be obvious why this started happening in the first place. All this said, these kind of change seems in line with the changes we've been making to index templates recently. I just don't want to put undue pain on users here - see the recent breakages caused by TSDB rollout. |
What sort of mitigation do we have if the user has the stack templates disabled? Should Fleet refuse to install further templates/integrations if it wants to rely on the stack-installed ones? |
Another option would be to change the semantics of There's one slight risk though: users that have set |
+1 on that idea, @felixbarny. @dakrone does that make sense to you? |
It's not only that, in the past the setting was introduced because a user had a pre-existing template with the same ID, and the stack ones would overwrite it on upgrade. |
@dakrone would you agree that the new naming convention (elastic/elasticsearch#98535) mitigates that issue? |
@felixbarny we discussed this a bit today in our meeting and discussed a potential path forward. We'd be able to do this for the newly renamed component templates, and not for the older names. We'll also need to document the naming scheme for these templates. |
Yeah, that's what I had in mind.
++ makes sense Seems like we have a path forward 🙂 |
I think this means we shouldn't move forward with the Fleet change until we have the new template names implemented in elastic/elasticsearch#98535. Any estimate on this change? |
Yes, it's a dependency. No estimate on this change yet, but it will probably include the creation of a new stack index template registry as part of it. I will add a comment in elastic/elasticsearch#98535 with what we think will be included. Feel free to provide feedback |
If I remember correctly when we introduced In addition, I suggest we deprecate the flag. Users using it will get a deprecation warning and hopefully that encourages them to move away from the flag. If and when we remove the flag completely is a separate discussion. In general, any user using Observability or Security should never use the flag. |
@joshdover would Fleet roll over the data stream if there are changes in the stack component templates? |
No this is not currently handled by Fleet. Fleet will only attempt to rollover data streams when integrations are modified. I don't think Fleet should handle this and it's better handled by Elasticsearch itself. |
Agree: elastic/elasticsearch#75031 |
## Summary Fixes #163141 Fixes #160288 Blocked by: - elastic/elasticsearch#98535 This switches where integrations installed by EPM get their default index settings from to use the [source-of-truth component templates supplied by Elasticsearch](https://github.com/elastic/elasticsearch/tree/main/x-pack/plugin/core/template-resources/src/main/resources). This will help ensure that data streams configured by EPM always get the same defaults as data streams the user creates using the default `logs-*-*` and `metrics-*-*` templates. For now, no default mappings are sourced from Elasticsearch. As part of this change the template format version was incremented to force EPM to reinstall all templates and rollover data streams on the Stack upgrade to the version including this change. ### Checklist Delete any items that are not applicable to this PR. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios --------- Co-authored-by: kibanamachine <[email protected]>
…63731) ## Summary Fixes elastic#163141 Fixes elastic#160288 Blocked by: - elastic/elasticsearch#98535 This switches where integrations installed by EPM get their default index settings from to use the [source-of-truth component templates supplied by Elasticsearch](https://github.com/elastic/elasticsearch/tree/main/x-pack/plugin/core/template-resources/src/main/resources). This will help ensure that data streams configured by EPM always get the same defaults as data streams the user creates using the default `logs-*-*` and `metrics-*-*` templates. For now, no default mappings are sourced from Elasticsearch. As part of this change the template format version was incremented to force EPM to reinstall all templates and rollover data streams on the Stack upgrade to the version including this change. ### Checklist Delete any items that are not applicable to this PR. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios --------- Co-authored-by: kibanamachine <[email protected]>
Currently, fleet is creating its own settings that are decoupled from any components that ship with Elasticsearch by default.
kibana/x-pack/plugins/fleet/server/services/epm/elasticsearch/template/default_settings.ts
Lines 67 to 96 in 62d75ad
These settings are largely similar to the settings component templates that Elasticsearch ships with. For example: https://github.com/elastic/elasticsearch/blob/main/x-pack/plugin/core/template-resources/src/main/resources/logs-settings.json
This makes it difficult to get a unified behavior for Fleet-managed data streams and data streams that are created via the index templates that are built into Elasticsearch.
As there's no single source of truth, changes have to be made both in Fleet and Elasticsearch. For example #157184 and elastic/elasticsearch#95329. We're planning to make similar changes to set
subobjects: false
anddynamic: until_limit
that need to be implemented both in Elasticsearch and in Fleet.Also, we want to have different settings for TSDB metric data streams compared to non-TSDB metric data streams. The PR elastic/elasticsearch#97602 creates a dedicated settings component template for TSDB data streams. While we could replicate the same in Fleet, I think it's preferable to have a single source of truth for these.
One challenge with that approach is that when changing these files in Elasticsearch, we need to consider that this has consequences for all integrations that are managed by Fleet. We could solve this by adding a codeowners entry for these settings files to request a review from the ingest team and/or from solution teams that are building integrations.
The text was updated successfully, but these errors were encountered: