13.3.3 rpm not available via Yum #796

quad2524 · 2021-12-14T17:30:57Z

Did a yum update, fresh box following the rpm instructions, and repo list and not seeing 13.3.3 available

edit: Also building rpm from source is building it as 1.13.2

# yum repo-pkgs opendistroforelasticsearch-artifacts-repo list
Loaded plugins: fastestmirror, versionlock
Loading mirror speeds from cached hostfile
 * base: mirrors.xmission.com
 * epel: mirror.team-cymru.com
 * extras: mirror.den01.meanservers.net
 * updates: ftpmirror.your.org
Installed Packages
opendistro-alerting.noarch                         1.13.1.0-1            @opendistroforelasticsearch-artifacts-repo
opendistro-anomaly-detection.noarch                1.13.0.0-1            @opendistroforelasticsearch-artifacts-repo
opendistro-asynchronous-search.noarch              1.13.0.1-1            @opendistroforelasticsearch-artifacts-repo
opendistro-index-management.noarch                 1.13.2.0-1            @opendistroforelasticsearch-artifacts-repo
opendistro-job-scheduler.noarch                    1.13.0.0-1            @opendistroforelasticsearch-artifacts-repo
opendistro-knn.noarch                              1.13.0.0-1            @opendistroforelasticsearch-artifacts-repo
opendistro-knnlib.x86_64                           1.13.0.0-1            @opendistroforelasticsearch-artifacts-repo
opendistro-performance-analyzer.noarch             1.13.0.0-1            @opendistroforelasticsearch-artifacts-repo
opendistro-reports-scheduler.noarch                1.13.0.0-1            @opendistroforelasticsearch-artifacts-repo
opendistro-security.noarch                         1.13.1.0-1            @opendistroforelasticsearch-artifacts-repo
opendistro-sql.noarch                              1.13.2.0-1            @opendistroforelasticsearch-artifacts-repo
opendistroforelasticsearch.x86_64                  1.13.2-1              @opendistroforelasticsearch-artifacts-repo
Available Packages
opendistro-anomaly-detector.noarch                 1.7.0.0-1             opendistroforelasticsearch-artifacts-repo 
opendistroforelasticsearch.noarch                  1.12.0-1              opendistroforelasticsearch-artifacts-repo 
opendistroforelasticsearch-kibana.x86_64           1.13.2-1              opendistroforelasticsearch-artifacts-repo

# sudo yum list opendistroforelasticsearch --showduplicates
Loaded plugins: fastestmirror, versionlock
Loading mirror speeds from cached hostfile
 * base: mirror.team-cymru.com
 * epel: mirror.genesisadaptive.com
 * extras: mirror.compevo.com
 * updates: mirror.compevo.com
Installed Packages
opendistroforelasticsearch.x86_64                1.13.2-1                @opendistroforelasticsearch-artifacts-repo
Available Packages
opendistroforelasticsearch.noarch                0.7.0-1                 opendistroforelasticsearch-artifacts-repo 
opendistroforelasticsearch.noarch                0.7.1-1                 opendistroforelasticsearch-artifacts-repo 
opendistroforelasticsearch.noarch                0.8.0-1                 opendistroforelasticsearch-artifacts-repo 
opendistroforelasticsearch.noarch                0.9.0-1                 opendistroforelasticsearch-artifacts-repo 
opendistroforelasticsearch.noarch                0.10.0-1                opendistroforelasticsearch-artifacts-repo 
opendistroforelasticsearch.noarch                1.0.0-1                 opendistroforelasticsearch-artifacts-repo 
opendistroforelasticsearch.noarch                1.0.1-1                 opendistroforelasticsearch-artifacts-repo 
opendistroforelasticsearch.noarch                1.0.2-1                 opendistroforelasticsearch-artifacts-repo 
opendistroforelasticsearch.noarch                1.1.0-1                 opendistroforelasticsearch-artifacts-repo 
opendistroforelasticsearch.noarch                1.2.0-1                 opendistroforelasticsearch-artifacts-repo 
opendistroforelasticsearch.noarch                1.2.1-1                 opendistroforelasticsearch-artifacts-repo 
opendistroforelasticsearch.noarch                1.3.0-1                 opendistroforelasticsearch-artifacts-repo 
opendistroforelasticsearch.noarch                1.4.0-1                 opendistroforelasticsearch-artifacts-repo 
opendistroforelasticsearch.noarch                1.6.0-1                 opendistroforelasticsearch-artifacts-repo 
opendistroforelasticsearch.noarch                1.7.0-1                 opendistroforelasticsearch-artifacts-repo 
opendistroforelasticsearch.noarch                1.8.0-1                 opendistroforelasticsearch-artifacts-repo 
opendistroforelasticsearch.noarch                1.9.0-1                 opendistroforelasticsearch-artifacts-repo 
opendistroforelasticsearch.noarch                1.10.1-1                opendistroforelasticsearch-artifacts-repo 
opendistroforelasticsearch.noarch                1.11.0-1                opendistroforelasticsearch-artifacts-repo 
opendistroforelasticsearch.noarch                1.12.0-1                opendistroforelasticsearch-artifacts-repo 
opendistroforelasticsearch.x86_64                1.13.0-1                opendistroforelasticsearch-artifacts-repo 
opendistroforelasticsearch.x86_64                1.13.1-1                opendistroforelasticsearch-artifacts-repo 
opendistroforelasticsearch.x86_64                1.13.2-1                opendistroforelasticsearch-artifacts-repo

The text was updated successfully, but these errors were encountered:

jasonrojas · 2021-12-14T19:00:27Z

I tried the tarball upgrade and my test node will not stay connected to the cluster even when the proper configs are in place. Are there any plans for a RPM package?

ravenbyron · 2021-12-14T20:57:24Z

can we get some eyes on this, I would love to update my cluster...

vinaykumar4s · 2021-12-16T05:42:39Z

I am facing same issue.. 1.13.3 is not available for RPM .

vinaykumar4s · 2021-12-16T06:48:05Z

i have manually updated all log4j jars to version 2.16.0 ... i see cluster started with out issues .. below is the location of jars ..
./lib/log4j-api-2.11.1.jar
./lib/log4j-core-2.11.1.jar
./plugins/opendistro_performance_analyzer/performance-analyzer-rca/lib/log4j-api-2.13.0.jar
./plugins/opendistro_performance_analyzer/performance-analyzer-rca/lib/log4j-core-2.13.0.jar
./plugins/opendistro_security/log4j-slf4j-impl-2.11.1.jar
./performance-analyzer-rca/lib/log4j-api-2.13.0.jar
./performance-analyzer-rca/lib/log4j-core-2.13.0.jar

gtiosso-catho · 2021-12-22T13:26:37Z

I am facing same issue with Kibana.
1.13.3 is not available for RPM.

yum --showduplicates list opendistroforelasticsearch-kibana.x86_64 Loaded plugins: extras_suggestions, langpacks, priorities, update-motd Installed Packages opendistroforelasticsearch-kibana.x86_64 1.13.2-1 @opendistroforelasticsearch-artifacts-repo Available Packages opendistroforelasticsearch-kibana.x86_64 0.7.0-1 opendistroforelasticsearch-artifacts-repo opendistroforelasticsearch-kibana.x86_64 0.7.1-1 opendistroforelasticsearch-artifacts-repo opendistroforelasticsearch-kibana.x86_64 0.8.0-1 opendistroforelasticsearch-artifacts-repo opendistroforelasticsearch-kibana.x86_64 0.9.0-1 opendistroforelasticsearch-artifacts-repo opendistroforelasticsearch-kibana.x86_64 0.10.0-1 opendistroforelasticsearch-artifacts-repo opendistroforelasticsearch-kibana.x86_64 1.0.0-1 opendistroforelasticsearch-artifacts-repo opendistroforelasticsearch-kibana.x86_64 1.0.1-1 opendistroforelasticsearch-artifacts-repo opendistroforelasticsearch-kibana.x86_64 1.0.2-1 opendistroforelasticsearch-artifacts-repo opendistroforelasticsearch-kibana.x86_64 1.1.0-1 opendistroforelasticsearch-artifacts-repo opendistroforelasticsearch-kibana.x86_64 1.2.0-1 opendistroforelasticsearch-artifacts-repo opendistroforelasticsearch-kibana.x86_64 1.2.1-1 opendistroforelasticsearch-artifacts-repo opendistroforelasticsearch-kibana.x86_64 1.3.0-1 opendistroforelasticsearch-artifacts-repo opendistroforelasticsearch-kibana.x86_64 1.4.0-1 opendistroforelasticsearch-artifacts-repo opendistroforelasticsearch-kibana.x86_64 1.6.0-1 opendistroforelasticsearch-artifacts-repo opendistroforelasticsearch-kibana.x86_64 1.7.0-1 opendistroforelasticsearch-artifacts-repo opendistroforelasticsearch-kibana.x86_64 1.8.0-1 opendistroforelasticsearch-artifacts-repo opendistroforelasticsearch-kibana.x86_64 1.9.0-1 opendistroforelasticsearch-artifacts-repo opendistroforelasticsearch-kibana.x86_64 1.10.1-1 opendistroforelasticsearch-artifacts-repo opendistroforelasticsearch-kibana.x86_64 1.11.0-1 opendistroforelasticsearch-artifacts-repo opendistroforelasticsearch-kibana.x86_64 1.12.0-1 opendistroforelasticsearch-artifacts-repo opendistroforelasticsearch-kibana.x86_64 1.13.0-1 opendistroforelasticsearch-artifacts-repo opendistroforelasticsearch-kibana.x86_64 1.13.1-1 opendistroforelasticsearch-artifacts-repo opendistroforelasticsearch-kibana.x86_64 1.13.2-1 opendistroforelasticsearch-artifacts-repo

I am getting "Access Denied" when I try to download tarball with this link:
"https://d3g5vo6xdbdb9a.cloudfront.net/tarball/opendistroforelasticsearch-kibana/opendistroforelasticsearch-kibana-1.13.3-linux-x64.tar.gz"

warp3r · 2021-12-22T17:09:34Z

Same issue here, I guess this is a problem with cloudfront distribution's TTL.

[root@localhost ~]# sudo yum list opendistroforelasticsearch --showduplicates
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirror.gadix.com
 * extras: mirror.gadix.com
 * updates: mirror.gadix.com
Available Packages
opendistroforelasticsearch.noarch                               0.7.0-1                                opendistroforelasticsearch-artifacts-repo
opendistroforelasticsearch.noarch                               0.7.1-1                                opendistroforelasticsearch-artifacts-repo
opendistroforelasticsearch.noarch                               0.8.0-1                                opendistroforelasticsearch-artifacts-repo
opendistroforelasticsearch.noarch                               0.9.0-1                                opendistroforelasticsearch-artifacts-repo
opendistroforelasticsearch.noarch                               0.10.0-1                               opendistroforelasticsearch-artifacts-repo
opendistroforelasticsearch.noarch                               1.0.0-1                                opendistroforelasticsearch-artifacts-repo
opendistroforelasticsearch.noarch                               1.0.1-1                                opendistroforelasticsearch-artifacts-repo
opendistroforelasticsearch.noarch                               1.0.2-1                                opendistroforelasticsearch-artifacts-repo
opendistroforelasticsearch.noarch                               1.1.0-1                                opendistroforelasticsearch-artifacts-repo
opendistroforelasticsearch.noarch                               1.2.0-1                                opendistroforelasticsearch-artifacts-repo
opendistroforelasticsearch.noarch                               1.2.1-1                                opendistroforelasticsearch-artifacts-repo
opendistroforelasticsearch.noarch                               1.3.0-1                                opendistroforelasticsearch-artifacts-repo
opendistroforelasticsearch.noarch                               1.4.0-1                                opendistroforelasticsearch-artifacts-repo
opendistroforelasticsearch.noarch                               1.6.0-1                                opendistroforelasticsearch-artifacts-repo
opendistroforelasticsearch.noarch                               1.7.0-1                                opendistroforelasticsearch-artifacts-repo
opendistroforelasticsearch.noarch                               1.8.0-1                                opendistroforelasticsearch-artifacts-repo
opendistroforelasticsearch.noarch                               1.9.0-1                                opendistroforelasticsearch-artifacts-repo
opendistroforelasticsearch.noarch                               1.10.1-1                               opendistroforelasticsearch-artifacts-repo
opendistroforelasticsearch.noarch                               1.11.0-1                               opendistroforelasticsearch-artifacts-repo
opendistroforelasticsearch.noarch                               1.12.0-1                               opendistroforelasticsearch-artifacts-repo
opendistroforelasticsearch.x86_64                               1.13.0-1                               opendistroforelasticsearch-artifacts-repo
opendistroforelasticsearch.x86_64                               1.13.1-1                               opendistroforelasticsearch-artifacts-repo
opendistroforelasticsearch.x86_64                               1.13.2-1

It is a problem because of security (for sure) but also because documentation is pointing users to install 1.13.3 via yum, and it won't work.

jdratlif · 2021-12-22T18:26:22Z

Even when I downloaded the tar.gz for 1.13.3, the log4j versions were not updated in that. I'm not sure what's going on with the distribution, but we ended up doing things manually.

I made a bash script that updated our Elasticsearch and Logstash versions. I put up a github gist if anyone wants to look at it. Use at your own risk. It worked for me, but I make no guarantees for anyone else.

https://gist.github.com/jdratlif/46ac9070387d96cc8855a4cd775ad798

Jon-AtAWS · 2021-12-24T01:10:16Z

Thanks everyone for your patience. And thanks, @jdratlif for the script! We're aware of this issue and working on a plan. Hang tight, we'll update you on the plan after the holidays.

ravenbyron · 2022-01-07T19:17:31Z

@Jon-AtAWS Hate to be a bother but any timeline for the rpm fixes?

jcgraybill · 2022-01-07T19:42:47Z

Hi @ravenbyron , sorry we didn't close this out in this issue. We looked really hard at different ways to produce an Open Distro 1.13.3 RPM release, and the conclusion we came to is that it simply isn't possible. The Open Distro RPM releases were based on upstream RPM releases, and no upstream RPM release was produced that includes a fix. The Log4j dependency is in Elasticsearch itself.

The Log4j website describes several remediations cluster admins can perform today, and we've published guidance on the Open Distro website with links to resources to support migrating to OpenSearch, which is patched against the high-severity Log4J CVEs from the past several weeks.

quad2524 added the bug Something isn't working label Dec 14, 2021

ravenbyron mentioned this issue Dec 14, 2021

opendistroforelasticsearch yum repo not updated with 1.13.3 opendistro/for-elasticsearch-docs#515

Open

rafzei mentioned this issue Dec 20, 2021

Missing DEB packages for 1.13.3 version #800

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

13.3.3 rpm not available via Yum #796

13.3.3 rpm not available via Yum #796

quad2524 commented Dec 14, 2021 •

edited

Loading

jasonrojas commented Dec 14, 2021

ravenbyron commented Dec 14, 2021

vinaykumar4s commented Dec 16, 2021

vinaykumar4s commented Dec 16, 2021 •

edited

Loading

gtiosso-catho commented Dec 22, 2021 •

edited

Loading

warp3r commented Dec 22, 2021

jdratlif commented Dec 22, 2021

Jon-AtAWS commented Dec 24, 2021

ravenbyron commented Jan 7, 2022

jcgraybill commented Jan 7, 2022

13.3.3 rpm not available via Yum #796

13.3.3 rpm not available via Yum #796

Comments

quad2524 commented Dec 14, 2021 • edited Loading

jasonrojas commented Dec 14, 2021

ravenbyron commented Dec 14, 2021

vinaykumar4s commented Dec 16, 2021

vinaykumar4s commented Dec 16, 2021 • edited Loading

gtiosso-catho commented Dec 22, 2021 • edited Loading

warp3r commented Dec 22, 2021

jdratlif commented Dec 22, 2021

Jon-AtAWS commented Dec 24, 2021

ravenbyron commented Jan 7, 2022

jcgraybill commented Jan 7, 2022

quad2524 commented Dec 14, 2021 •

edited

Loading

vinaykumar4s commented Dec 16, 2021 •

edited

Loading

gtiosso-catho commented Dec 22, 2021 •

edited

Loading