The documentation states how to upgrade from existing installations, but how do we migrate from ES 7.10.2/sg7 to Opensearch1.0.0/sgtp ? Should we first upgrade searchguard, and then migrate to Opensearch?
In the sgctl migrate-config help text it is stated in step 1 to “Update the Search Guard plugin for Elasticsearch on all nodes of your cluster”. It is however not stated to restart all nodes. Is that necessary ?
[EDIT] On the last point apparently it’s not possible to upgrade SG first, as it requires ES 7.14.1. We stayed at 7.10.2 to be sure to not run into issues once we would switch to opensearch
[EDIT] I installed opensearch 1.0.1 and sg plugin, and now I get the following error on startup : [2021-09-23T16:57:17,988][ERROR][o.o.b.OpenSearchUncaughtExceptionHandler] [foo] uncaught exception in thread [main] org.opensearch.bootstrap.StartupException: java.lang.IllegalArgumentException: Cannot have more than one plugin implementing a REST wrapper
It should be possible to migrate to OpenSearch and the new Search Guard version at the same time. The Search Guard version for OS will also work with the old configuration.
Yes, that is necessary.
We will later also provide Search Guard tech preview versions for 7.10.2.
However, the migration should be possible to run from any version. The process will be:
Update Search Guard (and optionally ES or migrate to OS at the same time)
Search Guard runs with the old-style configuration
Update the Search Guard configuration
Still, please keep in mind that the tech preview is not intended for production systems.
Yes. It should also work with the non-min version if you delete opensearch-security directory from the plugins directory.
Thanks for your quick reply.
About the last point : we did disable the OS security plugin in the config, to no avail. Maybe another plugin was interfering.
What kind of configuration did you use to disable the OS security plugin?
I just tested installing Search Guard in the non-min OS versions after having removed the OpenSearch security plugin directories. So, for OpenSearch, you need to do rm -r plugins/opensearch-security and for Dashboards, you need to do rm -r plugins/securityDashboards. (Using bin/opensearch-dashboards-plugin remove securityDashboards should also work)
Thanks a lot. I succesfully installed the tp2 on one of the nodes, I now have a mixed environment with es 7.10.2, os 1.0.0 tp1 and tp2 and they all happily interoperate: