Long Term Supported Elastic Versions

[Rhys Evans]

Hi

What are the thoughts around LTS versions, by this I am talking about supported elastic stack version

Ie pinning a version as legacy supported so that new versions of Wazuh can be deployed against this version?

The issue is that I suspect there are a number of users/companies that cannot upgrade to Wazuh 3.9.1 (pick any version) , due to other dependencies in their elastic stack.

Some examples with Wazuh 3.9.1  (at the time of writing)

Searchguard doesn't support Kibana 6.8/7.1, Elastic 6.8 or 7.1  (I take note that Searchguard can be replaced with the basic  subscription now, but not if LDAP integrated etc) 

Elastalert Kibana plugin doesn't support Kibana 6.8/7.1 - (https://github.com/bitsensor/elastalert-kibana-plugin)

etc etc

Also not all Wazuh instances have dedicated elastic clusters, so the dependency requirements increase 

At what point will Wazuh only support Elastic 7.x?

The update of Wazuh should not trigger a wholesale elastic stack upgrade at each point release, index pattern updates fine, logstash filters fine. 

The definition of LTS , is up for debate and could be something like 12 months

I think you would maybe end up maintaining 3 versions at most, if you did some thing like ES6.8.x , ES7.1.x and ES7.x.x (above 7.1) (version numbers again up for debate)

Thoughts ?

Thanks

[Jesús Ángel González]

Hi Rhys,

I agree with you, we should keep compatible our product with more than one version of the Elastic stack. However, there are a lot of changes in every Elastic stack release they do.
We try to keep at least two versions of the Elastic stack under active development.

It is certainly an open debate and one of which we are aware of.

Also, with the Elastic stack 7.x, we are planning to keep some time the development for 6.x and 7.x at the same time because we know not always
is easy to upgrade an Elasticsearch cluster. This means that the current Wazuh version (3.9.x) will be maintained at least for 6.8 and 7.1.

• If Wazuh releases a new version, for example, 3.10.0, it will be adapted to 6.8 and 7.1 too.
• If the Elastic stack releases a new version, for example, 7.2.0, Wazuh will try to be compatible at least with 6.8 and 7.2.0.

It’s expected to have at least two Elastic versions for a certain Wazuh version. It depends on how fast they release a new Elastic and how fast we release a new Wazuh version.

We have no LTS so far, but it’s something we hope in the long-term. Both Elastic and Wazuh as well make fast releases which make it hard to maintain but as I said,
we’ll try to keep the latest Elastic 6.x and the lastest Elastic 7.x compatible.

Best regards,
Jesús

​

[Rhys Evans]

Hi

Thanks for the reply, the method proposed would still mean upgrades (even if it is point ie 6.8.1 to 6.8.2) to the elastic stack with potentially each Wazuh release. Which could lead to dependency issue with other apps running within the elastic cluster.

But great to hear this is being discussed internally / externally and that both 6.x and 7.x will be supported for the forseable

Thanks

--
You received this message because you are subscribed to a topic in the Google Groups "Wazuh mailing list" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/wazuh/vphCTGE9KPY/unsubscribe.
To unsubscribe from this group and all its topics, send an email to wazuh+un...@googlegroups.com.
To post to this group, send email to wa...@googlegroups.com.
Visit this group at https://groups.google.com/group/wazuh.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/6feb33b5-0d84-4040-9948-2d2e565a93f9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.