SonarQube is bundled with Elasticsearch 6.8 since 7.X LTS.
Elasticsearch 7.0 was released on April 10 of 2019. SonarQube LTS was released in July 2019.
As of today, the latest release of Elasticsearch is 7.9.2 (released on September 24, 2020).
According to this page, Elasticsearch 6.8.X will be EOL in November 2020 and maintained until the release of ElasticSearch 8.0.0.
Next LTS of SonarQube is planned for January 2021.
There is no way to know today whether Elasticsearch 8.X will be available and stable enough to be included in the next LTS of SonarQube, but for sure, we will have to upgrade to 7.X.
Since with Elasticsearch most changes of a given version come with its first milestone, the sooner we upgrade to 7.X the better. It will both give us more visibility and feedback on the impacts and give us time to leverage new features to improve SonarQube.
Since 7.0.0 Elastic offers what they call "The pure Apache 2.0 licensed distribution". It seems this is basically Elasticsearch without any of the paid feature.
Packaging Elasticsearch into SQ means unpacking the official zip into the sonar-enterprise repository and exclude, at packaging time, any of the files we don't use nor need .
(this way of doing makes it explicite what we don't ship, way better than not committing the files, and makes upgrading Elasticsearch files super easy – just replace the old directory with the one from the new archive)
We exclude all paying feature from Elastic which we exclude anyway. So, we will save on:
- size of the sonar-enterprise repository
- code to exclude the paying features
Starting with 7.0, there won't be any way to disable HTTP port opened by ElasticSearch (it's been announced for several versions).
On the other hand, when running on a single node, there is no need to open a TCP port. TCP port is required only for ES Cluster for communication between nodes.
- port 9001 is used for HTTP communication with Elasticsearch
- port 9002 is used for TCP transport with Elasticsearch and new property will be used `sonar.es.port`
- existing property "sonar.search.port" is used to set the HTTP port and default value is unchanged (9001)
- property "sonar.search.httpPort" is not supported anymore and removed
- HTTP port is bound to localhost by default, otherwise can be changed by existing property "sonar.search.host"
- TCP port is useless, is bound to loopback and can't be changed
We have two goals in mind:
- the cluster related properties must be easy to understand and document => there are 3 networks to configure and the properties' names should reflect that
- the network of APP node (implemented with Hazelcast under the hood)
- the network from APP nodes to SEARCH nodes, referred to as "search"
- the network of ES nodes (implemented as binary transport protocol), referred to as "es"
- we want migration path from previous DCE installation to be smooth => the changes of properties will impact only SEARCH nodes and ops will be forced to changed only the configuration of SEARCH nodes
- port 9001 will be used for HTTP communication with ElasticSearch from the APP nodes (the "search" network)
- "sonar.search.host" and "sonar.search.httpPort" properties
- are ignored on APP nodes
- cause failure at startup if defined on SEARCH nodes
- are replaced by new properties on SEARCH nodes
- "sonar.cluster.node.search.host" (default value "localhost")
- "sonar.cluster.node.search.port" (default value "9001")
- "sonar.cluster.search.hosts" causes failure on SEARCH nodes when specified
- (no change on APP nodes)
- new properties are added on SEARCH nodes to configure the "es" network
- mandatory (and no default value)
- sanity check: either no host has a port or all of them have one. Mix of hosts with and without port should cause a failure at startup
- "sonar.cluster.node.es.host" (default value: localhost)
- "sonar.cluster.node.es.port" (default value: 9002)
All the cluster properties changes and non changes are gathered in a syntetic form in this sheet.
Elastic announced that TCP Transport client (used today by SQ to query ES over TCP) is deprecated and will be dropped in ES 8.X.
The replacement, the high-level REST client for Java, is ready with the release of 7.0.0.
SQ should now use HTTP to query ElasticSearch.
: it allows to open only one port for ElasticSearch on non-DCE editions and reuse 9001, which will only make updates smoother.
No specific action is taken to secure the HTTP port of ElasticSearch, except binding on localhost on non-DCE editions:
- that's how TCP port is "secured" today
- securing all SQ ports will be specific effort
No impact is expected on Docker images as communication between SQ and ES happens inside the container.
For migration to 6.X, all the upgrade and migration notes have been compiled into a Google Sheet to track which where irrelevant, to do, done, etc.
The small Java program which parses the Elasticsearch Upgrade and migration notes to generate that Google sheet has been updated for 7.4. Source code is available in this GIST and a sheet from it's output if visible here.
Since 7.0, ES logs in json files on top of text files. Since SQ defines it's own logging configuration for ES, we are not affected by this change.
ES 7.0 drops support for Ubuntu 14.04.
transitively, this means SonarQube can't support Ubuntu 14.04, doesn't it?
ES 7.4 restores support for Java 11 and Java 13 (added in 6.8 but lost with 7.0, 7.1, 7.2 and 7.3), drops supports for Java 12 (provided by 7.0, 7.1, 7.2 and 7.3)
As usual, there won't be any migration of the indices. All indices from 6.8 will be dropped and new indices with 7.X will be created.
The usual implementation of this is to rename ES data directory from es-6 to es-7.
Note: Elastic provides documentation on the migration (see here) and indicates that, eg., migration from 6.8 to 7.0 is not supported (but 6.8 to 7.4)
ES 7.2 introduces native support for type ahead search. SQ provides such feature in global search (and maybe other places).
See here for more detailed info what problems should be fixed with these release.
Upgrade Elasticsearch binaries to 7.9.3.
Update docs that we don't support Ubuntu 14.04.
Turn on deprecation logging on feature branch to track if something deprecated is used
JSON Logging can be disabled by changing the log layout as seen here
- DCE requires new configuration of the SEARCH nodes
- any editions: search port is now used for HTTP traffic
- "sonar.search.httpPort" property is now ignored
- doc advice users to create conf once and duplicate 5 times" => this might need to be changed
- explain the 3 networks
- explain the new properties on SEARCH nodes
- explain the now illegal properties on SEARCH nodes
- update the sample configurations
Other documentation improvements
- explain the network protocol used for SQ ports (it's TCP everywhere)
- raise awareness about securing SonarQube (next to setting controlling SQ TCP/HTTP ports?)
- non-DCE editions: SQ binds by default to loopback address - advice to secure the access to these ports when changing that
- DCE edition: advise to allow external access only to SQ nodes