Skip to content

DEICH-6154 update ES to avoid log4j RCE

Torstein requested to merge DEICH-6154-upgrade-es into master

There are breaking changes, but none seem to hit Deichman's usage. The changes in the config is to avoid warnings. The discovery-type is a security measure.

The code was tested locally and a full reindexing was done with good results.

  • Search and autocomplete was done in prod and locally on ~same data and gave the ~same results (prod index is likely slightly out of sync)
  • There are slight differences in ordering on automcomplete (can be because of difference in underlying data which affects ranking)

As a part of the release, me and Petter have discussed doing a "clean slate" reindexing to try to get the production index in sync. This means that we can safely deploy this code, but we should do reindexing the same evening. NOTE: this procedure should be done in the test environment first!

  • Notify about potential issues with search to operations and on Workplace
  • Stop Sibyl and Elasticsearch
  • TRUNCATE sibyl.index_docs and TRUNCATE sibyl.koha_cache in Sibyl's DB
  • Optional: consider deleting the elasticsearch volume (docker volume rm deichman_elasticsearch_data)
  • Bring up ES check logs, if ok, bring up Sibyl
  • Wait for Koha-cache to be updated in Sibyl (takes a few minutes)
  • Start full reindexing
  • Wait... :)

Closes DEICH-6154

Edited by Torstein

Merge request reports