Skip to content

[patch/serverless-fix] More reliable trigger for security index migration (#139028)#139040

Merged
elasticsearchmachine merged 1 commit intoelastic:patch/serverless-fixfrom
jfreden:backport/fix/always-trigger-security-migration
Dec 4, 2025
Merged

[patch/serverless-fix] More reliable trigger for security index migration (#139028)#139040
elasticsearchmachine merged 1 commit intoelastic:patch/serverless-fixfrom
jfreden:backport/fix/always-trigger-security-migration

Conversation

@jfreden
Copy link
Contributor

@jfreden jfreden commented Dec 4, 2025

Backports the following commits to patch/serverless-fix:
@tvernum @jfreden
More reliable trigger for security index migration (elastic#139028)
685eae6 
We always want to trigger an index migration if one is required.

However, we previously would only do that if we detected a change to
the state of the security index on the master node.
But a rolling upgrade might not cause a detectable change in index
state - for example, in a cluster with dedicated masters nodes, if
those nodes were upgraded last, then all index relocation would happen
before the masters knew about the new migration (so they couldn't
trigger it) and once the masters were upgraded they would detect that
nothing had changed so never send a "security index changed" event and
never trigger the migration task.

Now, we say that if a security index exists, and it requires migration
then it also triggers a change event
@elasticsearchmachine elasticsearchmachine added serverless-linked Added by automation, don't add manually needs:triage Requires assignment of a team area label labels Dec 4, 2025
@jfreden jfreden added :Security/Security Security issues without another label and removed needs:triage Requires assignment of a team area label labels Dec 4, 2025
@elasticsearchmachine elasticsearchmachine added the Team:Security Meta label for security team label Dec 4, 2025
@elasticsearchmachine
Copy link
Collaborator

elasticsearchmachine commented Dec 4, 2025

Pinging @elastic/es-security (Team:Security)
@jfreden jfreden added backport auto-merge-without-approval Automatically merge pull request when CI checks pass (NB doesn't wait for reviews!) labels Dec 4, 2025
@elasticsearchmachine elasticsearchmachine merged commit 81c1004 into elastic:patch/serverless-fix Dec 4, 2025
35 checks passed
@jfreden jfreden deleted the backport/fix/always-trigger-security-migration branch December 4, 2025 10:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

auto-merge-without-approval Automatically merge pull request when CI checks pass (NB doesn't wait for reviews!) backport :Security/Security Security issues without another label serverless-linked Added by automation, don't add manually Team:Security Meta label for security team

3 participants

@jfreden @elasticsearchmachine @tvernum