Juju Charms Collection
elasticsearch package

Merge lp:~xfactor973/charms/trusty/elasticsearch/version_bump into lp:charms/trusty/elasticsearch

  1. Trusty Tahr (14.04)
  2. version_bump
  3. Merge into trunk
Proposed by Chris Holcombe
Status: Merged
Approved by: Michael Nelson
Approved revision: 44
Merged at revision: 39
Proposed branch: lp:~xfactor973/charms/trusty/elasticsearch/version_bump
Merge into: lp:charms/trusty/elasticsearch
Diff against target: 50 lines (+8/-3)
3 files modified
config.yaml (+6/-1)
metadata.yaml (+1/-1)
tasks/install-elasticsearch.yml (+1/-1)
To merge this branch: bzr merge lp:~xfactor973/charms/trusty/elasticsearch/version_bump
Reviewer Review Type Date Requested Status
Michael Nelson (community) Approve
charmers Pending
Review via email: mp+272853@code.launchpad.net

Commit message

Update default version to latest 1.7 stable release.
Add gpg-key-id option.

Description of the change

This update pushes elasticsearch to the latest 1.7 stable release.
Unfortunately there was a problem with the SSL cert for https://packages.elastic.co/GPG-KEY-elasticsearch. I had to disable the validate_cert field.

This update is required to run the latest stable version of Kibana which I plan on proposing for merger next.

To post a comment you must log in.
Revision history for this message
Michael Nelson (michael.nelson) wrote :

Hi Chris.

I'd only be keen to update the default values for repo/key if it works *without* disabling cert validation. Yes, disabling the cert validation allows it to install, but that shouldn't be the default.

So, as an alternative, if you added an apt-key-validate-certs option to the charm (describing why it's required - bad SSL cert), with a sane default - true, and left the other defaults as they are until the SSL cert is fixed, you could then deploy 1.7 by setting the apt-repository, apt-key-url and apt-key-validate-certs options right?

lp:~xfactor973/charms/trusty/elasticsearch/version_bump updated
41. By Chris Holcombe

The https and the http GPG key are identical

Revision history for this message
Chris Holcombe (xfactor973) wrote :

Hey Michael,

Yup I think that is a good option. The bad SSL cert is unfortunate. It turns out after a little downloading that the both of the GPG certs are identical. I can still add the apt-key-validate-certs option for future SSL problems that may crop up.

lp:~xfactor973/charms/trusty/elasticsearch/version_bump updated
42. By Chris Holcombe

Add an option to skip apt key validation. Also took care of a charm-proof nit about categories being changed to tags in the metadata.yaml

Revision history for this message
Michael Nelson (michael.nelson) wrote :

On Wed, Sep 30, 2015 at 8:56 AM Chris Holcombe <email address hidden>
wrote:

> Hey Michael,
>
> Yup I think that is a good option. The bad SSL cert is unfortunate. It
> turns out after a little downloading that the both of the GPG certs are
> identical. I can still add the apt-key-validate-certs option for future
> SSL problems that may crop up.
>

Sorry to be a pain, but I'm -1 on adding options for future just-in-case
scenarios. If the 1.7 install works with the current default key, would you
be OK if we just update your branch to land the updated default
apt-repository and categories->tags charm-proof nit?

lp:~xfactor973/charms/trusty/elasticsearch/version_bump updated
43. By Chris Holcombe

Removing the validate key config option

Revision history for this message
Chris Holcombe (xfactor973) wrote :

I think this should be all set now

lp:~xfactor973/charms/trusty/elasticsearch/version_bump updated
44. By Chris Holcombe

Added a gpg key id to avoid man in the middle attacks

Revision history for this message
Michael Nelson (michael.nelson) wrote :

Thanks Chris. +1

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'config.yaml'
2--- config.yaml 2014-10-31 03:43:31 +0000
3+++ config.yaml 2015-10-01 19:00:50 +0000
4@@ -1,7 +1,7 @@
5 options:
6 apt-repository:
7 type: string
8- default: "deb http://packages.elasticsearch.org/elasticsearch/1.2/debian stable main"
9+ default: "deb http://packages.elastic.co/elasticsearch/1.7/debian stable main"
10 description: |
11 A deb-line for the apt archive which contains the elasticsearch package.
12 This is necessary until elasticsearch gets into the debian/ubuntu archives.
13@@ -10,6 +10,11 @@
14 default: "http://packages.elasticsearch.org/GPG-KEY-elasticsearch"
15 description: |
16 The url for the key for the apt-repository.
17+ gpg-key-id:
18+ type: string
19+ default: D88E42B4
20+ description: |
21+ Elasticsearch's GPG fingerprint to validate the apt key
22 cluster-name:
23 type: string
24 default: "elasticsearch"
25
26=== modified file 'metadata.yaml'
27--- metadata.yaml 2014-09-11 18:34:45 +0000
28+++ metadata.yaml 2015-10-01 19:00:50 +0000
29@@ -4,7 +4,7 @@
30 description: |
31 Distributed RESTful search and analytics
32 Read more at http://www.elasticsearch.org
33-categories:
34+tags:
35 - misc
36 subordinate: false
37 peers:
38
39=== modified file 'tasks/install-elasticsearch.yml'
40--- tasks/install-elasticsearch.yml 2014-07-07 15:37:42 +0000
41+++ tasks/install-elasticsearch.yml 2015-10-01 19:00:50 +0000
42@@ -3,7 +3,7 @@
43 - install
44 - upgrade-charm
45 - config-changed
46- apt_key: url={{ apt_key_url }} state=present
47+ apt_key: url={{ apt_key_url }} state=present id={{gpg_key_id}}
48 when: apt_key_url != ""
49
50 - name: Add apt archive.

Subscribers

People subscribed via source and target branches