Elastic Cloud Enterprise version 1.1.4

New for Elastic Cloud Enterprise version 1.1.4:

  • Support for Elasticsearch and Kibana version 6.3.0. This version of Elastic Cloud Enterprise fully supports our latest Elastic Stack version and is required if you want to upgrade.
  • Support for installing Elastic Cloud Enterprise on Microsoft Azure. You could previously install ECE on Azure on your own, but we now provide tested instructions for installing our product on Microsoft’s Azure coud platform. To learn more, see Microsoft Azure Virtual Machines.
  • New Elasticsearch API Console functionality. A console that provides API access to your Elasticsearch clusters is now available in the Cloud UI. To access the console, select one of your Elasticsearch clusters in the Cloud UI, and then click Console.
  • New hard_reset API flag. This new API flag affects the rolling strategy used during cluster changes, where only one new node at a time gets created. You use this flag to recover from situations where either the cluster becomes unresponsive or valid cluster configuration plans are failing due to previous failed plan attempts.
  • Updated xfsprogs library. We now ship version 4.5.0-r1 of xfsprogs, which is a library used by Elastic Cloud Enterprise to interact with the XFS file system.
  • Better installation prerequisite checks. ECE now performs the following additional checks during installation to help ensure trouble-free operation:

    • The host storage root volume path cannot point to the root directory.
    • The port range for allocators must be in the expected range.
    • The user must have deleted the runner from ZooKeeper using the Delete Runner button in the UI before attempting to bootstrap a new runner with the same ID.
    • The user performing the installation must be in the correct docker user group.

To upgrade to this version, see Upgrade Your Installation. You must also run the rolling-credentials-fix.sh cleanup script to resolve Elastic Security Advisory ESA-2018-12.

Release date: June 12, 2018

Security Fixes

ECE version 1.1.4 includes the following security fixes:

  • ESA-2018-09: We no longer use a shared encryption key for granting ZooKeeper access to Elasticsearch clusters. If you are running an Elastic Cloud Enterprise version before 1.1.4, and if your Elastic Cloud Enterprise environment exposes access to ZooKeeper, you must run the cleanup script rolling-credentials-fix.sh to address this Elastic Security Advisory. Instructions are in this knowledge base article.
  • ESA-2018-12: We corrected an information exposure vulnerability where encryption keys, passwords, and other security sensitive headers could be leaked to the allocator logs under certain exception conditions.
  • ESA-2018-13: Users can no longer scale out allocators on new hosts with an invalid roles token.

Bug Fixes

ECE includes 1.1.4 includes the following bug fixes:

  • Users can no longer scale out allocators on new hosts with an invalid roles token.
  • We now handle installations where the sysctl program might not exist on the PATH of the host system correctly.
  • Security-sensitive information is no longer logged by the components of Elastic Cloud Enterprise.
  • The installation process now provides information about the secrets file that contains important information for the operator.
  • If you are using the cloud.id feature with an ECE version before 1.1.4, we now ensure that permissions are set correctly on the cname ZooKeeper node. To use the Cloud ID, you need to upgrade to this version of ECE.
  • Snapshot delete API requests now return the correct HTTP status code (201).
  • The cluster creation API now uses a 1:24 memory-to-storage size ratio to be consistent with clusters created from the UI.
  • The _restart API for instance restarts now performs a per-zone restart correctly.
  • We now display an error message if you reinstall Elastic Cloud Enterprise without properly clearing an existing node.
  • Multiline Elastic Cloud Enterprise logs are now correctly parsed as a single message.
  • We changed the default log level to debug from info on the proxy components.
  • We removed the ?detailed flag from the __elb_health__ endpoint.
  • The ECE upgrade process on RHEL platform now removes all container set configurations before installing new ones.
  • During an ECE upgrade, the installer ensures the container has the correct image version.
  • Elastic Cloud Enterprise now suppresses unnecessary log messages from Filebeat and Metricbeat during ECE startup.
  • We fixed log warnings about license expiration to use the correct start date.