[RELEASE] Release version 1.3.17

[github-actions]

Release OpenSearch and OpenSearch Dashboards 1.3.17

I noticed that a manifest was automatically created in manifests/1.3.17. Please follow the following checklist to make a release.

How to use this issue

This Release Issue

This issue captures the state of the OpenSearch release, its assignee (Release Manager) is responsible for driving the release. Please contact them or @mention them on this issue for help. There are linked issues on components of the release where individual components can be tracked. For more information check the the Release Process OpenSearch Guide.

Please refer to the following link for the release version dates: Release Schedule and Maintenance Policy.

Entrance Criteria

Criteria	Status	Description	Comments
Documentation draft PRs are up and in tech review for all component changes	🟢
Sanity testing is done for all components	🟢
Code coverage has not decreased (all new code has tests)	🟢
Release notes are ready and available for all components	🟢
Roadmap is up-to-date (information is available to create release highlights)	🟢
Release ticket is cut, and there's a forum post announcing the start of the window	🟢
Any necessary security reviews are complete	🟢

OpenSearch 1.3.17 exit criteria status:

Criteria	Status	Description	Comments
Performance tests are run, results are posted to the release ticket and there no unexpected regressions	🟢
No unpatched vulnerabilities of medium or higher severity that have been publicly known for more than 60 days	🟢
Documentation has been fully reviewed and signed off by the documentation community.	🟢
All integration tests are passing	🟢
Release blog is ready	🟢

OpenSearch-Dashboards 1.3.17 exit criteria status:

Criteria	Status	Description	Comments
Documentation has been fully reviewed and signed off by the documentation community	🟢
No unpatched vulnerabilities of medium or higher severity that have been publicly known for more than 60 days	🟢
All integration tests are passing	🟢
Release blog is ready	🟢

Preparation

• Release manager assigned.
• Existence of label in each component repo. For more information check the release-label section.
• Increase the build frequency.
• Release Issue.

Campaigns

• Component Release Issue.
• Release Campaigns.

Release Branch and Version Increment - June 2nd

• Core Release Branch.
• Core Version Increment.
• Components Release Branch.
• Components Version Increment.

Feature Freeze - May 28th

• OpenSearch / OpenSearch-Dashboards core and components teams finalize their features.

Code Complete - May 28th

• Mark this as done once the Code Complete is reviewed.
• Create/Verify pull requests to add each component to relase input manifests/1.3.17/opensearch-1.3.17.yml and manifests/1.3.17/opensearch-dashboards-1.3.17.yml.

Release Candidate Creation and Testing - May 31st

• Generate Release Candidate.
• Integ Test TAR.
• Integ Test RPM.
• Docker Build and Scan.
• Backwards Compatibility Tests.
• Windows Integration Test.
• Broadcast and Communication.
• Release Candidate Lock.

Performance testing validation - May 31st

• Post the benchmark-tests
• Longevity tests do not show any issues.

Pre Release - June 5th

• Release Labeled Issues.
• Go or No-Go.
• Promote Repos.
• Promote artifacts.
• Release Notes.

Release - June 6th

• Maven Promotion.
• Docker Promotion.
• Release Validation.
• Collaboration with the Project Management Team.

Release Checklist.

Release Checklist

Pre-Release activities

• Promote Repos.
  • • OS
  • • OSD
• Promote Artifacts.
  • • Windows
  • • Linux Debian
  • • Linux RPM
  • • Linux TAR
• Consolidated Release Notes.

Release activities

• Docker Promotion.
• Release Validation part 1.
  • • OpenSearch and OpenSearch Dashboard Validation.
  • • Validate the native plugin installation.
• Merge consolidated release notes PR.
• Website and Documentation Changes.
  • • Merge staging website PR.
  • • Promote the website changes to prod.
  • • Add website alert.
• Release Validation part 2.
  • • Validate the artifact download URL's and signatures.
• Release Validation part 3.
  • • Trigger the validation build (Search for Completed validation for <> in the logs).
• Maven Promotion.
• Publish blog posts.
• Advertise on Social Media.
• Post on public slack and Github Release issue.

Post-Release activities

• Release Tags.
• Input Manifest Update.
• Decrease the Build Frequency.
• OpenSearch Build Release notes.
• Retrospective Issue.
• Helm and Ansible Playbook release.
• Upcoming Release Preparation.

Post Release

• Release Tags.
• Input Manifest Update.
• OpenSearch Build Release notes.
• Decrease the Build Frequency.
• Retrospective Issue.
• Helm and Ansible Playbook release.
• Upcoming Release Preparation.

Components

Replace with links to all component tracking issues.

Component	On track	Release Notes
{COMPONENT_ISSUE_LINK}	{INDICATOR}	{STATUS}

Legend

Symbol	Meaning
🟢	On track with overall release
🟡	Missed last milestone
🔴	Missed multiple milestones

[jordarlu]

the next step is to assign a release manager; the 1.3.17 release window will open on May 28th, 2024.

[Divyaasm]

1st RC

Release testing

We have release candidates built and ready for testing.

---

OpenSearch Docker

Start without security
Docker command docker pull docker pull opensearchstaging/opensearch:1.3.17.9900 && docker run -it -d -p 9200:9200 -e "discovery.type=single-node" -e "DISABLE_SECURITY_PLUGIN=true" opensearchstaging/opensearch:1.3.17.9900
Connect command curl http://localhost:9200

Start with security
Docker command docker pull opensearchstaging/opensearch:1.3.17.9900 && docker run -it -d -p 9200:9200 -e "discovery.type=single-node" opensearchstaging/opensearch:1.3.17.9900
Connect command curl --insecure https://admin:admin@localhost:9200

OpenSearch Dashboards Docker

Start without security
Docker command docker pull opensearchstaging/opensearch-dashboards:1.3.17.7673 && docker run -it -d --network="host" -e "DISABLE_SECURITY_DASHBOARDS_PLUGIN=true" opensearchstaging/opensearch-dashboards:1.3.17.7673
URL http://localhost:5601

Start with security
Docker command docker pull opensearchstaging/opensearch-dashboards:1.3.17.7673 && docker run -it -d --network="host" opensearchstaging/opensearch-dashboards:1.3.17.7673
URL http://localhost:5601

Use below artifacts to deploy OpenSearch and OpenSearch Dashboards on different platforms

OpenSearch - Build 9900

• x64 artifacts: [manifest] [tar] [rpm] [yum] [windows]

• arm64 artifacts: [manifest] [tar] [rpm] [yum]

OpenSearch Dashboards - Build 7673

• x64 artifacts: [manifest] [tar] [rpm] [yum] [windows]

• arm64 artifacts: [manifest] [tar] [rpm] [yum]

How to install via yum, tarball, windows etc?

[opensearch-ci-bot]

Core Components CommitID(after 2024-05-31) & Release Notes info

Repo	Branch	CommitID	Commit Date	Release Notes Exists
OpenSearch	[1.3]			True
alerting	[1.3]			False
anomaly-detection	[1.3]			False
asynchronous-search	[1.3]			False
common-utils	[1.3]			False
cross-cluster-replication	[1.3]			False
index-management	[1.3]			False
job-scheduler	[1.3]			False
k-NN	[1.3]			False
ml-commons	[1.3]			False
opensearch-observability	[1.3]			False
opensearch-reports	[1.3]			False
performance-analyzer	[1.3]			False
security	[1.3]			True
sql	[1.3]			False

[opensearch-ci-bot]

Core Components CommitID(after 2024-05-31) & Release Notes info

Repo	Branch	CommitID	Commit Date	Release Notes Exists
OpenSearch-Dashboards	[1.3]			True
alertingDashboards	[1.3]			False
anomalyDetectionDashboards	[1.3]			False
functionalTestDashboards	[1.3]			False
ganttChartDashboards	[1.3]			False
indexManagementDashboards	[1.3]			False
observabilityDashboards	[1.3]			False
queryWorkbenchDashboards	[1.3]			False
reportsDashboards	[1.3]			False
securityDashboards	[1.3]			True

[Divyaasm]

RC Details

Release testing

We have release candidates built and ready for testing.

---

OpenSearch Docker

Start without security
Docker command docker pull docker pull opensearchstaging/opensearch:1.3.17.9911 && docker run -it -d -p 9200:9200 -e "discovery.type=single-node" -e "DISABLE_SECURITY_PLUGIN=true" opensearchstaging/opensearch:1.3.17.9911
Connect command curl http://localhost:9200

Start with security
Docker command docker pull opensearchstaging/opensearch:1.3.17.9911 && docker run -it -d -p 9200:9200 -e "discovery.type=single-node" opensearchstaging/opensearch:1.3.17.9911
Connect command curl --insecure https://admin:admin@localhost:9200

OpenSearch Dashboards Docker

Start without security
Docker command docker pull opensearchstaging/opensearch-dashboards:1.3.17.7681 && docker run -it -d --network="host" -e "DISABLE_SECURITY_DASHBOARDS_PLUGIN=true" opensearchstaging/opensearch-dashboards:1.3.17.7681
URL http://localhost:5601

Start with security
Docker command docker pull opensearchstaging/opensearch-dashboards:1.3.17.7681 && docker run -it -d --network="host" opensearchstaging/opensearch-dashboards:1.3.17.7681
URL http://localhost:5601

Use below artifacts to deploy OpenSearch and OpenSearch Dashboards on different platforms

OpenSearch - Build 9911

• x64 artifacts: [manifest] [tar] [rpm] [yum] [windows]

• arm64 artifacts: [manifest] [tar] [rpm] [yum]

OpenSearch Dashboards - Build 7681

• x64 artifacts: [manifest] [tar] [rpm] [yum] [windows]

• arm64 artifacts: [manifest] [tar] [rpm] [yum]

How to install via yum, tarball, windows etc?

[Divyaasm]

Integ-tests Results:

OpenSearch 🟢

x64 Tarball - All successful
Details : https://build.ci.opensearch.org/blue/organizations/jenkins/integ-test/detail/integ-test/8266/pipeline

arm64 Tarball - All successful
Details : https://build.ci.opensearch.org/blue/organizations/jenkins/integ-test/detail/integ-test/8273/pipeline

OpenSearchDashboards

x64 Tarball - Failed plugins : observabilityDashboards ( with security ), reportsDashboards ( with/without security )
Details : https://build.ci.opensearch.org/blue/organizations/jenkins/integ-test-opensearch-dashboards/detail/integ-test-opensearch-dashboards/5931/pipeline
Related logs : https://ci.opensearch.org/ci/dbc/integ-test-opensearch-dashboards/1.3.17/7681/linux/x64/tar/test-results/5931/integ-test/test-report.yml

arm64 Tarball - Failed plugins: alertingDashboards ( with security )
Details: https://build.ci.opensearch.org/blue/organizations/jenkins/integ-test-opensearch-dashboards/detail/integ-test-opensearch-dashboards/5932/pipeline
Related logs: https://ci.opensearch.org/ci/dbc/integ-test-opensearch-dashboards/1.3.17/7681/linux/arm64/tar/test-results/5932/integ-test/test-report.yml

[Divyaasm]

Native plugin Validation:

./opensearch-plugin install repository-s3
-> Installing repository-s3
-> Downloading repository-s3 from opensearch
[=================================================] 100%   
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@     WARNING: plugin requires additional permissions     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
* java.lang.RuntimePermission accessDeclaredMembers
* java.lang.RuntimePermission getClassLoader
* java.lang.reflect.ReflectPermission suppressAccessChecks
* java.net.NetPermission setDefaultAuthenticator
* java.net.SocketPermission * connect,resolve
* java.util.PropertyPermission opensearch.allow_insecure_settings read,write
See http://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html
for descriptions of what these permissions allow and the associated risks.

Continue with installation? [y/N]y
-> Installed repository-s3 with folder name repository-s3

[Divyaasm]

Signature validation:

        gpg --verify opensearch-1.3.17-linux-x64.tar.gz.sig opensearch-1.3.17-linux-x64.tar.gz
gpg: Signature made Thu 06 Jun 2024 07:21:52 PM UTC using RSA key ID 542C03B4
gpg: Good signature from "OpenSearch project <opensearch@amazon.com>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: C5B7 4989 65EF D1C2 924B  A9D5 39D3 1987 9310 D3FC
     Subkey fingerprint: 2187 3199 B103 0FCD 49DA  83F8 C2EE 2AF6 542C 03B4

[mwilso3]

Is this release expected to be delayed?

[Divyaasm]

Is this release expected to be delayed?

Hey the Release is out today