An overview of important changes in Elasticsearch version 8

With the release of version 8 of the Elasticsearch service, important changes and improvements have been applied to this service. The following will be reviewed:

API compatibility with version 7 and above (REST API compatibility)

Version 8 includes several changes in APIs that will lead to breaking changes. Due to the better compatibility of Elasticsearch clients, the possibility of adding API compatibility headers has been added in version 8. With this method, after updating the Elasticsearch service, you can still use version 7 APIs until you update the Elasticsearch client to version 8 or fix breaking changes.

Note: “Elasticsearch client” means a package developed in different programming languages ​​by the official Elastic team so that Elasticsearch APIs can be implemented in the project code.

According to this feature, if the Elasticsearch service has been updated to version 8 but you still use the version 7 client in your program, if the following headers are set in the request sent by the client, the request and response compatible with version 7 will be processed automatically. It was: 3.5

Accept: "application/vnd.elasticsearch+json;compatible-with=7"
Content-Type: "application/vnd.elasticsearch+json;compatible-with=7"

An overview of important changes in Elasticsearch version 8

Automatic activation of Basic security settings and TLS protocol

In versions lower than 8, authorization, authentication and TLS settings must be enabled manually. In version 8, while installing and running Elastic Search, the following are done automatically:

  • Activating basic authentication and creating a password for the elastic user: at the end of the service installation process, a password will be generated and provided to you for the elastic user (superuser for the Elasticsearch service that is defined as built-in). Also, in the service settings, the basic security level (use password and username to connect to Elasticsearch) is automatically enabled.
  • Enabling TLS settings: After installing the service, TLS (SSL) settings are enabled for the transport layer (internal communication between nodes) and the http layer (communication between Elasticsearch and other applications).
    This process includes the following:
  1. The certificate and TLS keys are created in the service configuration path, which includes http.p12, http_ca.crt and transport.p12 files.
  2. TLS settings for both transport and http layers are recorded in the elasticsearch.yml file!
  • Setting network access in the http layer: In addition to the above, which are automatically created in the Elasticsearch settings, the host access in the http layer is also set to (127.0.0.1) _local_ in this version, unlike the previous versions, which was set to _local_ by default. _local_ and _site_ are set (in other words, the addresses in the internal network can also access the Elasticsearch server by default). These are detailed in the “Elasticsearch and system settings before getting started” section!

Better protection of system indexes

In version 8, direct access to system indexes and changes in them is limited, and even the elastic user does not have view and change access by default!

© 2022 Created with AloApi Team.