Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Keep the AWS/Azure/GCP SDK version up to date #39492

Closed
4 tasks done
zmoog opened this issue May 9, 2024 · 9 comments
Closed
4 tasks done

Keep the AWS/Azure/GCP SDK version up to date #39492

zmoog opened this issue May 9, 2024 · 9 comments
Assignees
Labels
enhancement Team:obs-ds-hosted-services Label for the Observability Hosted Services team

Comments

@zmoog
Copy link
Contributor

zmoog commented May 9, 2024

Situation

All major CSPs provide SDKs for accessing their API. Beats use the cloud provider API to collect logs, metrics, and metadata.

Over time, CSPs release new versions of SDK. Most of the time, new versions are minor or patch releases. Major releases with breaking changes usually happen every few years.

Usually, we upgrade the cloud provider SDK in two circumstances:

  • we need a new feature
  • we need a bugfix

That's only available in a new SDK version.

Our attitude is primarily reactive.

Problem statement

The current reactive posture has a few downsides:

  • On average, our SDK modules are outdated to various degrees (missing fixes)
  • Upgrades happen not so often, sometimes taking big jumps in versions (increasing risks)
  • On average, if we need a bugfix in one of our dependencies, we can add it now, but the subsequent stack releases may be weeks away; we only backport to the previous release.

Solutions

Manage AWS/Azure/GCP SDK version incrementally using Dependabot.

Pros:

  • It is more manageable to upgrade 1-2 dependencies at a time instead of doing a big batch occasionally.
  • SDKs are up to date with fixes and improvements
  • We integrate updates in the next release to improve the change or avoid bug reports and support requests.

Cons:

  • We are making more changes; we need to mitigate this risk by improving our test suite (we'll address this in a dedicated issue).

Tasks

Preview Give feedback
  1. 2 of 2
    Team:obs-ds-hosted-services
    zmoog
  2. Team:obs-ds-hosted-services
    zmoog
  3. Team:obs-ds-hosted-services bug
    zmoog
  4. Team:obs-ds-hosted-services
    zmoog

Related

Here are a few related issues and PRs:

@botelastic botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label May 9, 2024
@zmoog zmoog added the Team:obs-ds-hosted-services Label for the Observability Hosted Services team label May 9, 2024
@elasticmachine
Copy link
Collaborator

Pinging @elastic/obs-ds-hosted-services (Team:obs-ds-hosted-services)

@botelastic botelastic bot removed the needs_team Indicates that the issue/PR needs a Team:* label label May 9, 2024
@zmoog
Copy link
Contributor Author

zmoog commented May 9, 2024

Here is how APM Server manages OTel dependencies:
https://github.com/elastic/apm-server/blob/main/.github/dependabot.yml

@zmoog
Copy link
Contributor Author

zmoog commented May 9, 2024

I'm creating the first PR to manage the Azure SDK to get feedback from the team responsible for Dependabot.

@zmoog zmoog self-assigned this May 9, 2024
@zmoog zmoog changed the title Keep AWS/Azure/GCP SDK up to date Keep AWS/Azure/GCP SDK version up to date May 9, 2024
@zmoog zmoog changed the title Keep AWS/Azure/GCP SDK version up to date Keep the AWS/Azure/GCP SDK version up to date May 9, 2024
@agithomas
Copy link
Contributor

agithomas commented May 10, 2024

If we notice the issue mentioned here, a sequential upgrade from working -> broken SDK (Nov '23 -> Feb'24) , it would have taken the application into a less desirable state.

So, the scope may be extended or changed to qualifying the SDK version. Addressing dependencies, Testing & verification, addressing gaps in testing (if any) may be part of the qualification process. Once qualified, how soon should we consume the upgrade?

@zmoog
Copy link
Contributor Author

zmoog commented May 14, 2024

If we notice the issue mentioned here, a sequential upgrade from working -> broken SDK (Nov '23 -> Feb'24) , it would have taken the application into a less desirable state.

So, the scope may be extended or changed to qualifying the SDK version. Addressing dependencies, Testing & verification, addressing gaps in testing (if any) may be part of the qualification process. Once qualified, how soon should we consume the upgrade?

@agithomas, what do you mean by "qualifying the SDK version"? Can you elaborate a little on this?

@zmoog
Copy link
Contributor Author

zmoog commented May 14, 2024

To be clear, the goal of PRs like #39495 is not to avoid problems like "not found, ResolveEndpointV2" but to ensure Beats remains up to date with new features, possibly avoid support requests, or at least ship the fixes sooner.

I agree that to avoid problems like "not found, ResolveEndpointV2" from happening we need a holistic strategy that includes:

  • improved dependency management
  • improved testing

@agithomas
Copy link
Contributor

@agithomas, what do you mean by "qualifying the SDK version"? Can you elaborate a little on this?

My comment was more towards the holistic strategy.

Thanks for adding the scope here.

@zmoog
Copy link
Contributor Author

zmoog commented Jul 9, 2024

After the last fix #40125, the config is valid, but the current Dependabot config is still not okay.

From https://github.com/elastic/beats/network/updates/852878485

updater | 2024/07/08 15:25:07 WARN <job_852878485> Please check your configuration as there are groups where no dependencies match:
updater | - azure-sdks
updater | - gcp-sdks
updater | 
updater | This can happen if:
updater | - the group's 'pattern' rules are misspelled
updater | - your configuration's 'allow' rules do not permit any of the dependencies that match the group
updater | - the dependencies that match the group rules have been removed from your project
updater | 
updater | 2024/07/08 15:25:08 INFO <job_852878485> Starting grouped update job for elastic/beats
updater | 2024/07/08 15:25:08 INFO <job_852878485> Found 2 group(s).
updater | 2024/07/08 15:25:08 WARN <job_852878485> Skipping update group for 'azure-sdks' as it does not match any allowed dependencies.
updater | 2024/07/08 15:25:08 WARN <job_852878485> Skipping update group for 'gcp-sdks' as it does not match any allowed dependencies.

zmoog added a commit that referenced this issue Aug 5, 2024
Set up Dependabot to manage the AWS SDK version.

With the current reactive and manual process, our dependencies are often outdated. To release a bugfix to a dependency, we need to wait for the following stack release instead of merging it shortly after it's available from AWS.

See #39492 to learn more.
@zmoog
Copy link
Contributor Author

zmoog commented Aug 12, 2024

The scope of this issue was adopting Dependabot to manage the CSP SDKs dependencies.

I am taking #39505 out for next iteration.

@zmoog zmoog closed this as completed Aug 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement Team:obs-ds-hosted-services Label for the Observability Hosted Services team
Projects
None yet
Development

No branches or pull requests

3 participants