chore(examples): Migrate Examples from ElasticSearch to OpenSearch/Newer ES

[EandrewJones]

Problem

Per the ASF 3rd Party Licensing guidelines, we should not be including any category X software in our stack. ElasticSearch went proprietary 3 years ago, but recently announced the addition of an AGPL license.

We only use(d) ES in examples, but not in releases. We have tried to get clarification on whether this is OKAY, but still do not feel satisfied with the answers.

Here's my read. Per the Guidelines:

For example, using a GPL'ed tool during the build is okay, but including GPL'ed source code is not. and also this document, it's clear to me we need to scrub any proprietary version of elastic from the code.

Solution

We can either: 1) migrate the examples to OpenSearch which is Apache 2.0; or 2) migrate the examples to newer version of ELK stack which are AGPL, but remove examples from the release zip/tar (these currently get sucked in which is a no-no, even if there aren't any AGPL dependencies in the NPM package or src).

[linghengqian]

migrate the examples to newer version of ELK stack which are AGPL, but remove examples from the release zip/tar (these currently get sucked in which is a no-no, even if there aren't any AGPL dependencies in the NPM package or src).

• Does this mean that apache/flagon-useralejs needs to maintain downstream Docker Images for ElasticSearch and Kibana? Even though these Docker Images are actually AGPL LICENSE which is not approved by ASF? Docker images of ElasticSearch and Kibana made by Elastic will still be under the Elastic V2 LICENSE. This has been clarified at https://discuss.elastic.co/t/elasticsearch-binaries-and-images-be-coverd-by-the-agpl-license/367084/4?u=linghengqian .
• But from my point of view, the source code of the Dockerfile or other build scripts that generate the AGPL LICENSE Docker Image can still be any LICENSE, regardless of the AGPL. I don't see https://github.com/apache/flagon-useralejs/tree/master/example redistributing Elastic's files.
• This involves another topic. Since Linux with GPL V2 LICENSE is usually used in Docker Image, Docker Hub is just a downstream distribution channel of ASF. Using ElasticSearch in an ASF project is much more troublesome than using OpenSearch in an ASF project.

[brucearctor]

how difficult/costly is the lift to move to OpenSearch for the specifics of what is in the repo?

Seems like this discussion has gone on a long time, so also imagine removing this from something that the community needs to devote attention to [ whether or not license is OK ] would be good to unburden and allow better focus elsewhere.

[EandrewJones]

I misstated where there are references to ES in flagon ecosystem. Let me clarify:

• apache/flagon-useralejs does NOT need to maintain downstream docker images for ES and Kibana. UserALE has no dependency on any particular backend nor does it distribute them. I erroneously thought we had references to ES in the flagon-useralejs/examples folder which does get distributed as part of the release.
• We do, however, have examples located at: https://github.com/apache/flagon/tree/master/docker which include docker images for ELK. None of this code is actually released, but it is on an official Apache github repo. Is that a problem?

Best

Evan Jones Website: www.ea-jones.com

On Sun, Oct 13, 2024 at 10:35 AM brucearctor @.***> wrote:

how difficult/costly is the lift to move to OpenSearch for the specifics of what is in the repo?

Seems like this discussion has gone on a long time, so also imagine removing this from something that the community needs to devote attention to [ whether or not license is OK ] would be good to unburden and allow better focus elsewhere.

— Reply to this email directly, view it on GitHub https://github.com/apache/flagon-useralejs/issues/507#issuecomment-2409061785, or unsubscribe https://github.com/notifications/unsubscribe-auth/AJ2T6ALVVGR6ZFCVKMD7LZTZ3KVPXAVCNFSM6AAAAABPVBNAEKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDIMBZGA3DCNZYGU . You are receiving this because you authored the thread.Message ID: @.***>

[linghengqian]

Is that a problem?

• This is not a problem because end users download the Elastic V2 LICENSE binaries from Docker Hub/docker.elastic.co, and those binaries are not part of the source code at https://github.com/apache/flagon/tree/master/docker .

• I believe the source code of https://github.com/apache/flagon/tree/master/docker will still be Apache V2, and this will not change due to any business decision of Elastic. https://github.com/apache/flagon/tree/master/docker just uses the Docker Image made by Elastic during the demonstration. It is very common to use the Apache V2 LICENSE Dockerfile to describe the installation process of the GPL V3 LICENSE Docker Image. This is no different from the treatment of apache skywalking in https://github.com/apache/skywalking-showcase and https://github.com/apache/skywalking . Of course, skywalking does not need elasticsearch to run. It’s just that in the skywalking community, most people use elasticsearch as data storage.

• When the final downstream user downloads the .tar.gz of https://github.com/apache/flagon from https://downloads.apache.org/ , the Docker Image is obviously not included. The user downloads the Docker Image from Docker Hub, which is not an official distribution channel of ASF at all. It is just a downstream distribution channel, and the LICENSE is handled quite freely. It is normal for Docker Images to contain proprietary software. If the LICENSE of all layers of a Docker Image really needs to be discussed, it will become very complicated. For example, the long article at https://www.linuxfoundation.org/resources/publications/docker-containers-what-are-the-open-source-licensing-considerations .

• There is almost no need to consider Elastic V2 LICENSE, unless Apache Flagon must depend on Elasticsearch. Or Apache Flagon publishes an npm package that uses the https://github.com/elastic/eui npm package of Elastic V2 LICENSE. But if I remember correctly, npm is also not an official distribution channel of ASF.

• When we talk about the official distribution channels of ASF, it is either https://repository.apache.org/ or https://downloads.apache.org/ . Other distribution channels not managed by ASF are actually not related to ASF, but sometimes ASF Infra helps maintain the accounts of these downstream channels.

[EandrewJones]

Hengqian,

Thank you for the direct and clear explanation. In that case, I can close this issue.

Best

Evan Jones Website: www.ea-jones.com

On Mon, Oct 14, 2024 at 8:46 AM Ling Hengqian @.***> wrote:

Is that a problem?

-

This is not a problem because end users download the Elastic V2 LICENSE binaries from Docker Hub, and those binaries are not part of the source code at https://github.com/apache/flagon/tree/master/docker .

I believe the source code of https://github.com/apache/flagon/tree/master/docker will still be Apache V2, and this will not change due to any business decision of Elastic. https://github.com/apache/flagon/tree/master/docker just uses the Docker Image made by Elastic during the demonstration. It is very common to use the Apache V2 LICENSE Dockerfile to describe the installation process of the GPL V3 LICENSE Docker Image. This is no different from the treatment of apache skywalking in https://github.com/apache/skywalking-showcase and https://github.com/apache/skywalking . Of course, skywalking does not need elasticsearch to run. It’s just that in the skywalking community, most people use elasticsearch as data storage.

When the final downstream user downloads the .tar.gz of https://github.com/apache/flagon from https://downloads.apache.org/ , the Docker Image is obviously not included. The user downloads the Docker Image from Docker Hub, which is not an official distribution channel of ASF at all. It is just a downstream distribution channel, and the LICENSE is handled quite freely. It is normal for Docker Images to contain proprietary software. If the LICENSE of all layers of a Docker Image really needs to be discussed, it will become very complicated. For example, the long article at https://www.linuxfoundation.org/resources/publications/docker-containers-what-are-the-open-source-licensing-considerations .

There is almost no need to consider Elastic V2 LICENSE, unless Apache Flagon must depend on Elasticsearch. Or Apache Flagon publishes an npm package that uses the https://github.com/elastic/eui npm package of Elastic V2 LICENSE. But if I remember correctly, npm is also not an official distribution channel of ASF.

When we talk about the official distribution channels of ASF, it is either https://repository.apache.org/ or https://downloads.apache.org/ . Other distribution channels not managed by ASF are actually not related to ASF, but sometimes ASF Infra helps maintain the accounts of these downstream channels.

— Reply to this email directly, view it on GitHub https://github.com/apache/flagon-useralejs/issues/507#issuecomment-2411641217, or unsubscribe https://github.com/notifications/unsubscribe-auth/AJ2T6AJBV2SGQL5KYLCGUJDZ3PRMZAVCNFSM6AAAAABPVBNAEKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDIMJRGY2DCMRRG4 . You are receiving this because you authored the thread.Message ID: @.***>