Is Open Distro production ready?

Hey Guys,

What are your suggestions on if Open Distro production ready?


I’m already using it in production, the main argument was, Opendistro (ODFE) uses default OSS Elasticsearch and Searchguard for security, booth exists for a while and are well proofed components.
I also converted an existing elasticsearch cluster to Opendistro, without loosing any data.
In case one doesn’t use any specialities from x-pack this could be a matter of uninstall and installing packages and setting new security options.

In case you don’t have to rely on any super special feature out of elatic’s x-pack (that is not yet available as plugin in ODFE), it is just a perfect open source alternative to elastic’s bundle.

One thing you might need to keep in mind: it is elasticsearch and if you experience any issues, they don’t necessarily need to be caused by or related to Opendistro project (eg. breaking changes on major release 6.x -> 7.x etc.)

It is definitely worth a try, you can build your own PoC setup or just test with the docker containers.
hope this helps

1 Like

I am new and learning about it. Wondering If my below understanding is right:

  1. one can install elastic’s Basic(free) version like latest says 7.6.2 and use the basic x-pack security provided by it, now built-in but install the alerting plugin from Open Distro-- not available in it. Is it possible? will it work now and in future-- mean will compatibility be maintained? i.e. run the base original stack whereas use plugins from OpenDistro?

I am also struggling to understand: now in Elastic’s basic version x-pack is free to use what is the utility of using Open Distro Security plugin? Does Open Distro Security offer more than what is offered by x-pack under basic?


Elastic’s basic version does not contain the following:

  • LDAP
  • Field level security
  • Document level security


Meanwhile these are some of the features you can find in OpenDistro. Personally I’d always go with OpenDistro. The entire project seems awesome and I’ve had a good experience with it. Security is handled very well.

My only drawback would be the lack of documentation on how to implement some things but I see that is being actively fixed by the OpenDistro team with blog posts and webinars.

No, pls. don’t mix elastic commercial components (even if they are free) with opendistro components.

If you like to take the opensource approach, I’d recommend to stay away from elastic free versions like elasticsearch (non-OSS) or x-pack coming from elastic’s repo, even if it is free.
It is not entirely under opensource license, they have their own proprietary “Elastic license” and you might still need a “free” subscription key for it!
Bottom line: elastic “free” components under “Elastic license” is not opensource, even if their marketing department uses terms like “free”, “source is open” or “open x-pack”!
It’s their own proprietary license und up to them to change the rules under their license, and you don’t wan’t to get into any licensing issues at any time, not even after years using it.

So the best thing you can do, to stay away from licensing issues is, to use just Opendistro (elasticsearch-OSS + security, alerting,… plugins) as it is under proper opensource license (Apache License 2.0).

However, if you have a reasonable budget, need commercial support anyway and felt in love with the Elastic components, feel free to get a proper yearly subscription from Elastic.

Thanks for advise. much appreciated. One more thing:

Am I right in assuming that opendistro plugins and Elastic plugins are interchangeable, under supported version. I mean one can install Basic elastic and then install selected pulugins from OpenDistro on top of it?