1175946 - Enable Groovy in our Elasticsearch clusters

Status: RESOLVED FIXED

(Socorro Graveyard :: Middleware, defect, P1)

Description

[[DEACTIVATED] Adrian Gaudebert]

groovy, the scripting system used by elasticsearch, is disabled in version 1.4. We need to find another way to update data in the Super Search Fields list.

Comment 1

[[DEACTIVATED] Adrian Gaudebert]

phrawzty, is there any risk for us in enabling groovy in our cluster? It's not trivial to fix this problem without it.

Comment 2

[Daniel Maher [:phrawzty]]

According to the documentation[0], Groovy was disabled for security reasons in versions prior to 1.4.3; we are running 1.4.5, so that's not an issue any more.  Since we do not allow direct access to the ES web interface (all requests go through the filter that is our web interface) it should be safe enough to enable Groovy if it isn't already.

[0] https://www.elastic.co/guide/en/elasticsearch/reference/1.4/modules-scripting.html

Comment 3

[[DEACTIVATED] Adrian Gaudebert]

Since we are not exposing Elasticsearch publicly, and the only places where we use scripts cannot contain any user content, we are safe with enabling Groovy.

Comment 4

[Peter Bengtsson [:peterbe]]

I thought we cracked this. Does the bug just need to be closed?

Comment 5

[[github robot]]

Commits pushed to master at https://github.com/mozilla/socorro-infra

https://github.com/mozilla/socorro-infra/commit/756bb97b7d14c44635c4c4dbacb2846104bd56bf
Fixes bug 1175946 - Enabled Groovy scripting in our Elasticsearch clusters.

https://github.com/mozilla/socorro-infra/commit/a3297c27fdd0605f7159fab021d3db028673b421
Merge pull request #188 from AdrianGaudebert/1175946-enable-groovy-in-es

Fixes bug 1175946 - Enabled Groovy scripting in our Elasticsearch clu…