Closed Bug 1245481 Opened 8 years ago Closed 8 years ago

Disable dynamic scripting on the OrangeFactor Elasticsearch cluster

Categories

(Infrastructure & Operations :: IT-Managed Tools, task)

Product:
Infrastructure & Operations
Component:
IT-Managed Tools
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: emorley, Assigned: cliang)

References

Details

(Whiteboard: [kanban:https://webops.kanbanize.com/ctrl_board/2/2531] ) 

In bug 1142538 / bug 1143123, a separate Elasticsearch cluster was created for OrangeFactor, since it's only compatible with ES v0.9x:

If it's not already, please can dynamic scripting be disabled on this cluster, for increased security:
https://www.elastic.co/guide/en/elasticsearch/reference/0.90/modules-scripting.html#_disabling_dynamic_scripts

The cluster is behind:
of-elasticsearch-zlb.webapp.scl3.mozilla.com
...and the individual VM hostnames are in bug 1143123.

Many thanks :-)
Summary: Disable dynamic scripting on the OrangeFactor ElasticSearch cluster → Disable dynamic scripting on the OrangeFactor Elasticsearch cluster
Whiteboard: [kanban:https://webops.kanbanize.com/ctrl_board/2/2531]
Assignee: server-ops-webops → cliang
I've pushed out the configuration change to the OrangeFactor ES servers and, after a quick check over IRC, restarted the cluster to force the configuration change.  Attempts to use a dynamic script are met with a 400 error ("ScriptException[dynamic scripting disabled]").

If you find that this has produced unpleasant side effects, please re-open this bug and flag me down in IRC.

[1] curl -XGET "http://localhost:9200/bugs-20160203/_search?q=*&pretty" -d' { "query": { "function_score": { "script_score": { "script": "Math.pow(doc[\"run\"].value, 2)", "lang": "groovy" } } } }'
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
That's great, thank you for sorting this :-)
Group: mozilla-employee-confidential
You need to log in before you can comment on or make changes to this bug.