Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Support for Play 2.6.x and Elasticsearch 5.x #275

Closed
saadkadhi opened this issue Jul 27, 2017 · 3 comments
Closed

Add Support for Play 2.6.x and Elasticsearch 5.x #275

saadkadhi opened this issue Jul 27, 2017 · 3 comments
Assignees
@To-om
Labels
feature request need:migration
Milestone
2.13.0

Comments

@saadkadhi
Copy link
Contributor

Request Type

Feature Request

Work Environment

Question Answer
OS version (server) Debian
OS version (client) macOS
TheHive version / git hash 2.12.0
Package Type DEB
Browser type & version N/A

Problem Description

The current version of the Play framework used by TheHive (Play 2.5) does not support Elasticsearch 5 which means that we are stuck with ES 2.x.

Steps to Reproduce

N/A

Possible Solutions

Upgrade Play to 2.6.1 or better and ensure TheHive uses ES 5.
@saadkadhi saadkadhi added this to the 2.13.0 milestone Jul 27, 2017
@peasead
Copy link

peasead commented Aug 19, 2017
edited

The only issue I'm seeing between ES 2.4 and 5.5 (at it relates to TheHive) is an update to /etc/elasticsearch/elasticsearch.yml, an Advisory Notice with the the_hive_10 Index, and the conflict with Netty (ES wants 4.1, Play has 4.0 - hardcoded).

elasticsearch.yml

TheHive 2.12 Configuration

network.host: 127.0.0.1
script.inline: on
cluster.name: hive
threadpool.index.queue_size: 100000
threadpool.search.queue_size: 100000
threadpool.bulk.queue_size: 1000

TheHive 2.13 Recommendation

network.host: 127.0.0.1
script.inline: true
cluster.name: hive
thread_pool.index.queue_size: 100000
thread_pool.search.queue_size: 100000
thread_pool.bulk.queue_size: 1000

the_hive_10 Index

According to the Elasticsearch Migration Plugin, the Cluster Checkup created an Advisory Note for the_hive_10 Index here:

the_hive_10
Mappings
Parent field no longer accessible in queries
[case_artifact]:_parent
[case_task]:_parent
[case_task_log]:_parent
[case_artifact_job]:_parent

This may be okay as the Mapping Changes states:

The join between parent and child documents no longer relies on indexed fields and therefore from 5.0.0 onwards the _parent field is no longer indexed. In order to find documents that refer to a specific parent id, the new parent_id query can be used. The GET response and hits inside the search response still include the parent id under the _parent key.

Netty

There's some talk around workarounds and some experimental usge of akka, but Play 2.6 appears to be the proper fix.

To-om added a commit that referenced this issue Aug 24, 2017
@To-om
#275 Add Support for Play 2.6.x and Elasticsearch 5.x
47bfae9
@To-om To-om closed this as completed Aug 28, 2017
@peasead
Copy link

peasead commented Aug 28, 2017

Thanks @To-om

Should I clone the 47bfae9 commit and follow the normal instructions to build from source?

When I get to bin/activator clean stage everything appears to work properly, but it doesn't seem to create the TheHive/target/universal/ folder structure. target/ is empty.

Here is the output from clean stage thehive.txt.

@saadkadhi
Copy link
Contributor Author

@peasead TheHive 2.13.0 will include support for ES 5. Please wait until we release it and try it out.

@nadouani nadouani mentioned this issue Aug 31, 2017
Closed
To-om added a commit that referenced this issue Sep 8, 2017
@To-om
#275 Disable log4j2 to use slf4j
c363609
To-om added a commit that referenced this issue Sep 15, 2017
@To-om
#275 Update docker compose file to used ElasticSearch 5.x
91ce28e
To-om added a commit that referenced this issue Sep 15, 2017
@To-om
#275 Update docker compose file to used ElasticSearch 5.x
d95b334
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@To-om To-om

Labels
feature request need:migration
Projects
None yet
Milestone
2.13.0
Development

No branches or pull requests
3 participants
@saadkadhi @peasead @To-om