[groovy] scripts are deprecated, use [painless] scripts instead on ES 5.0

opendoc42 · October 31, 2016, 4:27pm

Hello,
I just did a fresh install of ElasticSearch 5.0. At start I have a message

[Groovy] scripts are deprecated, use [painless] INSTEAD scripts

Why install a deprecated module ?

Here are the modules installed and Groovy module is installed

ls -l /usr/share/elasticsearch/modules 
total 40
drwxr-xr-x 2 root root 4096 oct.  31 16:35 aggs-matrix-stats
drwxr-xr-x 2 root root 4096 oct.  31 16:35 ingest-common
drwxr-xr-x 2 root root 4096 oct.  31 16:35 lang-expression
drwxr-xr-x 2 root root 4096 oct.  31 16:35 lang-groovy
drwxr-xr-x 2 root root 4096 oct.  31 16:35 lang-mustache
drwxr-xr-x 2 root root 4096 oct.  31 16:35 lang-painless
drwxr-xr-x 2 root root 4096 oct.  31 16:35 percolator
drwxr-xr-x 2 root root 4096 oct.  31 16:35 reindex
drwxr-xr-x 2 root root 4096 oct.  31 16:35 transport-netty3
drwxr-xr-x 2 root root 4096 oct.  31 16:35 transport-netty4

dadoonet · October 31, 2016, 4:40pm

For a better experience. If you were using Groovy scripts, you can more easily upgrade to elasticsearch 5.0.0.

nik9000 · October 31, 2016, 4:41pm

Backwards compatibility and stability. Painless is amazing but it isn't finished. I mean, no software is finished, but painless is getting a lot of new features so it is moving fast. Like, it just got support negative array indexes meaning "index from the back". That is technically a backwards compatibility breaking feature, but one that folks have asked for even before it was released. We will be adding lots of things to painless during the 5.0 release.

jprante · October 31, 2016, 5:43pm

Seems a bit hasty to deprecate groovy in 5.0 when it supports negative array indexes since years, while painless, the "preferred" solution, does not. This can scare people off.

nik9000 · October 31, 2016, 7:08pm

It is super hasty but I'm fairly convinced it is the right thing to do. Painless is changing a lot and is nowhere near documented enough but groovy is insecure and slow. The security part worries me a lot because just having it on the classpath has caused vulnerabilities in the past. And the sandbox is worthless so turning on dynamic scripting is fraught. But people do it because dynamic scripting is awesome and flexible and powerful and great.

So we got here: painless is the new default because you can use it in dynamic scripting safely. And if we discover a vulnerability with painless we'll fix it immediately. Groovy is available for anyone that needs the stability that it offers but we all look at it sideways because it has a lean and hungry look.

Suny · February 8, 2017, 11:34am

I see that there are reasons for and against the groovy library. But let me ask: Why first install this module, and then warn people that this is deprecated? It's a bit irritating for users who just installed elasticsearch, see the warning and wonder what they did wrong.

Ben_Sisakht · March 8, 2017, 7:29pm

I totally agree with @Suny, just installed elastic search and am trying it out but this was the first thing I saw which now makes me confused right off the bat! It would be nice to have something welcoming rather than a warning about deprecated packages. But you can put that message somewhere else and if it's important enough, you might as well just use it and warn people that this is not as stable as the deprecated package but you're on it ... so something to look forward not worry and know that we need to change it at some point.