BOSH Release for Elasticsearch plugins: Shield and License



Open source. Code available here.

Elasticsearch logo I wrote a BOSH release to setup the Shield and License plugins for Elasticsearch on top of the logsearch BOSH release.

We deployed Elasticsearch using the logsearch-boshrelease, but needed to support plugins such as Shield and License. Unlike simpler plugins, Shield and License require additional configuration, in Shield's case multiple steps of configuration.

I determined that plugin setup was out of scope for the logsearch release, so I needed to write my own. Forking the release to add plugin support was an option, but I wanted to ensure we could still use upstream updates to Elasticsearch. Plugin setup is mostly out-of-band with Elasticsearch setup, except the need to restart Elasticsearch.

Shield adds support for authorization and SSL to Elasticsearch, and we needed both features to keep patient information protected and encrypted at all times. Authorization was fairly straightforward, but SSL was a bear. Elastic support helped me figure out nuances of Java SSL setup and Elasticsearch's needs specifically.