Enable krb5kdc-fixture, kerberos tests mount urandom for kdc container (#41710) (#43178)

Infra has fixed #10462 by installing `haveged` on CI workers.
This commit enables the disabled fixture and tests, and mounts
`/dev/urandom` for the container so there is enough
entropy required for kdc.
Note: hdfs-repository tests have been disabled, will raise a separate issue for it.

Closes #40624 Closes #40678
This commit is contained in:
Yogesh Gaikwad 2019-06-13 13:02:16 +10:00 committed by GitHub
parent 20031fb13f
commit 4ae1e30a98
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 40 additions and 28 deletions

View File

@ -87,7 +87,7 @@ for (String fixtureName : ['hdfsFixture', 'haHdfsFixture', 'secureHdfsFixture',
// the hdfs.MiniHDFS fixture writes the ports file when
// it's ready, so we can just wait for the file to exist
return fixture.portsFile.exists()
}
}
final List<String> miniHDFSArgs = []
@ -121,20 +121,29 @@ for (String fixtureName : ['hdfsFixture', 'haHdfsFixture', 'secureHdfsFixture',
}
}
Set disabledIntegTestTaskNames = ['integTestSecure', 'integTestSecureHa']
for (String integTestTaskName : ['integTestHa', 'integTestSecure', 'integTestSecureHa']) {
task "${integTestTaskName}"(type: RestIntegTestTask) {
description = "Runs rest tests against an elasticsearch cluster with HDFS."
dependsOn(project.bundlePlugin)
if (disabledIntegTestTaskNames.contains(integTestTaskName)) {
enabled = false;
}
runner {
if (integTestTaskName.contains("Secure")) {
dependsOn secureHdfsFixture
systemProperty "test.krb5.principal.es", "elasticsearch@${realm}"
systemProperty "test.krb5.principal.hdfs", "hdfs/hdfs.build.elastic.co@${realm}"
jvmArgs "-Djava.security.krb5.conf=${krb5conf}"
systemProperty (
"test.krb5.keytab.hdfs",
project(':test:fixtures:krb5kdc-fixture').ext.krb5Keytabs("hdfs","hdfs_hdfs.build.elastic.co.keytab")
)
if (disabledIntegTestTaskNames.contains(integTestTaskName) == false) {
dependsOn secureHdfsFixture
nonInputProperties.systemProperty "test.krb5.principal.es", "elasticsearch@${realm}"
nonInputProperties.systemProperty "test.krb5.principal.hdfs", "hdfs/hdfs.build.elastic.co@${realm}"
jvmArgs "-Djava.security.krb5.conf=${krb5conf}"
nonInputProperties.systemProperty (
"test.krb5.keytab.hdfs",
project(':test:fixtures:krb5kdc-fixture').ext.krb5Keytabs("hdfs","hdfs_hdfs.build.elastic.co.keytab")
)
}
}
}
}

View File

@ -19,18 +19,6 @@
package hdfs;
import java.io.File;
import java.lang.management.ManagementFactory;
import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.nio.file.StandardCopyOption;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import org.apache.commons.io.FileUtils;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.CommonConfigurationKeysPublic;
@ -45,6 +33,18 @@ import org.apache.hadoop.hdfs.MiniDFSNNTopology;
import org.apache.hadoop.hdfs.server.namenode.ha.HATestUtil;
import org.apache.hadoop.security.UserGroupInformation;
import java.io.File;
import java.lang.management.ManagementFactory;
import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.nio.file.StandardCopyOption;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
/**
* MiniHDFS test fixture. There is a CLI tool, but here we can
* easily properly setup logging, avoid parsing JSON, etc.
@ -174,4 +174,5 @@ public class MiniHDFS {
Files.write(tmp, portFileContent.getBytes(StandardCharsets.UTF_8));
Files.move(tmp, baseDir.resolve(PORT_FILE_NAME), StandardCopyOption.ATOMIC_MOVE);
}
}

View File

@ -47,8 +47,7 @@ postProcessFixture {
}
}
// https://github.com/elastic/elasticsearch/issues/40624
buildFixture.enabled = false
buildFixture.enabled = true
project.ext.krb5Conf = { service -> file("$buildDir/shared/${service}/krb5.conf") }
project.ext.krb5Keytabs = { service, fileName -> file("$buildDir/shared/${service}/keytabs/${fileName}") }

View File

@ -8,6 +8,8 @@ services:
command: "bash /fixture/src/main/resources/provision/peppa.sh"
volumes:
- ./build/shared/peppa:/fixture/build
# containers have bad entropy so mount /dev/urandom. Less secure but this is a test fixture.
- /dev/urandom:/dev/random
ports:
- "4444"
- "88/udp"
@ -19,6 +21,8 @@ services:
command: "bash /fixture/src/main/resources/provision/hdfs.sh"
volumes:
- ./build/shared/hdfs:/fixture/build
# containers have bad entropy so mount /dev/urandom. Less secure but this is a test fixture.
- /dev/urandom:/dev/random
ports:
- "4444"
- "88/udp"

View File

@ -8,8 +8,7 @@ apply plugin: 'elasticsearch.test.fixtures'
testFixtures.useFixture ":test:fixtures:krb5kdc-fixture"
// https://github.com/elastic/elasticsearch/issues/40624
integTest.enabled = false
integTest.enabled = true
dependencies {
testCompile project(':x-pack:plugin:core')
@ -56,9 +55,9 @@ integTestCluster {
String realm = "BUILD.ELASTIC.CO"
integTestRunner {
Path peppaKeytab = Paths.get("${project.buildDir}", "generated-resources", "keytabs", "peppa.keytab")
systemProperty 'test.userkt', "peppa@${realm}"
systemProperty 'test.userkt.keytab', "${peppaKeytab}"
systemProperty 'test.userpwd', "george@${realm}"
nonInputProperties.systemProperty 'test.userkt', "peppa@${realm}"
nonInputProperties.systemProperty 'test.userkt.keytab', "${peppaKeytab}"
nonInputProperties.systemProperty 'test.userpwd', "george@${realm}"
systemProperty 'test.userpwd.password', "dino"
systemProperty 'tests.security.manager', 'true'
jvmArgs([