Commit Graph

1589 Commits

Author SHA1 Message Date
Ioannis Kakavas ee202a642f
Enable tests in FIPS 140 in JDK 11 (#49485)
This change changes the way to run our test suites in 
JVMs configured in FIPS 140 approved mode. It does so by:

- Configuring any given runtime Java in FIPS mode with the bundled
policy and security properties files, setting the system
properties java.security.properties and java.security.policy
with the == operator that overrides the default JVM properties
and policy.

- When runtime java is 11 and higher, using BouncyCastle FIPS 
Cryptographic provider and BCJSSE in FIPS mode. These are 
used as testRuntime dependencies for unit
tests and internal clusters, and copied (relevant jars)
explicitly to the lib directory for testclusters used in REST tests

- When runtime java is 8, using BouncyCastle FIPS 
Cryptographic provider and SunJSSE in FIPS mode. 

Running the tests in FIPS 140 approved mode doesn't require an
additional configuration either in CI workers or locally and is
controlled by specifying -Dtests.fips.enabled=true
2020-01-27 11:14:52 +02:00
Ryan Ernst 87b926aa22 Fix git info within VM for worktrees (#51119)
If a worktree is used, say for 7.x, and packaging tests are run, the
build within the VM will fail due to the parent checkout not being
accessible. This is because the path of the worktree is for the host
systtem, not the VM. This commit makes the git info unknown, just as if
the .git directory did not exist.
2020-01-25 10:50:18 -08:00
Jason Tedor f38eae7abc
Install plugins in a single transaction in tests (#51433)
When building clusters for integration tests, today we install plugins
sequentially. We recently introduced the ability to install plugins in a
single invocation of the install plugin command. Using this can save
substantial time starting up JVMs. This commit changes the build
infrastructure to install multiple plugins at once when building
clusters for integration tests.

For the docs integration tests in particular, where we install many
plugins, this change makes a substantial difference. On my laptop, prior
to this change, installing the plugins sequentially took 115
seconds. After this change, it takes 14 seconds.
2020-01-24 13:11:35 -05:00
Mark Vieira f86de2a9cb
Always test against default distribution when in a FIPS JVM (#51273) (#51333) 2020-01-23 14:54:57 -08:00
Mark Vieira c08c282c0e
Revert "Always test against default distribution when in a FIPS JVM (#51273)"
This reverts commit 0169498711.
This reverts commit c5a032b594.
2020-01-22 12:15:57 -08:00
Mark Vieira 0169498711
Workaround for dependency on runtime build configuration 2020-01-22 11:30:25 -08:00
Mark Vieira c5a032b594
Always test against default distribution when in a FIPS JVM (#51273)
(cherry picked from commit e34d7fdaf7b511627c64a9e16805fd82f980b8c6)
2020-01-22 11:30:25 -08:00
Jay Modi ccf3e443b5
Improve file filter for insecure repo tests (#51121) (#51170)
Tests in BuildPluginIT copy the workspace but exclude the build
directories based on whether the directory string representation
includes `/build/` or not. This check is problematic if the directory
of the project has a parent directory also named `build`. The change in
this commit checks to see if the path relative to the project directory
has any path parts equal to `build`.
2020-01-17 10:56:22 -07:00
Mark Vieira fac509836a
Upgrade to Gradle 6.1 (#50453)
(cherry picked from commit bdd7bda47b4aa14a14273f7301d3615f1cc4bba0)
2020-01-16 13:58:29 -08:00
Rory Hunter 80d925e225
Auto-format buildSrc (#51043)
Backport / reimplementation of #50786 on 7.x.

Opt-in `buildSrc` for automatic formatting. This required a config tweak
in order to pick up all the Java sources, and as a result more files are
now found in the Enrich plugin, that were previously missed.

I also moved the 2 Java files in `buildSrc/src/main/groovy` into the Java
directory, which required some follow-up changes.
2020-01-16 10:26:27 +00:00
Zachary Tong 9eab87062c Bump version to 7.7.0 2020-01-15 10:12:14 -05:00
Henning Andersen 48e5eece1e GlobalBuildInfo support packed-refs with work-tree (#50791)
The packed-refs support was using the original .git path, changed to use
the real .git directory after reference from worktree has been followed.

Relates #47464
2020-01-10 14:06:52 +01:00
Adrien Grand 4f2299c714
Upgrade to Lucene 8.4.0. (#50518) (#50750) 2020-01-08 18:53:59 +01:00
Ryan Ernst 1f6c1df58e Add cliSetup command to test clusters configuration (#50414)
This commit adds a cliSetup command that can be used to run arbitrary
bin scripts to setup a test cluster. This is the same as what was
previously called setupCommands in cluster formation tasks.

closes #50382
2020-01-07 10:29:31 -08:00
Rory Hunter 1ec89f75dc Fix NPE when `./gradlew run` without `--data-dir` (#50421) (#50425) 2019-12-20 12:25:58 -08:00
Ryan Ernst a0746dbfec Add --data-dir option to run task (#50342)
This commit adds a special run.datadir system property that may be
passed to `./gradlew run` which sets the root data directory used by the
task. While normally overriding the data path is not allowed for test
clusters, it is useful when experimenting with the run task.

closes #50338
2019-12-19 12:48:24 -08:00
Ryan Ernst e3459637a7 Ensure global buildinfo plugin is applied for distro download (#50249)
This commit ensures the global info plugin is applied, which supplies
the isInternal flag used to determine whether distro download looks for
bwcVersions.

relates #50230
2019-12-17 10:11:19 -08:00
David Roberts 32b2445744
Change process kill order for testclusters shutdown (#50215)
The testclusters shutdown code was killing child processes
of the ES JVM before the ES JVM.  This causes any running
ML jobs to be recorded as failed, as the ES JVM notices that
they have disconnected from it without being told to stop,
as they would if they crashed.  In many test suites this
doesn't matter because the test cluster will never be
restarted, but in the case of upgrade tests it makes it
impossible to test what happens when an ML job is running
at the time of the upgrade.

This change reverses the order of killing the ES process
tree such that the parent processes are killed before their
children.  A list of children is stored before killing the
parent so that they can subsequently be killed (if they
don't exit by themselves as a side effect of the parent
dying).

Backport of #50175
2019-12-16 14:12:36 +00:00
Ioannis Kakavas ac83e45a6b
Disable TLS diagnostics in FIPS mode (#49900)
This commit sets xpack.security.ssl.diagnose.trust to false in all
the nodes of our TestClusters when running integTest. This is needed
in 7.x because setting xpack.security.ssl.diagnose.trust to true
wraps SunJSSE TrustManager with our own DiagnosticTrustManager and
this is not allowed when SunJSSE is in FIPS mode.
An alternative would be to set `xpack.security.fips.enabled` to
true which would also implicitly disable
xpack.security.ssl.diagnose.trust but would have additional effects
(would require that we set PBKDF2 for password hashing algorithm in
all test clusters, would prohibit using JKS keystores in nodes even
if relevant tests have been muted in FIPS mode etc.)
2019-12-13 12:47:53 +02:00
Mark Vieira f42537a0f4
Fall back to Java 13 APIs for forbidden API checks when using JDK 14 (#50095)
Closes #50041

(cherry picked from commit 4745b77ddefcaa5b00e700bd8e3ec7752f03c52d)
2019-12-12 09:17:53 -08:00
Ignacio Vera b5ec227de8
upgrade to lucene 8.4.0-snapshot-08b8d116f8f (#50129) (#50132) 2019-12-12 13:13:37 +01:00
Ryan Ernst ff6ad583ff Make testclusters registry extension name unique (#49956)
The testclusters registory is a singleton extension element added to the
root project which tracks which test clusters are used throughout the
multi project. But having the same name as the extension used to
configure test clusters within each subprojects breaks using a single
project for an external plugin. This commit renames the registry
extension to make it unique.

closes #49787
2019-12-11 16:09:20 -08:00
Mark Vieira fdfb1950fc
Allow individual projects to override test heapdump setting (#50096)
This commit goes from using a JvmArgumentProvider to using the normal
Test task APIs for passing the `HeapDumpOnOutOfMemoryError` JVM
argument. This makes it simpler for subprojects, such as lang-painless
to override this setting if necessary.

Closes #49117

(cherry picked from commit e97c38ff8e862abdc1d7816c66f9869ed216031f)
2019-12-11 15:40:58 -08:00
Jason Tedor 23ab9e0204
Require JDK 13 for compilation (#50004)
We have a long history of advancing the required compiler to the newest
JDK. JDK 13 has been with us for awhile, but we were blocked from
upgrading since Gradle was not compatible with JDK 13. With the
advancement in our project to Gradle 6 which supports JDK 13, we can now
advance our minimum compiler version. This commit updates the minimum
compiler version to JDK 13.
2019-12-11 16:29:15 -05:00
Mark Vieira 48d401f97e
Fix exception message for boolean BuildParams properties (#50094) 2019-12-11 11:05:02 -08:00
Adrien Grand 87e72156ce
Upgrade to lucene 8.4.0-snapshot-662c455. (#50016) (#50039)
Lucene 8.4 is about to be released so we should check it doesn't cause problems
with Elasticsearch.
2019-12-10 18:04:58 +01:00
Yannick Welsch a16abf921f Make elasticsearch-node tools custom metadata-aware (#48390)
The elasticsearch-node tools allow manipulating the on-disk cluster state. The tool is currently
unaware of plugins and will therefore drop custom metadata from the cluster state once the
state is written out again (as it skips over the custom metadata that it can't read). This commit
preserves unknown customs when editing on-disk metadata through the elasticsearch-node
command-line tools.
2019-12-10 09:58:11 +01:00
Mark Vieira d3cf89b563
Upgrade to Gradle 6.0 (#49211) (#49994)
This upgrade required a few significant changes. Firstly, the build
scan plugin has been renamed, and changed to be a Settings plugin rather
than a project plugin so the declaration of this has moved to our
settings.gradle file. Second, we were using a rather old version of the
Nebula ospackage plugin for building deb and rpm packages, the migration
to the latest version required some updates to get things working as
expected as we had some workarounds in place that are no longer
applicable with the latest bug fixes.

(cherry picked from commit 87f9c16e2f8870e3091062cde37b43042c3ae1c5)
2019-12-09 11:34:35 -08:00
Ryan Ernst a9d977775d Remove leftover debug log message (#49957)
This was leftover from debugging #49204.
2019-12-09 09:58:26 -08:00
Jake Landis 1c5a139968
Update jackson-databind to 2.8.11.4 (#49347) (#49937) 2019-12-06 13:39:33 -06:00
Mark Vieira abd6fa149c
Move BuildParams class to 'minimumRuntime' source set (#49890)
Move BuildParams class to 'minimumRuntime' source set to retain compatibility
with build-tools for builds using a Java 8 runtime.

Closes #49766

(cherry picked from commit 1059f823acdfa7a2f1f9bff21c7256dae4f3e23c)
2019-12-05 16:32:28 -08:00
Ryan Ernst 721a8b3d9c Fix external integ test zip dep to expect a zip (#49813)
When external plugin authors use build-tools, their integ tests depend
on the integ-test-zip artifact. However, this dependency was broken in
7.5.0 by accidentally removing the `@zip` qualifier on the maven
dependency, which works around the fact the pom for the integ-test-zip
claims the artifact is a pom instead of zip packaging. This commit
restores the workaround of using `@zip` until the pom can be fixed.

closes #49787
2019-12-05 13:04:07 -08:00
Mayya Sharipova 7cf170830c
Optimize sort on numeric long and date fields. (#49732)
This rewrites long sort as a `DistanceFeatureQuery`, which can
efficiently skip non-competitive blocks and segments of documents.
Depending on the dataset, the speedups can be 2 - 10 times.

The optimization can be disabled with setting the system property
`es.search.rewrite_sort` to `false`.

Optimization is skipped when an index has 50% or more data with
the same value.

Optimization is done through:
1. Rewriting sort as `DistanceFeatureQuery` which can
efficiently skip non-competitive blocks and segments of documents.

2. Sorting segments according to the primary numeric sort field(#44021)
This allows to skip non-competitive segments.

3. Using collector manager.
When we optimize sort, we sort segments by their min/max value.
As a collector expects to have segments in order,
we can not use a single collector for sorted segments.
We use collectorManager, where for every segment a dedicated collector
will be created.

4. Using Lucene's shared TopFieldCollector manager
This collector manager is able to exchange minimum competitive
score between collectors, which allows us to efficiently skip
the whole segments that don't contain competitive scores.

5. When index is force merged to a single segment, #48533 interleaving
old and new segments allows for this optimization as well,
as blocks with non-competitive docs can be skipped.

Backport for #48804


Co-authored-by: Jim Ferenczi <jim.ferenczi@elastic.co>
2019-11-29 15:37:40 -05:00
Ioannis Kakavas ba0c848027
[7.x] Update opensaml dependency (#44972) (#49512)
Add a mirror of the maven repository of the shibboleth project
and upgrade opensaml and related dependencies to the latest
version available version

Resolves: #44947
2019-11-29 00:17:16 +02:00
Mayya Sharipova 2dafecc398
Upgrade lucene to 8.4.0-snapshot-e648d601efb (#49641) 2019-11-28 11:59:58 -05:00
Mark Vieira 777f6d5da6
Fix extraction of notarized Elasticsearch release distribution (#49511)
This commit introduces a workaround for an issue related to our recent
notarization of distributions starting with the 6.8.5 release. An
unintended side effect of notarization was that the file entries of the
release tar all have a `./` prefix in the path. This causes a number of
issues, not least of which is that our Gradle extract tasks end up
copying an empty fileset to the destination directory. The workaround
here is imply to remove the leading `./` path segment from each file
when performing the extraction. For more details see this issue:
https://github.com/elastic/elasticsearch/issues/49417
2019-11-22 17:19:47 -08:00
Jay Modi 1431c2b408
Run build-tools test with Gradle jdk (#49459) (#49497)
The test task is configured to use the runtime java version, but there
are issues with the version of groovy used by gradle pre 6.0. In order
to workaround this, we use the Gradle JDK to execute the build-tools
tests.

Closes #49404
Closes #49253
2019-11-22 11:59:46 -07:00
Ryan Ernst c6a8913c38 Fix java home validation usage by tasks (#49204)
Tasks intending to use a particular java home provided by JAVA<N>_HOME
use the getJavaHome method, which verifies the given java home is
available, or will be if the task will run. However, the verification
logic was broken, in addition to unnecessarily delaying retrieving the
java home until runtime. This commit fixes the verification logic to run
at either config time, delaying verification, or at runtime which
immediately checks if java home is available.

closes #49153
2019-11-19 10:30:19 -08:00
Armin Braun e4f6eaeaf5
Fix Runtime Java Path for OSX in Gradle (#49245) (#49246)
On OSX the `bin` directory is nested under `Contents/Home`
relative to where it is for the other platforms.
2019-11-18 16:43:47 +01:00
Armin Braun a817cf5e5c Fix testUnkownPlatform (#49235)
* Adjust assertion to include `mac` to fix build tools tests
2019-11-18 13:03:23 +01:00
Armin Braun fcde1e752f Fix Build on OSX
OSX shows up as `mac` for the platform as well.
2019-11-18 11:25:16 +01:00
Alpar Torok 6e775cfc97 Provision the correct JDK for test tasks (#48561)
This PR adds build configuration to use the `jdk-download` plugin with
unit tests when no runtime java is configured externally.

It's a first part in a longer chain of changes described in #40531.
2019-11-18 10:28:02 +02:00
Jason Tedor b9a571eb43
Bundle JDK 13.0.1+9 with Windows
This commit upgrades the JDK that is bundled with Windows from 13+33 to
13.0.1+9. Our other platforms have previously been upgraded but Windows
was delayed because the artifacts were not available at the time that we
made the previous upgrade.

Relates #48587
2019-11-17 13:43:11 -05:00
Ryan Ernst 961ffaf0ff Omit docker from bats distributions (#49062)
The bats tests require several distributions to all be built into a
single directory. The addition of docker packaging tests now cause the
bats tests to depend on docker, even though docker is not used there.
This commit filters out docker distributions from those that bats
depends on.
2019-11-14 14:28:25 -08:00
Jay Modi 085d9c6e82
Reduce CPU usage of gradle run (#49055) (#49102)
The RunTask is responsible for logging output from nodes to the console
and also stays active since we want the cluster to keep running.
However, the implementation of the logging and waiting resulted in a
spin loop that continually polls for data to have been written to one
of the nodes' output files. On my laptop, this causes an idle
invocation of `gradle run` to consume an entire core.

The JDK provides a method to be notified of changes to files through
the use of a WatchService. While a WatchService based implementation
for logging and waiting works, a delay of up to ten seconds is
encountered when running on macOS. This is due to the lack of a native
WatchService implementation that uses kqueue or FSEvents; the current
WatchService implementation in the JDK uses polling with a default
interval of ten seconds. While the interval can be changed
programmatically it is not an acceptable solution due to the need to
access the com.sun.nio.file.SensitivityWatchEventModifier enum, which
is in an internal package.

The change in this commit instead introduces a check to see if any data
was available to read and log. If no data is available in any of the
node output files, the thread sleeps for 100ms. This is enough time to
prevent consuming large amounts of cpu while still providing output to
the console in a timely fashion.
2019-11-14 13:05:47 -07:00
Rory Hunter c46a0e8708
Apply 2-space indent to all gradle scripts (#49071)
Backport of #48849. Update `.editorconfig` to make the Java settings the
default for all files, and then apply a 2-space indent to all `*.gradle`
files. Then reformat all the files.
2019-11-14 11:01:23 +00:00
Mark Vieira 8acbd0aa2a
Ensure client jar projects generate correct POM artifacts (#48961) 2019-11-11 12:25:14 -08:00
Rory Hunter 014e1b1090
Improve resiliency to auto-formatting in server (#48940)
Backport of #48450.

Make a number of changes so that code in the `server` directory is more
resilient to automatic formatting. This covers:

* Reformatting multiline JSON to embed whitespace in the strings
* Move some comments around to they aren't auto-formatted to a strange
  place. This also required moving some `&&` and `||` operators from the
  end-of-line to start-of-line`.
* Add helper method `reformatJson()`, to strip whitespace from a JSON
  document using XContent methods. This is sometimes necessary where
  a test is comparing some machine-generated JSON with an expected
  value.

Also, `HyperLogLogPlusPlus.java` is now excluded from formatting because it
contains large data tables that don't reformat well with the current settings,
and changing the settings would be worse for the rest of the codebase.
2019-11-11 14:33:04 +00:00
Rafael Acevedo eb0d8f3383 update gradle to 5.6.4 (#48872) 2019-11-11 15:30:31 +02:00
Rory Hunter 35e21f85f3
Reenable Docker tests again (#48936)
Backport of #48898.

We no longer configure distributions for prior versions for Docker. This
is because doing so prompts Gradle to try and resolve the Docker
dependencies, which doesn't work as they can't be downloaded via Ivy
(configured in DistributionDownloadPlugin). Since we need these for the
BATS upgrade tests, and those tests only cover .rpm and .deb, it's OK to
omit creating such distributions in the first place. We may need to
revisit this in the future, to allow upgrade testing using Docker
containers.
2019-11-11 11:43:32 +00:00