Commit Graph

48675 Commits

Author SHA1 Message Date
James Rodewig 9c75f14a9f [DOCS] Reformat classic token filter docs (#48314) 2019-10-23 10:14:25 -05:00
Tanguy Leroux e1dd0e753d Differentiate service account tokens in GCS tests (#48382)
This commit changes the test so that each node use a specific 
service account and private key. It also changes how unique 
request ids are generated for refresh token request using the 
token itself, so that error count will be specific per node (each 
node should execute a single refresh token request as tokens 
are valid for 1 hour).
2019-10-23 16:57:35 +02:00
James Rodewig 852622d970 [DOCS] Remove binary gendered language (#48362) 2019-10-23 09:37:12 -05:00
Ioannis Kakavas cece5f24f7
Add sections in SAML Troubleshooting (#47964) (#48387)
- Section about the case where the `principal` user property can't
be mapped.
- Section about when the IdP SAML metadata do not contain a
SingleSignOnService that supports HTTP-Redirect binding.

Co-Authored-By: Lisa Cawley <lcawley@elastic.co>
Co-Authored-By: Tim Vernum <tim@adjective.org>
2019-10-23 17:24:04 +03:00
Ioannis Kakavas 834f2b4546
Add brackets where necessary in error messages (#48140) (#48386)
This commit attempts to help error readability by adding brackets
where applicable/missing in saml errors.
2019-10-23 17:23:50 +03:00
Alan Woodward 3be6135ceb Mute get-ccr-stats doctest (#48375)
This test is failing frequently, due to #47718
2019-10-23 15:20:35 +01:00
Tom Callahan f573cd6a2c [DOCS] Add 7.4.1 Release Notes (#48359) 2019-10-23 08:22:00 -05:00
Alpar Torok cb9f45ad78 Always publish a build scan in CI (#48348)
* Always publish a build scan in CI

This PR changes the build scan configuration to alwasy publisha  build
scan when running in our CI.

We should alkready be passing these env vars into the Vagrant VM so this
will make it produce a build scan too.

The old properties to accept build scan ToS on the public server are
thus no longer relevant and will be cleaned up from the Jenkins config
once this is merged.

* Pass env vars to vagrant VM
* Enable running in parallel in the VM
* Add job name and build nomber as custom values
2019-10-23 13:27:56 +03:00
Alpar Torok 79014057f4 Read build and runtime java from properties file (#48355)
This PR changes the PS1 script that starts os tests for the packaging
test matrix to match the bash script we use on Linux in terms of reading
the runtime and build java versions.

Relates to elastic/infra#11593
2019-10-23 13:23:40 +03:00
Armin Braun 7215201406
Track Shard-Snapshot Index Generation at Repository Root (#48371)
This change adds a new field `"shards"` to `RepositoryData` that contains a mapping of `IndexId` to a `String[]`. This string array can be accessed by shard id to get the generation of a shard's shard folder (i.e. the `N` in the name of the currently valid `/indices/${indexId}/${shardId}/index-${N}` for the shard in question).

This allows for creating a new snapshot in the shard without doing any LIST operations on the shard's folder. In the case of AWS S3, this saves about 1/3 of the cost for updating an empty shard (see #45736) and removes one out of two remaining potential issues with eventually consistent blob stores (see #38941 ... now only the root `index-${N}` is determined by listing).

Also and equally if not more important, a number of possible failure modes on eventually consistent blob stores like AWS S3 are eliminated by moving all delete operations to the `master` node and moving from incremental naming of shard level index-N to uuid suffixes for these blobs.

This change moves the deleting of the previous shard level `index-${uuid}` blob to the master node instead of the data node allowing for a safe and consistent update of the shard's generation in the `RepositoryData` by first updating `RepositoryData` and then deleting the now unreferenced `index-${newUUID}` blob.
__No deletes are executed on the data nodes at all for any operation with this change.__

Note also: Previous issues with hanging data nodes interfering with master nodes are completely impossible, even on S3 (see next section for details).

This change changes the naming of the shard level `index-${N}` blobs to a uuid suffix `index-${UUID}`. The reason for this is the fact that writing a new shard-level `index-` generation blob is not atomic anymore in its effect. Not only does the blob have to be written to have an effect, it must also be referenced by the root level `index-N` (`RepositoryData`) to become an effective part of the snapshot repository.
This leads to a problem if we were to use incrementing names like we did before. If a blob `index-${N+1}` is written but due to the node/network/cluster/... crashes the root level `RepositoryData` has not been updated then a future operation will determine the shard's generation to be `N` and try to write a new `index-${N+1}` to the already existing path. Updates like that are problematic on S3 for consistency reasons, but also create numerous issues when thinking about stuck data nodes.
Previously stuck data nodes that were tasked to write `index-${N+1}` but got stuck and tried to do so after some other node had already written `index-${N+1}` were prevented form doing so (except for on S3) by us not allowing overwrites for that blob and thus no corruption could occur.
Were we to continue using incrementing names, we could not do this. The stuck node scenario would either allow for overwriting the `N+1` generation or force us to continue using a `LIST` operation to figure out the next `N` (which would make this change pointless).
With uuid naming and moving all deletes to `master` this becomes a non-issue. Data nodes write updated shard generation `index-${uuid}` and `master` makes those `index-${uuid}` part of the `RepositoryData` that it deems correct and cleans up all those `index-` that are unused.

Co-authored-by: Yannick Welsch <yannick@welsch.lu>
Co-authored-by: Tanguy Leroux <tlrx.dev@gmail.com>
2019-10-23 10:58:26 +01:00
Jim Ferenczi 50f565b158 SearchSlowLog uses a non thread-safe object to escape json (#48363)
This commit fixes the usage of JsonStringEncoder#quoteAsUTF8 in the SearchSlowLog.
JsonStringEncoder#getInstance should always be called to get a thread local object
but this assumption was broken by #44642. This means that any slow log can throw
an AIOOBE since it uses the same byte array concurrently.

Closes #48358
2019-10-23 10:23:06 +02:00
Tanguy Leroux 4790ee4c32 Reenable azure repository tests and remove some randomization in http servers (#48283)
Relates #47948
Relates #47380
2019-10-23 09:06:50 +02:00
Tim Brooks c1f6aff5bb
Remove default netty allocator empty assertions (#48356)
This commit removes a problematic assertion that the netty default
allocator is not used. This assertion is problematic because any other
test can cause this task to fail by touching the default allocator. We
assert that we are using heap buffers in the channel.
2019-10-22 20:22:32 -06:00
James Rodewig e45b0cd7e3 [DOCS] Sort cluster API docs alphabetically (#48198) 2019-10-22 12:28:39 -05:00
Armin Braun 8a02a5fc7d
Simplify Shard Snapshot Upload Code (#48155) (#48345)
The code here was needlessly complicated when it
enqueued all file uploads up-front. Instead, we can
go with a cleaner worker + queue pattern here by taking
the max-parallelism from the threadpool info.

Also, I slightly simplified the rethrow and
listener (step listener is pointless when you add the callback in the next line)
handling it since I noticed that we were needlessly rethrowing in the same
code and that wasn't worth a separate PR.
2019-10-22 17:17:09 +01:00
Alpar Torok b4ae207e1e Relative paths, jornalctl in additional logs (#48276)
* Relative paths, jornalctl in additional logs

This PR fixes the archive generation to preserve the paths relative to
the project directory.
It also fixes calling journalctl to get the system log.
* explicitly remove the file we are building
* Skip files locked on windows
* Extended readability probe
* Try to read the file ahead on windows
* Make the tar a best effort
* Catch all exceptions
2019-10-22 17:03:49 +03:00
Brandon DeVault 2f162a98a0 [DOCS] Added the voting node.role value (#48162)
* [DOCS] Added the voting node.role value 

With the elasticsearch.yml option "node.voting_only: true", if you perform a "_cat/nodes" there is a new option for `v` that will display if the node is a voting node.

* [DOCS] Added the voting node.role value

Updated "voting node" to read "voting-only node"
2019-10-22 15:26:05 +02:00
James Rodewig e931fcd331 [DOCS] Add placeholder for 7.4.1 release notes (#48316) 2019-10-22 07:53:28 -05:00
Alexandre Fonseca c41951c6b3 [Docs] Fix opType options in IndexRequest API example. (#48290) 2019-10-22 13:49:19 +02:00
Hendrik Muhs 5ae7453878
[7.6][Transform] blacklist continuous transform tests if upgraded from 7.2.x (#48344)
blacklist continuous transform tests if upgraded from 7.2.x

fixes #48336
2019-10-22 13:16:12 +02:00
Przemysław Witek 60d8ecb2b7
Mute ClassificationIT tests (#48338) (#48339) 2019-10-22 12:45:50 +02:00
Ioannis Kakavas 24e43dfa34
[7.x] Refactor FIPS BootstrapChecks to simple checks (#47499) (#48333)
FIPS 140 bootstrap checks should not be bootstrap checks as they
are always enforced. This commit moves the validation logic within
the security plugin.
The FIPS140SecureSettingsBootstrapCheck was not applicable as the
keystore was being loaded on init, before the Bootstrap checks
were checked, so an elasticsearch keystore of version < 3 would
cause the node to fail in a FIPS 140 JVM before the bootstrap check
kicked in, and as such hasn't been migrated.

Resolves: #34772
2019-10-22 12:49:01 +03:00
Przemysław Witek aa29567e11
[7.x] Fix assignment
Backport of https://github.com/elastic/elasticsearch/pull/48216
2019-10-22 11:34:09 +02:00
Alpar Torok 144e8a0f1a Use an env var for the classpath of jar hell task (#48240)
The classpath for some project could outgrow the max allowed command
line on Windows. Using an env var is not fault proof, but give more
breathing room
2019-10-22 11:17:19 +03:00
Andrei Stefan 3233b59b68 Add "format" to "range" queries resulted from optimizing a logical AND (#48073)
(cherry picked from commit 020939a9bd5b34c6d540faa8b3a67b740d661be3)
2019-10-22 10:17:37 +03:00
Hendrik Muhs 0656207e9a [DOCS][Transform] document limitation regarding rolling upgrade with 7.2, 7.3 (#48118)
adds a limitation about rolling upgrade from 7.2 or 7.3. and fixes a problem with renamed preferences
2019-10-22 09:01:45 +02:00
Hendrik Muhs 1cb3b0cc0d
[7.6][Transform] separate old and mixed rolling upgrade tests (#48302)
separates rolling upgrade tests for transforms created on old and mixed clusters and disable
testing transforms on mixed clusters for <7.4.
2019-10-22 08:58:02 +02:00
Martijn van Groningen bbe50eca72
Fail with a better error when if there are no ingest nodes (#48272)
when executing enrich execute policy api.
2019-10-22 07:42:04 +02:00
Martijn van Groningen 0ec0ab64c9
Fix executing enrich policies stats (#48132)
The enrich stats api picked the wrong task to be displayed
in the executing stats section.

In case `wait_for_completion` was set to `false` then no task
was being displayed and if that param was set to `true` then
the wrong task was being displayed (transport action task instead
of enrich policy executor task).

Testing executing policies in enrich stats api is tricky.
I have verified locally that this commit fixes the bug.
2019-10-22 07:41:56 +02:00
Martijn van Groningen c09b62d5bf
Backport: also validate source index at put enrich policy time (#48311)
Backport of: #48254

This changes tests to create a valid
source index prior to creating the enrich policy.
2019-10-22 07:38:16 +02:00
Nhat Nguyen d0a4bad95b Use MultiFileTransfer in CCR remote recovery (#44514)
Relates #44468
2019-10-21 23:30:52 -04:00
Tim Brooks 547e399dbf
Remove option to enable direct buffer pooling (#48310)
This commit removes the option to change the netty system properties to
reenable the direct buffer pooling. It also removes the need for us to
disable the buffer pooling in the system properties file. Instead, we
programmatically craete an allocator that is used by our networking
layer.

This commit does introduce an Elasticsearch property which allows the
user to fallback on the netty default allocator. If they choose this
option, they can configure the default allocator how they wish using the
standard netty properties.
2019-10-21 19:15:50 -06:00
James Baiera 0d12ef8958
Add Enrich Origin (#48098) (#48312)
This PR adds an origin for the Enrich feature, and modifies the background 
maintenance task to use the origin when executing client operations. 
Without this fix, the maintenance task fails to execute when security is 
enabled.
2019-10-21 16:40:49 -04:00
Przemysław Witek 2db2b945ec
[7.x] Change format of MulticlassConfusionMatrix result to be more self-explanatory (#48174) (#48294) 2019-10-21 22:07:19 +02:00
Mark Vieira 178204703a
Add 'javadoc' task to lifecycle check tasks (#48214) 2019-10-21 09:45:01 -07:00
James Rodewig f4fa61b2f2 [DOCS] Add 'Selecting gateway and seed nodes' section to CCS docs (#48297) 2019-10-21 11:14:23 -05:00
Armin Braun e65c60915a
Cleanup FileRestoreContext Abstractions (#48173) (#48300)
This class is only used by the blob store repository
and CCR and the abstractions didn't really make sense
with CCR ignoring the concrete `restoreFiles` method
completely and having a method used only by the blobstore
overriden as unsupported.
=> Moved to a more fitting set of abstractions
=> Dried up the stream wrapping in `BlobStoreRepository` a little
now that the `restoreFile` method could be simplified

Relates #48110 as it makes changing the API of `FileRestoreContext`
to what is needed for async restores simpler
2019-10-21 17:30:35 +02:00
Lee Hinman cc0c876a8d
fix incorrect comparison (#48208) (#48303)
* remove comparison of identical values

the comparison `tookInMillis == tookInMillis` is always true.

* add comparison between tookInMillis
2019-10-21 09:14:44 -06:00
Armin Braun dc08feadc6
Remove Redundant Version Param from Repository APIs (#48231) (#48298)
This parameter isn't used by any implementation
2019-10-21 16:20:45 +02:00
Alpar Torok cdfac9dfb0 Don't build packages on non Linux (#48246)
* Don't build packages on non Linux

Closes #47007

* Explicitly exclude windows only
2019-10-21 17:09:27 +03:00
Alpar Torok 5729c04df2 Fix link to GCP upload in build scans (#48248)
* Fix link to GCP upload in build scans

Also changed the name of the link to make it less confusing

* Change the name
2019-10-21 17:04:24 +03:00
James Rodewig a66bb2c7ed [DOCS] Reformat CJK bigram and CJK width token filter docs (#48210) 2019-10-21 08:44:49 -05:00
Marios Trivyzas 2751a4ff1b [Docs] Fix testing docs regarding --debug-jvm (#48293)
Remove extra whitespace and highlight the starting port number.

Follows: #48188
(cherry picked from commit b84b7e13c888c9a4b110c436b4eec1ffd0aebd52)
2019-10-21 15:21:18 +02:00
Benjamin Trent abd1b5118f
[ML] fixing tests (#48084) (#48253)
* [ML] fixing tests

* unmuting tests

* reverting outlier detection job changes
2019-10-21 09:21:06 -04:00
Tanguy Leroux 0094bd5939
Fix AutoFollowIT.testPauseAndResumeWithMultipleAutoFollowPatterns (#48289)
The test testPauseAndResumeWithMultipleAutoFollowPatterns
failed multiple times, mostly because it creates too many leader
indices and the following cluster cannot cope with cluster state
updates generated by following indices creation and pause/
resume auto-followers changes.

This commit simplifies the test by creating at most 20 leader
indices and by waiting for any new leader index to be picked
up by the auto-follower before created another leader index.
It also pause and resume less auto-followers as previously.

closes #47917
2019-10-21 14:31:58 +02:00
Alpar Torok 7d085ffbd9 Switch to debug with server=n (#48188)
Before this change one needed to re-start debugging several times, as we
launched multiple JVMs in debug mode.
With this option the IDE has the option to re-launch and listen for
connections again leading for to a more pleasant experience.
2019-10-21 15:07:04 +03:00
Przemysław Witek 1a42e37070
[7.x] Default "prediction_field_name" to (dependent_variable + "_prediction") (#48232) (#48279) 2019-10-21 13:18:08 +02:00
Albert Zaharovits 69fc715bc3
Fix security origin for TokenService#findActiveTokensFor... (#47418) (#48280)
All internal searches (triggered by APIs) across the .security index
must be performed while "under the security origin". Otherwise,
the search is performed in the context of the caller which most
likely does not have privileges to search .security (hopefully).
This commit fixes this in the case of two methods in the
TokenService and corrects an overly done such context switch
in the ApiKeyService.

In addition, this makes all tests from the client/rest-high-level
module execute as an all mighty administrator,
but not a literal superuser.

Closes #47151
2019-10-21 13:15:05 +03:00
Alpar Torok fe265f0308 Mute CliSecurityIT
tracking in #48117
2019-10-21 11:25:56 +03:00
David Turner 672b2a92ca Fix compile error from previous commit (#48230)
The previous commit, 3a6fa0bbdb introduces a
compile error that was fixed locally but not committed. This commit adds the
missing change.
2019-10-21 08:54:04 +01:00