From bbfd15e91903d82a12b028cb4bc77869920f1cbe Mon Sep 17 00:00:00 2001 From: Ioannis Kakavas Date: Thu, 16 Aug 2018 12:55:02 +0300 Subject: [PATCH 1/4] Run pre 6.4 nodes in non-FIPS JVMs Elasticsearch versions earlier than 6.4.0 cannot properly run in a FIPS 140 JVM. This commit ensures that we use a non-FIPS JVM for nodes that we spin up in BWC tests even when we're testing FIPS. --- .../main/groovy/org/elasticsearch/gradle/test/NodeInfo.groovy | 3 +++ 1 file changed, 3 insertions(+) diff --git a/buildSrc/src/main/groovy/org/elasticsearch/gradle/test/NodeInfo.groovy b/buildSrc/src/main/groovy/org/elasticsearch/gradle/test/NodeInfo.groovy index 0dd56b863324f..16effcd5eac3e 100644 --- a/buildSrc/src/main/groovy/org/elasticsearch/gradle/test/NodeInfo.groovy +++ b/buildSrc/src/main/groovy/org/elasticsearch/gradle/test/NodeInfo.groovy @@ -177,6 +177,9 @@ class NodeInfo { javaVersion = 8 } else if (nodeVersion.onOrAfter("6.2.0") && nodeVersion.before("6.3.0")) { javaVersion = 9 + } else if (project.inFipsJvm && nodeVersion.onOrAfter("6.3.0") && nodeVersion.before("6.4.0")) { + // Versions before 6.4.0 cannot be run in a FIPS 140 JVM + javaVersion = 10 } args.addAll("-E", "node.portsfile=true") From 89f73ccaeaca8bcabcec05c2bba5bb226d51860b Mon Sep 17 00:00:00 2001 From: Ioannis Kakavas Date: Thu, 16 Aug 2018 12:57:17 +0300 Subject: [PATCH 2/4] Revert "Tests: Disable rolling upgrade tests with system key on fips JVM (#32775)" This reverts commit e49717393a268161c0ef0eedf3754b32a9836dff. --- x-pack/qa/rolling-upgrade/with-system-key/build.gradle | 9 --------- 1 file changed, 9 deletions(-) diff --git a/x-pack/qa/rolling-upgrade/with-system-key/build.gradle b/x-pack/qa/rolling-upgrade/with-system-key/build.gradle index 5aaa1ed1eff9b..03505e01dedd8 100644 --- a/x-pack/qa/rolling-upgrade/with-system-key/build.gradle +++ b/x-pack/qa/rolling-upgrade/with-system-key/build.gradle @@ -1,10 +1 @@ -import org.elasticsearch.gradle.test.RestIntegTestTask - -// Skip test on FIPS FIXME https://github.com/elastic/elasticsearch/issues/32737 -if (project.inFipsJvm) { - tasks.withType(RestIntegTestTask) { - enabled = false - } -} - group = "${group}.x-pack.qa.rolling-upgrade.with-system-key" From d5c67cc9087635daab2eac29b3b961cc61aaeb53 Mon Sep 17 00:00:00 2001 From: Ioannis Kakavas Date: Thu, 16 Aug 2018 12:57:23 +0300 Subject: [PATCH 3/4] Revert "mute test #32737" This reverts commit e64bb48a716f971fdb37b789dec2ba2bc1a35e82. --- .../qa/full-cluster-restart/with-system-key/build.gradle | 8 -------- 1 file changed, 8 deletions(-) diff --git a/x-pack/qa/full-cluster-restart/with-system-key/build.gradle b/x-pack/qa/full-cluster-restart/with-system-key/build.gradle index 928280b6584bd..e69de29bb2d1d 100644 --- a/x-pack/qa/full-cluster-restart/with-system-key/build.gradle +++ b/x-pack/qa/full-cluster-restart/with-system-key/build.gradle @@ -1,8 +0,0 @@ -import org.elasticsearch.gradle.test.RestIntegTestTask - -// Skip test on FIPS FIXME https://github.com/elastic/elasticsearch/issues/32737 -if (project.inFipsJvm) { - tasks.withType(RestIntegTestTask) { - enabled = false - } -} From 8f69f491ef9edcef7e6152c69c3bac82d55048e9 Mon Sep 17 00:00:00 2001 From: Ioannis Kakavas Date: Thu, 16 Aug 2018 20:17:19 +0300 Subject: [PATCH 4/4] Address feedback --- .../groovy/org/elasticsearch/gradle/test/NodeInfo.groovy | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/buildSrc/src/main/groovy/org/elasticsearch/gradle/test/NodeInfo.groovy b/buildSrc/src/main/groovy/org/elasticsearch/gradle/test/NodeInfo.groovy index 16effcd5eac3e..aaf4e468182a9 100644 --- a/buildSrc/src/main/groovy/org/elasticsearch/gradle/test/NodeInfo.groovy +++ b/buildSrc/src/main/groovy/org/elasticsearch/gradle/test/NodeInfo.groovy @@ -178,7 +178,10 @@ class NodeInfo { } else if (nodeVersion.onOrAfter("6.2.0") && nodeVersion.before("6.3.0")) { javaVersion = 9 } else if (project.inFipsJvm && nodeVersion.onOrAfter("6.3.0") && nodeVersion.before("6.4.0")) { - // Versions before 6.4.0 cannot be run in a FIPS 140 JVM + /* + * Elasticsearch versions before 6.4.0 cannot be run in a FIPS-140 JVM. If we're running + * bwc tests in a FIPS-140 JVM, ensure that the pre v6.4.0 nodes use a Java 10 JVM instead. + */ javaVersion = 10 }