Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Test fixtures krb5 #40297

Merged
merged 27 commits into from
Mar 28, 2019
Merged
Show file tree
Hide file tree
Changes from 20 commits
Commits
Show all changes
27 commits
Select commit Hold shift + click to select a range
e47fc1c
Upgrae plugin to latest and expose udp
alpar-t Nov 27, 2018
a66b53c
Proper dependencies preprocess task
alpar-t Nov 27, 2018
fecdd7a
Move fixture to docker
alpar-t Nov 22, 2018
64b0c53
Gradle cahnges without config errors
alpar-t Nov 22, 2018
7dfd48a
Genenrate conf files for fixture
alpar-t Nov 27, 2018
77b64e3
Fix typo
alpar-t Nov 27, 2018
9865787
use the fixture
alpar-t Nov 27, 2018
be20b9d
Use the pre process task
alpar-t Nov 27, 2018
ab7dc63
no more need to be explicit about evaluation
alpar-t Nov 27, 2018
a53134e
Move hdfs to docker
alpar-t Nov 27, 2018
463e5d2
remove the vagrant file
alpar-t Mar 13, 2019
83536bc
disable fixture unit test
alpar-t Mar 13, 2019
bd13d5f
Configure TMP for test nodes on Windows (#39959)
alpar-t Mar 13, 2019
98cd4ac
Make sure post process runs before tests
alpar-t Mar 13, 2019
d0e716d
Remove unnecesary config
alpar-t Mar 13, 2019
27b05cd
Fix replacing the UDP port
alpar-t Mar 13, 2019
ec3a166
inject ports before staring hdfs
alpar-t Mar 13, 2019
124918c
Fix hdfs-repository tests
alpar-t Mar 21, 2019
fcab3b0
Fix kerberos tests
alpar-t Mar 21, 2019
ffafbc1
Disable rest integ tests tasks for test fixtures
alpar-t Mar 21, 2019
8ae3de5
Merge remote-tracking branch 'origin/master' into test-fixtures-krb5
alpar-t Mar 22, 2019
a5fd549
PR review
alpar-t Mar 22, 2019
50673c7
Merge remote-tracking branch 'origin/master' into test-fixtures-krb5
alpar-t Mar 25, 2019
9a22dce
Merge remote-tracking branch 'origin/master' into test-fixtures-krb5
alpar-t Mar 25, 2019
330ff07
Fix failing test
alpar-t Mar 27, 2019
7866be8
Merge remote-tracking branch 'origin/master' into test-fixtures-krb5
alpar-t Mar 27, 2019
a65b0df
Merge remote-tracking branch 'origin/master' into test-fixtures-krb5
alpar-t Mar 28, 2019
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -690,6 +690,13 @@ class ClusterFormationTasks {
env(key: 'JAVA_HOME', value: project.runtimeJavaHome)
}
node.args.each { arg(value: it) }
if (Os.isFamily(Os.FAMILY_WINDOWS)) {
// Having no TMP on Windows defaults to C:\Windows and permission errors
// Since we configure ant to run with a new environment above, we need to set this to a dir we have access to
File tmpDir = new File(node.baseDir, "tmp")
tmpDir.mkdirs()
env(key: "TMP", value: tmpDir.absolutePath)
}
}
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,6 @@
import org.gradle.api.Task;
import org.gradle.api.plugins.BasePlugin;
import org.gradle.api.plugins.ExtraPropertiesExtension;
import org.gradle.api.tasks.Input;
import org.gradle.api.tasks.TaskContainer;

import java.lang.reflect.InvocationTargetException;
Expand Down Expand Up @@ -104,6 +103,7 @@ public void apply(Project project) {
"but none could be found so these will be skipped", project.getPath()
);
disableTaskByType(tasks, getTaskClass("com.carrotsearch.gradle.junit4.RandomizedTestingTask"));
disableTaskByType(tasks, getTaskClass("org.elasticsearch.gradle.test.RestIntegTestTask"));
// conventions are not honored when the tasks are disabled
disableTaskByType(tasks, TestingConventionsTasks.class);
disableTaskByType(tasks, ComposeUp.class);
Expand All @@ -122,6 +122,7 @@ public void apply(Project project) {
fixtureProject,
(name, port) -> setSystemProperty(task, name, port)
);
task.dependsOn(fixtureProject.getTasks().getByName("postProcessFixture"));
})
);

Expand Down Expand Up @@ -155,7 +156,6 @@ private void configureServiceInfoForTask(Task task, Project fixtureProject, BiCo
);
}

@Input
public boolean dockerComposeSupported(Project project) {
if (OS.current().equals(OS.WINDOWS)) {
return false;
Expand Down
2 changes: 1 addition & 1 deletion distribution/src/bin/elasticsearch
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ source "`dirname "$0"`"/elasticsearch-env

ES_JVM_OPTIONS="$ES_PATH_CONF"/jvm.options
JVM_OPTIONS=`"$JAVA" -cp "$ES_CLASSPATH" org.elasticsearch.tools.launchers.JvmOptionsParser "$ES_JVM_OPTIONS"`
ES_JAVA_OPTS="${JVM_OPTIONS//\$\{ES_TMPDIR\}/$ES_TMPDIR} $ES_JAVA_OPTS"
ES_JAVA_OPTS="${JVM_OPTIONS//\"\$\{ES_TMPDIR\}\"/$ES_TMPDIR} $ES_JAVA_OPTS"

cd "$ES_HOME"
# manual parsing to find out, if process should be detached
Expand Down
2 changes: 1 addition & 1 deletion distribution/src/config/jvm.options
Original file line number Diff line number Diff line change
Expand Up @@ -86,7 +86,7 @@
-Dlog4j.shutdownHookEnabled=false
-Dlog4j2.disable.jmx=true

-Djava.io.tmpdir=${ES_TMPDIR}
-Djava.io.tmpdir="${ES_TMPDIR}"

## heap dumps

Expand Down
122 changes: 36 additions & 86 deletions plugins/repository-hdfs/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -24,18 +24,19 @@ import org.elasticsearch.gradle.test.RestIntegTestTask
import java.nio.file.Files
import java.nio.file.Path
import java.nio.file.Paths

apply plugin: 'elasticsearch.test.fixtures'

esplugin {
description 'The HDFS repository plugin adds support for Hadoop Distributed File-System (HDFS) repositories.'
classname 'org.elasticsearch.repositories.hdfs.HdfsPlugin'
}

apply plugin: 'elasticsearch.vagrantsupport'

versions << [
'hadoop2': '2.8.1'
]

testFixtures.useFixture ":test:fixtures:krb5kdc-fixture"

configurations {
hdfsFixture
}
Expand Down Expand Up @@ -68,67 +69,27 @@ dependencyLicenses {
mapping from: /hadoop-.*/, to: 'hadoop'
}

// MIT Kerberos Vagrant Testing Fixture
String box = "krb5kdc"
Map<String,String> vagrantEnvVars = [
'VAGRANT_CWD' : "${project(':test:fixtures:krb5kdc-fixture').projectDir}",
'VAGRANT_VAGRANTFILE' : 'Vagrantfile',
'VAGRANT_PROJECT_DIR' : "${project(':test:fixtures:krb5kdc-fixture').projectDir}"
]

task krb5kdcUpdate(type: org.elasticsearch.gradle.vagrant.VagrantCommandTask) {
command 'box'
subcommand 'update'
boxName box
environmentVars vagrantEnvVars
dependsOn "vagrantCheckVersion", "virtualboxCheckVersion"
}

task krb5kdcFixture(type: org.elasticsearch.gradle.test.VagrantFixture) {
command 'up'
args '--provision', '--provider', 'virtualbox'
boxName box
environmentVars vagrantEnvVars
dependsOn krb5kdcUpdate
}

task krb5AddPrincipals {
dependsOn krb5kdcFixture
}

List<String> principals = [ "elasticsearch", "hdfs/hdfs.build.elastic.co" ]
String realm = "BUILD.ELASTIC.CO"

for (String principal : principals) {
Task create = project.tasks.create("addPrincipal#${principal}".replace('/', '_'), org.elasticsearch.gradle.vagrant.VagrantCommandTask) {
command 'ssh'
args '--command', "sudo bash /vagrant/src/main/resources/provision/addprinc.sh $principal"
boxName box
environmentVars vagrantEnvVars
dependsOn krb5kdcFixture
}
krb5AddPrincipals.dependsOn(create)
}

// Create HDFS File System Testing Fixtures for HA/Secure combinations
for (String fixtureName : ['hdfsFixture', 'haHdfsFixture', 'secureHdfsFixture', 'secureHaHdfsFixture']) {
project.tasks.create(fixtureName, org.elasticsearch.gradle.test.AntFixture) {
dependsOn project.configurations.hdfsFixture
dependsOn project.configurations.hdfsFixture, project(':test:fixtures:krb5kdc-fixture').tasks.postProcessFixture
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We need a better abstraction for this. This doesn't need to be done in this PR but something as simple as "this task needs this fixture to be done being setup" seems a common enough pattern to deserve it's own DSL.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree. We already add this dependency to testing tasks (RandomizedTestingTask that is, we'll have to add Gradle Test too there ).
This is the first example of a task in the "client" project other than a test needing to have the fixture up. I was thinking of creating a postProcessFixture task on the "client" project identical to the one on the fixture to allow for dumping ports to files, and depending on the fixture. What do you think ?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was envisioning something similar to what we do for the rest tests. That is, we decorate tasks on the consuming project with some DSL which folks can use to indicate that task requires a given test fixture.

executable = new File(project.runtimeJavaHome, 'bin/java')
env 'CLASSPATH', "${ -> project.configurations.hdfsFixture.asPath }"
waitCondition = { fixture, ant ->
// the hdfs.MiniHDFS fixture writes the ports file when
// it's ready, so we can just wait for the file to exist
return fixture.portsFile.exists()
}
}

final List<String> miniHDFSArgs = []

// If it's a secure fixture, then depend on Kerberos Fixture and principals + add the krb5conf to the JVM options
if (fixtureName.equals('secureHdfsFixture') || fixtureName.equals('secureHaHdfsFixture')) {
dependsOn krb5kdcFixture, krb5AddPrincipals
Path krb5Config = project(':test:fixtures:krb5kdc-fixture').buildDir.toPath().resolve("conf").resolve("krb5.conf")
miniHDFSArgs.add("-Djava.security.krb5.conf=${krb5Config}");
miniHDFSArgs.add("-Djava.security.krb5.conf=${project(':test:fixtures:krb5kdc-fixture').ext.krb5Conf("hdfs")}");
if (project.runtimeJavaVersion == JavaVersion.VERSION_1_9) {
miniHDFSArgs.add('--add-opens=java.security.jgss/sun.security.krb5=ALL-UNNAMED')
}
Expand All @@ -145,9 +106,11 @@ for (String fixtureName : ['hdfsFixture', 'haHdfsFixture', 'secureHdfsFixture',

// If it's a secure fixture, then set the principal name and keytab locations to use for auth.
if (fixtureName.equals('secureHdfsFixture') || fixtureName.equals('secureHaHdfsFixture')) {
Path keytabPath = project(':test:fixtures:krb5kdc-fixture').buildDir.toPath().resolve("keytabs").resolve("hdfs_hdfs.build.elastic.co.keytab")
miniHDFSArgs.add("hdfs/hdfs.build.elastic.co@${realm}")
miniHDFSArgs.add("${keytabPath}")
miniHDFSArgs.add(
project(':test:fixtures:krb5kdc-fixture')
.ext.krb5Keytabs("hdfs", "hdfs_hdfs.build.elastic.co.keytab")
)
}

args miniHDFSArgs.toArray()
Expand All @@ -170,10 +133,11 @@ project.afterEvaluate {

// If it's a secure cluster, add the keytab as an extra config, and set the krb5 conf in the JVM options.
if (integTestTaskName.equals('integTestSecure') || integTestTaskName.equals('integTestSecureHa')) {
Path elasticsearchKT = project(':test:fixtures:krb5kdc-fixture').buildDir.toPath().resolve("keytabs").resolve("elasticsearch.keytab").toAbsolutePath()
Path krb5conf = project(':test:fixtures:krb5kdc-fixture').buildDir.toPath().resolve("conf").resolve("krb5.conf").toAbsolutePath()

restIntegTestTask.clusterConfig.extraConfigFile("repository-hdfs/krb5.keytab", "${elasticsearchKT}")
String krb5conf = project(':test:fixtures:krb5kdc-fixture').ext.krb5Conf("hdfs")
restIntegTestTask.clusterConfig.extraConfigFile(
"repository-hdfs/krb5.keytab",
"${project(':test:fixtures:krb5kdc-fixture').ext.krb5Keytabs("hdfs", "elasticsearch.keytab")}"
)
jvmArgs = jvmArgs + " " + "-Djava.security.krb5.conf=${krb5conf}"
if (project.runtimeJavaVersion == JavaVersion.VERSION_1_9) {
jvmArgs = jvmArgs + " " + '--add-opens=java.security.jgss/sun.security.krb5=ALL-UNNAMED'
Expand All @@ -189,9 +153,10 @@ project.afterEvaluate {
if (project.runtimeJavaVersion == JavaVersion.VERSION_1_9) {
restIntegTestTaskRunner.jvmArg '--add-opens=java.security.jgss/sun.security.krb5=ALL-UNNAMED'
}

Path hdfsKT = project(':test:fixtures:krb5kdc-fixture').buildDir.toPath().resolve("keytabs").resolve("hdfs_hdfs.build.elastic.co.keytab").toAbsolutePath()
restIntegTestTaskRunner.systemProperty "test.krb5.keytab.hdfs", "${hdfsKT}"
restIntegTestTaskRunner.systemProperty (
"test.krb5.keytab.hdfs",
project(':test:fixtures:krb5kdc-fixture').ext.krb5Keytabs("hdfs","hdfs_hdfs.build.elastic.co.keytab")
)
}
}

Expand Down Expand Up @@ -269,41 +234,26 @@ if (fixtureSupported) {
integTestHa.setEnabled(false)
}

// Secure HDFS testing relies on the Vagrant based Kerberos fixture.
boolean secureFixtureSupported = false
if (fixtureSupported) {
secureFixtureSupported = project.rootProject.vagrantSupported
}

if (secureFixtureSupported) {
project.check.dependsOn(integTestSecure)
project.check.dependsOn(integTestSecureHa)
project.check.dependsOn(integTestSecure)
project.check.dependsOn(integTestSecureHa)
mark-vieira marked this conversation as resolved.
Show resolved Hide resolved

// Fixture dependencies
integTestSecureCluster.dependsOn secureHdfsFixture, krb5kdcFixture
integTestSecureHaCluster.dependsOn secureHaHdfsFixture, krb5kdcFixture
// Fixture dependencies
integTestSecureCluster.dependsOn secureHdfsFixture
integTestSecureHaCluster.dependsOn secureHaHdfsFixture

// Set the keytab files in the classpath so that we can access them from test code without the security manager
// freaking out.
Path hdfsKeytabPath = project(':test:fixtures:krb5kdc-fixture').buildDir.toPath().resolve("keytabs")
project.dependencies {
testRuntime fileTree(dir: hdfsKeytabPath.toString(), include: ['*.keytab'])
}

// Run just the secure hdfs rest test suite.
integTestSecureRunner.systemProperty 'tests.rest.suite', 'secure_hdfs_repository'
// Ignore HA integration Tests. They are included below as part of integTestSecureHa test runner.
integTestSecureRunner.exclude('**/Ha*TestSuiteIT.class')

// Only include the HA integration tests for the HA test task
integTestSecureHaRunner.patternSet.setIncludes(['**/Ha*TestSuiteIT.class'])
} else {
// Security tests unsupported. Don't run these tests.
integTestSecure.enabled = false
integTestSecureHa.enabled = false
testingConventions.enabled = false
// Set the keytab files in the classpath so that we can access them from test code without the security manager
// freaking out.
project.dependencies {
testRuntime fileTree(dir: project(':test:fixtures:krb5kdc-fixture').ext.krb5Keytabs("hdfs","hdfs_hdfs.build.elastic.co.keytab").parent, include: ['*.keytab'])
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

FWIW, this kind of cross-project coupling makes me very uneasy. It's just so easy to break this kind of thing. We really should model these kinds of things as proper project dependencies. At the very least then we can ask Gradle "who uses this thing?".

We don't need to address this as part of the PR. Similar to my comment above, I think we need to provide better abstractions around things a fixture exposes to a dependent project.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree.

}

// Run just the secure hdfs rest test suite.
integTestSecureRunner.systemProperty 'tests.rest.suite', 'secure_hdfs_repository'
// Ignore HA integration Tests. They are included below as part of integTestSecureHa test runner.
integTestSecureRunner.exclude('**/Ha*TestSuiteIT.class')
// Only include the HA integration tests for the HA test task
integTestSecureHaRunner.patternSet.setIncludes(['**/Ha*TestSuiteIT.class'])

thirdPartyAudit {
ignoreMissingClasses()
ignoreViolations (
Expand Down
8 changes: 8 additions & 0 deletions test/fixtures/hdfs-fixture/Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
FROM java:8-jre

RUN apt-get update && apt-get install net-tools

EXPOSE 9998
EXPOSE 9999

CMD java -cp "/fixture:/fixture/*" hdfs.MiniHDFS /data
27 changes: 12 additions & 15 deletions test/fixtures/hdfs-fixture/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -18,25 +18,22 @@
*/

apply plugin: 'elasticsearch.build'
apply plugin: 'elasticsearch.test.fixtures'

versions << [
'hadoop2': '2.8.1'
]

// we create MiniHdfsCluster with the hadoop artifact
dependencies {
compile "org.apache.hadoop:hadoop-minicluster:${versions.hadoop2}"
compile "org.apache.hadoop:hadoop-minicluster:2.8.1"
}

task syncClasses(type: Sync) {
from sourceSets.test.compileClasspath
mark-vieira marked this conversation as resolved.
Show resolved Hide resolved
from sourceSets.test.output.dirs
mark-vieira marked this conversation as resolved.
Show resolved Hide resolved
into "${buildDir}/fixture"
dependsOn sourceSets.test.getCompileTaskName("java")
}

// for testing, until fixtures are actually debuggable.
// gradle hides *EVERYTHING* so you have no clue what went wrong.
task hdfs(type: JavaExec) {
classpath = sourceSets.test.compileClasspath + sourceSets.test.output
main = "hdfs.MiniHDFS"
args = [ 'build/fixtures/hdfsFixture' ]
preProcessFixture.dependsOn syncClasses
mark-vieira marked this conversation as resolved.
Show resolved Hide resolved
preProcessFixture.doLast {
file("${buildDir}/shared").mkdirs()
}

// just a test fixture: we aren't using jars in releases
thirdPartyAudit.enabled = false
// TODO: add a simple HDFS client test for this fixture
unitTest.enabled = false
11 changes: 11 additions & 0 deletions test/fixtures/hdfs-fixture/docker-compose.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
version: '3'
services:
hdfs:
hostname: hdfs.build.elastic.co
build:
context: .
dockerfile: Dockerfile
volumes:
- ./build/fixture:/fixture
ports:
- "9999:9999"
Original file line number Diff line number Diff line change
Expand Up @@ -98,7 +98,6 @@ public static void main(String[] args) throws Exception {

UserGroupInformation.setConfiguration(cfg);

// TODO: remove hardcoded port!
MiniDFSCluster.Builder builder = new MiniDFSCluster.Builder(cfg);
if (secure) {
builder.nameNodePort(9998);
Expand Down
9 changes: 9 additions & 0 deletions test/fixtures/krb5kdc-fixture/Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
FROM ubuntu:14.04
ADD . /fixture
RUN echo kerberos.build.elastic.co > /etc/hostname && echo "127.0.0.1 kerberos.build.elastic.co" >> /etc/hosts
RUN bash /fixture/src/main/resources/provision/installkdc.sh

EXPOSE 88
EXPOSE 88/udp

CMD sleep infinity
53 changes: 0 additions & 53 deletions test/fixtures/krb5kdc-fixture/Vagrantfile

This file was deleted.

Loading