From 520a41e84a0f5dcf6ffe55fe66a73297b791785c Mon Sep 17 00:00:00 2001 From: NEUpanning Date: Tue, 19 Sep 2023 11:32:18 +0800 Subject: [PATCH 1/7] add a docs link to the log message about each failing bootstrap check --- .../bootstrap/EvilBootstrapChecksTests.java | 13 ++- .../bootstrap/BootstrapCheck.java | 3 + .../bootstrap/BootstrapChecks.java | 77 ++++++++++++- .../elasticsearch/common/ReferenceDocs.java | 22 ++++ .../common/reference-docs-links.json | 24 +++- .../bootstrap/BootstrapChecksTests.java | 107 ++++++++++++------ .../org/elasticsearch/node/NodeTests.java | 12 +- .../core/ssl/TransportTLSBootstrapCheck.java | 6 + .../MachineLearningPackageLoader.java | 6 + .../security/PkiRealmBootstrapCheck.java | 6 + ...ecurityImplicitBehaviorBootstrapCheck.java | 6 + .../security/TokenSSLBootstrapCheck.java | 5 + .../RoleMappingFileBootstrapCheck.java | 5 + .../EncryptSensitiveDataBootstrapCheck.java | 6 + 14 files changed, 260 insertions(+), 38 deletions(-) diff --git a/qa/evil-tests/src/test/java/org/elasticsearch/bootstrap/EvilBootstrapChecksTests.java b/qa/evil-tests/src/test/java/org/elasticsearch/bootstrap/EvilBootstrapChecksTests.java index eda3c337c98f4..480b6929057a1 100644 --- a/qa/evil-tests/src/test/java/org/elasticsearch/bootstrap/EvilBootstrapChecksTests.java +++ b/qa/evil-tests/src/test/java/org/elasticsearch/bootstrap/EvilBootstrapChecksTests.java @@ -9,6 +9,7 @@ package org.elasticsearch.bootstrap; import org.apache.logging.log4j.Logger; +import org.elasticsearch.common.ReferenceDocs; import org.elasticsearch.core.SuppressForbidden; import org.elasticsearch.node.NodeValidationException; import org.elasticsearch.test.AbstractBootstrapCheckTestCase; @@ -49,7 +50,17 @@ public void tearDown() throws Exception { public void testEnforceBootstrapChecks() throws NodeValidationException { setEsEnforceBootstrapChecks("true"); - final List checks = Collections.singletonList(context -> BootstrapCheck.BootstrapCheckResult.failure("error")); + final List checks = Collections.singletonList( + new BootstrapCheck() { + @Override + public BootstrapCheckResult check(BootstrapContext context) { + return BootstrapCheck.BootstrapCheckResult.failure("error"); + } + + @Override public ReferenceDocs referenceDocs() { + return null; + } + }); final Logger logger = mock(Logger.class); diff --git a/server/src/main/java/org/elasticsearch/bootstrap/BootstrapCheck.java b/server/src/main/java/org/elasticsearch/bootstrap/BootstrapCheck.java index 75e5fcfa3fa0f..5e81c3576085c 100644 --- a/server/src/main/java/org/elasticsearch/bootstrap/BootstrapCheck.java +++ b/server/src/main/java/org/elasticsearch/bootstrap/BootstrapCheck.java @@ -8,6 +8,7 @@ package org.elasticsearch.bootstrap; +import org.elasticsearch.common.ReferenceDocs; import java.util.Objects; /** @@ -59,4 +60,6 @@ default boolean alwaysEnforce() { return false; } + ReferenceDocs referenceDocs(); + } diff --git a/server/src/main/java/org/elasticsearch/bootstrap/BootstrapChecks.java b/server/src/main/java/org/elasticsearch/bootstrap/BootstrapChecks.java index b9610c689f92e..260467ad65014 100644 --- a/server/src/main/java/org/elasticsearch/bootstrap/BootstrapChecks.java +++ b/server/src/main/java/org/elasticsearch/bootstrap/BootstrapChecks.java @@ -12,6 +12,7 @@ import org.apache.logging.log4j.Logger; import org.apache.lucene.util.Constants; import org.elasticsearch.cluster.coordination.ClusterBootstrapService; +import org.elasticsearch.common.ReferenceDocs; import org.elasticsearch.common.settings.Setting; import org.elasticsearch.common.transport.BoundTransportAddress; import org.elasticsearch.common.transport.TransportAddress; @@ -131,10 +132,11 @@ static void check(final BootstrapContext context, final boolean enforceLimits, f for (final BootstrapCheck check : checks) { final BootstrapCheck.BootstrapCheckResult result = check.check(context); if (result.isFailure()) { + final String message = result.getMessage() + "; for more information see [" + check.referenceDocs() + "]"; if (enforceLimits == false && enforceBootstrapChecks == false && check.alwaysEnforce() == false) { - ignoredErrors.add(result.getMessage()); + ignoredErrors.add(message); } else { - errors.add(result.getMessage()); + errors.add(message); } } } @@ -150,7 +152,9 @@ static void check(final BootstrapContext context, final boolean enforceLimits, f + errors.size() + "] bootstrap checks failed. You must address the points described in the following [" + errors.size() - + "] lines before starting Elasticsearch." + + "] lines before starting Elasticsearch. For more information see [" + + ReferenceDocs.BOOTSTRAP_CHECKS + + "]" ); for (int i = 0; i < errors.size(); i++) { messages.add("bootstrap check failure [" + (i + 1) + "] of [" + errors.size() + "]: " + errors.get(i)); @@ -240,6 +244,11 @@ public BootstrapCheckResult check(BootstrapContext context) { } } + @Override + public ReferenceDocs referenceDocs() { + return ReferenceDocs.HEAP_SIZE_CHECK; + } + // visible for testing long getInitialHeapSize() { return JvmInfo.jvmInfo().getConfiguredInitialHeapSize(); @@ -298,6 +307,11 @@ public final BootstrapCheckResult check(BootstrapContext context) { } } + @Override + public ReferenceDocs referenceDocs() { + return ReferenceDocs.FILE_DESCRIPTOR_CHECK; + } + // visible for testing long getMaxFileDescriptorCount() { return ProcessProbe.getMaxFileDescriptorCount(); @@ -321,6 +335,11 @@ boolean isMemoryLocked() { return Natives.isMemoryLocked(); } + @Override + public ReferenceDocs referenceDocs() { + return ReferenceDocs.MEMORY_LOCK_CHECK; + } + } static class MaxNumberOfThreadsCheck implements BootstrapCheck { @@ -349,6 +368,10 @@ long getMaxNumberOfThreads() { return JNANatives.MAX_NUMBER_OF_THREADS; } + @Override + public ReferenceDocs referenceDocs() { + return ReferenceDocs.MAX_NUMBER_THREADS_CHECK; + } } static class MaxSizeVirtualMemoryCheck implements BootstrapCheck { @@ -378,6 +401,10 @@ long getMaxSizeVirtualMemory() { return JNANatives.MAX_SIZE_VIRTUAL_MEMORY; } + @Override + public ReferenceDocs referenceDocs() { + return ReferenceDocs.MAX_SIZE_VIRTUAL_MEMORY_CHECK; + } } /** @@ -409,6 +436,10 @@ long getMaxFileSize() { return JNANatives.MAX_FILE_SIZE; } + @Override + public ReferenceDocs referenceDocs() { + return ReferenceDocs.MAX_FILE_SIZE_CHECK; + } } static class MaxMapCountCheck implements BootstrapCheck { @@ -478,6 +509,10 @@ static long parseProcSysVmMaxMapCount(final String procSysVmMaxMapCount) throws return Long.parseLong(procSysVmMaxMapCount); } + @Override + public ReferenceDocs referenceDocs() { + return ReferenceDocs.MAXIMUM_MAP_COUNT_CHECK; + } } static class ClientJvmCheck implements BootstrapCheck { @@ -501,6 +536,10 @@ String getVmName() { return JvmInfo.jvmInfo().getVmName(); } + @Override + public ReferenceDocs referenceDocs() { + return ReferenceDocs.CLIENT_JVM_CHECK; + } } /** @@ -529,6 +568,10 @@ String getUseSerialGC() { return JvmInfo.jvmInfo().useSerialGC(); } + @Override + public ReferenceDocs referenceDocs() { + return ReferenceDocs.USE_SERIAL_COLLECTOR_CHECK; + } } /** @@ -551,6 +594,10 @@ boolean isSystemCallFilterInstalled() { return Natives.isSystemCallFilterInstalled(); } + @Override + public ReferenceDocs referenceDocs() { + return ReferenceDocs.SYSTEM_CALL_FILTER_CHECK; + } } abstract static class MightForkCheck implements BootstrapCheck { @@ -579,6 +626,11 @@ public final boolean alwaysEnforce() { return true; } + @Override + public ReferenceDocs referenceDocs() { + return ReferenceDocs.ONERROR_AND_ONOUTOFMEMORYERROR_CHECKS; + } + } static class OnErrorCheck extends MightForkCheck { @@ -658,6 +710,11 @@ String javaVersion() { return Constants.JAVA_VERSION; } + @Override + public ReferenceDocs referenceDocs() { + return ReferenceDocs.EARLY_ACCESS_CHECK; + } + } static class AllPermissionCheck implements BootstrapCheck { @@ -681,6 +738,10 @@ boolean isAllPermissionGranted() { return true; } + @Override + public ReferenceDocs referenceDocs() { + return ReferenceDocs.ALL_PERMISSION_CHECK; + } } static class DiscoveryConfiguredCheck implements BootstrapCheck { @@ -703,6 +764,11 @@ public BootstrapCheckResult check(BootstrapContext context) { ) ); } + + @Override + public ReferenceDocs referenceDocs() { + return ReferenceDocs.DISCOVERY_CONFIGURATION_CHECK; + } } static class ByteOrderCheck implements BootstrapCheck { @@ -718,5 +784,10 @@ public BootstrapCheckResult check(BootstrapContext context) { ByteOrder nativeByteOrder() { return ByteOrder.nativeOrder(); } + + @Override + public ReferenceDocs referenceDocs() { + return null; + } } } diff --git a/server/src/main/java/org/elasticsearch/common/ReferenceDocs.java b/server/src/main/java/org/elasticsearch/common/ReferenceDocs.java index 0f60dbff56cfa..56e1e5edadece 100644 --- a/server/src/main/java/org/elasticsearch/common/ReferenceDocs.java +++ b/server/src/main/java/org/elasticsearch/common/ReferenceDocs.java @@ -46,6 +46,28 @@ public enum ReferenceDocs { CONCURRENT_REPOSITORY_WRITERS, ARCHIVE_INDICES, HTTP_TRACER, + HEAP_SIZE_CHECK, + FILE_DESCRIPTOR_CHECK, + MEMORY_LOCK_CHECK, + MAX_NUMBER_THREADS_CHECK, + MAX_FILE_SIZE_CHECK, + MAX_SIZE_VIRTUAL_MEMORY_CHECK, + MAXIMUM_MAP_COUNT_CHECK, + CLIENT_JVM_CHECK, + USE_SERIAL_COLLECTOR_CHECK, + SYSTEM_CALL_FILTER_CHECK, + ONERROR_AND_ONOUTOFMEMORYERROR_CHECKS, + EARLY_ACCESS_CHECK, + G1GC_CHECK, + ALL_PERMISSION_CHECK, + DISCOVERY_CONFIGURATION_CHECK, + BOOTSTRAP_CHECKS, + ENCRYPT_SENSITIVE_DATA_CHECKS, + PKI_REALM_CHECKS, + ROLE_MAPPINGS_CHECKS, + TLS_CHECKS, + TOKEN_SSL_CHECKS, + SECURITY_MINIMAL_SETUP // this comment keeps the ';' on the next line so every entry above has a trailing ',' which makes the diff for adding new links cleaner ; diff --git a/server/src/main/resources/org/elasticsearch/common/reference-docs-links.json b/server/src/main/resources/org/elasticsearch/common/reference-docs-links.json index 4de327d203d16..dff5d883f4bf5 100644 --- a/server/src/main/resources/org/elasticsearch/common/reference-docs-links.json +++ b/server/src/main/resources/org/elasticsearch/common/reference-docs-links.json @@ -6,5 +6,27 @@ "SHARD_LOCK_TROUBLESHOOTING": "troubleshooting-unstable-cluster.html#_diagnosing_shardlockobtainfailedexception_failures_2", "CONCURRENT_REPOSITORY_WRITERS": "add-repository.html", "ARCHIVE_INDICES": "archive-indices.html", - "HTTP_TRACER": "modules-network.html#http-rest-request-tracer" + "HTTP_TRACER": "modules-network.html#http-rest-request-tracer", + "HEAP_SIZE_CHECK": "_heap_size_check.html", + "FILE_DESCRIPTOR_CHECK": "_file_descriptor_check.html", + "MEMORY_LOCK_CHECK": "_memory_lock_check.html", + "MAX_NUMBER_THREADS_CHECK": "max-number-threads-check.html", + "MAX_FILE_SIZE_CHECK": "_max_file_size_check.html", + "MAX_SIZE_VIRTUAL_MEMORY_CHECK": "max-size-virtual-memory-check.html", + "MAXIMUM_MAP_COUNT_CHECK": "_maximum_map_count_check.html", + "CLIENT_JVM_CHECK": "_client_jvm_check.html", + "USE_SERIAL_COLLECTOR_CHECK": "_use_serial_collector_check.html", + "SYSTEM_CALL_FILTER_CHECK": "_system_call_filter_check.html", + "ONERROR_AND_ONOUTOFMEMORYERROR_CHECKS": "_onerror_and_onoutofmemoryerror_checks.html", + "EARLY_ACCESS_CHECK": "_early_access_check.html", + "G1GC_CHECK": "_g1gc_check.html", + "ALL_PERMISSION_CHECK": "_all_permission_check.html", + "DISCOVERY_CONFIGURATION_CHECK": "_discovery_configuration_check.html", + "BOOTSTRAP_CHECKS": "bootstrap-checks.html", + "ENCRYPT_SENSITIVE_DATA_CHECKS": "bootstrap-checks-xpack.html#_encrypt_sensitive_data_check", + "PKI_REALM_CHECKS": "bootstrap-checks-xpack.html#_pki_realm_check", + "ROLE_MAPPINGS_CHECKS": "bootstrap-checks-xpack.html#_role_mappings_check", + "TLS_CHECKS": "bootstrap-checks-xpack.html#bootstrap-checks-tls", + "TOKEN_SSL_CHECKS": "bootstrap-checks-xpack.html#_token_ssl_check", + "SECURITY_MINIMAL_SETUP": "security-minimal-setup.html" } diff --git a/server/src/test/java/org/elasticsearch/bootstrap/BootstrapChecksTests.java b/server/src/test/java/org/elasticsearch/bootstrap/BootstrapChecksTests.java index 843a65aa877ac..6bbd805884b01 100644 --- a/server/src/test/java/org/elasticsearch/bootstrap/BootstrapChecksTests.java +++ b/server/src/test/java/org/elasticsearch/bootstrap/BootstrapChecksTests.java @@ -12,6 +12,7 @@ import org.apache.lucene.util.Constants; import org.elasticsearch.cluster.coordination.ClusterBootstrapService; import org.elasticsearch.cluster.metadata.Metadata; +import org.elasticsearch.common.ReferenceDocs; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.transport.BoundTransportAddress; import org.elasticsearch.common.transport.TransportAddress; @@ -128,10 +129,27 @@ public void testEnforceLimitsWhenPublishingToNonLocalAddress() { } public void testExceptionAggregation() { - final List checks = Arrays.asList( - context -> BootstrapCheck.BootstrapCheckResult.failure("first"), - context -> BootstrapCheck.BootstrapCheckResult.failure("second") - ); + final List checks = Arrays.asList(new BootstrapCheck() { + @Override + public BootstrapCheckResult check(BootstrapContext context) { + return BootstrapCheck.BootstrapCheckResult.failure("first"); + } + + @Override + public ReferenceDocs referenceDocs() { + return null; + } + }, new BootstrapCheck() { + @Override + public BootstrapCheckResult check(BootstrapContext context) { + return BootstrapCheck.BootstrapCheckResult.failure("second"); + } + + @Override + public ReferenceDocs referenceDocs() { + return null; + } + }); final NodeValidationException e = expectThrows( NodeValidationException.class, @@ -146,7 +164,10 @@ public void testExceptionAggregation() { containsString("bootstrap check failure [1] of [2]:"), containsString("first"), containsString("bootstrap check failure [2] of [2]:"), - containsString("second") + containsString("second"), + containsString( + "For more information see [" + ReferenceDocs.BOOTSTRAP_CHECKS + "]" + ) ) ) ); @@ -194,6 +215,7 @@ boolean isMemoryLocked() { "initial heap size [" + initialHeapSize.get() + "] " + "not equal to maximum heap size [" + maxHeapSize.get() + "]" ) ); + assertThat(e.getMessage(), containsString("; for more information see [" + check.referenceDocs() + "]")); final String memoryLockingMessage = "and prevents memory locking from locking the entire heap"; final Matcher memoryLockingMatcher; if (isMemoryLocked) { @@ -243,6 +265,7 @@ long getMaxFileDescriptorCount() { () -> BootstrapChecks.check(emptyContext, true, Collections.singletonList(check)) ); assertThat(e.getMessage(), containsString("max file descriptors")); + assertThat(e.getMessage(), containsString("; for more information see [" + check.referenceDocs() + "]")); maxFileDescriptorCount.set(randomIntBetween(limit + 1, Integer.MAX_VALUE)); @@ -300,6 +323,7 @@ boolean isMemoryLocked() { () -> BootstrapChecks.check(bootstrapContext, true, Collections.singletonList(check)) ); assertThat(e.getMessage(), containsString("memory locking requested for elasticsearch process but memory is not locked")); + assertThat(e.getMessage(), containsString("; for more information see [" + check.referenceDocs() + "]")); } else { // nothing should happen BootstrapChecks.check(bootstrapContext, true, Collections.singletonList(check)); @@ -322,6 +346,7 @@ long getMaxNumberOfThreads() { () -> BootstrapChecks.check(emptyContext, true, Collections.singletonList(check)) ); assertThat(e.getMessage(), containsString("max number of threads")); + assertThat(e.getMessage(), containsString("; for more information see [" + check.referenceDocs() + "]")); maxNumberOfThreads.set(randomIntBetween(limit + 1, Integer.MAX_VALUE)); @@ -353,6 +378,7 @@ long getRlimInfinity() { () -> BootstrapChecks.check(emptyContext, true, Collections.singletonList(check)) ); assertThat(e.getMessage(), containsString("max size virtual memory")); + assertThat(e.getMessage(), containsString("; for more information see [" + check.referenceDocs() + "]")); maxSizeVirtualMemory.set(rlimInfinity); @@ -383,6 +409,7 @@ long getRlimInfinity() { () -> BootstrapChecks.check(emptyContext, true, Collections.singletonList(check)) ); assertThat(e.getMessage(), containsString("max file size")); + assertThat(e.getMessage(), containsString("; for more information see [" + check.referenceDocs() + "]")); maxFileSize.set(rlimInfinity); @@ -413,6 +440,7 @@ String getVmName() { + "but should be using a server VM for the best performance" ) ); + assertThat(e.getMessage(), containsString("; for more information see [" + check.referenceDocs() + "]")); vmName.set("Java HotSpot(TM) 32-Bit Server VM"); BootstrapChecks.check(emptyContext, true, Collections.singletonList(check)); @@ -441,6 +469,7 @@ String getUseSerialGC() { + "] or -XX:+UseSerialGC was explicitly specified" ) ); + assertThat(e.getMessage(), containsString("; for more information see [" + check.referenceDocs() + "]")); useSerialGC.set("false"); BootstrapChecks.check(emptyContext, true, Collections.singletonList(check)); @@ -464,6 +493,7 @@ boolean isSystemCallFilterInstalled() { () -> BootstrapChecks.check(context, true, Collections.singletonList(systemCallFilterEnabledCheck)) ); assertThat(e.getMessage(), containsString("system call filters failed to install; check the logs and fix your configuration")); + assertThat(e.getMessage(), containsString("; for more information see [" + systemCallFilterEnabledCheck.referenceDocs() + "]")); isSystemCallFilterInstalled.set(true); BootstrapChecks.check(context, true, Collections.singletonList(systemCallFilterEnabledCheck)); @@ -489,13 +519,10 @@ String message(BootstrapContext context) { } }; - runMightForkTest( - check, - isSystemCallFilterInstalled, - () -> mightFork.set(false), - () -> mightFork.set(true), - e -> assertThat(e.getMessage(), containsString("error")) - ); + runMightForkTest(check, isSystemCallFilterInstalled, () -> mightFork.set(false), () -> mightFork.set(true), e -> { + assertThat(e.getMessage(), containsString("error")); + assertThat(e.getMessage(), containsString("; for more information see [" + check.referenceDocs() + "]")); + }); } public void testOnErrorCheck() throws NodeValidationException { @@ -521,15 +548,18 @@ String onError() { isSystemCallFilterInstalled, () -> onError.set(randomBoolean() ? "" : null), () -> onError.set(command), - e -> assertThat( - e.getMessage(), - containsString( - "OnError [" - + command - + "] requires forking but is prevented by system call filters;" - + " upgrade to at least Java 8u92 and use ExitOnOutOfMemoryError" - ) - ) + e -> { + assertThat( + e.getMessage(), + containsString( + "OnError [" + + command + + "] requires forking but is prevented by system call filters;" + + " upgrade to at least Java 8u92 and use ExitOnOutOfMemoryError" + ) + ); + assertThat(e.getMessage(), containsString("; for more information see [" + check.referenceDocs() + "]")); + } ); } @@ -556,16 +586,19 @@ String onOutOfMemoryError() { isSystemCallFilterInstalled, () -> onOutOfMemoryError.set(randomBoolean() ? "" : null), () -> onOutOfMemoryError.set(command), - e -> assertThat( - e.getMessage(), - containsString( - "OnOutOfMemoryError [" - + command - + "]" - + " requires forking but is prevented by system call filters;" - + " upgrade to at least Java 8u92 and use ExitOnOutOfMemoryError" - ) - ) + e -> { + assertThat( + e.getMessage(), + containsString( + "OnOutOfMemoryError [" + + command + + "]" + + " requires forking but is prevented by system call filters;" + + " upgrade to at least Java 8u92 and use ExitOnOutOfMemoryError" + ) + ); + assertThat(e.getMessage(), containsString("; for more information see [" + check.referenceDocs() + "]")); + } ); } @@ -629,6 +662,7 @@ String javaVersion() { e.getMessage(), containsString("Java version [" + javaVersion.get() + "] is an early-access build, only use release builds") ); + assertThat(e.getMessage(), containsString("; for more information see [" + eaCheck.referenceDocs() + "]")); // if not on an early-access build, nothing should happen javaVersion.set(randomFrom("1.8.0_152", "9")); @@ -651,6 +685,7 @@ boolean isAllPermissionGranted() { () -> BootstrapChecks.check(emptyContext, true, checks) ); assertThat(e, hasToString(containsString("granting the all permission effectively disables security"))); + assertThat(e.getMessage(), containsString("; for more information see [" + allPermissionCheck.referenceDocs() + "]")); // if all permissions are not granted, nothing should happen isAllPermissionGranted.set(false); @@ -668,6 +703,11 @@ public BootstrapCheckResult check(BootstrapContext context) { public boolean alwaysEnforce() { return true; } + + @Override + public ReferenceDocs referenceDocs() { + return null; + } }; final NodeValidationException alwaysEnforced = expectThrows( @@ -678,7 +718,8 @@ public boolean alwaysEnforce() { } public void testDiscoveryConfiguredCheck() throws NodeValidationException { - final List checks = Collections.singletonList(new BootstrapChecks.DiscoveryConfiguredCheck()); + final BootstrapChecks.DiscoveryConfiguredCheck check = new BootstrapChecks.DiscoveryConfiguredCheck(); + final List checks = Collections.singletonList(check); final BootstrapContext zen2Context = createTestContext( Settings.builder().put(DiscoveryModule.DISCOVERY_TYPE_SETTING.getKey(), MULTI_NODE_DISCOVERY_TYPE).build(), @@ -713,6 +754,7 @@ public void testDiscoveryConfiguredCheck() throws NodeValidationException { ) ) ); + assertThat(e.getMessage(), containsString("; for more information see [" + check.referenceDocs() + "]")); CheckedConsumer ensureChecksPass = b -> { final BootstrapContext context = createTestContext( @@ -741,6 +783,7 @@ ByteOrder nativeByteOrder() { () -> BootstrapChecks.check(emptyContext, true, List.of(byteOrderCheck)) ); assertThat(e.getMessage(), containsString("Little-endian native byte order is required to run Elasticsearch")); + assertThat(e.getMessage(), containsString("; for more information see [" + byteOrderCheck.referenceDocs() + "]")); reference[0] = ByteOrder.LITTLE_ENDIAN; BootstrapChecks.check(emptyContext, true, List.of(byteOrderCheck)); diff --git a/server/src/test/java/org/elasticsearch/node/NodeTests.java b/server/src/test/java/org/elasticsearch/node/NodeTests.java index 0a0040eebea39..fa89026b2d3dd 100644 --- a/server/src/test/java/org/elasticsearch/node/NodeTests.java +++ b/server/src/test/java/org/elasticsearch/node/NodeTests.java @@ -16,6 +16,7 @@ import org.elasticsearch.cluster.metadata.IndexNameExpressionResolver; import org.elasticsearch.cluster.routing.allocation.AllocationService; import org.elasticsearch.cluster.service.ClusterService; +import org.elasticsearch.common.ReferenceDocs; import org.elasticsearch.common.breaker.CircuitBreaker; import org.elasticsearch.common.bytes.BytesReference; import org.elasticsearch.common.component.AbstractLifecycleComponent; @@ -93,7 +94,16 @@ public class NodeTests extends ESTestCase { public static class CheckPlugin extends Plugin { - public static final BootstrapCheck CHECK = context -> BootstrapCheck.BootstrapCheckResult.success(); + public static final BootstrapCheck CHECK = new BootstrapCheck() { + @Override + public BootstrapCheckResult check(BootstrapContext context) { + return BootstrapCheck.BootstrapCheckResult.success(); + } + + @Override public ReferenceDocs referenceDocs() { + return null; + } + }; @Override public List getBootstrapChecks() { diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/ssl/TransportTLSBootstrapCheck.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/ssl/TransportTLSBootstrapCheck.java index 5899736481884..6615f8219e2c0 100644 --- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/ssl/TransportTLSBootstrapCheck.java +++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/ssl/TransportTLSBootstrapCheck.java @@ -8,6 +8,7 @@ import org.elasticsearch.bootstrap.BootstrapCheck; import org.elasticsearch.bootstrap.BootstrapContext; +import org.elasticsearch.common.ReferenceDocs; import org.elasticsearch.xpack.core.XPackSettings; /** @@ -27,4 +28,9 @@ public BootstrapCheckResult check(BootstrapContext context) { } return BootstrapCheckResult.success(); } + + @Override + public ReferenceDocs referenceDocs() { + return ReferenceDocs.TLS_CHECKS; + } } diff --git a/x-pack/plugin/ml-package-loader/src/main/java/org/elasticsearch/xpack/ml/packageloader/MachineLearningPackageLoader.java b/x-pack/plugin/ml-package-loader/src/main/java/org/elasticsearch/xpack/ml/packageloader/MachineLearningPackageLoader.java index 46ba695624f60..1946a82d994b4 100644 --- a/x-pack/plugin/ml-package-loader/src/main/java/org/elasticsearch/xpack/ml/packageloader/MachineLearningPackageLoader.java +++ b/x-pack/plugin/ml-package-loader/src/main/java/org/elasticsearch/xpack/ml/packageloader/MachineLearningPackageLoader.java @@ -11,6 +11,7 @@ import org.elasticsearch.action.ActionResponse; import org.elasticsearch.bootstrap.BootstrapCheck; import org.elasticsearch.bootstrap.BootstrapContext; +import org.elasticsearch.common.ReferenceDocs; import org.elasticsearch.common.Strings; import org.elasticsearch.common.settings.Setting; import org.elasticsearch.plugins.ActionPlugin; @@ -88,6 +89,11 @@ public BootstrapCheckResult check(BootstrapContext context) { public boolean alwaysEnforce() { return true; } + + @Override + public ReferenceDocs referenceDocs() { + return null; + } }); } diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/PkiRealmBootstrapCheck.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/PkiRealmBootstrapCheck.java index eac48d3fe7950..9cce503e1957a 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/PkiRealmBootstrapCheck.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/PkiRealmBootstrapCheck.java @@ -8,6 +8,7 @@ import org.elasticsearch.bootstrap.BootstrapCheck; import org.elasticsearch.bootstrap.BootstrapContext; +import org.elasticsearch.common.ReferenceDocs; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.ssl.SslConfiguration; import org.elasticsearch.xpack.core.XPackSettings; @@ -78,4 +79,9 @@ private List getSslContextNames(Settings settings) { public boolean alwaysEnforce() { return true; } + + @Override + public ReferenceDocs referenceDocs() { + return ReferenceDocs.PKI_REALM_CHECKS; + } } diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/SecurityImplicitBehaviorBootstrapCheck.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/SecurityImplicitBehaviorBootstrapCheck.java index ab9aa32c9b859..ddbca2139d2f6 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/SecurityImplicitBehaviorBootstrapCheck.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/SecurityImplicitBehaviorBootstrapCheck.java @@ -10,6 +10,7 @@ import org.elasticsearch.Version; import org.elasticsearch.bootstrap.BootstrapCheck; import org.elasticsearch.bootstrap.BootstrapContext; +import org.elasticsearch.common.ReferenceDocs; import org.elasticsearch.env.NodeMetadata; import org.elasticsearch.license.ClusterStateLicenseService; import org.elasticsearch.license.License; @@ -59,4 +60,9 @@ public BootstrapCheckResult check(BootstrapContext context) { public boolean alwaysEnforce() { return true; } + + @Override + public ReferenceDocs referenceDocs() { + return ReferenceDocs.SECURITY_MINIMAL_SETUP; + } } diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/TokenSSLBootstrapCheck.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/TokenSSLBootstrapCheck.java index 1c2fbb3df425b..8613c866296cd 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/TokenSSLBootstrapCheck.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/TokenSSLBootstrapCheck.java @@ -8,6 +8,7 @@ import org.elasticsearch.bootstrap.BootstrapCheck; import org.elasticsearch.bootstrap.BootstrapContext; +import org.elasticsearch.common.ReferenceDocs; import org.elasticsearch.xpack.core.XPackSettings; import java.util.Locale; @@ -35,4 +36,8 @@ public BootstrapCheckResult check(BootstrapContext context) { } } + @Override + public ReferenceDocs referenceDocs() { + return ReferenceDocs.TOKEN_SSL_CHECKS; + } } diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/support/RoleMappingFileBootstrapCheck.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/support/RoleMappingFileBootstrapCheck.java index b76124d5c4631..81a11bd75366e 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/support/RoleMappingFileBootstrapCheck.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/support/RoleMappingFileBootstrapCheck.java @@ -9,6 +9,7 @@ import org.apache.logging.log4j.LogManager; import org.elasticsearch.bootstrap.BootstrapCheck; import org.elasticsearch.bootstrap.BootstrapContext; +import org.elasticsearch.common.ReferenceDocs; import org.elasticsearch.xpack.core.security.authc.RealmConfig; import org.elasticsearch.xpack.core.security.authc.support.DnRoleMapperSettings; @@ -51,4 +52,8 @@ public static BootstrapCheck create(RealmConfig realmConfig) { return null; } + @Override + public ReferenceDocs referenceDocs() { + return ReferenceDocs.ROLE_MAPPINGS_CHECKS; + } } diff --git a/x-pack/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/EncryptSensitiveDataBootstrapCheck.java b/x-pack/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/EncryptSensitiveDataBootstrapCheck.java index 555787f577efe..b6e91a00d8c64 100644 --- a/x-pack/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/EncryptSensitiveDataBootstrapCheck.java +++ b/x-pack/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/EncryptSensitiveDataBootstrapCheck.java @@ -8,6 +8,7 @@ import org.elasticsearch.bootstrap.BootstrapCheck; import org.elasticsearch.bootstrap.BootstrapContext; +import org.elasticsearch.common.ReferenceDocs; import org.elasticsearch.xpack.core.XPackPlugin; import org.elasticsearch.xpack.core.watcher.WatcherField; @@ -50,4 +51,9 @@ public BootstrapCheckResult check(BootstrapContext context) { public boolean alwaysEnforce() { return true; } + + @Override + public ReferenceDocs referenceDocs() { + return ReferenceDocs.ENCRYPT_SENSITIVE_DATA_CHECKS; + } } From d3b8bfef3f150e1bf61c5456dd797d70bf64bdbc Mon Sep 17 00:00:00 2001 From: David Turner Date: Wed, 20 Sep 2023 06:34:11 +0100 Subject: [PATCH 2/7] Spotless --- .../bootstrap/EvilBootstrapChecksTests.java | 22 +++++++++---------- .../bootstrap/BootstrapCheck.java | 1 + .../bootstrap/BootstrapChecksTests.java | 4 +--- .../org/elasticsearch/node/NodeTests.java | 3 ++- 4 files changed, 15 insertions(+), 15 deletions(-) diff --git a/qa/evil-tests/src/test/java/org/elasticsearch/bootstrap/EvilBootstrapChecksTests.java b/qa/evil-tests/src/test/java/org/elasticsearch/bootstrap/EvilBootstrapChecksTests.java index 480b6929057a1..c1d44763ce834 100644 --- a/qa/evil-tests/src/test/java/org/elasticsearch/bootstrap/EvilBootstrapChecksTests.java +++ b/qa/evil-tests/src/test/java/org/elasticsearch/bootstrap/EvilBootstrapChecksTests.java @@ -50,17 +50,17 @@ public void tearDown() throws Exception { public void testEnforceBootstrapChecks() throws NodeValidationException { setEsEnforceBootstrapChecks("true"); - final List checks = Collections.singletonList( - new BootstrapCheck() { - @Override - public BootstrapCheckResult check(BootstrapContext context) { - return BootstrapCheck.BootstrapCheckResult.failure("error"); - } - - @Override public ReferenceDocs referenceDocs() { - return null; - } - }); + final List checks = Collections.singletonList(new BootstrapCheck() { + @Override + public BootstrapCheckResult check(BootstrapContext context) { + return BootstrapCheck.BootstrapCheckResult.failure("error"); + } + + @Override + public ReferenceDocs referenceDocs() { + return null; + } + }); final Logger logger = mock(Logger.class); diff --git a/server/src/main/java/org/elasticsearch/bootstrap/BootstrapCheck.java b/server/src/main/java/org/elasticsearch/bootstrap/BootstrapCheck.java index 5e81c3576085c..6a32959b7e5f7 100644 --- a/server/src/main/java/org/elasticsearch/bootstrap/BootstrapCheck.java +++ b/server/src/main/java/org/elasticsearch/bootstrap/BootstrapCheck.java @@ -9,6 +9,7 @@ package org.elasticsearch.bootstrap; import org.elasticsearch.common.ReferenceDocs; + import java.util.Objects; /** diff --git a/server/src/test/java/org/elasticsearch/bootstrap/BootstrapChecksTests.java b/server/src/test/java/org/elasticsearch/bootstrap/BootstrapChecksTests.java index 6bbd805884b01..8b024986e7a9c 100644 --- a/server/src/test/java/org/elasticsearch/bootstrap/BootstrapChecksTests.java +++ b/server/src/test/java/org/elasticsearch/bootstrap/BootstrapChecksTests.java @@ -165,9 +165,7 @@ public ReferenceDocs referenceDocs() { containsString("first"), containsString("bootstrap check failure [2] of [2]:"), containsString("second"), - containsString( - "For more information see [" + ReferenceDocs.BOOTSTRAP_CHECKS + "]" - ) + containsString("For more information see [" + ReferenceDocs.BOOTSTRAP_CHECKS + "]") ) ) ); diff --git a/server/src/test/java/org/elasticsearch/node/NodeTests.java b/server/src/test/java/org/elasticsearch/node/NodeTests.java index fa89026b2d3dd..3bf1f36aeead2 100644 --- a/server/src/test/java/org/elasticsearch/node/NodeTests.java +++ b/server/src/test/java/org/elasticsearch/node/NodeTests.java @@ -100,7 +100,8 @@ public BootstrapCheckResult check(BootstrapContext context) { return BootstrapCheck.BootstrapCheckResult.success(); } - @Override public ReferenceDocs referenceDocs() { + @Override + public ReferenceDocs referenceDocs() { return null; } }; From aa02b876582d712cbb35d30b8a275ed28dcbc197 Mon Sep 17 00:00:00 2001 From: David Turner Date: Wed, 20 Sep 2023 06:36:18 +0100 Subject: [PATCH 3/7] Add changelog --- docs/changelog/99644.yaml | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 docs/changelog/99644.yaml diff --git a/docs/changelog/99644.yaml b/docs/changelog/99644.yaml new file mode 100644 index 0000000000000..10c10448c074c --- /dev/null +++ b/docs/changelog/99644.yaml @@ -0,0 +1,6 @@ +pr: 99644 +summary: Add links to docs from failing bootstrap checks +area: Infra/Node Lifecycle +type: enhancement +issues: [99614] + From 8842757cb014b9c4f9f704bab20d847e9c94bc3d Mon Sep 17 00:00:00 2001 From: NEUpanning Date: Wed, 20 Sep 2023 15:39:14 +0800 Subject: [PATCH 4/7] changes after review feedback --- .../bootstrap/EvilBootstrapChecksTests.java | 2 +- .../bootstrap/BootstrapChecks.java | 30 +++++------ .../elasticsearch/common/ReferenceDocs.java | 42 +++++++-------- .../common/reference-docs-links.json | 42 +++++++-------- .../bootstrap/BootstrapChecksTests.java | 51 ++++++++++++------- .../core/ssl/TransportTLSBootstrapCheck.java | 2 +- .../security/PkiRealmBootstrapCheck.java | 2 +- ...ecurityImplicitBehaviorBootstrapCheck.java | 8 +-- .../security/TokenSSLBootstrapCheck.java | 2 +- .../RoleMappingFileBootstrapCheck.java | 2 +- ...tyImplicitBehaviorBootstrapCheckTests.java | 7 +-- .../EncryptSensitiveDataBootstrapCheck.java | 2 +- 12 files changed, 101 insertions(+), 91 deletions(-) diff --git a/qa/evil-tests/src/test/java/org/elasticsearch/bootstrap/EvilBootstrapChecksTests.java b/qa/evil-tests/src/test/java/org/elasticsearch/bootstrap/EvilBootstrapChecksTests.java index c1d44763ce834..58bf1760551d4 100644 --- a/qa/evil-tests/src/test/java/org/elasticsearch/bootstrap/EvilBootstrapChecksTests.java +++ b/qa/evil-tests/src/test/java/org/elasticsearch/bootstrap/EvilBootstrapChecksTests.java @@ -58,7 +58,7 @@ public BootstrapCheckResult check(BootstrapContext context) { @Override public ReferenceDocs referenceDocs() { - return null; + return ReferenceDocs.BOOTSTRAP_CHECKS; } }); diff --git a/server/src/main/java/org/elasticsearch/bootstrap/BootstrapChecks.java b/server/src/main/java/org/elasticsearch/bootstrap/BootstrapChecks.java index 260467ad65014..a99ed225b244b 100644 --- a/server/src/main/java/org/elasticsearch/bootstrap/BootstrapChecks.java +++ b/server/src/main/java/org/elasticsearch/bootstrap/BootstrapChecks.java @@ -246,7 +246,7 @@ public BootstrapCheckResult check(BootstrapContext context) { @Override public ReferenceDocs referenceDocs() { - return ReferenceDocs.HEAP_SIZE_CHECK; + return ReferenceDocs.BOOTSTRAP_CHECK_HEAP_SIZE; } // visible for testing @@ -309,7 +309,7 @@ public final BootstrapCheckResult check(BootstrapContext context) { @Override public ReferenceDocs referenceDocs() { - return ReferenceDocs.FILE_DESCRIPTOR_CHECK; + return ReferenceDocs.BOOTSTRAP_CHECK_FILE_DESCRIPTOR; } // visible for testing @@ -337,7 +337,7 @@ boolean isMemoryLocked() { @Override public ReferenceDocs referenceDocs() { - return ReferenceDocs.MEMORY_LOCK_CHECK; + return ReferenceDocs.BOOTSTRAP_CHECK_MEMORY_LOCK; } } @@ -370,7 +370,7 @@ long getMaxNumberOfThreads() { @Override public ReferenceDocs referenceDocs() { - return ReferenceDocs.MAX_NUMBER_THREADS_CHECK; + return ReferenceDocs.BOOTSTRAP_CHECK_MAX_NUMBER_THREADS; } } @@ -403,7 +403,7 @@ long getMaxSizeVirtualMemory() { @Override public ReferenceDocs referenceDocs() { - return ReferenceDocs.MAX_SIZE_VIRTUAL_MEMORY_CHECK; + return ReferenceDocs.BOOTSTRAP_CHECK_MAX_SIZE_VIRTUAL_MEMORY; } } @@ -438,7 +438,7 @@ long getMaxFileSize() { @Override public ReferenceDocs referenceDocs() { - return ReferenceDocs.MAX_FILE_SIZE_CHECK; + return ReferenceDocs.BOOTSTRAP_CHECK_MAX_FILE_SIZE; } } @@ -511,7 +511,7 @@ static long parseProcSysVmMaxMapCount(final String procSysVmMaxMapCount) throws @Override public ReferenceDocs referenceDocs() { - return ReferenceDocs.MAXIMUM_MAP_COUNT_CHECK; + return ReferenceDocs.BOOTSTRAP_CHECK_MAXIMUM_MAP_COUNT; } } @@ -538,7 +538,7 @@ String getVmName() { @Override public ReferenceDocs referenceDocs() { - return ReferenceDocs.CLIENT_JVM_CHECK; + return ReferenceDocs.BOOTSTRAP_CHECK_CLIENT_JVM; } } @@ -570,7 +570,7 @@ String getUseSerialGC() { @Override public ReferenceDocs referenceDocs() { - return ReferenceDocs.USE_SERIAL_COLLECTOR_CHECK; + return ReferenceDocs.BOOTSTRAP_CHECK_USE_SERIAL_COLLECTOR; } } @@ -596,7 +596,7 @@ boolean isSystemCallFilterInstalled() { @Override public ReferenceDocs referenceDocs() { - return ReferenceDocs.SYSTEM_CALL_FILTER_CHECK; + return ReferenceDocs.BOOTSTRAP_CHECK_SYSTEM_CALL_FILTER; } } @@ -628,7 +628,7 @@ public final boolean alwaysEnforce() { @Override public ReferenceDocs referenceDocs() { - return ReferenceDocs.ONERROR_AND_ONOUTOFMEMORYERROR_CHECKS; + return ReferenceDocs.BOOTSTRAP_CHECK_ONERROR_AND_ONOUTOFMEMORYERROR; } } @@ -712,7 +712,7 @@ String javaVersion() { @Override public ReferenceDocs referenceDocs() { - return ReferenceDocs.EARLY_ACCESS_CHECK; + return ReferenceDocs.BOOTSTRAP_CHECK_EARLY_ACCESS; } } @@ -740,7 +740,7 @@ boolean isAllPermissionGranted() { @Override public ReferenceDocs referenceDocs() { - return ReferenceDocs.ALL_PERMISSION_CHECK; + return ReferenceDocs.BOOTSTRAP_CHECK_ALL_PERMISSION; } } @@ -767,7 +767,7 @@ public BootstrapCheckResult check(BootstrapContext context) { @Override public ReferenceDocs referenceDocs() { - return ReferenceDocs.DISCOVERY_CONFIGURATION_CHECK; + return ReferenceDocs.BOOTSTRAP_CHECK_DISCOVERY_CONFIGURATION; } } @@ -787,7 +787,7 @@ ByteOrder nativeByteOrder() { @Override public ReferenceDocs referenceDocs() { - return null; + return ReferenceDocs.BOOTSTRAP_CHECKS; } } } diff --git a/server/src/main/java/org/elasticsearch/common/ReferenceDocs.java b/server/src/main/java/org/elasticsearch/common/ReferenceDocs.java index 56e1e5edadece..b23377b249e34 100644 --- a/server/src/main/java/org/elasticsearch/common/ReferenceDocs.java +++ b/server/src/main/java/org/elasticsearch/common/ReferenceDocs.java @@ -46,28 +46,28 @@ public enum ReferenceDocs { CONCURRENT_REPOSITORY_WRITERS, ARCHIVE_INDICES, HTTP_TRACER, - HEAP_SIZE_CHECK, - FILE_DESCRIPTOR_CHECK, - MEMORY_LOCK_CHECK, - MAX_NUMBER_THREADS_CHECK, - MAX_FILE_SIZE_CHECK, - MAX_SIZE_VIRTUAL_MEMORY_CHECK, - MAXIMUM_MAP_COUNT_CHECK, - CLIENT_JVM_CHECK, - USE_SERIAL_COLLECTOR_CHECK, - SYSTEM_CALL_FILTER_CHECK, - ONERROR_AND_ONOUTOFMEMORYERROR_CHECKS, - EARLY_ACCESS_CHECK, - G1GC_CHECK, - ALL_PERMISSION_CHECK, - DISCOVERY_CONFIGURATION_CHECK, + BOOTSTRAP_CHECK_HEAP_SIZE, + BOOTSTRAP_CHECK_FILE_DESCRIPTOR, + BOOTSTRAP_CHECK_MEMORY_LOCK, + BOOTSTRAP_CHECK_MAX_NUMBER_THREADS, + BOOTSTRAP_CHECK_MAX_FILE_SIZE, + BOOTSTRAP_CHECK_MAX_SIZE_VIRTUAL_MEMORY, + BOOTSTRAP_CHECK_MAXIMUM_MAP_COUNT, + BOOTSTRAP_CHECK_CLIENT_JVM, + BOOTSTRAP_CHECK_USE_SERIAL_COLLECTOR, + BOOTSTRAP_CHECK_SYSTEM_CALL_FILTER, + BOOTSTRAP_CHECK_ONERROR_AND_ONOUTOFMEMORYERROR, + BOOTSTRAP_CHECK_EARLY_ACCESS, + BOOTSTRAP_CHECK_G1GC, + BOOTSTRAP_CHECK_ALL_PERMISSION, + BOOTSTRAP_CHECK_DISCOVERY_CONFIGURATION, BOOTSTRAP_CHECKS, - ENCRYPT_SENSITIVE_DATA_CHECKS, - PKI_REALM_CHECKS, - ROLE_MAPPINGS_CHECKS, - TLS_CHECKS, - TOKEN_SSL_CHECKS, - SECURITY_MINIMAL_SETUP + BOOTSTRAP_CHECK_ENCRYPT_SENSITIVE_DATA, + BOOTSTRAP_CHECK_PKI_REALM, + BOOTSTRAP_CHECK_ROLE_MAPPINGS, + BOOTSTRAP_CHECK_TLS, + BOOTSTRAP_CHECK_TOKEN_SSL, + BOOTSTRAP_CHECK_SECURITY_MINIMAL_SETUP, // this comment keeps the ';' on the next line so every entry above has a trailing ',' which makes the diff for adding new links cleaner ; diff --git a/server/src/main/resources/org/elasticsearch/common/reference-docs-links.json b/server/src/main/resources/org/elasticsearch/common/reference-docs-links.json index dff5d883f4bf5..b162aa5b6c31a 100644 --- a/server/src/main/resources/org/elasticsearch/common/reference-docs-links.json +++ b/server/src/main/resources/org/elasticsearch/common/reference-docs-links.json @@ -7,26 +7,26 @@ "CONCURRENT_REPOSITORY_WRITERS": "add-repository.html", "ARCHIVE_INDICES": "archive-indices.html", "HTTP_TRACER": "modules-network.html#http-rest-request-tracer", - "HEAP_SIZE_CHECK": "_heap_size_check.html", - "FILE_DESCRIPTOR_CHECK": "_file_descriptor_check.html", - "MEMORY_LOCK_CHECK": "_memory_lock_check.html", - "MAX_NUMBER_THREADS_CHECK": "max-number-threads-check.html", - "MAX_FILE_SIZE_CHECK": "_max_file_size_check.html", - "MAX_SIZE_VIRTUAL_MEMORY_CHECK": "max-size-virtual-memory-check.html", - "MAXIMUM_MAP_COUNT_CHECK": "_maximum_map_count_check.html", - "CLIENT_JVM_CHECK": "_client_jvm_check.html", - "USE_SERIAL_COLLECTOR_CHECK": "_use_serial_collector_check.html", - "SYSTEM_CALL_FILTER_CHECK": "_system_call_filter_check.html", - "ONERROR_AND_ONOUTOFMEMORYERROR_CHECKS": "_onerror_and_onoutofmemoryerror_checks.html", - "EARLY_ACCESS_CHECK": "_early_access_check.html", - "G1GC_CHECK": "_g1gc_check.html", - "ALL_PERMISSION_CHECK": "_all_permission_check.html", - "DISCOVERY_CONFIGURATION_CHECK": "_discovery_configuration_check.html", + "BOOTSTRAP_CHECK_HEAP_SIZE": "_heap_size_check.html", + "BOOTSTRAP_CHECK_FILE_DESCRIPTOR": "_file_descriptor_check.html", + "BOOTSTRAP_CHECK_MEMORY_LOCK": "_memory_lock_check.html", + "BOOTSTRAP_CHECK_MAX_NUMBER_THREADS": "max-number-threads-check.html", + "BOOTSTRAP_CHECK_MAX_FILE_SIZE": "_max_file_size_check.html", + "BOOTSTRAP_CHECK_MAX_SIZE_VIRTUAL_MEMORY": "max-size-virtual-memory-check.html", + "BOOTSTRAP_CHECK_MAXIMUM_MAP_COUNT": "_maximum_map_count_check.html", + "BOOTSTRAP_CHECK_CLIENT_JVM": "_client_jvm_check.html", + "BOOTSTRAP_CHECK_USE_SERIAL_COLLECTOR": "_use_serial_collector_check.html", + "BOOTSTRAP_CHECK_SYSTEM_CALL_FILTER": "_system_call_filter_check.html", + "BOOTSTRAP_CHECK_ONERROR_AND_ONOUTOFMEMORYERROR": "_onerror_and_onoutofmemoryerror_checks.html", + "BOOTSTRAP_CHECK_EARLY_ACCESS": "_early_access_check.html", + "BOOTSTRAP_CHECK_G1GC": "_g1gc_check.html", + "BOOTSTRAP_CHECK_ALL_PERMISSION": "_all_permission_check.html", + "BOOTSTRAP_CHECK_DISCOVERY_CONFIGURATION": "_discovery_configuration_check.html", "BOOTSTRAP_CHECKS": "bootstrap-checks.html", - "ENCRYPT_SENSITIVE_DATA_CHECKS": "bootstrap-checks-xpack.html#_encrypt_sensitive_data_check", - "PKI_REALM_CHECKS": "bootstrap-checks-xpack.html#_pki_realm_check", - "ROLE_MAPPINGS_CHECKS": "bootstrap-checks-xpack.html#_role_mappings_check", - "TLS_CHECKS": "bootstrap-checks-xpack.html#bootstrap-checks-tls", - "TOKEN_SSL_CHECKS": "bootstrap-checks-xpack.html#_token_ssl_check", - "SECURITY_MINIMAL_SETUP": "security-minimal-setup.html" + "BOOTSTRAP_CHECK_ENCRYPT_SENSITIVE_DATA": "bootstrap-checks-xpack.html#_encrypt_sensitive_data_check", + "BOOTSTRAP_CHECK_PKI_REALM": "bootstrap-checks-xpack.html#_pki_realm_check", + "BOOTSTRAP_CHECK_ROLE_MAPPINGS": "bootstrap-checks-xpack.html#_role_mappings_check", + "BOOTSTRAP_CHECK_TLS": "bootstrap-checks-xpack.html#bootstrap-checks-tls", + "BOOTSTRAP_CHECK_TOKEN_SSL": "bootstrap-checks-xpack.html#_token_ssl_check", + "BOOTSTRAP_CHECK_SECURITY_MINIMAL_SETUP": "security-minimal-setup.html" } diff --git a/server/src/test/java/org/elasticsearch/bootstrap/BootstrapChecksTests.java b/server/src/test/java/org/elasticsearch/bootstrap/BootstrapChecksTests.java index 8b024986e7a9c..1f5c6252bfb0b 100644 --- a/server/src/test/java/org/elasticsearch/bootstrap/BootstrapChecksTests.java +++ b/server/src/test/java/org/elasticsearch/bootstrap/BootstrapChecksTests.java @@ -165,7 +165,8 @@ public ReferenceDocs referenceDocs() { containsString("first"), containsString("bootstrap check failure [2] of [2]:"), containsString("second"), - containsString("For more information see [" + ReferenceDocs.BOOTSTRAP_CHECKS + "]") + containsString("For more information see " + + "[https://www.elastic.co/guide/en/elasticsearch/reference/") ) ) ); @@ -213,7 +214,8 @@ boolean isMemoryLocked() { "initial heap size [" + initialHeapSize.get() + "] " + "not equal to maximum heap size [" + maxHeapSize.get() + "]" ) ); - assertThat(e.getMessage(), containsString("; for more information see [" + check.referenceDocs() + "]")); + assertThat(e.getMessage(), containsString("; for more information see " + + "[https://www.elastic.co/guide/en/elasticsearch/reference/")); final String memoryLockingMessage = "and prevents memory locking from locking the entire heap"; final Matcher memoryLockingMatcher; if (isMemoryLocked) { @@ -263,7 +265,8 @@ long getMaxFileDescriptorCount() { () -> BootstrapChecks.check(emptyContext, true, Collections.singletonList(check)) ); assertThat(e.getMessage(), containsString("max file descriptors")); - assertThat(e.getMessage(), containsString("; for more information see [" + check.referenceDocs() + "]")); + assertThat(e.getMessage(), containsString("; for more information see " + + "[https://www.elastic.co/guide/en/elasticsearch/reference/")); maxFileDescriptorCount.set(randomIntBetween(limit + 1, Integer.MAX_VALUE)); @@ -321,7 +324,8 @@ boolean isMemoryLocked() { () -> BootstrapChecks.check(bootstrapContext, true, Collections.singletonList(check)) ); assertThat(e.getMessage(), containsString("memory locking requested for elasticsearch process but memory is not locked")); - assertThat(e.getMessage(), containsString("; for more information see [" + check.referenceDocs() + "]")); + assertThat(e.getMessage(), containsString("; for more information see " + + "[https://www.elastic.co/guide/en/elasticsearch/reference/")); } else { // nothing should happen BootstrapChecks.check(bootstrapContext, true, Collections.singletonList(check)); @@ -344,7 +348,8 @@ long getMaxNumberOfThreads() { () -> BootstrapChecks.check(emptyContext, true, Collections.singletonList(check)) ); assertThat(e.getMessage(), containsString("max number of threads")); - assertThat(e.getMessage(), containsString("; for more information see [" + check.referenceDocs() + "]")); + assertThat(e.getMessage(), containsString("; for more information see " + + "[https://www.elastic.co/guide/en/elasticsearch/reference/")); maxNumberOfThreads.set(randomIntBetween(limit + 1, Integer.MAX_VALUE)); @@ -376,7 +381,8 @@ long getRlimInfinity() { () -> BootstrapChecks.check(emptyContext, true, Collections.singletonList(check)) ); assertThat(e.getMessage(), containsString("max size virtual memory")); - assertThat(e.getMessage(), containsString("; for more information see [" + check.referenceDocs() + "]")); + assertThat(e.getMessage(), containsString("; for more information see " + + "[https://www.elastic.co/guide/en/elasticsearch/reference/")); maxSizeVirtualMemory.set(rlimInfinity); @@ -407,7 +413,8 @@ long getRlimInfinity() { () -> BootstrapChecks.check(emptyContext, true, Collections.singletonList(check)) ); assertThat(e.getMessage(), containsString("max file size")); - assertThat(e.getMessage(), containsString("; for more information see [" + check.referenceDocs() + "]")); + assertThat(e.getMessage(), containsString("; for more information see " + + "[https://www.elastic.co/guide/en/elasticsearch/reference/")); maxFileSize.set(rlimInfinity); @@ -438,7 +445,8 @@ String getVmName() { + "but should be using a server VM for the best performance" ) ); - assertThat(e.getMessage(), containsString("; for more information see [" + check.referenceDocs() + "]")); + assertThat(e.getMessage(), containsString("; for more information see " + + "[https://www.elastic.co/guide/en/elasticsearch/reference/")); vmName.set("Java HotSpot(TM) 32-Bit Server VM"); BootstrapChecks.check(emptyContext, true, Collections.singletonList(check)); @@ -467,7 +475,8 @@ String getUseSerialGC() { + "] or -XX:+UseSerialGC was explicitly specified" ) ); - assertThat(e.getMessage(), containsString("; for more information see [" + check.referenceDocs() + "]")); + assertThat(e.getMessage(), containsString("; for more information see " + + "[https://www.elastic.co/guide/en/elasticsearch/reference/")); useSerialGC.set("false"); BootstrapChecks.check(emptyContext, true, Collections.singletonList(check)); @@ -491,7 +500,8 @@ boolean isSystemCallFilterInstalled() { () -> BootstrapChecks.check(context, true, Collections.singletonList(systemCallFilterEnabledCheck)) ); assertThat(e.getMessage(), containsString("system call filters failed to install; check the logs and fix your configuration")); - assertThat(e.getMessage(), containsString("; for more information see [" + systemCallFilterEnabledCheck.referenceDocs() + "]")); + assertThat(e.getMessage(), containsString("; for more information see " + + "[https://www.elastic.co/guide/en/elasticsearch/reference/")); isSystemCallFilterInstalled.set(true); BootstrapChecks.check(context, true, Collections.singletonList(systemCallFilterEnabledCheck)); @@ -519,7 +529,8 @@ String message(BootstrapContext context) { runMightForkTest(check, isSystemCallFilterInstalled, () -> mightFork.set(false), () -> mightFork.set(true), e -> { assertThat(e.getMessage(), containsString("error")); - assertThat(e.getMessage(), containsString("; for more information see [" + check.referenceDocs() + "]")); + assertThat(e.getMessage(), containsString("; for more information see " + + "[https://www.elastic.co/guide/en/elasticsearch/reference/")); }); } @@ -556,7 +567,8 @@ String onError() { + " upgrade to at least Java 8u92 and use ExitOnOutOfMemoryError" ) ); - assertThat(e.getMessage(), containsString("; for more information see [" + check.referenceDocs() + "]")); + assertThat(e.getMessage(), containsString("; for more information see " + + "[https://www.elastic.co/guide/en/elasticsearch/reference/")); } ); } @@ -595,7 +607,8 @@ String onOutOfMemoryError() { + " upgrade to at least Java 8u92 and use ExitOnOutOfMemoryError" ) ); - assertThat(e.getMessage(), containsString("; for more information see [" + check.referenceDocs() + "]")); + assertThat(e.getMessage(), containsString("; for more information see " + + "[https://www.elastic.co/guide/en/elasticsearch/reference/")); } ); } @@ -660,7 +673,8 @@ String javaVersion() { e.getMessage(), containsString("Java version [" + javaVersion.get() + "] is an early-access build, only use release builds") ); - assertThat(e.getMessage(), containsString("; for more information see [" + eaCheck.referenceDocs() + "]")); + assertThat(e.getMessage(), containsString("; for more information see " + + "[https://www.elastic.co/guide/en/elasticsearch/reference/")); // if not on an early-access build, nothing should happen javaVersion.set(randomFrom("1.8.0_152", "9")); @@ -683,7 +697,8 @@ boolean isAllPermissionGranted() { () -> BootstrapChecks.check(emptyContext, true, checks) ); assertThat(e, hasToString(containsString("granting the all permission effectively disables security"))); - assertThat(e.getMessage(), containsString("; for more information see [" + allPermissionCheck.referenceDocs() + "]")); + assertThat(e.getMessage(), containsString("; for more information see " + + "[https://www.elastic.co/guide/en/elasticsearch/reference/")); // if all permissions are not granted, nothing should happen isAllPermissionGranted.set(false); @@ -752,7 +767,8 @@ public void testDiscoveryConfiguredCheck() throws NodeValidationException { ) ) ); - assertThat(e.getMessage(), containsString("; for more information see [" + check.referenceDocs() + "]")); + assertThat(e.getMessage(), containsString("; for more information see " + + "[https://www.elastic.co/guide/en/elasticsearch/reference/")); CheckedConsumer ensureChecksPass = b -> { final BootstrapContext context = createTestContext( @@ -781,7 +797,8 @@ ByteOrder nativeByteOrder() { () -> BootstrapChecks.check(emptyContext, true, List.of(byteOrderCheck)) ); assertThat(e.getMessage(), containsString("Little-endian native byte order is required to run Elasticsearch")); - assertThat(e.getMessage(), containsString("; for more information see [" + byteOrderCheck.referenceDocs() + "]")); + assertThat(e.getMessage(), containsString("; for more information see " + + "[https://www.elastic.co/guide/en/elasticsearch/reference/")); reference[0] = ByteOrder.LITTLE_ENDIAN; BootstrapChecks.check(emptyContext, true, List.of(byteOrderCheck)); diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/ssl/TransportTLSBootstrapCheck.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/ssl/TransportTLSBootstrapCheck.java index 6615f8219e2c0..5c5d556181343 100644 --- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/ssl/TransportTLSBootstrapCheck.java +++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/ssl/TransportTLSBootstrapCheck.java @@ -31,6 +31,6 @@ public BootstrapCheckResult check(BootstrapContext context) { @Override public ReferenceDocs referenceDocs() { - return ReferenceDocs.TLS_CHECKS; + return ReferenceDocs.BOOTSTRAP_CHECK_TLS; } } diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/PkiRealmBootstrapCheck.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/PkiRealmBootstrapCheck.java index 9cce503e1957a..26112ed11231f 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/PkiRealmBootstrapCheck.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/PkiRealmBootstrapCheck.java @@ -82,6 +82,6 @@ public boolean alwaysEnforce() { @Override public ReferenceDocs referenceDocs() { - return ReferenceDocs.PKI_REALM_CHECKS; + return ReferenceDocs.BOOTSTRAP_CHECK_PKI_REALM; } } diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/SecurityImplicitBehaviorBootstrapCheck.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/SecurityImplicitBehaviorBootstrapCheck.java index ddbca2139d2f6..6eed91e20ab2a 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/SecurityImplicitBehaviorBootstrapCheck.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/SecurityImplicitBehaviorBootstrapCheck.java @@ -45,11 +45,7 @@ public BootstrapCheckResult check(BootstrapContext context) { + "] has changed in the current version. " + " Security features were implicitly disabled for this node but they would now be enabled, possibly" + " preventing access to the node. " - + "See https://www.elastic.co/guide/en/elasticsearch/reference/" - + Version.CURRENT.major - + "." - + Version.CURRENT.minor - + "/security-minimal-setup.html to configure security, or explicitly disable security by " + + "See " + this.referenceDocs() + " to configure security, or explicitly disable security by " + "setting [xpack.security.enabled] to \"false\" in elasticsearch.yml before restarting the node." ); } @@ -63,6 +59,6 @@ public boolean alwaysEnforce() { @Override public ReferenceDocs referenceDocs() { - return ReferenceDocs.SECURITY_MINIMAL_SETUP; + return ReferenceDocs.BOOTSTRAP_CHECK_SECURITY_MINIMAL_SETUP; } } diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/TokenSSLBootstrapCheck.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/TokenSSLBootstrapCheck.java index 8613c866296cd..7611ef8d258ce 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/TokenSSLBootstrapCheck.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/TokenSSLBootstrapCheck.java @@ -38,6 +38,6 @@ public BootstrapCheckResult check(BootstrapContext context) { @Override public ReferenceDocs referenceDocs() { - return ReferenceDocs.TOKEN_SSL_CHECKS; + return ReferenceDocs.BOOTSTRAP_CHECK_TOKEN_SSL; } } diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/support/RoleMappingFileBootstrapCheck.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/support/RoleMappingFileBootstrapCheck.java index 81a11bd75366e..d70552f016bbf 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/support/RoleMappingFileBootstrapCheck.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/support/RoleMappingFileBootstrapCheck.java @@ -54,6 +54,6 @@ public static BootstrapCheck create(RealmConfig realmConfig) { @Override public ReferenceDocs referenceDocs() { - return ReferenceDocs.ROLE_MAPPINGS_CHECKS; + return ReferenceDocs.BOOTSTRAP_CHECK_ROLE_MAPPINGS; } } diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/SecurityImplicitBehaviorBootstrapCheckTests.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/SecurityImplicitBehaviorBootstrapCheckTests.java index 3a1ae84b7c682..859f916b5de39 100644 --- a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/SecurityImplicitBehaviorBootstrapCheckTests.java +++ b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/SecurityImplicitBehaviorBootstrapCheckTests.java @@ -10,6 +10,7 @@ import org.elasticsearch.Version; import org.elasticsearch.bootstrap.BootstrapCheck; import org.elasticsearch.cluster.metadata.Metadata; +import org.elasticsearch.common.ReferenceDocs; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.core.TimeValue; import org.elasticsearch.env.NodeMetadata; @@ -53,11 +54,7 @@ public void testFailureUpgradeFrom7xWithImplicitSecuritySettings() throws Except + "] has changed in the current version. " + " Security features were implicitly disabled for this node but they would now be enabled, possibly" + " preventing access to the node. " - + "See https://www.elastic.co/guide/en/elasticsearch/reference/" - + Version.CURRENT.major - + "." - + Version.CURRENT.minor - + "/security-minimal-setup.html to configure security, or explicitly disable security by " + + "See " + ReferenceDocs.BOOTSTRAP_CHECK_SECURITY_MINIMAL_SETUP + " to configure security, or explicitly disable security by " + "setting [xpack.security.enabled] to \"false\" in elasticsearch.yml before restarting the node." ) ); diff --git a/x-pack/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/EncryptSensitiveDataBootstrapCheck.java b/x-pack/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/EncryptSensitiveDataBootstrapCheck.java index b6e91a00d8c64..430d6985e3444 100644 --- a/x-pack/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/EncryptSensitiveDataBootstrapCheck.java +++ b/x-pack/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/EncryptSensitiveDataBootstrapCheck.java @@ -54,6 +54,6 @@ public boolean alwaysEnforce() { @Override public ReferenceDocs referenceDocs() { - return ReferenceDocs.ENCRYPT_SENSITIVE_DATA_CHECKS; + return ReferenceDocs.BOOTSTRAP_CHECK_ENCRYPT_SENSITIVE_DATA; } } From 02c84a9fa877532bdfcbbdb51d528a53adc93caf Mon Sep 17 00:00:00 2001 From: NEUpanning Date: Wed, 20 Sep 2023 16:07:50 +0800 Subject: [PATCH 5/7] reformat code --- .../bootstrap/BootstrapChecksTests.java | 63 +++++++++---------- ...ecurityImplicitBehaviorBootstrapCheck.java | 4 +- ...tyImplicitBehaviorBootstrapCheckTests.java | 4 +- 3 files changed, 35 insertions(+), 36 deletions(-) diff --git a/server/src/test/java/org/elasticsearch/bootstrap/BootstrapChecksTests.java b/server/src/test/java/org/elasticsearch/bootstrap/BootstrapChecksTests.java index 1f5c6252bfb0b..40c241b810ef8 100644 --- a/server/src/test/java/org/elasticsearch/bootstrap/BootstrapChecksTests.java +++ b/server/src/test/java/org/elasticsearch/bootstrap/BootstrapChecksTests.java @@ -165,8 +165,7 @@ public ReferenceDocs referenceDocs() { containsString("first"), containsString("bootstrap check failure [2] of [2]:"), containsString("second"), - containsString("For more information see " + - "[https://www.elastic.co/guide/en/elasticsearch/reference/") + containsString("For more information see [https://www.elastic.co/guide/en/elasticsearch/reference/") ) ) ); @@ -214,8 +213,7 @@ boolean isMemoryLocked() { "initial heap size [" + initialHeapSize.get() + "] " + "not equal to maximum heap size [" + maxHeapSize.get() + "]" ) ); - assertThat(e.getMessage(), containsString("; for more information see " + - "[https://www.elastic.co/guide/en/elasticsearch/reference/")); + assertThat(e.getMessage(), containsString("; for more information see [https://www.elastic.co/guide/en/elasticsearch/reference/")); final String memoryLockingMessage = "and prevents memory locking from locking the entire heap"; final Matcher memoryLockingMatcher; if (isMemoryLocked) { @@ -265,8 +263,7 @@ long getMaxFileDescriptorCount() { () -> BootstrapChecks.check(emptyContext, true, Collections.singletonList(check)) ); assertThat(e.getMessage(), containsString("max file descriptors")); - assertThat(e.getMessage(), containsString("; for more information see " + - "[https://www.elastic.co/guide/en/elasticsearch/reference/")); + assertThat(e.getMessage(), containsString("; for more information see [https://www.elastic.co/guide/en/elasticsearch/reference/")); maxFileDescriptorCount.set(randomIntBetween(limit + 1, Integer.MAX_VALUE)); @@ -324,8 +321,10 @@ boolean isMemoryLocked() { () -> BootstrapChecks.check(bootstrapContext, true, Collections.singletonList(check)) ); assertThat(e.getMessage(), containsString("memory locking requested for elasticsearch process but memory is not locked")); - assertThat(e.getMessage(), containsString("; for more information see " + - "[https://www.elastic.co/guide/en/elasticsearch/reference/")); + assertThat( + e.getMessage(), + containsString("; for more information see " + "[https://www.elastic.co/guide/en/elasticsearch/reference/") + ); } else { // nothing should happen BootstrapChecks.check(bootstrapContext, true, Collections.singletonList(check)); @@ -348,8 +347,7 @@ long getMaxNumberOfThreads() { () -> BootstrapChecks.check(emptyContext, true, Collections.singletonList(check)) ); assertThat(e.getMessage(), containsString("max number of threads")); - assertThat(e.getMessage(), containsString("; for more information see " + - "[https://www.elastic.co/guide/en/elasticsearch/reference/")); + assertThat(e.getMessage(), containsString("; for more information see [https://www.elastic.co/guide/en/elasticsearch/reference/")); maxNumberOfThreads.set(randomIntBetween(limit + 1, Integer.MAX_VALUE)); @@ -381,8 +379,7 @@ long getRlimInfinity() { () -> BootstrapChecks.check(emptyContext, true, Collections.singletonList(check)) ); assertThat(e.getMessage(), containsString("max size virtual memory")); - assertThat(e.getMessage(), containsString("; for more information see " + - "[https://www.elastic.co/guide/en/elasticsearch/reference/")); + assertThat(e.getMessage(), containsString("; for more information see [https://www.elastic.co/guide/en/elasticsearch/reference/")); maxSizeVirtualMemory.set(rlimInfinity); @@ -413,8 +410,7 @@ long getRlimInfinity() { () -> BootstrapChecks.check(emptyContext, true, Collections.singletonList(check)) ); assertThat(e.getMessage(), containsString("max file size")); - assertThat(e.getMessage(), containsString("; for more information see " + - "[https://www.elastic.co/guide/en/elasticsearch/reference/")); + assertThat(e.getMessage(), containsString("; for more information see [https://www.elastic.co/guide/en/elasticsearch/reference/")); maxFileSize.set(rlimInfinity); @@ -445,8 +441,7 @@ String getVmName() { + "but should be using a server VM for the best performance" ) ); - assertThat(e.getMessage(), containsString("; for more information see " + - "[https://www.elastic.co/guide/en/elasticsearch/reference/")); + assertThat(e.getMessage(), containsString("; for more information see [https://www.elastic.co/guide/en/elasticsearch/reference/")); vmName.set("Java HotSpot(TM) 32-Bit Server VM"); BootstrapChecks.check(emptyContext, true, Collections.singletonList(check)); @@ -475,8 +470,7 @@ String getUseSerialGC() { + "] or -XX:+UseSerialGC was explicitly specified" ) ); - assertThat(e.getMessage(), containsString("; for more information see " + - "[https://www.elastic.co/guide/en/elasticsearch/reference/")); + assertThat(e.getMessage(), containsString("; for more information see [https://www.elastic.co/guide/en/elasticsearch/reference/")); useSerialGC.set("false"); BootstrapChecks.check(emptyContext, true, Collections.singletonList(check)); @@ -500,8 +494,7 @@ boolean isSystemCallFilterInstalled() { () -> BootstrapChecks.check(context, true, Collections.singletonList(systemCallFilterEnabledCheck)) ); assertThat(e.getMessage(), containsString("system call filters failed to install; check the logs and fix your configuration")); - assertThat(e.getMessage(), containsString("; for more information see " + - "[https://www.elastic.co/guide/en/elasticsearch/reference/")); + assertThat(e.getMessage(), containsString("; for more information see [https://www.elastic.co/guide/en/elasticsearch/reference/")); isSystemCallFilterInstalled.set(true); BootstrapChecks.check(context, true, Collections.singletonList(systemCallFilterEnabledCheck)); @@ -529,8 +522,10 @@ String message(BootstrapContext context) { runMightForkTest(check, isSystemCallFilterInstalled, () -> mightFork.set(false), () -> mightFork.set(true), e -> { assertThat(e.getMessage(), containsString("error")); - assertThat(e.getMessage(), containsString("; for more information see " + - "[https://www.elastic.co/guide/en/elasticsearch/reference/")); + assertThat( + e.getMessage(), + containsString("; for more information see [https://www.elastic.co/guide/en/elasticsearch/reference/") + ); }); } @@ -567,8 +562,10 @@ String onError() { + " upgrade to at least Java 8u92 and use ExitOnOutOfMemoryError" ) ); - assertThat(e.getMessage(), containsString("; for more information see " + - "[https://www.elastic.co/guide/en/elasticsearch/reference/")); + assertThat( + e.getMessage(), + containsString("; for more information see [https://www.elastic.co/guide/en/elasticsearch/reference/") + ); } ); } @@ -607,8 +604,10 @@ String onOutOfMemoryError() { + " upgrade to at least Java 8u92 and use ExitOnOutOfMemoryError" ) ); - assertThat(e.getMessage(), containsString("; for more information see " + - "[https://www.elastic.co/guide/en/elasticsearch/reference/")); + assertThat( + e.getMessage(), + containsString("; for more information see [https://www.elastic.co/guide/en/elasticsearch/reference/") + ); } ); } @@ -673,8 +672,7 @@ String javaVersion() { e.getMessage(), containsString("Java version [" + javaVersion.get() + "] is an early-access build, only use release builds") ); - assertThat(e.getMessage(), containsString("; for more information see " + - "[https://www.elastic.co/guide/en/elasticsearch/reference/")); + assertThat(e.getMessage(), containsString("; for more information see [https://www.elastic.co/guide/en/elasticsearch/reference/")); // if not on an early-access build, nothing should happen javaVersion.set(randomFrom("1.8.0_152", "9")); @@ -697,8 +695,7 @@ boolean isAllPermissionGranted() { () -> BootstrapChecks.check(emptyContext, true, checks) ); assertThat(e, hasToString(containsString("granting the all permission effectively disables security"))); - assertThat(e.getMessage(), containsString("; for more information see " + - "[https://www.elastic.co/guide/en/elasticsearch/reference/")); + assertThat(e.getMessage(), containsString("; for more information see [https://www.elastic.co/guide/en/elasticsearch/reference/")); // if all permissions are not granted, nothing should happen isAllPermissionGranted.set(false); @@ -767,8 +764,7 @@ public void testDiscoveryConfiguredCheck() throws NodeValidationException { ) ) ); - assertThat(e.getMessage(), containsString("; for more information see " + - "[https://www.elastic.co/guide/en/elasticsearch/reference/")); + assertThat(e.getMessage(), containsString("; for more information see [https://www.elastic.co/guide/en/elasticsearch/reference/")); CheckedConsumer ensureChecksPass = b -> { final BootstrapContext context = createTestContext( @@ -797,8 +793,7 @@ ByteOrder nativeByteOrder() { () -> BootstrapChecks.check(emptyContext, true, List.of(byteOrderCheck)) ); assertThat(e.getMessage(), containsString("Little-endian native byte order is required to run Elasticsearch")); - assertThat(e.getMessage(), containsString("; for more information see " + - "[https://www.elastic.co/guide/en/elasticsearch/reference/")); + assertThat(e.getMessage(), containsString("; for more information see [https://www.elastic.co/guide/en/elasticsearch/reference/")); reference[0] = ByteOrder.LITTLE_ENDIAN; BootstrapChecks.check(emptyContext, true, List.of(byteOrderCheck)); diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/SecurityImplicitBehaviorBootstrapCheck.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/SecurityImplicitBehaviorBootstrapCheck.java index 6eed91e20ab2a..c6396f886b4bc 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/SecurityImplicitBehaviorBootstrapCheck.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/SecurityImplicitBehaviorBootstrapCheck.java @@ -45,7 +45,9 @@ public BootstrapCheckResult check(BootstrapContext context) { + "] has changed in the current version. " + " Security features were implicitly disabled for this node but they would now be enabled, possibly" + " preventing access to the node. " - + "See " + this.referenceDocs() + " to configure security, or explicitly disable security by " + + "See " + + this.referenceDocs() + + " to configure security, or explicitly disable security by " + "setting [xpack.security.enabled] to \"false\" in elasticsearch.yml before restarting the node." ); } diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/SecurityImplicitBehaviorBootstrapCheckTests.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/SecurityImplicitBehaviorBootstrapCheckTests.java index 859f916b5de39..9775e461c4165 100644 --- a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/SecurityImplicitBehaviorBootstrapCheckTests.java +++ b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/SecurityImplicitBehaviorBootstrapCheckTests.java @@ -54,7 +54,9 @@ public void testFailureUpgradeFrom7xWithImplicitSecuritySettings() throws Except + "] has changed in the current version. " + " Security features were implicitly disabled for this node but they would now be enabled, possibly" + " preventing access to the node. " - + "See " + ReferenceDocs.BOOTSTRAP_CHECK_SECURITY_MINIMAL_SETUP + " to configure security, or explicitly disable security by " + + "See " + + ReferenceDocs.BOOTSTRAP_CHECK_SECURITY_MINIMAL_SETUP + + " to configure security, or explicitly disable security by " + "setting [xpack.security.enabled] to \"false\" in elasticsearch.yml before restarting the node." ) ); From 42b43ca10f614f38dbb9a39398446b18e6922a69 Mon Sep 17 00:00:00 2001 From: David Turner Date: Wed, 20 Sep 2023 09:15:56 +0100 Subject: [PATCH 6/7] Minor cleanup --- .../org/elasticsearch/bootstrap/BootstrapChecksTests.java | 8 ++++---- .../src/test/java/org/elasticsearch/node/NodeTests.java | 2 +- .../ml/packageloader/MachineLearningPackageLoader.java | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/server/src/test/java/org/elasticsearch/bootstrap/BootstrapChecksTests.java b/server/src/test/java/org/elasticsearch/bootstrap/BootstrapChecksTests.java index 40c241b810ef8..09ef0b6affc23 100644 --- a/server/src/test/java/org/elasticsearch/bootstrap/BootstrapChecksTests.java +++ b/server/src/test/java/org/elasticsearch/bootstrap/BootstrapChecksTests.java @@ -137,7 +137,7 @@ public BootstrapCheckResult check(BootstrapContext context) { @Override public ReferenceDocs referenceDocs() { - return null; + return ReferenceDocs.BOOTSTRAP_CHECKS; } }, new BootstrapCheck() { @Override @@ -147,7 +147,7 @@ public BootstrapCheckResult check(BootstrapContext context) { @Override public ReferenceDocs referenceDocs() { - return null; + return ReferenceDocs.BOOTSTRAP_CHECKS; } }); @@ -323,7 +323,7 @@ boolean isMemoryLocked() { assertThat(e.getMessage(), containsString("memory locking requested for elasticsearch process but memory is not locked")); assertThat( e.getMessage(), - containsString("; for more information see " + "[https://www.elastic.co/guide/en/elasticsearch/reference/") + containsString("; for more information see [https://www.elastic.co/guide/en/elasticsearch/reference/") ); } else { // nothing should happen @@ -716,7 +716,7 @@ public boolean alwaysEnforce() { @Override public ReferenceDocs referenceDocs() { - return null; + return ReferenceDocs.BOOTSTRAP_CHECKS; } }; diff --git a/server/src/test/java/org/elasticsearch/node/NodeTests.java b/server/src/test/java/org/elasticsearch/node/NodeTests.java index 3bf1f36aeead2..e5ecb63fe2137 100644 --- a/server/src/test/java/org/elasticsearch/node/NodeTests.java +++ b/server/src/test/java/org/elasticsearch/node/NodeTests.java @@ -102,7 +102,7 @@ public BootstrapCheckResult check(BootstrapContext context) { @Override public ReferenceDocs referenceDocs() { - return null; + return ReferenceDocs.BOOTSTRAP_CHECKS; } }; diff --git a/x-pack/plugin/ml-package-loader/src/main/java/org/elasticsearch/xpack/ml/packageloader/MachineLearningPackageLoader.java b/x-pack/plugin/ml-package-loader/src/main/java/org/elasticsearch/xpack/ml/packageloader/MachineLearningPackageLoader.java index 1946a82d994b4..2afeda1f13512 100644 --- a/x-pack/plugin/ml-package-loader/src/main/java/org/elasticsearch/xpack/ml/packageloader/MachineLearningPackageLoader.java +++ b/x-pack/plugin/ml-package-loader/src/main/java/org/elasticsearch/xpack/ml/packageloader/MachineLearningPackageLoader.java @@ -92,7 +92,7 @@ public boolean alwaysEnforce() { @Override public ReferenceDocs referenceDocs() { - return null; + return ReferenceDocs.BOOTSTRAP_CHECKS; } }); } From 7b1f3e523b8c2e5ec9d8d8e9ab6a3b6f7264164e Mon Sep 17 00:00:00 2001 From: David Turner Date: Wed, 20 Sep 2023 09:33:12 +0100 Subject: [PATCH 7/7] Spotless --- .../src/main/java/org/elasticsearch/common/ReferenceDocs.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/src/main/java/org/elasticsearch/common/ReferenceDocs.java b/server/src/main/java/org/elasticsearch/common/ReferenceDocs.java index b23377b249e34..1ff42b16252c8 100644 --- a/server/src/main/java/org/elasticsearch/common/ReferenceDocs.java +++ b/server/src/main/java/org/elasticsearch/common/ReferenceDocs.java @@ -46,7 +46,7 @@ public enum ReferenceDocs { CONCURRENT_REPOSITORY_WRITERS, ARCHIVE_INDICES, HTTP_TRACER, - BOOTSTRAP_CHECK_HEAP_SIZE, + BOOTSTRAP_CHECK_HEAP_SIZE, BOOTSTRAP_CHECK_FILE_DESCRIPTOR, BOOTSTRAP_CHECK_MEMORY_LOCK, BOOTSTRAP_CHECK_MAX_NUMBER_THREADS,