* Update bundled JDK to Java 22 (again) (#108654)
This commit re-bumps the bundled JDK to Java 22 now that we have
a tested workaround for the G1GC bug
(https://bugs.openjdk.org/browse/JDK-8329528).
relates #108571
relates #106987
* copy main openjdk toolchain resolver
* use 2 lines for workaround
* fix test
* update adoptium test
This supports local testing. It should not be included in
hardening_manifest.yml, which injects the scope at runtime.
# Conflicts:
# distribution/docker/src/docker/Dockerfile
Co-authored-by: Jon <jon@elastic.co>
* Update gradle wrapper to 8.3 (#97838)
Gradle now fully supports compiling, testing and running on Java 20.
Among other general performance improvements this release introduces --test-dry-run command line option that allows checking if tests are filtered or not by gradle.
Required updating nebula ospackage plugin as setuid was broken in gradle 8.3.
(cherry picked from commit b23e000c30)
# Conflicts:
# build-tools-internal/src/integTest/groovy/org/elasticsearch/gradle/internal/test/rest/LegacyYamlRestCompatTestPluginFuncTest.groovy
# build-tools-internal/src/main/java/org/elasticsearch/gradle/internal/ElasticsearchJavaModulePathPlugin.java
# build-tools-internal/src/main/java/org/elasticsearch/gradle/internal/test/rest/compat/compat/AbstractYamlRestCompatTestPlugin.java
# build-tools-internal/src/main/resources/minimumGradleVersion
# gradle/verification-metadata.xml
# gradle/wrapper/gradle-wrapper.jar
# gradlew
# x-pack/plugin/watcher/qa/with-monitoring/src/javaRestTest/java/org/elasticsearch/smoketest/MonitoringWithWatcherRestIT.java
* [7.17] Use patched nebula os package gradle plugin
* Update testingconvention precommit integ test
* Update Gradle Wrapper to 8.2 (#96686)
- Convention usage has been deprecated and was fixed in our build files
- Fix test dependencies and deprecation
* Migrate core rest tests with security to new testing framework (#92575)
# Conflicts:
# x-pack/qa/core-rest-tests-with-security/build.gradle
* Fixes
* More fixes
* More fixes
* More more fixes
This commit adds a new test framework for configuring and orchestrating
test clusters for both Java and YAML REST testing. This will eventually
replace the existing "test-clusters" Gradle plugin and the build-time
cluster orchestration.
Backports the following commits to 7.17:
- Add verification metadata for dependencies (#88814)
- Add missing dependency verification checksums (#89139)
Closes#88218.
Docker image scans have flagged up the `USER` that the UBI Docker image
runs with. Switch to `elasticsearch:root`, which is what the Iron Bank
image also uses, and is what we use for all images from
8.0 onwards.
The class PluginInfo represents the plugin-descriptor.properties file
that each plugin must have. This commit renames the class to more
closely match what it represents: the plugin descriptor.
Elasticsearch uses Apache procrun (part of the commons-daemon project)
to launching as a service on Windows. This commit adds attribution for
the project by including license and notice files. These were missed in
the past because the dependency is just two binary exes that are
embedded in the elasticseach codebase.
* Fix edge case where user-defined heap settings are ignored (#86438)
It turns out if you specify an odd heap size (not a multiple of 4MB)
then the JVM will automatically round up to the nearest multiple and
this changes how the output of +PrintFinalFlags is reported. This
resulted in us incorrectly considering these settings to be JVM defaults
instead of user-defined and thus falling back to auto heap sizing
rather that using the user-defined value.
* Update refernces to List.of
* Use stdlib
Closes#82433. If the environment variable `RESTART_ON_UPGRADE` is true,
then ensure that we delay restarting Elasticseach until after the
keystore is upgraded, or else we can run into permissions problems.
As a result of changing the base Docker to Ubuntu in #80820, the default shell
i.e. `/bin/sh` changed to `dash`, rather than `bash`, which could impact anyone
invoking `/bin/sh` and expecting it to still propagate environment variables with
periods in their names.
Reconfigure the default shell back to `bash` so that this type of situation works
again.
Apply suggestions from Docker Inc about how to update the `cacerts` in
our Ubuntu-based Docker image. Instead of copying around files and
symlinking, instead install `ca-certificates` and `p11-kit`, and use the
latter to regenerate Java's `cacerts`, as well as ensuring it is
regenerated if the system ca certs are updated.
This commit emits the value of x-elastic-product-origin header into elasticsearch.elastic_product_origin field in ES deprecation logs and indexed deprecation logs.
x-elastic-product-origin header is intended to identify the elastic stack origin and allow to ignore deprecations emitted by the stack.
ES v7 logging differs from v8 as it creates the JSON layout on its own. The additional custom field have to be declared in log4j.properties and ECSLayout used for indexing deprecated logs also has to be updated
backports #81381
Closes#81208. Elasticsearch uses zlib for two purposes: *
Compression of stored fields with `index.codec: best_compression`,
which we use for observability and security data. * Request /
response compression. Historically, zlib was packaged within the JDK, so
that users wouldn't have to have zlib installed for basic usage of Java.
However, the original zlib optimizes for portability and misses a number
of important optimizations such as leveraging vectorization support for
x86 and ARM architectures. Several forks have been created in order to
address this. Since version 9, the JDK uses the system's zlib when
available and falls back to the zlib that is packaged within the JDK if
a system zlib cannot be found. This commit changes the Docker image to
install the Cloudflare fork of zlib, and run Java using the fork instead
of the original zlib, so that users of the Docker image can get better
performance. Other ES distribution types are out-of-scope, since
configuring the JVM to use an alternative zlib requires an environment
config as well as installed another zlib, and Docker is the only
distribution type where we can control both.
