* Replace cloud-ess docker image with wolfi-ess
We just replaced the existing implementation of cloud-ess with what was wolfi-ess which is a wolfi based ess image.
The cloud image itself will be removed in a future commit it was not used anywhere
* Switch to test cloud docker image instead of default docker in packaging pr tests.
This adds way more coverage than the default docker image which is also barely touched
(cherry picked from commit f1f5ee06a3)
# Conflicts:
# build-tools-internal/src/main/java/org/elasticsearch/gradle/internal/DockerBase.java
Memory locking on Windows with the bundled jdk was broken by native
access refactoring. This commit fixes the linking issue, as well as adds
a packaging test to ensure memory locking is invoked on all supported
platforms.
This is an attempt to fix occasional test failures where asserting on a
request response fails because the cluster has not finished
initialization and cannot yet serve requests.
Closes#109660
* Only resolve latest patch version for resolveAllDependencies
This should avoid downloading to many elasticsearch distributions
and reduce disk usage and speed up image creations.
* Some cleanup
Bootstrap checks are an important part of ensuring proper Elasticsearch
configuration. They are often system dependent, so checking they work on
each supported platform should be part of testing. This commit adjusts
packaging tests to enable bootstrap checks.
Previously readiness waited only on a master node being elected.
Recently it was also made to wait on file settings being applied. Yet
the node may be fully started before those file settings are applied.
The test expected readiness was ok after the node finishes starting.
This commit retries the readiness check until it succeeds since
readiness state will be updated async to the node finishing starting.
closes#108523
Packaging tests have several files that may be useful in debugging
failures. Additionally, we sometimes have assertions for which we want
to catch them and emit additional debugging info. This commit guards
the common ways that Elasticsearch is started and assertions are run
with dumping all debug information available.
This commit decouples the version used in enrollment tokens from node
version, as part of the larger effort to make versioning more granular.
The changes are relatively minimal, as the version encoded into
enrollment tokens is not actually used anywhere as far as I can tell,
either in Elasticsearch or Kibana, apart from checks that it is present.
That said, I've been around the block enough times to know better than
to remove a perfectly good version field that's already in something
like this.
This commit upgrades the Bouncy Castle jars. Bouncy Castle is used for
some internal build concners as well as a comnand line application.
Most notably Bouncy Castle is also used as the FIPs certified JCE/JSEE provider
we use to test our ability to use a FIPs compliant crypto provider.
The following changes here are a result of the upgraded Bouncy Castle jars:
* TLSv1.3 is now supported when running in FIPs mode
* RSA PKCS#1 v1.5 is no longer allowed in FIPS mode
* Triple DES (3DES) is no longer allowed in FIPS mode
* Minor updates the security manager configuration used to test FIPs (to read permissions from the security provider)
* Minor adjustments to tests to accommodate the above changes.
* Minor adjustments to the gradle build to accommodate new dependencies
Note - update to the documentation will come in a later commit.
* Avoid "this-escape" by making classes final
The "this-escape" compiler warning is intended to alert
developers to potential bugs in object initialization due to
subclassing. This class of bugs cannot occur when a class is
final. Here, we take cases where a class has no implementations
but generates a "this-escape" warning, and we make those
classes final rather than suppressing the compiler warning.
This makes the remaining suppressions more meaningful, since
they now indicate places where we may want to look for
initialization bugs.
In a few cases, making a class final meant changing some of its
protected fields and methods to private or default
accessibility.
Some classes with no implementations are mocked in testing.
Since making those classes final would involve non-trivial
rewrites of tests, I've left them alone.
* Spotless, remove redundant modifiers, clean up "protected" usage
* Revert a few more mocked classes
- This hasnt been maintained in a while and the vagrant gradle plugin also broke compatibiliy for gradle
--configuration-cache. Also this removes a lot maintenance burden.
- Rework DistroTestPlugin and simplify task dependencies
- Rename :qa:os to :qa:packaging
- Update testing doc recommending buildkite tools for debugging packaging tests
