Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Auto configure TLS for new nodes of new clusters #77231

Merged
Merged
Changes from 1 commit
Commits
Show all changes
184 commits
Select commit Hold shift + click to select a range
2795c3a
Attemp TLS config
albertzaharovits Sep 3, 2021
bc28f81
Checkstyle
albertzaharovits Sep 3, 2021
d0a1122
Crazy typo
albertzaharovits Sep 3, 2021
48c7c80
move does not support attributes
albertzaharovits Sep 3, 2021
d0c9270
Archives
albertzaharovits Sep 3, 2021
d0ad3c1
Nit
albertzaharovits Sep 3, 2021
c75dda6
Spotless
albertzaharovits Sep 3, 2021
71bd34d
Facepalm
albertzaharovits Sep 3, 2021
fa4b93e
QA OS Make request with https
albertzaharovits Sep 3, 2021
83d4036
Merge branch 'master' into config_tls_when_node_starts
albertzaharovits Sep 3, 2021
cce8094
working on archive tests
albertzaharovits Sep 3, 2021
9c82a71
Archives tests still
albertzaharovits Sep 3, 2021
7afeee2
ArchiveTests test51
albertzaharovits Sep 3, 2021
169b3e7
ArchiveTests still
albertzaharovits Sep 3, 2021
a05bb85
Commons io FileUtils
albertzaharovits Sep 3, 2021
b66c345
Commons io precommit
albertzaharovits Sep 4, 2021
230a364
Verbose auto-conf pacakging tests
albertzaharovits Sep 4, 2021
26ad69a
More info about why the node doesn't start
albertzaharovits Sep 4, 2021
f9b74fd
Remove explicit CLI tool
jkakavas Sep 6, 2021
4360d08
Updates from feedback
jkakavas Sep 6, 2021
b0cbdfc
fix cert DN and remove references to deleted CLI tool
jkakavas Sep 6, 2021
1feac33
don't exit with 0 all the time
jkakavas Sep 6, 2021
5dc4258
more packaging
jkakavas Sep 6, 2021
c05732d
more packaging2
jkakavas Sep 6, 2021
4dcbc84
remove tripping assertion
jkakavas Sep 10, 2021
4f0a743
Enable nodes running TEST INTEG distribution to call ConfigInitialNod…
jkakavas Sep 10, 2021
3535b00
Merge remote-tracking branch 'origin/master' into config_tls_when_nod…
jkakavas Sep 10, 2021
26e7811
fix keystore management tests
jkakavas Sep 10, 2021
7dcfd2f
test20KeystorePasswordOnStandardInput runs before we ever start the n…
jkakavas Sep 10, 2021
f86e6a8
Wait for enough time for ES in docker to complete auto-configuration
jkakavas Sep 10, 2021
11834f1
missing colon that took me 4 hours to spot
jkakavas Sep 10, 2021
bdcd267
more test fixes
jkakavas Sep 10, 2021
d83fd6c
take TLS autoconfiguration in consideration for ArchiveGenerateInitia…
jkakavas Sep 10, 2021
d90104b
guess what
jkakavas Sep 10, 2021
9fd5e77
:/ :(
jkakavas Sep 10, 2021
0ef54aa
Use autoconfigured TLS when needed in Docker, disable it otherwise
jkakavas Sep 11, 2021
da5e3de
fix docker (for good ?) and print debug to retain my sanity
jkakavas Sep 11, 2021
c29e3e7
what's another commit
jkakavas Sep 11, 2021
c8785c4
disable auto-configuration in unrelated docker tests, fix stupid bug …
jkakavas Sep 12, 2021
1498131
On linux too
jkakavas Sep 12, 2021
84046fd
Create user after we verify installation so that upon installation ve…
jkakavas Sep 12, 2021
cd8c285
We might not have an elasticsearch.yml file in Docker
jkakavas Sep 12, 2021
182c45d
revert previous unnecessary changes
jkakavas Sep 12, 2021
8ac2890
spotless
jkakavas Sep 12, 2021
1e439a6
more adjustments
jkakavas Sep 12, 2021
48da88c
more adjustments
jkakavas Sep 12, 2021
dd5f118
this should fix all in linux
jkakavas Sep 12, 2021
9791b77
plugin and configuration tests
jkakavas Sep 12, 2021
71c934e
some more
jkakavas Sep 13, 2021
bc68b30
some more
jkakavas Sep 13, 2021
9cd79e0
config tests
jkakavas Sep 13, 2021
69990d1
add temp debug info
jkakavas Sep 13, 2021
6221408
get the certificate from the right path
jkakavas Sep 13, 2021
a754c1e
add support for auto-configuration to windows batch file
jkakavas Sep 16, 2021
c150a08
Merge remote-tracking branch 'origin/master' into config_tls_when_nod…
jkakavas Sep 16, 2021
3f1d58a
Docker packaging tests now use auto-configured TLS
jkakavas Sep 19, 2021
73be68f
CertGenCliTests do not need TLS auto-configuration
jkakavas Sep 19, 2021
a69986c
cleanup
jkakavas Sep 19, 2021
c55d9dd
spotless
jkakavas Sep 19, 2021
deafd2d
Merge remote-tracking branch 'origin/master' into config_tls_when_nod…
jkakavas Sep 19, 2021
ec3c51f
fix certgen tests
jkakavas Sep 19, 2021
6ccf723
don't sstop on success
jkakavas Sep 20, 2021
c1771d8
minor updates
jkakavas Sep 20, 2021
749ba9b
fix
jkakavas Sep 21, 2021
084b2f9
Merge remote-tracking branch 'origin/master' into config_tls_when_nod…
jkakavas Sep 21, 2021
a8f7c47
Catch Throwables and amend how we populate SANs for certificates
jkakavas Sep 21, 2021
a5baae0
add more tests
jkakavas Sep 21, 2021
28bca9e
Merge remote-tracking branch 'origin/master' into config_tls_when_nod…
jkakavas Sep 21, 2021
90a9022
spotless
jkakavas Sep 21, 2021
90bd0f6
minor fixes
jkakavas Sep 21, 2021
7d2219c
cleanup data dir after test to avoid false positives
jkakavas Sep 22, 2021
4449fd5
test adjustments
jkakavas Sep 22, 2021
9ecc182
spotless
jkakavas Sep 22, 2021
9781eba
Merge remote-tracking branch 'origin/master' into config_tls_when_nod…
jkakavas Sep 22, 2021
9145898
revert fix for local invocation
jkakavas Sep 22, 2021
ea5932d
spotless
jkakavas Sep 22, 2021
a781149
Merge remote-tracking branch 'origin/master' into config_tls_when_nod…
jkakavas Sep 22, 2021
ae591d3
Use legacy MAC algorithm for PKCS12 in tests until we can bump minimu…
jkakavas Sep 22, 2021
1a3220d
call external class properly
jkakavas Sep 28, 2021
42d88e9
Merge remote-tracking branch 'origin/master' into config_tls_when_nod…
jkakavas Sep 28, 2021
6ebcebc
fix elasticsearch-env
jkakavas Sep 29, 2021
405c60d
fix tests for windows
jkakavas Sep 29, 2021
c3124d2
typo
jkakavas Sep 29, 2021
125480c
minor fix
jkakavas Sep 29, 2021
8decc71
fix for windows
jkakavas Sep 29, 2021
4a9f987
set read only with attrib on windows
jkakavas Sep 29, 2021
41d6067
undo read only before deletion
jkakavas Sep 29, 2021
1e4648f
test
jkakavas Sep 29, 2021
8ac813e
temp ugly debug
jkakavas Sep 29, 2021
a0cd8de
Address feedback related to packaging tests
jkakavas Sep 29, 2021
de20c38
adjust test after enabling auto-config
jkakavas Sep 29, 2021
ba6720c
windows fixes
jkakavas Sep 30, 2021
6cde022
windows
jkakavas Sep 30, 2021
5798743
add bugurl
jkakavas Sep 30, 2021
38df918
Merge remote-tracking branch 'origin/master' into config_tls_when_nod…
jkakavas Sep 30, 2021
ff48940
spotless
jkakavas Sep 30, 2021
7b86021
more spotless
jkakavas Sep 30, 2021
820fd28
wrong password instead of empty
jkakavas Sep 30, 2021
b59c55f
Mute on windows the test that I've been trying all morning to fix on …
jkakavas Sep 30, 2021
b070178
windows debugging
jkakavas Sep 30, 2021
b25cc0a
guess what spotless didn't like
jkakavas Sep 30, 2021
f4e784f
deBUG
jkakavas Sep 30, 2021
8fb6362
debugging windows packaging tests
jkakavas Sep 30, 2021
1b2eed3
Merge remote-tracking branch 'origin/master' into config_tls_when_nod…
jkakavas Sep 30, 2021
f908c25
path fix
jkakavas Sep 30, 2021
c5eeb4f
temp debug
jkakavas Sep 30, 2021
d646a3b
test fixes
jkakavas Sep 30, 2021
dcb6ee5
spotless
jkakavas Sep 30, 2021
b0377e1
moar spotless
jkakavas Sep 30, 2021
a33a1da
windows file ownership
jkakavas Sep 30, 2021
6f2be87
test fixes
jkakavas Oct 1, 2021
c83160d
Merge remote-tracking branch 'origin/master' into config_tls_when_nod…
jkakavas Oct 1, 2021
4cf3243
remove default from env
jkakavas Oct 1, 2021
bc8d9c5
selective mute to check the rest of the tests on windows
jkakavas Oct 1, 2021
1acd0cc
more fixes
jkakavas Oct 1, 2021
8df3cbf
unused import
jkakavas Oct 1, 2021
a8337c2
...
jkakavas Oct 1, 2021
df561e8
adjustments
jkakavas Oct 2, 2021
514a240
bump leniency
jkakavas Oct 2, 2021
ba30af4
temp debugging
jkakavas Oct 2, 2021
4d1658b
fix docker issues on startup
jkakavas Oct 2, 2021
dd2f567
additional windows debug temp logging
jkakavas Oct 2, 2021
e175b5c
unused imports
jkakavas Oct 2, 2021
99b649c
spotless
jkakavas Oct 2, 2021
178580b
check if FileUtils.deleteDirectory from apache commons does the job o…
jkakavas Oct 3, 2021
99b4ad0
spotless
jkakavas Oct 3, 2021
dbf7250
Revert "check if FileUtils.deleteDirectory from apache commons does t…
jkakavas Oct 3, 2021
8bda57f
attempt to explicitly own the dir before removing it
jkakavas Oct 3, 2021
17fb5ee
try
jkakavas Oct 3, 2021
b62a84b
Attempt to set Adminstrator to own the installation in windows
jkakavas Oct 3, 2021
64ca0e8
expect new onwer
jkakavas Oct 3, 2021
05a680d
Revert "Attempt to set Adminstrator to own the installation in windows"
jkakavas Oct 3, 2021
1d64bd2
Revert "expect new onwer"
jkakavas Oct 3, 2021
ae32a86
re-enable windows tests
jkakavas Oct 3, 2021
f6d80e9
can retries be the solution ?
jkakavas Oct 3, 2021
b397fbb
Merge branch 'master' into config_tls_when_node_starts
elasticmachine Oct 5, 2021
a897e07
Merge branch 'master' into config_tls_when_node_starts
albertzaharovits Oct 6, 2021
09ba3fd
crapshoot #1
albertzaharovits Oct 6, 2021
d2294bf
Debug windows owners
albertzaharovits Oct 6, 2021
22abdaf
Debug
albertzaharovits Oct 6, 2021
c882489
Timeout start Win Service
albertzaharovits Oct 6, 2021
5212d1c
Where-Object powershell
albertzaharovits Oct 6, 2021
c40e627
Merge branch 'master' into config_tls_when_node_starts
albertzaharovits Oct 6, 2021
ea1d65e
Unregister event power shell
albertzaharovits Oct 6, 2021
fe22d1e
Obscene timeout
albertzaharovits Oct 6, 2021
db09ff3
Debug config dir ownership
albertzaharovits Oct 7, 2021
8770dfa
Merge branch 'master' into config_tls_when_node_starts
albertzaharovits Oct 7, 2021
d1e5a69
Merge fallout
albertzaharovits Oct 7, 2021
24cdc36
Spotless
albertzaharovits Oct 7, 2021
3b0398b
Update docs/changelog/77231.yaml
albertzaharovits Oct 7, 2021
3005c5f
Remove changelog entry
albertzaharovits Oct 7, 2021
c12ef31
Update docs/changelog/77231.yaml
albertzaharovits Oct 7, 2021
bd3639c
Remove changelog
albertzaharovits Oct 7, 2021
1c70efd
Update docs/changelog/77231.yaml
albertzaharovits Oct 7, 2021
af4f696
Awesome, thanks GH bot!
albertzaharovits Oct 7, 2021
50d3040
Absolutely nothing here
albertzaharovits Oct 7, 2021
4e401b1
More nothing
albertzaharovits Oct 7, 2021
aeae7d9
Spotless
albertzaharovits Oct 7, 2021
b258dcf
Trash!
albertzaharovits Oct 7, 2021
63e270c
Test mute
albertzaharovits Oct 7, 2021
1a6ff4d
Delete sooner - debug
albertzaharovits Oct 7, 2021
ed7c91e
Merge branch 'master' into config_tls_when_node_starts
albertzaharovits Oct 11, 2021
79d276e
Merge branch 'master' into config_tls_when_node_starts
albertzaharovits Oct 11, 2021
f773ad8
No chown
albertzaharovits Oct 11, 2021
8fd4fd1
Checkstyle
albertzaharovits Oct 11, 2021
7315dee
Mute some ArchiveTests for debug purposes
albertzaharovits Oct 12, 2021
b0cd785
Merge branch 'master' into config_tls_when_node_starts
albertzaharovits Oct 12, 2021
37cd9b9
Spotless
albertzaharovits Oct 12, 2021
f544536
Fix file handler leak
albertzaharovits Oct 12, 2021
95ff581
Un-mute the previously muted for debug
albertzaharovits Oct 12, 2021
63740cb
assumeTrue -> assertTrue
albertzaharovits Oct 13, 2021
f2817a7
Meh
albertzaharovits Oct 13, 2021
e9d33de
Change owner for ConfigurationTests in Windows
albertzaharovits Oct 13, 2021
d5c965d
WindowsServiceTests
albertzaharovits Oct 13, 2021
5751777
Spotless
albertzaharovits Oct 13, 2021
d35655d
auto config on dir not writable
albertzaharovits Oct 13, 2021
eead1b9
Deny Write perm instead of deny modify
albertzaharovits Oct 13, 2021
f93df10
Meh
albertzaharovits Oct 13, 2021
774c1f0
Merge branch 'master' into config_tls_when_node_starts
albertzaharovits Oct 13, 2021
1f3b26d
Factor out CA certificate in packaging tests
albertzaharovits Oct 13, 2021
6c79751
Merge branch 'master' into config_tls_when_node_starts
albertzaharovits Oct 14, 2021
fd90c01
Fallout from refactoring of CA cert
albertzaharovits Oct 14, 2021
696220e
Close Files list stream
albertzaharovits Oct 14, 2021
8dc98d4
Meh
albertzaharovits Oct 14, 2021
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Use autoconfigured TLS when needed in Docker, disable it otherwise
  • Loading branch information
jkakavas committed Sep 11, 2021
commit 0ef54aab0e10185c7e3b84db095a9e157042b214
Original file line number Diff line number Diff line change
@@ -77,7 +77,7 @@ public void test30MissingBundledJdk() throws Exception {
mv(installation.bundledJdk, relocatedJdk);
}
// ask for elasticsearch version to quickly exit if java is actually found (ie test failure)
final Result runResult = sh.runIgnoreExitCode(bin.elasticsearch.toString() + " -v");
final Result runResult = sh.runIgnoreExitCode(bin.elasticsearch.toString() + " -V");
assertThat(runResult.exitCode, is(1));
assertThat(runResult.stderr, containsString("could not find java in bundled JDK"));
} finally {
Original file line number Diff line number Diff line change
@@ -49,6 +49,7 @@
import static org.elasticsearch.packaging.util.docker.Docker.chownWithPrivilegeEscalation;
import static org.elasticsearch.packaging.util.docker.Docker.copyFromContainer;
import static org.elasticsearch.packaging.util.docker.Docker.existsInContainer;
import static org.elasticsearch.packaging.util.docker.Docker.findInContainer;
import static org.elasticsearch.packaging.util.docker.Docker.getContainerLogs;
import static org.elasticsearch.packaging.util.docker.Docker.getImageHealthcheck;
import static org.elasticsearch.packaging.util.docker.Docker.getImageLabels;
@@ -120,11 +121,18 @@ public void test010Install() {
*/
public void test011SecurityEnabledStatus() throws Exception {
waitForElasticsearch(installation, USERNAME, PASSWORD);
Path httpCaPath = null;
try {
httpCaPath = Path.of(findInContainer(installation.config, "dir", "tls_auto_config*"));
copyFromContainer(httpCaPath.resolve("http_ca.crt"), tempDir.resolve("http_ca.crt"));
} catch (Exception e) {
// couldn't get the file.
}
final int statusCode = ServerUtils.makeRequestAndGetStatus(
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm wondering if it might make sense to add some of these ServerUtils methods to PackagingTestCase that way we have a reference to the installation already and came make this code less verbose. The test case methods can just delegate to ServerUtils, passing the installation for us.

Request.Get("https://localhost:9200"),
USERNAME,
"wrong_password",
ServerUtils.getCaCert(installation)
httpCaPath
);
assertThat(statusCode, equalTo(401));
}
@@ -134,14 +142,12 @@ public void test011SecurityEnabledStatus() throws Exception {
*/
public void test012SecurityCanBeDisabled() throws Exception {
// restart container with security disabled
runContainer(distribution(), builder().envVars(Map.of("xpack.security.enabled", "false")));
waitForElasticsearch(installation);
final int unauthStatusCode = ServerUtils.makeRequestAndGetStatus(
Request.Get("https://localhost:9200"),
null,
null,
ServerUtils.getCaCert(installation)
runContainer(
distribution(),
builder().envVars(Map.of("xpack.security.enabled", "false", "xpack.security.http.ssl.enabled", "false"))
);
waitForElasticsearch(installation);
final int unauthStatusCode = ServerUtils.makeRequestAndGetStatus(Request.Get("https://localhost:9200"), null, null, null);
assertThat(unauthStatusCode, equalTo(200));
}

@@ -394,7 +400,12 @@ public void test080ConfigurePasswordThroughEnvironmentVariableFile() throws Exce
// ELASTIC_PASSWORD_FILE
Files.writeString(tempDir.resolve(passwordFilename), xpackPassword + "\n");

Map<String, String> envVars = Map.of("ELASTIC_PASSWORD_FILE", "/run/secrets/" + passwordFilename);
Map<String, String> envVars = Map.of(
albertzaharovits marked this conversation as resolved.
Show resolved Hide resolved
"ELASTIC_PASSWORD_FILE",
"/run/secrets/" + passwordFilename,
"xpack.security.autoconfiguration.enabled",
"false"
);

// File permissions need to be secured in order for the ES wrapper to accept
// them for populating env var values
@@ -409,7 +420,7 @@ public void test080ConfigurePasswordThroughEnvironmentVariableFile() throws Exce

// If we configured security correctly, then this call will only work if we specify the correct credentials.
try {
waitForElasticsearch("green", null, installation, "elastic", "hunter2");
waitForElasticsearch(installation, "elastic", "hunter2");
} catch (Exception e) {
throw new AssertionError(
"Failed to check whether Elasticsearch had started. This could be because "
@@ -555,10 +566,13 @@ public void test084SymlinkToFileWithInvalidPermissionsIsRejected() throws Except
* `docker exec`, where the Docker image's entrypoint is not executed.
*/
public void test085EnvironmentVariablesAreRespectedUnderDockerExec() throws Exception {
installation = runContainer(distribution(), builder().envVars(Map.of("ELASTIC_PASSWORD", "hunter2")));
installation = runContainer(
distribution(),
builder().envVars(Map.of("ELASTIC_PASSWORD", "hunter2", "xpack.security.autoconfiguration.enabled", "false"))
);

// The tool below requires a keystore, so ensure that ES is fully initialised before proceeding.
waitForElasticsearch("green", null, installation, "elastic", "hunter2");
waitForElasticsearch(installation, "elastic", "hunter2");

sh.getEnv().put("http.host", "this.is.not.valid");

@@ -770,7 +784,18 @@ public void test120DockerLogsIncludeElasticsearchLogs() throws Exception {
public void test121CanUseStackLoggingConfig() throws Exception {
runContainer(
distribution(),
builder().envVars(Map.of("ES_LOG_STYLE", "file", "ingest.geoip.downloader.enabled", "false", "ELASTIC_PASSWORD", PASSWORD))
builder().envVars(
Map.of(
"ES_LOG_STYLE",
"file",
"ingest.geoip.downloader.enabled",
"false",
"ELASTIC_PASSWORD",
PASSWORD,
"xpack.security.autoconfiguration.enabled",
"false"
)
)
);

waitForElasticsearch(installation, USERNAME, PASSWORD);
@@ -792,7 +817,18 @@ public void test121CanUseStackLoggingConfig() throws Exception {
public void test122CanUseDockerLoggingConfig() throws Exception {
runContainer(
distribution(),
builder().envVars(Map.of("ES_LOG_STYLE", "console", "ingest.geoip.downloader.enabled", "false", "ELASTIC_PASSWORD", PASSWORD))
builder().envVars(
Map.of(
"ES_LOG_STYLE",
"console",
"ingest.geoip.downloader.enabled",
"false",
"ELASTIC_PASSWORD",
PASSWORD,
"xpack.security.autoconfiguration.enabled",
"false"
)
)
);

waitForElasticsearch(installation, USERNAME, PASSWORD);
@@ -817,7 +853,12 @@ public void test123CannotUseUnknownLoggingConfig() {
* Check that it when configuring logging to write to disk, the container can be restarted.
*/
public void test124CanRestartContainerWithStackLoggingConfig() throws Exception {
runContainer(distribution(), builder().envVars(Map.of("ES_LOG_STYLE", "file", "ELASTIC_PASSWORD", PASSWORD)));
runContainer(
distribution(),
builder().envVars(
Map.of("ES_LOG_STYLE", "file", "ELASTIC_PASSWORD", PASSWORD, "xpack.security.autoconfiguration.enabled", "false")
)
);

waitForElasticsearch(installation, USERNAME, PASSWORD);

@@ -895,7 +936,16 @@ public void test150MachineDependentHeap() throws Exception {
distribution(),
builder().memory("942m")
.volumes(Map.of(jvmOptionsPath, containerJvmOptionsPath))
.envVars(Map.of("ingest.geoip.downloader.enabled", "false", "ELASTIC_PASSWORD", PASSWORD))
.envVars(
Map.of(
"ingest.geoip.downloader.enabled",
"false",
"ELASTIC_PASSWORD",
PASSWORD,
"xpack.security.autoconfiguration.enabled",
"false"
)
)
);
waitForElasticsearch(installation, USERNAME, PASSWORD);

Original file line number Diff line number Diff line change
@@ -172,7 +172,8 @@ public static Path getCaCert(Installation installation) throws IOException {
Path configFilePath = installation.config("elasticsearch.yml");
String configFile = Files.readString(configFilePath, StandardCharsets.UTF_8);
boolean enrollmentEnabled = configFile.contains("xpack.security.enrollment.enabled: true");
if (enrollmentEnabled) {
boolean httpSslEnabled = configFile.contains("xpack.security.http.ssl.enabled: true");
if (enrollmentEnabled && httpSslEnabled) {
assert Files.exists(caCert) == false;
Path autoConfigTlsDir = Files.list(installation.config)
.filter(p -> p.getFileName().toString().startsWith("tls_auto_config_initial_node_"))
@@ -188,9 +189,14 @@ public static Path getCaCert(Installation installation) throws IOException {
return caCert;
}

public static void waitForElasticsearch(String status, String index, Installation installation, String username, String password)
throws Exception {

public static void waitForElasticsearch(
String status,
String index,
Installation installation,
String username,
String password,
Path caCert
) throws Exception {
Objects.requireNonNull(status);

// we loop here rather than letting httpclient handle retries so we can measure the entire waiting time
@@ -199,8 +205,9 @@ public static void waitForElasticsearch(String status, String index, Installatio
long timeElapsed = 0;
boolean started = false;
Throwable thrownException = null;

Path caCert = getCaCert(installation);
if (caCert == null) {
caCert = getCaCert(installation);
}

while (started == false && timeElapsed < waitTime) {
if (System.currentTimeMillis() - lastRequest > requestInterval) {
@@ -265,6 +272,11 @@ public static void waitForElasticsearch(String status, String index, Installatio
assertThat("cluster health response must contain desired status", body, containsString(status));
}

public static void waitForElasticsearch(String status, String index, Installation installation, String username, String password)
throws Exception {
waitForElasticsearch(status, index, installation, username, password, null);
}

public static void runElasticsearchTests() throws Exception {
runElasticsearchTests(null, null, null);
}
Original file line number Diff line number Diff line change
@@ -14,6 +14,7 @@
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.http.client.fluent.Request;
import org.elasticsearch.common.Strings;
import org.elasticsearch.core.CheckedRunnable;
import org.elasticsearch.packaging.util.Distribution;
import org.elasticsearch.packaging.util.Distribution.Packaging;
@@ -269,6 +270,16 @@ public static boolean existsInContainer(String path) {
return result.isSuccess();
}

public static String findInContainer(Path base, String type, String pattern) {
logger.debug("Trying to look for " + pattern + " ( " + type + ") in " + base + " in the container");
final String script = "docker exec " + containerId + " find " + base + " -type " + type + " " + pattern;
final Shell.Result result = sh.run(script);
if (result.isSuccess() && Strings.isNullOrEmpty(result.stdout) == false) {
return result.stdout;
}
return null;
}

/**
* Run privilege escalated shell command on the local file system via a bind mount inside a Docker container.
* @param shellCmd The shell command to execute on the localPath e.g. `mkdir /containerPath/dir`.
@@ -460,14 +471,13 @@ public static void waitForElasticsearch(Installation installation) throws Except
withLogging(() -> ServerUtils.waitForElasticsearch(installation));
}

public static void waitForElasticsearch(String status, String index, Installation installation, String username, String password)
throws Exception {
withLogging(() -> ServerUtils.waitForElasticsearch(status, index, installation, username, password));
public static void waitForElasticsearch(Installation installation, String username, String password) {
waitForElasticsearch(installation, username, password, null);
}

public static void waitForElasticsearch(Installation installation, String username, String password) {
public static void waitForElasticsearch(Installation installation, String username, String password, Path caCert) {
try {
waitForElasticsearch("green", null, installation, username, password);
withLogging(() -> ServerUtils.waitForElasticsearch("green", null, installation, username, password, caCert));
} catch (Exception e) {
throw new AssertionError(
"Failed to check whether Elasticsearch had started. This could be because "