Merge branch 'stable-2.14' into stable-2.15 * stable-2.14: Revert "ElasticContainer: Limit heap usage for test containers" config-gerrit: Mention that Elasticsearch must be reachable during init ElasticContainer: Limit heap usage for test containers config-gerrit: Move elasticsearch security settings to separate section Elasticsearch: Allow to omit the elasticsearch.username Test coverage for elasticsearch.username and elasticsearch.password Fix creation of plugin log file when log4j.configuration is set Change-Id: I448b583d33794834aae5e69f48e50aff04baa1df
diff --git a/Documentation/config-gerrit.txt b/Documentation/config-gerrit.txt index f32f5d9..6e4cf9f 100644 --- a/Documentation/config-gerrit.txt +++ b/Documentation/config-gerrit.txt
@@ -2901,6 +2901,9 @@ merged into the default `_doc` type. The latter is also used for the accounts and groups indices starting with Elasticsearch 6.2. +Note that when Gerrit is configured to use Elasticsearch, the Elasticsearch +server(s) must be reachable during the site initialization. + [[elasticsearch.prefix]]elasticsearch.prefix:: + This setting can be used to prefix index names to allow multiple Gerrit @@ -2909,18 +2912,6 @@ + Not set by default. -[[elasticsearch.username]]elasticsearch.username:: -+ -Username used to connect to Elasticsearch. -+ -Not set by default. - -[[elasticsearch.password]]elasticsearch.password:: -+ -Password used to connect to Elasticsearch. -+ -Not set by default. - [[elasticsearch.maxRetryTimeout]]elasticsearch.maxRetryTimeout:: + Sets the maximum timeout to honor in case of multiple retries of the same request. @@ -2929,6 +2920,30 @@ + Defaults to `30000 ms`. +==== Elasticsearch Security + +When security is enabled in Elasticsearch, the username and password must be provided. +Note that the same username and password are used for all servers. + +For further information about Elasticsearch security, please refer to the documentation: + +* link:https://www.elastic.co/guide/en/elasticsearch/plugins/2.4/security.html[Elasticsearch 2.4] +* link:https://www.elastic.co/guide/en/x-pack/5.6/security-getting-started.html[Elasticsearch 5.6] +* link:https://www.elastic.co/guide/en/x-pack/6.2/security-getting-started.html[Elasticsearch 6.2] +* link:https://www.elastic.co/guide/en/elastic-stack-overview/6.3/security-getting-started.html[Elasticsearch 6.3] + +[[elasticsearch.username]]elasticsearch.username:: ++ +Username used to connect to Elasticsearch. ++ +If a password is set, defaults to `elastic`, otherwise not set by default. + +[[elasticsearch.password]]elasticsearch.password:: ++ +Password used to connect to Elasticsearch. ++ +Not set by default. + ==== Elasticsearch server(s) configuration Each section corresponds to one Elasticsearch server. @@ -2951,7 +2966,6 @@ + Defaults to `9200`. - [[ldap]] === Section ldap
diff --git a/gerrit-acceptance-tests/src/test/java/com/google/gerrit/acceptance/pgm/ElasticReindexIT.java b/gerrit-acceptance-tests/src/test/java/com/google/gerrit/acceptance/pgm/ElasticReindexIT.java index b0c4488..53e2a78 100644 --- a/gerrit-acceptance-tests/src/test/java/com/google/gerrit/acceptance/pgm/ElasticReindexIT.java +++ b/gerrit-acceptance-tests/src/test/java/com/google/gerrit/acceptance/pgm/ElasticReindexIT.java
@@ -33,7 +33,8 @@ elasticNodeInfo = new ElasticNodeInfo(container.getHttpHost().getPort()); String indicesPrefix = UUID.randomUUID().toString(); Config cfg = new Config(); - ElasticTestUtils.configure(cfg, elasticNodeInfo.port, indicesPrefix); + String password = version == ElasticVersion.V5_6 ? "changeme" : null; + ElasticTestUtils.configure(cfg, elasticNodeInfo.port, indicesPrefix, password); return cfg; }
diff --git a/gerrit-acceptance-tests/src/test/java/com/google/gerrit/acceptance/ssh/ElasticIndexIT.java b/gerrit-acceptance-tests/src/test/java/com/google/gerrit/acceptance/ssh/ElasticIndexIT.java index b0005da..22acae3 100644 --- a/gerrit-acceptance-tests/src/test/java/com/google/gerrit/acceptance/ssh/ElasticIndexIT.java +++ b/gerrit-acceptance-tests/src/test/java/com/google/gerrit/acceptance/ssh/ElasticIndexIT.java
@@ -32,7 +32,8 @@ elasticNodeInfo = new ElasticNodeInfo(container.getHttpHost().getPort()); String indicesPrefix = UUID.randomUUID().toString(); Config cfg = new Config(); - ElasticTestUtils.configure(cfg, elasticNodeInfo.port, indicesPrefix); + String password = version == ElasticVersion.V5_6 ? "changeme" : null; + ElasticTestUtils.configure(cfg, elasticNodeInfo.port, indicesPrefix, password); return cfg; }
diff --git a/gerrit-elasticsearch/src/main/java/com/google/gerrit/elasticsearch/ElasticConfiguration.java b/gerrit-elasticsearch/src/main/java/com/google/gerrit/elasticsearch/ElasticConfiguration.java index 591a9cb..6e4e872 100644 --- a/gerrit-elasticsearch/src/main/java/com/google/gerrit/elasticsearch/ElasticConfiguration.java +++ b/gerrit-elasticsearch/src/main/java/com/google/gerrit/elasticsearch/ElasticConfiguration.java
@@ -14,6 +14,8 @@ package com.google.gerrit.elasticsearch; +import static com.google.common.base.MoreObjects.firstNonNull; + import com.google.common.base.MoreObjects; import com.google.common.base.Strings; import com.google.gerrit.server.config.GerritServerConfig; @@ -36,6 +38,7 @@ private static final String DEFAULT_HOST = "localhost"; private static final String DEFAULT_PORT = "9200"; private static final String DEFAULT_PROTOCOL = "http"; + private static final String DEFAULT_USERNAME = "elastic"; private final Config cfg; private final List<HttpHost> hosts; @@ -48,8 +51,11 @@ @Inject ElasticConfiguration(@GerritServerConfig Config cfg) { this.cfg = cfg; - this.username = cfg.getString("elasticsearch", null, "username"); this.password = cfg.getString("elasticsearch", null, "password"); + this.username = + password == null + ? null + : firstNonNull(cfg.getString("elasticsearch", null, "username"), DEFAULT_USERNAME); this.maxRetryTimeout = (int) cfg.getTimeUnit("elasticsearch", null, "maxRetryTimeout", 30000, TimeUnit.MILLISECONDS);
diff --git a/gerrit-elasticsearch/src/test/java/com/google/gerrit/elasticsearch/ElasticContainer.java b/gerrit-elasticsearch/src/test/java/com/google/gerrit/elasticsearch/ElasticContainer.java index 46c7b6c..3d1d649 100644 --- a/gerrit-elasticsearch/src/test/java/com/google/gerrit/elasticsearch/ElasticContainer.java +++ b/gerrit-elasticsearch/src/test/java/com/google/gerrit/elasticsearch/ElasticContainer.java
@@ -45,7 +45,7 @@ case V2_4: return "elasticsearch:2.4.6-alpine"; case V5_6: - return "elasticsearch:5.6.10-alpine"; + return "docker.elastic.co/elasticsearch/elasticsearch:5.6.10"; case V6_2: return "docker.elastic.co/elasticsearch/elasticsearch-oss:6.2.4"; case V6_3:
diff --git a/gerrit-elasticsearch/src/test/java/com/google/gerrit/elasticsearch/ElasticTestUtils.java b/gerrit-elasticsearch/src/test/java/com/google/gerrit/elasticsearch/ElasticTestUtils.java index 54a3895..3ed2412 100644 --- a/gerrit-elasticsearch/src/test/java/com/google/gerrit/elasticsearch/ElasticTestUtils.java +++ b/gerrit-elasticsearch/src/test/java/com/google/gerrit/elasticsearch/ElasticTestUtils.java
@@ -32,13 +32,20 @@ } } - public static void configure(Config config, int port, String prefix) { + public static void configure(Config config, int port, String prefix, String password) { config.setEnum("index", null, "type", IndexType.ELASTICSEARCH); config.setString("elasticsearch", "test", "protocol", "http"); config.setString("elasticsearch", "test", "hostname", "localhost"); config.setInt("elasticsearch", "test", "port", port); config.setString("elasticsearch", null, "prefix", prefix); config.setInt("index", null, "maxLimit", 10000); + if (password != null) { + config.setString("elasticsearch", null, "password", password); + } + } + + public static void configure(Config config, int port, String prefix) { + configure(config, port, prefix, null); } public static void createAllIndexes(Injector injector) throws IOException {
diff --git a/gerrit-elasticsearch/src/test/java/com/google/gerrit/elasticsearch/ElasticV5QueryAccountsTest.java b/gerrit-elasticsearch/src/test/java/com/google/gerrit/elasticsearch/ElasticV5QueryAccountsTest.java index c67aad3..9fdfc6e 100644 --- a/gerrit-elasticsearch/src/test/java/com/google/gerrit/elasticsearch/ElasticV5QueryAccountsTest.java +++ b/gerrit-elasticsearch/src/test/java/com/google/gerrit/elasticsearch/ElasticV5QueryAccountsTest.java
@@ -60,7 +60,7 @@ Config elasticsearchConfig = new Config(config); InMemoryModule.setDefaults(elasticsearchConfig); String indicesPrefix = testName(); - ElasticTestUtils.configure(elasticsearchConfig, nodeInfo.port, indicesPrefix); + ElasticTestUtils.configure(elasticsearchConfig, nodeInfo.port, indicesPrefix, "changeme"); return Guice.createInjector(new InMemoryModule(elasticsearchConfig, notesMigration)); } }
diff --git a/gerrit-elasticsearch/src/test/java/com/google/gerrit/elasticsearch/ElasticV5QueryChangesTest.java b/gerrit-elasticsearch/src/test/java/com/google/gerrit/elasticsearch/ElasticV5QueryChangesTest.java index cf7453e..50d9045 100644 --- a/gerrit-elasticsearch/src/test/java/com/google/gerrit/elasticsearch/ElasticV5QueryChangesTest.java +++ b/gerrit-elasticsearch/src/test/java/com/google/gerrit/elasticsearch/ElasticV5QueryChangesTest.java
@@ -60,7 +60,7 @@ Config elasticsearchConfig = new Config(config); InMemoryModule.setDefaults(elasticsearchConfig); String indicesPrefix = testName(); - ElasticTestUtils.configure(elasticsearchConfig, nodeInfo.port, indicesPrefix); + ElasticTestUtils.configure(elasticsearchConfig, nodeInfo.port, indicesPrefix, "changeme"); return Guice.createInjector(new InMemoryModule(elasticsearchConfig, notesMigration)); } }
diff --git a/gerrit-elasticsearch/src/test/java/com/google/gerrit/elasticsearch/ElasticV5QueryGroupsTest.java b/gerrit-elasticsearch/src/test/java/com/google/gerrit/elasticsearch/ElasticV5QueryGroupsTest.java index 3a99dee..a820aec 100644 --- a/gerrit-elasticsearch/src/test/java/com/google/gerrit/elasticsearch/ElasticV5QueryGroupsTest.java +++ b/gerrit-elasticsearch/src/test/java/com/google/gerrit/elasticsearch/ElasticV5QueryGroupsTest.java
@@ -60,7 +60,7 @@ Config elasticsearchConfig = new Config(config); InMemoryModule.setDefaults(elasticsearchConfig); String indicesPrefix = testName(); - ElasticTestUtils.configure(elasticsearchConfig, nodeInfo.port, indicesPrefix); + ElasticTestUtils.configure(elasticsearchConfig, nodeInfo.port, indicesPrefix, "changeme"); return Guice.createInjector(new InMemoryModule(elasticsearchConfig, notesMigration)); } }
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/util/PluginLogFile.java b/gerrit-server/src/main/java/com/google/gerrit/server/util/PluginLogFile.java index 351fbd4..946a7e9 100644 --- a/gerrit-server/src/main/java/com/google/gerrit/server/util/PluginLogFile.java +++ b/gerrit-server/src/main/java/com/google/gerrit/server/util/PluginLogFile.java
@@ -38,7 +38,7 @@ @Override public void start() { - AsyncAppender asyncAppender = systemLog.createAsyncAppender(logName, layout); + AsyncAppender asyncAppender = systemLog.createAsyncAppender(logName, layout, true); Logger logger = LogManager.getLogger(logName); logger.removeAppender(logName); logger.addAppender(asyncAppender);
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/util/SystemLog.java b/gerrit-server/src/main/java/com/google/gerrit/server/util/SystemLog.java index ebec5b5..43a0a26 100644 --- a/gerrit-server/src/main/java/com/google/gerrit/server/util/SystemLog.java +++ b/gerrit-server/src/main/java/com/google/gerrit/server/util/SystemLog.java
@@ -70,13 +70,17 @@ } public AsyncAppender createAsyncAppender(String name, Layout layout) { + return createAsyncAppender(name, layout, false); + } + + public AsyncAppender createAsyncAppender(String name, Layout layout, boolean forPlugin) { AsyncAppender async = new AsyncAppender(); async.setName(name); async.setBlocking(true); async.setBufferSize(config.getInt("core", "asyncLoggingBufferSize", 64)); async.setLocationInfo(false); - if (shouldConfigure()) { + if (forPlugin || shouldConfigure()) { async.addAppender(createAppender(site.logs_dir, name, layout)); } else { Appender appender = LogManager.getLogger(name).getAppender(name);