[CI] BuildExamplePluginsIT testCurrentExamplePlugin fails in FIPS JVM #39855
Comments
droberts195
added
>test-failure
|
Pinging @elastic/es-security |
|
That the build is failing on this integration test is coincidental. It's actually failing on all integration tests due to #38013. I need to look into exactly why. |
|
I have tracked it down, and it's actually a pretty big deal. It turns out that up until #38013 and #39732, the That means our We now respect |
|
If we get agreement that we want to keep using |
|
There have been ~ 30 more of these test failures over the weekend; mentioning each and every one of them here will just add noise IMHO but the failure can be reproduced with the following reproduction line (assuming a FIPS JVM is installed at I agree with @tvernum's proposal that we should aim to make our integrations work in a FIPS JVM. However, I do wonder whether for the time being we want to implement a workaround to restore the old behavior to avoid spurious build failures. |
The changes in #39732 mean that nodes in the IntegTest clusters will now run with whichever java version is defined as `runtime.java` and not JAVA_HOME anymore. This means that these nodes will also run in JVM with fips approved mode enabled and as such, need to have access to the password for the BCFKS keystore that is used as the default keystore/truststore. This change sets the two necessary system properties. Resolves #39855
The changes in elastic#39732 mean that nodes in the IntegTest clusters will now run with whichever java version is defined as `runtime.java` and not JAVA_HOME anymore. This means that these nodes will also run in JVM with fips approved mode enabled and as such, need to have access to the password for the BCFKS keystore that is used as the default keystore/truststore. This change sets the two necessary system properties. Resolves elastic#39855
The changes in elastic#39732 mean that nodes in the IntegTest clusters will now run with whichever java version is defined as `runtime.java` and not JAVA_HOME anymore. This means that these nodes will also run in JVM with fips approved mode enabled and as such, need to have access to the password for the BCFKS keystore that is used as the default keystore/truststore. This change sets the two necessary system properties. Resolves elastic#39855
The changes in #39732 mean that nodes in the IntegTest clusters will now run with whichever java version is defined as `runtime.java` and not JAVA_HOME anymore. This means that these nodes will also run in JVM with fips approved mode enabled and as such, need to have access to the password for the BCFKS keystore that is used as the default keystore/truststore. This change sets the two necessary system properties. Resolves #39855
The changes in #39732 mean that nodes in the IntegTest clusters will now run with whichever java version is defined as `runtime.java` and not JAVA_HOME anymore. This means that these nodes will also run in JVM with fips approved mode enabled and as such, need to have access to the password for the BCFKS keystore that is used as the default keystore/truststore. This change sets the two necessary system properties. Resolves #39855
BuildExamplePluginsIT testCurrentExamplePluginwas failing globally for a long time, but most problems were fixed in #38899. However, it still consistently fails in the FIPS JVM:The error is:
The text was updated successfully, but these errors were encountered: