Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump version of Hadoop dependencies to 3.3.6 #6995

Merged
merged 1 commit into from
Jul 25, 2023
Merged

Bump version of Hadoop dependencies to 3.3.6 #6995

merged 1 commit into from
Jul 25, 2023

Conversation

tlfeng
Copy link
Collaborator

@tlfeng tlfeng commented Apr 5, 2023
edited by reta
Loading

Description

Upgrade the version of Hadoop dependencies from 3.3.4 to 3.3.6

Changed:
in file plugins/repository-hdfs/build.gradle:
upgrade org.apache.hadoop:hadoop-client-api, org.apache.hadoop:hadoop-client-runtime, org.apache.hadoop:hadoop-hdfs to 3.3.6

in file test/fixtures/hdfs-fixture/build.gradle:
upgrade org.apache.hadoop:hadoop-minicluster to 3.3.6

Issues Resolved

Hadoop library introduces many transitive dependencies to OpenSearch, and using outdated dependencies is a red flag for some security scanners.

Check List

  • New functionality includes testing.
    • All tests pass
  • New functionality has been documented.
    • New functionality has javadoc added
  • Commits are signed per the DCO using --signoff
  • Commit changes are listed out in CHANGELOG.md file (See: Changelog)

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@tlfeng tlfeng added dependencies Pull requests that update a dependency file backport 2.x Backport to 2.x branch v2.7.0 labels Apr 5, 2023
@github-actions
Copy link
Contributor

github-actions bot commented Apr 5, 2023

Gradle Check (Jenkins) Run Completed with:

@tlfeng tlfeng marked this pull request as ready for review April 6, 2023 05:36
@github-actions
Copy link
Contributor

github-actions bot commented Apr 6, 2023

Gradle Check (Jenkins) Run Completed with:

@github-actions
Copy link
Contributor

github-actions bot commented Apr 6, 2023

Gradle Check (Jenkins) Run Completed with:

@tlfeng tlfeng marked this pull request as draft April 6, 2023 06:57
@github-actions
Copy link
Contributor

github-actions bot commented Apr 6, 2023

Gradle Check (Jenkins) Run Completed with:

@tlfeng
Copy link
Collaborator Author

tlfeng commented Apr 6, 2023
edited
Loading

failure occurs in the tests:

    org.opensearch.repositories.hdfs.HdfsBlobStoreContainerTests.testReadOnly
    org.opensearch.repositories.hdfs.HdfsBlobStoreRepositoryTests.testDeleteBlobs
    org.opensearch.repositories.hdfs.HdfsBlobStoreRepositoryTests.testContainerCreationAndDeletion
    org.opensearch.repositories.hdfs.HdfsBlobStoreRepositoryTests.testMultipleSnapshotAndRollback
    org.opensearch.repositories.hdfs.HdfsBlobStoreRepositoryTests.testList
    org.opensearch.repositories.hdfs.HdfsBlobStoreRepositoryTests.testSnapshotAndRestore
    org.opensearch.repositories.hdfs.HdfsRepositoryTests.testCreateSnapshot
    org.opensearch.repositories.hdfs.HdfsRepositoryTests.testCleanup
    org.opensearch.repositories.hdfs.HdfsRepositoryTests.testListChildren
    org.opensearch.repositories.hdfs.HdfsTests.testSimpleWorkflow

All the tests failed with the same reason

REPRODUCE WITH: ./gradlew ':plugins:repository-hdfs:test' --tests "org.opensearch.repositories.hdfs.HdfsBlobStoreContainerTests.testReadOnly" -Dtests.seed=36141267A4F65814 -Dtests.security.manager=true -Dtests.jvm.argline="-XX:TieredStopAtLevel=1 -XX:ReservedCodeCacheSize=64m" -Dtests.locale=th -Dtests.timezone=Africa/Casablanca -Druntime.java=19

org.opensearch.repositories.hdfs.HdfsBlobStoreContainerTests > testReadOnly FAILED
    java.security.AccessControlException: access denied ("org.opensearch.secure_sm.ThreadPermission" "modifyArbitraryThreadGroup")
        at __randomizedtesting.SeedInfo.seed([36141267A4F65814:CFCFBD1E6670234E]:0)
        at java.****@19.0.2/java.security.AccessControlContext.checkPermission(AccessControlContext.java:485)
        at java.****@19.0.2/java.security.AccessController.checkPermission(AccessController.java:1068)
        at java.****@19.0.2/java.lang.SecurityManager.checkPermission(SecurityManager.java:411)
        at app//org.opensearch.secure_sm.SecureSM.checkThreadGroupAccess(SecureSM.java:248)
...
        at app//org.opensearch.repositories.hdfs.HdfsBlobContainer.writeToPath(HdfsBlobContainer.java:178)
        at app//org.opensearch.repositories.hdfs.HdfsBlobContainer.lambda$writeBlobAtomic$5(HdfsBlobContainer.java:155)
        at app//org.opensearch.repositories.hdfs.HdfsBlobStore.lambda$execute$2(HdfsBlobStore.java:127)
        at java.****@19.0.2/java.security.AccessController.doPrivileged(AccessController.java:712)
        at java.****@19.0.2/java.security.AccessController.doPrivileged(AccessController.java:891)
        at app//org.opensearch.repositories.hdfs.HdfsSecurityContext.doPrivilegedOrThrow(HdfsSecurityContext.java:154)
        at app//org.opensearch.repositories.hdfs.HdfsBlobStore.execute(HdfsBlobStore.java:125)
        at app//org.opensearch.repositories.hdfs.HdfsBlobContainer.writeBlobAtomic(HdfsBlobContainer.java:154)
        at app//org.opensearch.repositories.blobstore.OpenSearchBlobStoreRepositoryIntegTestCase.writeBlob(OpenSearchBlobStoreRepositoryIntegTestCase.java:228)
        at app//org.opensearch.repositories.hdfs.HdfsBlobStoreContainerTests.testReadOnly(HdfsBlobStoreContainerTests.java:143)

There are some past issues or PRs mentioned the java exception when searching java.security.AccessControlException: access denied

@owaiskazi19
Copy link
Member

owaiskazi19 commented Jul 10, 2023
edited
Loading

@reta looks like your were able to upgrade hadoop to 3.3.6? Will this change affect the downstream plugins?

@github-actions
Copy link
Contributor

Gradle Check (Jenkins) Run Completed with:

@reta
Copy link
Collaborator

reta commented Jul 10, 2023

@reta looks like your were able to upgrade hadoop to 3.3.6? Will this change affect the downstream plugins?

@owaiskazi19 Correct but there is a catch - we need to use custom ForkJoinPoolFactory, we probably need to think if that opens up any undesired flaws.

@github-actions
Copy link
Contributor

Gradle Check (Jenkins) Run Completed with:

@github-actions
Copy link
Contributor

Gradle Check (Jenkins) Run Completed with:

@reta reta marked this pull request as ready for review July 25, 2023 16:53
@reta
Bump version of Hadoop dependencies to 3.3.5
c297c7b 
Signed-off-by: Tianli Feng <[email protected]>
Signed-off-by: Andriy Redko <[email protected]>
@codecov
Copy link

codecov bot commented Jul 25, 2023
edited
Loading

Codecov Report

Merging #6995 (c297c7b) into main (5d78de6) will increase coverage by 0.16%.
The diff coverage is 80.55%.

@@             Coverage Diff              @@
##               main    #6995      +/-   ##
============================================
+ Coverage     70.98%   71.14%   +0.16%     
- Complexity    57166    57254      +88     
============================================
  Files          4757     4758       +1     
  Lines        269823   269841      +18     
  Branches      39474    39479       +5     
============================================
+ Hits         191536   191990     +454     
+ Misses        62158    61693     -465     
- Partials      16129    16158      +29
Files Changed Coverage Δ
...a/org/opensearch/gradle/test/DistroTestPlugin.java 0.00% <ø> (ø)
...org/opensearch/index/seqno/ReplicationTracker.java 68.36% <74.07%> (-0.91%) ⬇️
.../secure_sm/SecuredForkJoinWorkerThreadFactory.java 100.00% <100.00%> (ø)
.../replication/checkpoint/ReplicationCheckpoint.java 87.71% <100.00%> (+2.00%) ⬆️

... and 454 files with indirect coverage changes

@github-actions
Copy link
Contributor

Gradle Check (Jenkins) Run Completed with:

@github-actions
Copy link
Contributor

Gradle Check (Jenkins) Run Completed with:

  • RESULT: UNSTABLE ❕
  • TEST FAILURES:
      1 org.opensearch.search.SearchWeightedRoutingIT.testSearchAggregationWithNetworkDisruption_FailOpenEnabled

@andrross andrross merged commit 6786608 into opensearch-project:main Jul 25, 2023
9 checks passed
@opensearch-trigger-bot
Copy link
Contributor

The backport to 2.x failed:

The process '/usr/bin/git' failed with exit code 128

To backport manually, run these commands in your terminal:

# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add ../.worktrees/backport-2.x 2.x
# Navigate to the new working tree
pushd ../.worktrees/backport-2.x
# Create a new branch
git switch --create backport/backport-6995-to-2.x
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 6786608a87d3e7fa306382a38e5702ae830f60e4
# Push it to GitHub
git push --set-upstream origin backport/backport-6995-to-2.x
# Go back to the original working tree
popd
# Delete the working tree
git worktree remove ../.worktrees/backport-2.x

Then, create a pull request where the base branch is 2.x and the compare/head branch is backport/backport-6995-to-2.x.

reta pushed a commit to reta/OpenSearch that referenced this pull request Jul 25, 2023
@reta
Bump version of Hadoop dependencies to 3.3.5 (opensearch-project#6995)
96e36e4 
Signed-off-by: Tianli Feng <[email protected]>
Signed-off-by: Andriy Redko <[email protected]>
(cherry picked from commit 6786608)
@reta reta mentioned this pull request Jul 25, 2023
Merged
kotwanikunal pushed a commit that referenced this pull request Jul 25, 2023
@reta
Bump version of Hadoop dependencies to 3.3.5 (#6995) (#8881)
991d5b9 
Signed-off-by: Tianli Feng <[email protected]>
Signed-off-by: Andriy Redko <[email protected]>
(cherry picked from commit 6786608)

Co-authored-by: Tianli Feng <[email protected]>
baba-devv pushed a commit to baba-devv/OpenSearch that referenced this pull request Jul 29, 2023
@baba-devv
Bump version of Hadoop dependencies to 3.3.5 (opensearch-project#6995)
e9a6bbe 
Signed-off-by: Tianli Feng <[email protected]>
Signed-off-by: Andriy Redko <[email protected]>
kaushalmahi12 pushed a commit to kaushalmahi12/OpenSearch that referenced this pull request Sep 12, 2023
@kaushalmahi12
Bump version of Hadoop dependencies to 3.3.5 (opensearch-project#6995)
577d3f6 
Signed-off-by: Tianli Feng <[email protected]>
Signed-off-by: Andriy Redko <[email protected]>
Signed-off-by: Kaushal Kumar <[email protected]>
brusic pushed a commit to brusic/OpenSearch that referenced this pull request Sep 25, 2023
@brusic
Bump version of Hadoop dependencies to 3.3.5 (opensearch-project#6995)
b77234d 
Signed-off-by: Tianli Feng <[email protected]>
Signed-off-by: Andriy Redko <[email protected]>
Signed-off-by: Ivan Brusic <[email protected]>
shiv0408 pushed a commit to Gaurav614/OpenSearch that referenced this pull request Apr 25, 2024
@shiv0408
Bump version of Hadoop dependencies to 3.3.5 (opensearch-project#6995)
d3401e8 
Signed-off-by: Tianli Feng <[email protected]>
Signed-off-by: Andriy Redko <[email protected]>
Signed-off-by: Shivansh Arora <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@reta reta reta left review comments

@andrross andrross andrross approved these changes

@dreamer-89 dreamer-89 dreamer-89 approved these changes

@anasalkouz anasalkouz Awaiting requested review from anasalkouz anasalkouz is a code owner

@Bukhtawar Bukhtawar Awaiting requested review from Bukhtawar Bukhtawar is a code owner

@CEHENKLE CEHENKLE Awaiting requested review from CEHENKLE CEHENKLE is a code owner

@dblock dblock Awaiting requested review from dblock dblock is a code owner

@gbbafna gbbafna Awaiting requested review from gbbafna gbbafna is a code owner

@setiah setiah Awaiting requested review from setiah

@kartg kartg Awaiting requested review from kartg

@kotwanikunal kotwanikunal Awaiting requested review from kotwanikunal kotwanikunal is a code owner

@mch2 mch2 Awaiting requested review from mch2 mch2 is a code owner

@nknize nknize Awaiting requested review from nknize nknize is a code owner

@owaiskazi19 owaiskazi19 Awaiting requested review from owaiskazi19 owaiskazi19 is a code owner

@Rishikesh1159 Rishikesh1159 Awaiting requested review from Rishikesh1159 Rishikesh1159 is a code owner

@ryanbogan ryanbogan Awaiting requested review from ryanbogan

@saratvemulapalli saratvemulapalli Awaiting requested review from saratvemulapalli saratvemulapalli is a code owner

@shwetathareja shwetathareja Awaiting requested review from shwetathareja shwetathareja is a code owner

@VachaShah VachaShah Awaiting requested review from VachaShah VachaShah is a code owner

@xuezhou25 xuezhou25 Awaiting requested review from xuezhou25

@dbwiddis dbwiddis Awaiting requested review from dbwiddis dbwiddis is a code owner

@sachinpkale sachinpkale Awaiting requested review from sachinpkale sachinpkale is a code owner

@sohami sohami Awaiting requested review from sohami sohami is a code owner

Assignees
No one assigned
Labels
backport 2.x Backport to 2.x branch dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
8 participants
@tlfeng @kotwanikunal @owaiskazi19 @reta @andrross @dreamer-89 @Rishikesh1159 @peterzhuamazon