RE: Poll: Merge jira/http2 to master branch

Tue, 27 Nov 2018 02:37:38 -0800 

Hi,

Because if you install Jetty, to renable conscrypt, you have to start a special 
command and accept the non-eclipse license:
https://www.eclipse.org/jetty/documentation/9.4.x/jetty-ssl-distribution.html#jetty-conscrypt-distribution

Conscrypt SSL Configuration
Enabling Conscrypt SSL is just as easy as default SSL - enable both the 
conscrypt and ssl modules:

$ cd ${JETTY_HOME}
$ java -jar ../start.jar --add-to-start=ssl,conscrypt

ALERT: There are enabled module(s) with licenses.
The following 1 module(s):
 + contains software not provided by the Eclipse Foundation!
 + contains software not covered by the Eclipse Public License!
 + has not been audited for compliance with its license

 Module: conscrypt
  + Conscrypt is distributed under the Apache Licence 2.0
  + https://github.com/google/conscrypt/blob/master/LICENSE

Proceed (y/N)? y
INFO  : server          transitively enabled, ini template available with 
--add-to-start=server
INFO  : conscrypt       initialized in ${jetty.base}/start.d/conscrypt.ini
INFO  : ssl             initialized in ${jetty.base}/start.d/ssl.ini
MKDIR : ${jetty.base}/lib/conscrypt
DOWNLD: 
https://repo1.maven.org/maven2/org/conscrypt/conscrypt-openjdk-uber/1.0.0.RC11/conscrypt-openjdk-uber-1.0.0.RC11.jar
 to ${jetty.base}/lib/conscrypt/conscrypt-uber-1.0.0.RC11.jar
MKDIR : ${jetty.base}/etc
COPY  : ${jetty.home}/modules/conscrypt/conscrypt.xml to 
${jetty.base}/etc/conscrypt.xml
COPY  : ${jetty.home}/modules/ssl/keystore to ${jetty.base}/etc/keystore
INFO  : Base directory was modified
No additional Conscrypt configuration is needed. SSL-specific parameters, like 
keyStorePath and keyStorePassword can still configured as in the example above, 
making use of the ${JETTY_BASE}/start.d/ssl.ini file.

Maybe we should do the same for solr: If you want full performance you may 
install conscrypt in your Solr working dir or the SolrJ client, but otherwise 
it should use non-native code shipped with JDK only. Maybe we should disable 
HTTP2 for Java 8 by default and only enable it if user installs conscrypt.

I have the feeling, we have to include ASF Legal department!
Uwe

-----
Uwe Schindler
Achterdiek 19, D-28357 Bremen
http://www.thetaphi.de
eMail: u...@thetaphi.de

> -----Original Message-----
> From: Uwe Schindler <u...@thetaphi.de>
> Sent: Tuesday, November 27, 2018 11:32 AM
> To: dev@lucene.apache.org
> Subject: RE: Poll: Merge jira/http2 to master branch
> 
> Thanks Upayavira,
> 
> I leave that open to Dat to update it. BTW, there are still checksum files
> missing for many jars.
> 
> I'd like to bring one thing into attention: This library conscrypt is ASF2-
> licensed, but the JAR files contain binary versions of an OpenSSL fork named
> BoringSSL. I'd recommend to check the licensing, because OpenSSL licenses
> are a bit strange (some BSD fork, also ASF2, but some code is still outdated 
> - I
> am not sure what the fork actually uses). I have the feeling we should include
> ASF legal department.
> 
> Nevertheless, I am not 100% sure if conscrypt should really be inclued by
> default in SolrJ. As SolrJ is a client library for Solr and can be used by 
> external
> projects, there is the problem of incompatibilities with the native C code
> included. E.g., if one uses SolrJ with IBM J9 or other Java versions different
> from openjdk. So I'd be careful. My question is: Do we really need that
> library. To me it looks like it improves speed only, or is there something 
> that
> requires its use?
> 
> Uwe
> 
> -----
> Uwe Schindler
> Achterdiek 19, D-28357 Bremen
> http://www.thetaphi.de
> eMail: u...@thetaphi.de
> 
> > -----Original Message-----
> > From: Malcolm Upayavira Holmes <u...@odoko.co.uk>
> > Sent: Tuesday, November 27, 2018 11:17 AM
> > To: dev@lucene.apache.org
> > Subject: Re: Poll: Merge jira/http2 to master branch
> >
> > Uwe - there is already a release newer than the commit
> >
> > On Tue, 27 Nov 2018, at 8:03 AM, Uwe Schindler wrote:
> > > Ah I figured out, there is an issue open already:
> > > https://github.com/google/conscrypt/issues/560
> > >
> > > Seems to be closed, so we have to wait for a new release, right?
> > >
> > > Uwe
> > >
> > > -----
> > > Uwe Schindler
> > > Achterdiek 19, D-28357 Bremen
> > > http://www.thetaphi.de
> > > eMail: u...@thetaphi.de
> > >
> > > > -----Original Message-----
> > > > From: Uwe Schindler <u...@thetaphi.de>
> > > > Sent: Tuesday, November 27, 2018 8:48 AM
> > > > To: dev@lucene.apache.org
> > > > Subject: RE: Poll: Merge jira/http2 to master branch
> > > >
> > > > It seems to work with Java 9/10/11, but with Java 8 almost all Solr 
> > > > tests
> > fail.
> > > > Reason is a mising JAR library: conscrypt.jar (which seems to be used by
> > Jetty
> > > > to support some HTTP/2 requires stuff not included in the JDK).
> > > >
> > > > We should at least disable HTTP/2 in Java 8 or add this library (seems 
> > > > to
> > > > contain native code): https://github.com/google/conscrypt#uber-jar
> > > >
> > > > Uwe
> > > >
> > > > -----
> > > > Uwe Schindler
> > > > Achterdiek 19, D-28357 Bremen
> > > > http://www.thetaphi.de
> > > > eMail: u...@thetaphi.de
> > > >
> > > > > -----Original Message-----
> > > > > From: Uwe Schindler <u...@thetaphi.de>
> > > > > Sent: Tuesday, November 27, 2018 12:38 AM
> > > > > To: dev@lucene.apache.org
> > > > > Subject: RE: Poll: Merge jira/http2 to master branch
> > > > >
> > > > > OK,
> > > > >
> > > > > I created 4 Jobs on Policeman Jenkins (Linux, Windows, macos,
> Solaris).
> > On
> > > > > ASF Jenkins I created the standard "tests" job for now, others can be
> > added
> > > > > later. They are called "http2" at the place of the version (instead of
> > "7.x",
> > > > > "7.6", "master").
> > > > >
> > > > > Let's see how it behaves,
> > > > > Uwe
> > > > >
> > > > > -----
> > > > > Uwe Schindler
> > > > > Achterdiek 19, D-28357 Bremen
> > > > > http://www.thetaphi.de
> > > > > eMail: u...@thetaphi.de
> > > > >
> > > > > > -----Original Message-----
> > > > > > From: Uwe Schindler <u...@thetaphi.de>
> > > > > > Sent: Tuesday, November 27, 2018 12:22 AM
> > > > > > To: dev@lucene.apache.org
> > > > > > Subject: RE: Poll: Merge jira/http2 to master branch
> > > > > >
> > > > > > Ah sorry, I did not see the ping. Where did you try to contact me?
> > > > > >
> > > > > > Uwe
> > > > > >
> > > > > > -----
> > > > > > Uwe Schindler
> > > > > > Achterdiek 19, D-28357 Bremen
> > > > > > http://www.thetaphi.de
> > > > > > eMail: u...@thetaphi.de
> > > > > >
> > > > > > > -----Original Message-----
> > > > > > > From: Chris Hostetter <hossman_luc...@fucit.org>
> > > > > > > Sent: Monday, November 26, 2018 10:59 PM
> > > > > > > To: dev@lucene.apache.org
> > > > > > > Subject: RE: Poll: Merge jira/http2 to master branch
> > > > > > >
> > > > > > >
> > > > > > > : The job would use the usual randomization anyways, so what's
> > your
> > > > > > > : special request? So we should see an improvement asap.
> > > > > > >
> > > > > > > No special request beyond asking you to setup a job on your
> > personal
> > > > > > > jenkins server -- just pointing out that i tried asking you for 
> > > > > > > this via
> > > > > > > jira ping 2 weeks ago :)
> > > > > > >
> > > > > > > And yes: if my experimentation is correct, we should see a much
> > lower
> > > > > rate
> > > > > > > of failures from your box when testing Dat's http2 branch with
> > java>9 vs
> > > > > > > what we see w/master & 7x
> > > > > > >
> > > > > > > : > : I’d prefer to just add jenkins jobs for the “http2” branch 
> > > > > > > and
> not
> > yet
> > > > > > > : >
> > > > > > > : > Uwe: note that in particular it would be really helpful to 
> > > > > > > have a
> > > > > > > : > jira/http2 jenkins job setup on your policeman's jenkins box,
> > where
> > > > > > java11
> > > > > > > : > and java12 are randomized, since you seem to hit the java>9
> SSL
> > > > > related
> > > > > > > : > bugs the most, and AFAICT those problems are fixed on the
> > > > jira/http2
> > > > > > > : > branch -- see comments in SOLR-12990 (and related SOLR-
> 12988)
> > > > > > >
> > > > > > >
> > > > > > > -Hoss
> > > > > > > http://www.lucidworks.com/
> > > > > >
> > > > > >
> > > > > > ---------------------------------------------------------------------
> > > > > > To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
> > > > > > For additional commands, e-mail: dev-h...@lucene.apache.org
> > > > >
> > > > >
> > > > > ---------------------------------------------------------------------
> > > > > To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
> > > > > For additional commands, e-mail: dev-h...@lucene.apache.org
> > > >
> > > >
> > > > ---------------------------------------------------------------------
> > > > To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
> > > > For additional commands, e-mail: dev-h...@lucene.apache.org
> > >
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
> > > For additional commands, e-mail: dev-h...@lucene.apache.org
> > >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
> > For additional commands, e-mail: dev-h...@lucene.apache.org
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
> For additional commands, e-mail: dev-h...@lucene.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org

Reply via email to