[jira] [Comment Edited] (KAFKA-9319) Run some system tests using TLSv1.3

2020-02-14 Thread Nikolay Izhikov (Jira) 


[ 
https://issues.apache.org/jira/browse/KAFKA-9319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17036932#comment-17036932
 ] 

Nikolay Izhikov edited comment on KAFKA-9319 at 2/14/20 11:37 AM:
--

Hello, [~rsivaram].

I ran system tests that use SSL for the TLSv1.3. You can find the results of 
the tests in the previous messages.
I also sent a part of the Kafka log with the actual properties - so you can 
see, only TLSv1.3 enabled in the config.

Test environment:

  * openjdk11
  * trunk + changes from my PR [1].

Full system tests results have volume 15gb.
Should I share full logs with you?

What else should be done before we can enable TLSv1.3 by default?
Can you, please, take a look at my changes in PR [1]?

As you can see from the log, tests contain failure, mostly for upgrade cases.
Not sure, If it relates to my changes.
It seems those tests fail in the trunk too.

[1] https://github.com/apache/kafka/pull/8106/files


was (Author: nizhikov):
Hello, [~rsivaram].

I ran system tests that use SSL for the TLSv1.3. You can find the results of 
the tests in the previous messages.
I also sent a part of the Kafka log with the actual properties - so you can 
see, only TLSv1.3 enabled in the config.

Test environment:

  * openjdk11
  * trunk + changes from my PR [1].

Full system tests results have volume 15gb.
Should I share full logs with you?

What else should be done before we can enable TLSv1.3 by default?

[1] https://github.com/apache/kafka/pull/8106/files

> Run some system tests using TLSv1.3
> ---
>
> Key: KAFKA-9319
> URL: https://issues.apache.org/jira/browse/KAFKA-9319
> Project: Kafka
>  Issue Type: Test
>Reporter: Rajini Sivaram
>Assignee: Nikolay Izhikov
>Priority: Major
> Fix For: 2.5.0
>
>
> KAFKA-7251 enables TLSv1.3 for Kafka. We should get some system tests to run 
> using TLSv1.3. Since TLSv1.3 is only supported from Java 11 onwards, we need 
> a system test build that runs with JDK 11 to enable these tests.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Comment Edited] (KAFKA-9319) Run some system tests using TLSv1.3

2020-02-06 Thread Nikolay Izhikov (Jira) 


[ 
https://issues.apache.org/jira/browse/KAFKA-9319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17029769#comment-17029769
 ] 

Nikolay Izhikov edited comment on KAFKA-9319 at 2/6/20 10:00 AM:
-

Hello, [~rsivaram].

Sorry, for the first comment. It's obviously wrong :)
Now, I filtered tests with the "security" keyword(SecurityConfig, 
security_protocol, etc.) and got the following lists.
Is it enough to check this list with TLS1.3?

{noformat}
[13:45:51]~/src/kafka/tests:[trunk]$ egrep -irl "security" . | grep -v pyc
./kafkatest/tests/tools/log_compaction_test.py
./kafkatest/tests/tools/log4j_appender_test.py
./kafkatest/tests/tools/replica_verification_test.py
./kafkatest/tests/core/transactions_test.py
./kafkatest/tests/core/mirror_maker_test.py
./kafkatest/tests/core/security_test.py
./kafkatest/tests/core/security_rolling_upgrade_test.py
./kafkatest/tests/core/delegation_token_test.py
./kafkatest/tests/core/zookeeper_security_upgrade_test.py
./kafkatest/tests/core/consumer_group_command_test.py
./kafkatest/tests/core/log_dir_failure_test.py
./kafkatest/tests/core/throttling_test.py
./kafkatest/tests/core/replication_test.py
./kafkatest/tests/core/upgrade_test.py
./kafkatest/tests/core/get_offset_shell_test.py
./kafkatest/tests/core/downgrade_test.py
./kafkatest/tests/connect/connect_distributed_test.py
./kafkatest/tests/connect/connect_test.py
./kafkatest/tests/client/compression_test.py
./kafkatest/tests/client/quota_test.py
./kafkatest/tests/client/client_compatibility_produce_consume_test.py
{noformat}



was (Author: nizhikov):
Hello, [~rsivaram].

Sorry, for the first comment. It's obviously wrong :)
Now, I filtered tests with the "security" keyword(SecurityConfig, 
security_protocol, etc.) and got the following lists.
Is it enough to check this list with TLS1.3?

{noformat}
[13:45:51]~/src/kafka/tests:[trunk]$ egrep -irl "security" . | grep -v pyc
./README.md
./kafkatest/sanity_checks/test_console_consumer.py
./kafkatest/tests/tools/log_compaction_test.py
./kafkatest/tests/tools/log4j_appender_test.py
./kafkatest/tests/tools/replica_verification_test.py
./kafkatest/tests/core/transactions_test.py
./kafkatest/tests/core/mirror_maker_test.py
./kafkatest/tests/core/security_test.py
./kafkatest/tests/core/security_rolling_upgrade_test.py
./kafkatest/tests/core/delegation_token_test.py
./kafkatest/tests/core/zookeeper_security_upgrade_test.py
./kafkatest/tests/core/consumer_group_command_test.py
./kafkatest/tests/core/log_dir_failure_test.py
./kafkatest/tests/core/throttling_test.py
./kafkatest/tests/core/replication_test.py
./kafkatest/tests/core/upgrade_test.py
./kafkatest/tests/core/get_offset_shell_test.py
./kafkatest/tests/core/downgrade_test.py
./kafkatest/tests/connect/connect_distributed_test.py
./kafkatest/tests/connect/templates/connect-standalone.properties
./kafkatest/tests/connect/templates/connect-distributed.properties
./kafkatest/tests/connect/connect_test.py
./kafkatest/tests/client/compression_test.py
./kafkatest/tests/client/quota_test.py
./kafkatest/tests/client/client_compatibility_produce_consume_test.py
./kafkatest/benchmarks/core/benchmark_test.py
./kafkatest/services/replica_verification_tool.py
./kafkatest/services/kafka_log4j_appender.py
./kafkatest/services/transactional_message_copier.py
./kafkatest/services/verifiable_client.py
./kafkatest/services/console_consumer.py
./kafkatest/services/connect.py
./kafkatest/services/log_compaction_tester.py
./kafkatest/services/security/listener_security_config.py
./kafkatest/services/security/templates/jaas.conf
./kafkatest/services/security/minikdc.py
./kafkatest/services/security/security_config.py
./kafkatest/services/zookeeper.py
./kafkatest/services/delegation_tokens.py
./kafkatest/services/mirror_maker.py
./kafkatest/services/verifiable_consumer.py
./kafkatest/services/verifiable_producer.py
./kafkatest/services/kafka/config_property.py
./kafkatest/services/kafka/kafka.py
./kafkatest/services/kafka/templates/kafka.properties
./kafkatest/services/templates/mirror_maker_consumer.properties
./kafkatest/services/templates/mirror_maker_producer.properties
./kafkatest/services/performance/producer_performance.py
./kafkatest/services/performance/end_to_end_latency.py
./kafkatest/services/performance/consumer_performance.py
{noformat}


> Run some system tests using TLSv1.3
> ---
>
> Key: KAFKA-9319
> URL: https://issues.apache.org/jira/browse/KAFKA-9319
> Project: Kafka
>  Issue Type: Test
>Reporter: Rajini Sivaram
>Assignee: Nikolay Izhikov
>Priority: Major
> Fix For: 2.5.0
>
>
> KAFKA-7251 enables TLSv1.3 for Kafka. We should get some system tests to run 
> using TLSv1.3. Since TLSv1.3 is only supported from Java 11 onwards, we need 
> a system test build that runs with JDK 11 to enable these tests.



--