From commits-return-8561-archive-asf-public=cust-asf.ponee.io@kudu.apache.org Mon Mar 9 04:11:05 2020 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [207.244.88.153]) by mx-eu-01.ponee.io (Postfix) with SMTP id 5B3D2180634 for ; Mon, 9 Mar 2020 05:11:05 +0100 (CET) Received: (qmail 54892 invoked by uid 500); 9 Mar 2020 04:11:04 -0000 Mailing-List: contact commits-help@kudu.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@kudu.apache.org Delivered-To: mailing list commits@kudu.apache.org Received: (qmail 54872 invoked by uid 99); 9 Mar 2020 04:11:03 -0000 Received: from ec2-52-202-80-70.compute-1.amazonaws.com (HELO gitbox.apache.org) (52.202.80.70) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 09 Mar 2020 04:11:03 +0000 Received: by gitbox.apache.org (ASF Mail Server at gitbox.apache.org, from userid 33) id 4EEA48B69A; Mon, 9 Mar 2020 04:11:02 +0000 (UTC) Date: Mon, 09 Mar 2020 04:11:04 +0000 To: "commits@kudu.apache.org" Subject: [kudu] 02/02: [test-util] set OpenSSL security level for kudu CLI MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit From: alexey@apache.org In-Reply-To: <158372706290.20765.8473359598142611636@gitbox.apache.org> References: <158372706290.20765.8473359598142611636@gitbox.apache.org> X-Git-Host: gitbox.apache.org X-Git-Repo: kudu X-Git-Refname: refs/heads/master X-Git-Reftype: branch X-Git-Rev: 05dd6f8d8c9ea8c10012bc7e90b19beabc74d303 X-Git-NotificationType: diff X-Git-Multimail-Version: 1.5.dev Auto-Submitted: auto-generated Message-Id: <20200309041103.4EEA48B69A@gitbox.apache.org> This is an automated email from the ASF dual-hosted git repository. alexey pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/kudu.git commit 05dd6f8d8c9ea8c10012bc7e90b19beabc74d303 Author: Alexey Serbin AuthorDate: Fri Mar 6 16:09:55 2020 -0800 [test-util] set OpenSSL security level for kudu CLI This patch adds --openssl_security_level_override=1 option for all kudu CLI invocations run via RunKuduTool() utility function. With that, the client-side parts of the kudu CLI are able to verify certificates signed by shorter keys generated for test scenarios even when run on contemporary Linux OS distributions like RHEL/CentOS 8.x where the OpenSSL library is built with default security level 2. This is a follow-up to 93e85876f472b2668604ce5c15eafb17ce303989. Change-Id: I318621bc453ac5e25cd80070a9f3e56455e3f73b Reviewed-on: http://gerrit.cloudera.org:8080/15384 Tested-by: Alexey Serbin Reviewed-by: Adar Dembo --- src/kudu/tools/tool_test_util.cc | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/src/kudu/tools/tool_test_util.cc b/src/kudu/tools/tool_test_util.cc index a0cbbcb..59c3696 100644 --- a/src/kudu/tools/tool_test_util.cc +++ b/src/kudu/tools/tool_test_util.cc @@ -55,8 +55,10 @@ Status RunKuduTool(const vector& args, string* out, string* err, const std::string& in) { vector total_args = { GetKuduToolAbsolutePath() }; - // Speed up filesystem-based operations. + // Some scenarios might add unsafe flags for testing purposes. total_args.emplace_back("--unlock_unsafe_flags"); + + // Speed up filesystem-based operations. total_args.emplace_back("--never_fsync"); // Do not colorize glog's output (i.e. messages logged via LOG()) even @@ -65,6 +67,12 @@ Status RunKuduTool(const vector& args, string* out, string* err, // (e.g., the exact location of some substring/character in the output line). total_args.emplace_back("--nocolorlogtostderr"); + // Kudu masters and tablet servers run as a part of external mini-cluster use + // shorter keys. Newer OS distros have OpenSSL built with the default security + // level higher than 1, so it's necessary to override it on the client + // side as well to allow clients to accept and verify TLS certificates. + total_args.emplace_back("--openssl_security_level_override=1"); + total_args.insert(total_args.end(), args.begin(), args.end()); return Subprocess::Call(total_args, in, out, err); }