Home Explore Help
Sign In
lqb
/
elasticsearch
mirror of https://gitee.com/mirrors/elasticsearch.git
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

Allow IntegTestClusters to run with FIPS 140 JVMs (#39917)

The changes in #39732 mean that nodes in the IntegTest clusters will
now run with whichever java version is defined as `runtime.java` and
not JAVA_HOME anymore.
This means that these nodes will also run in JVM with fips approved
mode enabled and as such, need to have access to the password for the
BCFKS keystore that is used as the default keystore/truststore.

This change sets the two necessary system properties.

Resolves #39855
Ioannis Kakavas 6 years ago
parent
972ebe1014
commit
0e1cf3e01d
1 changed files with 6 additions and 0 deletions
Split View Show Diff Stats
  1. 6 0
      buildSrc/src/main/groovy/org/elasticsearch/gradle/test/ClusterFormationTasks.groovy

+ 6 - 0
buildSrc/src/main/groovy/org/elasticsearch/gradle/test/ClusterFormationTasks.groovy
View File 

@@ -299,6 +299,12 @@ class ClusterFormationTasks {
 
         // its run after plugins have been installed, as the extra config files may belong to plugins
 
         setup = configureExtraConfigFilesTask(taskName(prefix, node, 'extraConfig'), project, setup, node)
 
 
+        // If the node runs in a FIPS 140-2 JVM, the BCFKS default keystore will be password protected
 
+        if (project.inFipsJvm){
 
+            node.config.systemProperties.put('javax.net.ssl.trustStorePassword', 'password')
 
+            node.config.systemProperties.put('javax.net.ssl.keyStorePassword', 'password')
 
+        }
 
+
 
         // extra setup commands
 
         for (Map.Entry<String, Object[]> command : node.config.setupCommands.entrySet()) {
 
             // the first argument is the actual script name, relative to home