Skip to content

Commit

Permalink
Allow IntegTestClusters to run with FIPS 140 JVMs (elastic#39917)
Browse files Browse the repository at this point in the history
The changes in elastic#39732 mean that nodes in the IntegTest clusters will
now run with whichever java version is defined as `runtime.java` and
not JAVA_HOME anymore.
This means that these nodes will also run in JVM with fips approved
mode enabled and as such, need to have access to the password for the
BCFKS keystore that is used as the default keystore/truststore.

This change sets the two necessary system properties.

Resolves elastic#39855
  • Loading branch information
jkakavas authored and danielmitterdorfer committed Mar 11, 2019
1 parent b7be724 commit 91a8dce
Showing 1 changed file with 6 additions and 0 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -317,6 +317,12 @@ class ClusterFormationTasks {
// its run after plugins have been installed, as the extra config files may belong to plugins
setup = configureExtraConfigFilesTask(taskName(prefix, node, 'extraConfig'), project, setup, node)

// If the node runs in a FIPS 140-2 JVM, the BCFKS default keystore will be password protected
if (project.inFipsJvm){
node.config.systemProperties.put('javax.net.ssl.trustStorePassword', 'password')
node.config.systemProperties.put('javax.net.ssl.keyStorePassword', 'password')
}

// extra setup commands
for (Map.Entry<String, Object[]> command : node.config.setupCommands.entrySet()) {
// the first argument is the actual script name, relative to home
Expand Down

0 comments on commit 91a8dce

Please sign in to comment.