Hello, Ismael. AFAIK we don’t run tests with the TLSv1.3, by default. Are you suggesting to do it? I can create a PR for it.
> 24 апр. 2020 г., в 17:34, Ismael Juma <ism...@juma.me.uk> написал(а): > > Right, some companies run them nightly. What I meant to ask is if we > changed the configuration so that TLS 1.3 is exercised in the system tests > by default. > > Ismael > > On Fri, Apr 24, 2020 at 7:32 AM Nikolay Izhikov <nizhi...@apache.org> wrote: > >> Hello, Ismael. >> >> AFAIK we don’t run system tests nightly. >> Do we have resources to run system tests periodically? >> >> When I did the testing I used servers my employer gave me. >> >>> 24 апр. 2020 г., в 08:05, Ismael Juma <ism...@juma.me.uk> написал(а): >>> >>> Hi Nikolay, >>> >>> Seems like we have been able to run the system tests with TLS 1.3. Do we >>> run them nightly? >>> >>> Ismael >>> >>> On Fri, Feb 14, 2020 at 4:17 AM Nikolay Izhikov <nizhi...@apache.org> >> wrote: >>> >>>> Hello, Kafka team. >>>> >>>> I ran system tests that use SSL for the TLSv1.3. >>>> You can find the results of the tests in the Jira ticket [1], [2], [3], >>>> [4]. >>>> >>>> I also, need a changes [5] in `security_config.py` to execute system >> tests >>>> with TLSv1.3(more info in PR description). >>>> Please, take a look. >>>> >>>> Test environment: >>>> • openjdk11 >>>> • trunk + changes from my PR [5]. >>>> >>>> Full system tests results have volume 15gb. >>>> Should I share full logs with you? >>>> >>>> What else should be done before we can enable TLSv1.3 by default? >>>> >>>> [1] >>>> >> https://issues.apache.org/jira/browse/KAFKA-9319?focusedCommentId=17036927&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-17036927 >>>> >>>> [2] >>>> >> https://issues.apache.org/jira/browse/KAFKA-9319?focusedCommentId=17036928&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-17036928 >>>> >>>> [3] >>>> >> https://issues.apache.org/jira/browse/KAFKA-9319?focusedCommentId=17036929&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-17036929 >>>> >>>> [4] >>>> >> https://issues.apache.org/jira/browse/KAFKA-9319?focusedCommentId=17036930&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-17036930 >>>> >>>> [5] >>>> >> https://github.com/apache/kafka/pull/8106/files#diff-6dd015b94706f6920d9de524c355ddd8R51 >>>> >>>>> 29 янв. 2020 г., в 15:27, Nikolay Izhikov <nizhikov....@gmail.com> >>>> написал(а): >>>>> >>>>> Hello, Rajini. >>>>> >>>>> Thanks for the feedback. >>>>> >>>>> I’ve searched tests by the «ssl» keyword and found the following tests: >>>>> >>>>> ./test/kafkatest/services/kafka_log4j_appender.py >>>>> ./test/kafkatest/services/listener_security_config.py >>>>> ./test/kafkatest/services/security/security_config.py >>>>> ./test/kafkatest/tests/core/security_test.py >>>>> >>>>> Is this all tests that need to be run with the TLSv1.3 to ensure we can >>>> enable it by default? >>>>> >>>>>> 28 янв. 2020 г., в 14:58, Rajini Sivaram <rajinisiva...@gmail.com> >>>> написал(а): >>>>>> >>>>>> Hi Nikolay, >>>>>> >>>>>> Not sure of the total space required. But you can run a collection of >>>> tests at a time instead of running them all together. That way, you >> could >>>> just run all the tests that enable SSL. Details of running a subset of >>>> tests are in the README in tests. >>>>>> >>>>>> On Mon, Jan 27, 2020 at 6:29 PM Nikolay Izhikov <nizhi...@apache.org> >>>> wrote: >>>>>> Hello, Rajini. >>>>>> >>>>>> I’m tried to run all system tests but failed for now. >>>>>> It happens, that system tests generates a lot of logs. >>>>>> I had a 250GB of the free space but it all was occupied by the log >> from >>>> half of the system tests. >>>>>> >>>>>> Do you have any idea what is summary disc space I need to run all >>>> system tests? >>>>>> >>>>>>> 7 янв. 2020 г., в 14:49, Rajini Sivaram <rajinisiva...@gmail.com> >>>> написал(а): >>>>>>> >>>>>>> Hi Nikolay, >>>>>>> >>>>>>> There a couple of things you could do: >>>>>>> >>>>>>> 1) Run all system tests that use SSL with TLSv1.3. I had run a >> subset, >>>> but >>>>>>> it will be good to run all of them. You can do this locally using >>>> docker >>>>>>> with JDK 11 by updating the files in tests/docker. You will need to >>>> update >>>>>>> tests/kafkatest/services/security/security_config.py to enable only >>>>>>> TLSv1.3. Instructions for running system tests using docker are in >>>>>>> https://github.com/apache/kafka/blob/trunk/tests/README.md. >>>>>>> 2) For integration tests, we run a small number of tests using >> TLSv1.3 >>>> if >>>>>>> the tests are run using JDK 11 and above. We need to do this for >> system >>>>>>> tests as well. There is an open JIRA: >>>>>>> https://issues.apache.org/jira/browse/KAFKA-9319. Feel free to >> assign >>>> this >>>>>>> to yourself if you have time to do this. >>>>>>> >>>>>>> Regards, >>>>>>> >>>>>>> Rajini >>>>>>> >>>>>>> >>>>>>> On Tue, Jan 7, 2020 at 5:15 AM Николай Ижиков <nizhi...@apache.org> >>>> wrote: >>>>>>> >>>>>>>> Hello, Rajini. >>>>>>>> >>>>>>>> Can you, please, clarify, what should be done? >>>>>>>> I can try to do tests by myself. >>>>>>>> >>>>>>>>> 6 янв. 2020 г., в 21:29, Rajini Sivaram <rajinisiva...@gmail.com> >>>>>>>> написал(а): >>>>>>>>> >>>>>>>>> Hi Brajesh. >>>>>>>>> >>>>>>>>> No one is working on this yet, but will follow up with the >> Confluent >>>>>>>> tools >>>>>>>>> team to see when this can be done. >>>>>>>>> >>>>>>>>> On Mon, Jan 6, 2020 at 3:29 PM Brajesh Kumar < >> kbrajesh...@gmail.com> >>>>>>>> wrote: >>>>>>>>> >>>>>>>>>> Hello Rajini, >>>>>>>>>> >>>>>>>>>> What is the plan to run system tests using JDK 11? Is someone >>>> working on >>>>>>>>>> this? >>>>>>>>>> >>>>>>>>>> On Mon, Jan 6, 2020 at 3:00 PM Rajini Sivaram < >>>> rajinisiva...@gmail.com> >>>>>>>>>> wrote: >>>>>>>>>> >>>>>>>>>>> Hi Nikolay, >>>>>>>>>>> >>>>>>>>>>> We can leave the KIP open and restart the discussion once system >>>> tests >>>>>>>>>> are >>>>>>>>>>> running. >>>>>>>>>>> >>>>>>>>>>> Thanks, >>>>>>>>>>> >>>>>>>>>>> Rajini >>>>>>>>>>> >>>>>>>>>>> On Mon, Jan 6, 2020 at 2:46 PM Николай Ижиков < >> nizhi...@apache.org >>>>> >>>>>>>>>> wrote: >>>>>>>>>>> >>>>>>>>>>>> Hello, Rajini. >>>>>>>>>>>> >>>>>>>>>>>> Thanks, for the feedback. >>>>>>>>>>>> >>>>>>>>>>>> Should I mark this KIP as declined? >>>>>>>>>>>> Or just wait for the system tests results? >>>>>>>>>>>> >>>>>>>>>>>>> 6 янв. 2020 г., в 17:26, Rajini Sivaram < >> rajinisiva...@gmail.com >>>>> >>>>>>>>>>>> написал(а): >>>>>>>>>>>>> >>>>>>>>>>>>> Hi Nikolay, >>>>>>>>>>>>> >>>>>>>>>>>>> Thanks for the KIP. We currently run system tests using JDK 8 >> and >>>>>>>>>> hence >>>>>>>>>>>> we >>>>>>>>>>>>> don't yet have full system test results with TLS 1.3 which >>>> requires >>>>>>>>>> JDK >>>>>>>>>>>> 11. >>>>>>>>>>>>> We should wait until that is done before enabling TLS1.3 by >>>> default. >>>>>>>>>>>>> >>>>>>>>>>>>> Regards, >>>>>>>>>>>>> >>>>>>>>>>>>> Rajini >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> On Mon, Dec 30, 2019 at 5:36 AM Николай Ижиков < >>>> nizhi...@apache.org> >>>>>>>>>>>> wrote: >>>>>>>>>>>>> >>>>>>>>>>>>>> Hello, Team. >>>>>>>>>>>>>> >>>>>>>>>>>>>> Any feedback on this KIP? >>>>>>>>>>>>>> Do we need this in Kafka? >>>>>>>>>>>>>> >>>>>>>>>>>>>>> 24 дек. 2019 г., в 18:28, Nikolay Izhikov < >> nizhi...@apache.org >>>>> >>>>>>>>>>>>>> написал(а): >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Hello, >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> I'd like to start a discussion of KIP. >>>>>>>>>>>>>>> Its goal is to enable TLSv1.3 and disable obsolete versions >> by >>>>>>>>>>> default. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> >>>>>>>> >>>> >> https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=142641956 >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Your comments and suggestions are welcome. >>>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> Regards, >>>>>>>>>> Brajesh Kumar >>>>>>>>>> >>>>>>>> >>>>>>>> >>>>>> >>>>> >>>> >>>> >> >>
