Ticket created: https://issues.apache.org/jira/browse/KAFKA-9943
I will prepare the PR, shortly. > 27 апр. 2020 г., в 17:55, Ismael Juma <ism...@juma.me.uk> написал(а): > > Yes, a PR would be great. > > Ismael > > On Mon, Apr 27, 2020, 2:10 AM Nikolay Izhikov <nizhi...@apache.org> wrote: > >> Hello, Ismael. >> >> AFAIK we don’t run tests with the TLSv1.3, by default. >> Are you suggesting to do it? >> I can create a PR for it. >> >>> 24 апр. 2020 г., в 17:34, Ismael Juma <ism...@juma.me.uk> написал(а): >>> >>> Right, some companies run them nightly. What I meant to ask is if we >>> changed the configuration so that TLS 1.3 is exercised in the system >> tests >>> by default. >>> >>> Ismael >>> >>> On Fri, Apr 24, 2020 at 7:32 AM Nikolay Izhikov <nizhi...@apache.org> >> wrote: >>> >>>> Hello, Ismael. >>>> >>>> AFAIK we don’t run system tests nightly. >>>> Do we have resources to run system tests periodically? >>>> >>>> When I did the testing I used servers my employer gave me. >>>> >>>>> 24 апр. 2020 г., в 08:05, Ismael Juma <ism...@juma.me.uk> написал(а): >>>>> >>>>> Hi Nikolay, >>>>> >>>>> Seems like we have been able to run the system tests with TLS 1.3. Do >> we >>>>> run them nightly? >>>>> >>>>> Ismael >>>>> >>>>> On Fri, Feb 14, 2020 at 4:17 AM Nikolay Izhikov <nizhi...@apache.org> >>>> wrote: >>>>> >>>>>> Hello, Kafka team. >>>>>> >>>>>> I ran system tests that use SSL for the TLSv1.3. >>>>>> You can find the results of the tests in the Jira ticket [1], [2], >> [3], >>>>>> [4]. >>>>>> >>>>>> I also, need a changes [5] in `security_config.py` to execute system >>>> tests >>>>>> with TLSv1.3(more info in PR description). >>>>>> Please, take a look. >>>>>> >>>>>> Test environment: >>>>>> • openjdk11 >>>>>> • trunk + changes from my PR [5]. >>>>>> >>>>>> Full system tests results have volume 15gb. >>>>>> Should I share full logs with you? >>>>>> >>>>>> What else should be done before we can enable TLSv1.3 by default? >>>>>> >>>>>> [1] >>>>>> >>>> >> https://issues.apache.org/jira/browse/KAFKA-9319?focusedCommentId=17036927&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-17036927 >>>>>> >>>>>> [2] >>>>>> >>>> >> https://issues.apache.org/jira/browse/KAFKA-9319?focusedCommentId=17036928&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-17036928 >>>>>> >>>>>> [3] >>>>>> >>>> >> https://issues.apache.org/jira/browse/KAFKA-9319?focusedCommentId=17036929&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-17036929 >>>>>> >>>>>> [4] >>>>>> >>>> >> https://issues.apache.org/jira/browse/KAFKA-9319?focusedCommentId=17036930&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-17036930 >>>>>> >>>>>> [5] >>>>>> >>>> >> https://github.com/apache/kafka/pull/8106/files#diff-6dd015b94706f6920d9de524c355ddd8R51 >>>>>> >>>>>>> 29 янв. 2020 г., в 15:27, Nikolay Izhikov <nizhikov....@gmail.com> >>>>>> написал(а): >>>>>>> >>>>>>> Hello, Rajini. >>>>>>> >>>>>>> Thanks for the feedback. >>>>>>> >>>>>>> I’ve searched tests by the «ssl» keyword and found the following >> tests: >>>>>>> >>>>>>> ./test/kafkatest/services/kafka_log4j_appender.py >>>>>>> ./test/kafkatest/services/listener_security_config.py >>>>>>> ./test/kafkatest/services/security/security_config.py >>>>>>> ./test/kafkatest/tests/core/security_test.py >>>>>>> >>>>>>> Is this all tests that need to be run with the TLSv1.3 to ensure we >> can >>>>>> enable it by default? >>>>>>> >>>>>>>> 28 янв. 2020 г., в 14:58, Rajini Sivaram <rajinisiva...@gmail.com> >>>>>> написал(а): >>>>>>>> >>>>>>>> Hi Nikolay, >>>>>>>> >>>>>>>> Not sure of the total space required. But you can run a collection >> of >>>>>> tests at a time instead of running them all together. That way, you >>>> could >>>>>> just run all the tests that enable SSL. Details of running a subset of >>>>>> tests are in the README in tests. >>>>>>>> >>>>>>>> On Mon, Jan 27, 2020 at 6:29 PM Nikolay Izhikov < >> nizhi...@apache.org> >>>>>> wrote: >>>>>>>> Hello, Rajini. >>>>>>>> >>>>>>>> I’m tried to run all system tests but failed for now. >>>>>>>> It happens, that system tests generates a lot of logs. >>>>>>>> I had a 250GB of the free space but it all was occupied by the log >>>> from >>>>>> half of the system tests. >>>>>>>> >>>>>>>> Do you have any idea what is summary disc space I need to run all >>>>>> system tests? >>>>>>>> >>>>>>>>> 7 янв. 2020 г., в 14:49, Rajini Sivaram <rajinisiva...@gmail.com> >>>>>> написал(а): >>>>>>>>> >>>>>>>>> Hi Nikolay, >>>>>>>>> >>>>>>>>> There a couple of things you could do: >>>>>>>>> >>>>>>>>> 1) Run all system tests that use SSL with TLSv1.3. I had run a >>>> subset, >>>>>> but >>>>>>>>> it will be good to run all of them. You can do this locally using >>>>>> docker >>>>>>>>> with JDK 11 by updating the files in tests/docker. You will need to >>>>>> update >>>>>>>>> tests/kafkatest/services/security/security_config.py to enable only >>>>>>>>> TLSv1.3. Instructions for running system tests using docker are in >>>>>>>>> https://github.com/apache/kafka/blob/trunk/tests/README.md. >>>>>>>>> 2) For integration tests, we run a small number of tests using >>>> TLSv1.3 >>>>>> if >>>>>>>>> the tests are run using JDK 11 and above. We need to do this for >>>> system >>>>>>>>> tests as well. There is an open JIRA: >>>>>>>>> https://issues.apache.org/jira/browse/KAFKA-9319. Feel free to >>>> assign >>>>>> this >>>>>>>>> to yourself if you have time to do this. >>>>>>>>> >>>>>>>>> Regards, >>>>>>>>> >>>>>>>>> Rajini >>>>>>>>> >>>>>>>>> >>>>>>>>> On Tue, Jan 7, 2020 at 5:15 AM Николай Ижиков <nizhi...@apache.org >>> >>>>>> wrote: >>>>>>>>> >>>>>>>>>> Hello, Rajini. >>>>>>>>>> >>>>>>>>>> Can you, please, clarify, what should be done? >>>>>>>>>> I can try to do tests by myself. >>>>>>>>>> >>>>>>>>>>> 6 янв. 2020 г., в 21:29, Rajini Sivaram <rajinisiva...@gmail.com >>> >>>>>>>>>> написал(а): >>>>>>>>>>> >>>>>>>>>>> Hi Brajesh. >>>>>>>>>>> >>>>>>>>>>> No one is working on this yet, but will follow up with the >>>> Confluent >>>>>>>>>> tools >>>>>>>>>>> team to see when this can be done. >>>>>>>>>>> >>>>>>>>>>> On Mon, Jan 6, 2020 at 3:29 PM Brajesh Kumar < >>>> kbrajesh...@gmail.com> >>>>>>>>>> wrote: >>>>>>>>>>> >>>>>>>>>>>> Hello Rajini, >>>>>>>>>>>> >>>>>>>>>>>> What is the plan to run system tests using JDK 11? Is someone >>>>>> working on >>>>>>>>>>>> this? >>>>>>>>>>>> >>>>>>>>>>>> On Mon, Jan 6, 2020 at 3:00 PM Rajini Sivaram < >>>>>> rajinisiva...@gmail.com> >>>>>>>>>>>> wrote: >>>>>>>>>>>> >>>>>>>>>>>>> Hi Nikolay, >>>>>>>>>>>>> >>>>>>>>>>>>> We can leave the KIP open and restart the discussion once >> system >>>>>> tests >>>>>>>>>>>> are >>>>>>>>>>>>> running. >>>>>>>>>>>>> >>>>>>>>>>>>> Thanks, >>>>>>>>>>>>> >>>>>>>>>>>>> Rajini >>>>>>>>>>>>> >>>>>>>>>>>>> On Mon, Jan 6, 2020 at 2:46 PM Николай Ижиков < >>>> nizhi...@apache.org >>>>>>> >>>>>>>>>>>> wrote: >>>>>>>>>>>>> >>>>>>>>>>>>>> Hello, Rajini. >>>>>>>>>>>>>> >>>>>>>>>>>>>> Thanks, for the feedback. >>>>>>>>>>>>>> >>>>>>>>>>>>>> Should I mark this KIP as declined? >>>>>>>>>>>>>> Or just wait for the system tests results? >>>>>>>>>>>>>> >>>>>>>>>>>>>>> 6 янв. 2020 г., в 17:26, Rajini Sivaram < >>>> rajinisiva...@gmail.com >>>>>>> >>>>>>>>>>>>>> написал(а): >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Hi Nikolay, >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Thanks for the KIP. We currently run system tests using JDK 8 >>>> and >>>>>>>>>>>> hence >>>>>>>>>>>>>> we >>>>>>>>>>>>>>> don't yet have full system test results with TLS 1.3 which >>>>>> requires >>>>>>>>>>>> JDK >>>>>>>>>>>>>> 11. >>>>>>>>>>>>>>> We should wait until that is done before enabling TLS1.3 by >>>>>> default. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Regards, >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Rajini >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> On Mon, Dec 30, 2019 at 5:36 AM Николай Ижиков < >>>>>> nizhi...@apache.org> >>>>>>>>>>>>>> wrote: >>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Hello, Team. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Any feedback on this KIP? >>>>>>>>>>>>>>>> Do we need this in Kafka? >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> 24 дек. 2019 г., в 18:28, Nikolay Izhikov < >>>> nizhi...@apache.org >>>>>>> >>>>>>>>>>>>>>>> написал(а): >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Hello, >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> I'd like to start a discussion of KIP. >>>>>>>>>>>>>>>>> Its goal is to enable TLSv1.3 and disable obsolete versions >>>> by >>>>>>>>>>>>> default. >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>> >>>>>> >>>> >> https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=142641956 >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Your comments and suggestions are welcome. >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> -- >>>>>>>>>>>> Regards, >>>>>>>>>>>> Brajesh Kumar >>>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>> >>>>>>> >>>>>> >>>>>> >>>> >>>> >> >>
