Example 1 with NodeValidationException
use of org.opensearch.node.NodeValidationException in project OpenSearch by opensearch-project.
the class Bootstrap method setup.
private void setup(boolean addShutdownHook, Environment environment) throws BootstrapException {
Settings settings = environment.settings();
try {
spawner.spawnNativeControllers(environment, true);
} catch (IOException e) {
throw new BootstrapException(e);
}
initializeNatives(environment.tmpFile(), BootstrapSettings.MEMORY_LOCK_SETTING.get(settings), BootstrapSettings.SYSTEM_CALL_FILTER_SETTING.get(settings), BootstrapSettings.CTRLHANDLER_SETTING.get(settings));
// initialize probes before the security manager is installed
initializeProbes();
if (addShutdownHook) {
Runtime.getRuntime().addShutdownHook(new Thread() {
@Override
public void run() {
try {
IOUtils.close(node, spawner);
LoggerContext context = (LoggerContext) LogManager.getContext(false);
Configurator.shutdown(context);
if (node != null && node.awaitClose(10, TimeUnit.SECONDS) == false) {
throw new IllegalStateException("Node didn't stop within 10 seconds. " + "Any outstanding requests or tasks might get killed.");
}
} catch (IOException ex) {
throw new OpenSearchException("failed to stop node", ex);
} catch (InterruptedException e) {
LogManager.getLogger(Bootstrap.class).warn("Thread got interrupted while waiting for the node to shutdown.");
Thread.currentThread().interrupt();
}
}
});
}
try {
// look for jar hell
final Logger logger = LogManager.getLogger(JarHell.class);
JarHell.checkJarHell(logger::debug);
} catch (IOException | URISyntaxException e) {
throw new BootstrapException(e);
}
// Log ifconfig output before SecurityManager is installed
IfConfig.logIfNecessary();
// install SM after natives, shutdown hooks, etc.
try {
Security.configure(environment, BootstrapSettings.SECURITY_FILTER_BAD_DEFAULTS_SETTING.get(settings));
} catch (IOException | NoSuchAlgorithmException e) {
throw new BootstrapException(e);
}
node = new Node(environment) {
@Override
protected void validateNodeBeforeAcceptingRequests(final BootstrapContext context, final BoundTransportAddress boundTransportAddress, List<BootstrapCheck> checks) throws NodeValidationException {
BootstrapChecks.check(context, boundTransportAddress, checks);
}
};
}
Also used :
Node(org.opensearch.node.Node)
IOException(java.io.IOException)
URISyntaxException(java.net.URISyntaxException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
DeprecationLogger(org.opensearch.common.logging.DeprecationLogger)
Logger(org.apache.logging.log4j.Logger)
LoggerContext(org.apache.logging.log4j.core.LoggerContext)
NodeValidationException(org.opensearch.node.NodeValidationException)
BoundTransportAddress(org.opensearch.common.transport.BoundTransportAddress)
OpenSearchException(org.opensearch.OpenSearchException)
Settings(org.opensearch.common.settings.Settings)
SecureSettings(org.opensearch.common.settings.SecureSettings)
Example 2 with NodeValidationException
use of org.opensearch.node.NodeValidationException in project OpenSearch by opensearch-project.
the class Bootstrap method init.
/**
* This method is invoked by {@link OpenSearch#main(String[])} to startup opensearch.
*/
static void init(final boolean foreground, final Path pidFile, final boolean quiet, final Environment initialEnv) throws BootstrapException, NodeValidationException, UserException {
// force the class initializer for BootstrapInfo to run before
// the security manager is installed
BootstrapInfo.init();
INSTANCE = new Bootstrap();
final SecureSettings keystore = loadSecureSettings(initialEnv);
final Environment environment = createEnvironment(pidFile, keystore, initialEnv.settings(), initialEnv.configFile());
LogConfigurator.setNodeName(Node.NODE_NAME_SETTING.get(environment.settings()));
try {
LogConfigurator.configure(environment);
} catch (IOException e) {
throw new BootstrapException(e);
}
if (JavaVersion.current().compareTo(JavaVersion.parse("11")) < 0) {
final String message = String.format(Locale.ROOT, "future versions of OpenSearch will require Java 11; " + "your Java version from [%s] does not meet this requirement", System.getProperty("java.home"));
DeprecationLogger.getLogger(Bootstrap.class).deprecate("java_version_11_required", message);
}
if (environment.pidFile() != null) {
try {
PidFile.create(environment.pidFile(), true);
} catch (IOException e) {
throw new BootstrapException(e);
}
}
final boolean closeStandardStreams = (foreground == false) || quiet;
try {
if (closeStandardStreams) {
final Logger rootLogger = LogManager.getRootLogger();
final Appender maybeConsoleAppender = Loggers.findAppender(rootLogger, ConsoleAppender.class);
if (maybeConsoleAppender != null) {
Loggers.removeAppender(rootLogger, maybeConsoleAppender);
}
closeSystOut();
}
// fail if somebody replaced the lucene jars
checkLucene();
// install the default uncaught exception handler; must be done before security is
// initialized as we do not want to grant the runtime permission
// setDefaultUncaughtExceptionHandler
Thread.setDefaultUncaughtExceptionHandler(new OpenSearchUncaughtExceptionHandler());
INSTANCE.setup(true, environment);
try {
// any secure settings must be read during node construction
IOUtils.close(keystore);
} catch (IOException e) {
throw new BootstrapException(e);
}
INSTANCE.start();
// startup errors via journalctl.
if (foreground == false) {
closeSysError();
}
} catch (NodeValidationException | RuntimeException e) {
// disable console logging, so user does not see the exception twice (jvm will show it already)
final Logger rootLogger = LogManager.getRootLogger();
final Appender maybeConsoleAppender = Loggers.findAppender(rootLogger, ConsoleAppender.class);
if (foreground && maybeConsoleAppender != null) {
Loggers.removeAppender(rootLogger, maybeConsoleAppender);
}
Logger logger = LogManager.getLogger(Bootstrap.class);
// HACK, it sucks to do this, but we will run users out of disk space otherwise
if (e instanceof CreationException) {
// guice: log the shortened exc to the log file
ByteArrayOutputStream os = new ByteArrayOutputStream();
PrintStream ps = null;
try {
ps = new PrintStream(os, false, "UTF-8");
} catch (UnsupportedEncodingException uee) {
assert false;
e.addSuppressed(uee);
}
new StartupException(e).printStackTrace(ps);
ps.flush();
try {
logger.error("Guice Exception: {}", os.toString("UTF-8"));
} catch (UnsupportedEncodingException uee) {
assert false;
e.addSuppressed(uee);
}
} else if (e instanceof NodeValidationException) {
logger.error("node validation exception\n{}", e.getMessage());
} else {
// full exception
logger.error("Exception", e);
}
// re-enable it if appropriate, so they can see any logging during the shutdown process
if (foreground && maybeConsoleAppender != null) {
Loggers.addAppender(rootLogger, maybeConsoleAppender);
}
throw e;
}
}
Also used :
Appender(org.apache.logging.log4j.core.Appender)
ConsoleAppender(org.apache.logging.log4j.core.appender.ConsoleAppender)
ConsoleAppender(org.apache.logging.log4j.core.appender.ConsoleAppender)
PrintStream(java.io.PrintStream)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
CreationException(org.opensearch.common.inject.CreationException)
IOException(java.io.IOException)
SecureString(org.opensearch.common.settings.SecureString)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
DeprecationLogger(org.opensearch.common.logging.DeprecationLogger)
Logger(org.apache.logging.log4j.Logger)
NodeValidationException(org.opensearch.node.NodeValidationException)
SecureSettings(org.opensearch.common.settings.SecureSettings)
Environment(org.opensearch.env.Environment)
Example 3 with NodeValidationException
use of org.opensearch.node.NodeValidationException in project OpenSearch by opensearch-project.
the class BootstrapChecks method check.
/**
* Executes the provided checks and fails the node if {@code enforceLimits} is {@code true}, otherwise logs warnings. If the system
* property {@code opensearch.enforce.bootstrap.checks }is set to {@code true} then the bootstrap checks will be enforced
* regardless of whether or not the transport protocol is bound to a non-loopback interface.
*
* @param context the current node boostrap context
* @param enforceLimits {@code true} if the checks should be enforced or otherwise warned
* @param checks the checks to execute
* @param logger the logger to
*/
static void check(final BootstrapContext context, final boolean enforceLimits, final List<BootstrapCheck> checks, final Logger logger) throws NodeValidationException {
final List<String> errors = new ArrayList<>();
final List<String> ignoredErrors = new ArrayList<>();
final String esEnforceBootstrapChecks = System.getProperty(OPENSEARCH_ENFORCE_BOOTSTRAP_CHECKS);
final boolean enforceBootstrapChecks;
if (esEnforceBootstrapChecks == null) {
enforceBootstrapChecks = false;
} else if (Boolean.TRUE.toString().equals(esEnforceBootstrapChecks)) {
enforceBootstrapChecks = true;
} else {
final String message = String.format(Locale.ROOT, "[%s] must be [true] but was [%s]", OPENSEARCH_ENFORCE_BOOTSTRAP_CHECKS, esEnforceBootstrapChecks);
throw new IllegalArgumentException(message);
}
if (enforceLimits) {
logger.info("bound or publishing to a non-loopback address, enforcing bootstrap checks");
} else if (enforceBootstrapChecks) {
logger.info("explicitly enforcing bootstrap checks");
}
for (final BootstrapCheck check : checks) {
final BootstrapCheck.BootstrapCheckResult result = check.check(context);
if (result.isFailure()) {
if (!(enforceLimits || enforceBootstrapChecks) && !check.alwaysEnforce()) {
ignoredErrors.add(result.getMessage());
} else {
errors.add(result.getMessage());
}
}
}
if (!ignoredErrors.isEmpty()) {
ignoredErrors.forEach(error -> log(logger, error));
}
if (!errors.isEmpty()) {
final List<String> messages = new ArrayList<>(1 + errors.size());
messages.add("[" + errors.size() + "] bootstrap checks failed");
for (int i = 0; i < errors.size(); i++) {
messages.add("[" + (i + 1) + "]: " + errors.get(i));
}
final NodeValidationException ne = new NodeValidationException(String.join("\n", messages));
errors.stream().map(IllegalStateException::new).forEach(ne::addSuppressed);
throw ne;
}
}
Also used :
NodeValidationException(org.opensearch.node.NodeValidationException)
ArrayList(java.util.ArrayList)
Example 4 with NodeValidationException
use of org.opensearch.node.NodeValidationException in project OpenSearch by opensearch-project.
the class EvilBootstrapChecksTests method testEnforceBootstrapChecks.
public void testEnforceBootstrapChecks() throws NodeValidationException {
setEsEnforceBootstrapChecks("true");
final List<BootstrapCheck> checks = Collections.singletonList(context -> BootstrapCheck.BootstrapCheckResult.failure("error"));
final Logger logger = mock(Logger.class);
final NodeValidationException e = expectThrows(NodeValidationException.class, () -> BootstrapChecks.check(emptyContext, false, checks, logger));
final Matcher<String> allOf = allOf(containsString("bootstrap checks failed"), containsString("error"));
assertThat(e, hasToString(allOf));
verify(logger).info("explicitly enforcing bootstrap checks");
verifyNoMoreInteractions(logger);
}
Also used :
NodeValidationException(org.opensearch.node.NodeValidationException)
Matchers.hasToString(org.hamcrest.Matchers.hasToString)
Matchers.containsString(org.hamcrest.Matchers.containsString)
Logger(org.apache.logging.log4j.Logger)
Example 5 with NodeValidationException
use of org.opensearch.node.NodeValidationException in project OpenSearch by opensearch-project.
the class BootstrapChecksTests method testDiscoveryConfiguredCheck.
public void testDiscoveryConfiguredCheck() throws NodeValidationException {
final List<BootstrapCheck> checks = Collections.singletonList(new BootstrapChecks.DiscoveryConfiguredCheck());
final BootstrapContext zen2Context = createTestContext(Settings.builder().put(DiscoveryModule.DISCOVERY_TYPE_SETTING.getKey(), ZEN2_DISCOVERY_TYPE).build(), Metadata.EMPTY_METADATA);
// not always enforced
BootstrapChecks.check(zen2Context, false, checks);
// not enforced for non-zen2 discovery
BootstrapChecks.check(createTestContext(Settings.builder().put(DiscoveryModule.DISCOVERY_TYPE_SETTING.getKey(), randomFrom("single-node", randomAlphaOfLength(5))).build(), Metadata.EMPTY_METADATA), true, checks);
final NodeValidationException e = expectThrows(NodeValidationException.class, () -> BootstrapChecks.check(zen2Context, true, checks));
assertThat(e, hasToString(containsString("the default discovery settings are unsuitable for production use; at least one " + "of [discovery.seed_hosts, discovery.seed_providers, cluster.initial_master_nodes] must be configured")));
CheckedConsumer<Settings.Builder, NodeValidationException> ensureChecksPass = b -> {
final BootstrapContext context = createTestContext(b.put(DiscoveryModule.DISCOVERY_TYPE_SETTING.getKey(), ZEN2_DISCOVERY_TYPE).build(), Metadata.EMPTY_METADATA);
BootstrapChecks.check(context, true, checks);
};
ensureChecksPass.accept(Settings.builder().putList(ClusterBootstrapService.INITIAL_MASTER_NODES_SETTING.getKey()));
ensureChecksPass.accept(Settings.builder().putList(DiscoveryModule.DISCOVERY_SEED_PROVIDERS_SETTING.getKey()));
ensureChecksPass.accept(Settings.builder().putList(SettingsBasedSeedHostsProvider.DISCOVERY_SEED_HOSTS_SETTING.getKey()));
}
Also used :
Matchers.hasToString(org.hamcrest.Matchers.hasToString)
Arrays(java.util.Arrays)
ClusterBootstrapService(org.opensearch.cluster.coordination.ClusterBootstrapService)
Metadata(org.opensearch.cluster.metadata.Metadata)
CoreMatchers.equalTo(org.hamcrest.CoreMatchers.equalTo)
CheckedConsumer(org.opensearch.common.CheckedConsumer)
Matchers.not(org.hamcrest.Matchers.not)
AtomicBoolean(java.util.concurrent.atomic.AtomicBoolean)
BoundTransportAddress(org.opensearch.common.transport.BoundTransportAddress)
ZEN2_DISCOVERY_TYPE(org.opensearch.discovery.DiscoveryModule.ZEN2_DISCOVERY_TYPE)
AtomicReference(java.util.concurrent.atomic.AtomicReference)
ArrayList(java.util.ArrayList)
InetAddress(java.net.InetAddress)
CoreMatchers.instanceOf(org.hamcrest.CoreMatchers.instanceOf)
Mockito.verifyNoMoreInteractions(org.mockito.Mockito.verifyNoMoreInteractions)
Locale(java.util.Locale)
JvmInfo(org.opensearch.monitor.jvm.JvmInfo)
AbstractBootstrapCheckTestCase(org.opensearch.test.AbstractBootstrapCheckTestCase)
CoreMatchers.allOf(org.hamcrest.CoreMatchers.allOf)
CoreMatchers.containsString(org.hamcrest.CoreMatchers.containsString)
Settings(org.opensearch.common.settings.Settings)
SettingsBasedSeedHostsProvider(org.opensearch.discovery.SettingsBasedSeedHostsProvider)
Mockito.when(org.mockito.Mockito.when)
NodeValidationException(org.opensearch.node.NodeValidationException)
Mockito.verify(org.mockito.Mockito.verify)
TransportAddress(org.opensearch.common.transport.TransportAddress)
Consumer(java.util.function.Consumer)
AtomicLong(java.util.concurrent.atomic.AtomicLong)
List(java.util.List)
Logger(org.apache.logging.log4j.Logger)
Constants(org.apache.lucene.util.Constants)
Matcher(org.hamcrest.Matcher)
Collections(java.util.Collections)
DiscoveryModule(org.opensearch.discovery.DiscoveryModule)
Mockito.mock(org.mockito.Mockito.mock)
NodeValidationException(org.opensearch.node.NodeValidationException)
Aggregations
NodeValidationException (org.opensearch.node.NodeValidationException)22
Matchers.hasToString (org.hamcrest.Matchers.hasToString)7
AtomicLong (java.util.concurrent.atomic.AtomicLong)6
CoreMatchers.containsString (org.hamcrest.CoreMatchers.containsString)6
AtomicReference (java.util.concurrent.atomic.AtomicReference)5
AtomicBoolean (java.util.concurrent.atomic.AtomicBoolean)4
Logger (org.apache.logging.log4j.Logger)4
IOException (java.io.IOException)3
ArrayList (java.util.ArrayList)3
Settings (org.opensearch.common.settings.Settings)3
Path (java.nio.file.Path)2
DeprecationLogger (org.opensearch.common.logging.DeprecationLogger)2
SecureSettings (org.opensearch.common.settings.SecureSettings)2
BoundTransportAddress (org.opensearch.common.transport.BoundTransportAddress)2
ByteArrayOutputStream (java.io.ByteArrayOutputStream)1
PrintStream (java.io.PrintStream)1
UnsupportedEncodingException (java.io.UnsupportedEncodingException)1
InetAddress (java.net.InetAddress)1
URISyntaxException (java.net.URISyntaxException)1
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1
