[jira] [Commented] (SOLR-13746) Apache jenkins needs JVM 11 upgraded to at least 11.0.3 (SSL bugs)

[Hoss Man (Jira)]

    [ 
https://issues.apache.org/jira/browse/SOLR-13746?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16925947#comment-16925947
 ] 

Hoss Man commented on SOLR-13746:
---------------------------------

bq. ... No idea, there is an issue / mail thread already at ASF about 
AdoptOpenJDK. ...
bq. ... I think we should get Infra involved, at a minimum to ask if we should 
be managing JDKs on a self-serve basis. ...

So i'm not really clear on where we stand now...

IIUC in order to upgrade past 11.0.1 (which is broken) we need to use 
(Adopt)OpenJDK because oracle hasn't made 11.0.(2|3|4) builds available? -- and 
 It sounds like is there an INFRA issue or mail archive thread somewhere about 
being able to use OpenJDK ... can someone post a link to that?  is that a 
discussion that's being had in public or in private? (even if it's private, can 
someone post a link to it so folks w/request karma can access it)

Is the infra conversation something happening "in the abstract" of "if/when 
OpenJDK builds can/should be used", or is it concretely about the need for 
specific projects to switch? ... ie:  Has the fact that 11.0.1 is broken and 
effectively unusable for a lot of Solr testing been mentioned in the context of 
that discussion?   Can/should we be filing an INFRA jira explicitly requesting 
upgraded JDKs so it's clear there is a demonstrable need? (does such an issue 
already exist already? can someone please link it here?)

Finally: is docker available on the jenkins build slaves, because worst case 
scenario we could tweak our apache jenkins jobs to run inside docker containers 
that always use the latest AdoptOpenJDK base images, ala...

https://github.com/hossman/solr-jenkins-docker-tester

----

bq. Should we also add this note to the JVM bugs page: 
https://cwiki.apache.org/confluence/display/lucene/JavaBugs#JavaBugs-OracleJava/SunJava/OpenJDKBugs

I thought someone already did this in response to an email thread about this 
general topci a ffew months ago -- but maybe not?

the list of known JVM SSL bugs is well documented in SOLR-12988 -- anyone who 
wants to take a stabe at summarizing that info in the wiki or release notes of 
Solr is welcome to take a stab at it (my focus has been on tests themselves and 
trying to figure out if there are any other SSL bugs we're overlooked ... 
something i'm now freaking out about more as i realized none of the apache 
jenkins jobs have actaully been testing SSL)

> Apache jenkins needs JVM 11 upgraded to at least 11.0.3 (SSL bugs)
> ------------------------------------------------------------------
>
>                 Key: SOLR-13746
>                 URL: https://issues.apache.org/jira/browse/SOLR-13746
>             Project: Solr
>          Issue Type: Task
>      Security Level: Public(Default Security Level. Issues are Public) 
>            Reporter: Hoss Man
>            Priority: Major
>
> I just realized that back in June, there was a misscommunication between 
> myself & Uwe (and a lack of double checking on my part!) regarding upgrading 
> the JVM versions on our jenkins machines...
>  * 
> [http://mail-archives.apache.org/mod_mbox/lucene-dev/201906.mbox/%3calpine.DEB.2.11.1906181434350.23523@tray%3e]
>  * 
> [http://mail-archives.apache.org/mod_mbox/lucene-dev/201906.mbox/%3C00b301d52918$d27b2f60$77718e20$@thetaphi.de%3E]
> ...Uwe only updated the JVMs on _his_ policeman jenkins machines - the JVM 
> used on the _*apache*_  jenkins nodes is still (as of 2019-09-06)  
> "11.0.1+13-LTS" ...
> [https://builds.apache.org/view/L/view/Lucene/job/Lucene-Solr-Tests-master/3689/consoleText]
> {noformat}
> ...
> [java-info] java version "11.0.1"
> [java-info] Java(TM) SE Runtime Environment (11.0.1+13-LTS, Oracle 
> Corporation)
> [java-info] Java HotSpot(TM) 64-Bit Server VM (11.0.1+13-LTS, Oracle 
> Corporation)
> ...
> {noformat}
> This means that even after the changes made in SOLR-12988 to re-enable SSL 
> testing on java11, all Apache jenkins 'master' builds, (including, AFAICT the 
> yetus / 'Patch Review' builds) are still SKIPping thousands of tests that use 
> SSL (either explicitly, or due to randomization) becauseof the logic in 
> SSLTestConfig to detects  bad JVM versions an prevent confusion/spurious 
> failures.
> We really need to get the jenkins nodes updated to openjdk 11.0.3 or 11.0.4 
> ASAP.



--
This message was sent by Atlassian Jira
(v8.3.2#803003)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org