Skip to content

Validate build hash in handshake #65601

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Dec 2, 2020
Merged

Validate build hash in handshake #65601

merged 3 commits into from
Dec 2, 2020

Conversation

DaveCTurner
Copy link
Contributor

There is no guarantee of wire compatibility between nodes running
different builds of the same version, but today we do not validate
whether two communicating nodes are compatible or not. This results in
confusing failures that look like serialization bugs, and it usually
takes nontrivial effort to determine that the failure is in fact due to
the user running incompatible builds.

This commit adds the build hash to the transport service handshake and
validates that matching versions have matching build hashes.

Closes #65249

@DaveCTurner
Validate build hash in handshake
a9c345d 
There is no guarantee of wire compatibility between nodes running
different builds of the same version, but today we do not validate
whether two communicating nodes are compatible or not. This results in
confusing failures that look like serialization bugs, and it usually
takes nontrivial effort to determine that the failure is in fact due to
the user running incompatible builds.

This commit adds the build hash to the transport service handshake and
validates that matching versions have matching build hashes.

Closes elastic#65249
@DaveCTurner DaveCTurner added >enhancement :Distributed Coordination/Network Http and internode communication implementations v8.0.0 v7.11.0 labels Nov 30, 2020
@elasticmachine elasticmachine added the Team:Distributed (Obsolete) Meta label for distributed team (obsolete). Replaced by Distributed Indexing/Coordination. label Nov 30, 2020
@elasticmachine
Copy link
Collaborator

Pinging @elastic/es-distributed (Team:Distributed)

@DaveCTurner
Copy link
Contributor Author

NB I opened this PR against 7.x because it's slightly more involved there thanks to the transport client.

original-brownbear
original-brownbear approved these changes Dec 1, 2020
View reviewed changes
Copy link
Contributor

@original-brownbear original-brownbear left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, just random NITs that can be ignored :)

server/src/main/java/org/elasticsearch/transport/TransportService.java Outdated
private static final Logger logger = LogManager.getLogger(TransportService.class);

private static final String PERMIT_HANDSHAKES_FROM_INCOMPATIBLE_BUILDS_KEY = "es.unsafely_permit_handshake_from_incompatible_builds";
private static final boolean PERMIT_HANDSHAKES_FROM_INCOMPATIBLE_BUILDS = getPermitHandshakesFromIncompatibleBuilds();
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

NIT: maybe just put the logic in this method in a static { } block below these two constants to make this easier to read in one go?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah yeah not sure why I didn't do that. Done in 8132bf3

server/src/main/java/org/elasticsearch/transport/TransportService.java
if (PERMIT_HANDSHAKES_FROM_INCOMPATIBLE_BUILDS) {
logger.warn("transport handshakes from incompatible builds are unsafely permitted on this node; remove system property [" +
PERMIT_HANDSHAKES_FROM_INCOMPATIBLE_BUILDS_KEY + "] to resolve this warning");
DeprecationLogger.getLogger(TransportService.class).deprecate("permit_handshake_from_incompatible_builds",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

NIT: little much to log two messages for one thing? This seems like it's kind of a dev-only option anyway, why bother with the deprecation logger?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ehh I worry we'll get people using this, and the two logs are for two separate aspects. Deprecation logs don't go into the main server log (by default at least) but I think this deserves a visible warning whenever it's used.

Tim-Brooks
Tim-Brooks approved these changes Dec 2, 2020
View reviewed changes
Copy link
Contributor

@Tim-Brooks Tim-Brooks left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@DaveCTurner DaveCTurner mentioned this pull request Dec 2, 2020
Merged
DaveCTurner added a commit that referenced this pull request Dec 2, 2020
@DaveCTurner
Disable BWC for backport of #65732 as #65601
64a1425
@DaveCTurner DaveCTurner merged commit 5eb1259 into elastic:7.x Dec 2, 2020
@DaveCTurner DaveCTurner deleted the 2020-11-27-validate-build-hash-in-handshake-7x branch December 2, 2020 13:19
DaveCTurner added a commit to DaveCTurner/elasticsearch that referenced this pull request Dec 2, 2020
@DaveCTurner
Fix up BWC after backport of elastic#65732 as elastic#65601
25d1b8c
@DaveCTurner DaveCTurner mentioned this pull request Dec 2, 2020
Merged
DaveCTurner added a commit that referenced this pull request Dec 2, 2020
@DaveCTurner
Fix compile error
d8bf7d2 
PRs #65601 and #65526 conflict semantically, but not syntactically, so
this was not detected at merge time.
DaveCTurner added a commit that referenced this pull request Dec 2, 2020
@DaveCTurner
Fix up BWC after backport of #65732 as #65601 (#65741)
483bed8 
Relates #65732
Relates #65601
DaveCTurner added a commit to DaveCTurner/elasticsearch that referenced this pull request Dec 2, 2020
@DaveCTurner
Remove escape hatch permitting incompatible builds
6c69799 
Today in `7.x` there is a deprecated system property that bypasses the
check that prevents nodes of incompatible builds from communicating.
This commit removes the system property in `master` so that the check is
always enforced.

Relates elastic#65601, elastic#65249
@DaveCTurner DaveCTurner mentioned this pull request Dec 2, 2020
Merged
DaveCTurner added a commit that referenced this pull request Dec 2, 2020
@DaveCTurner
Remove escape hatch permitting incompatible builds (#65753)
ff5cb90 
Today in `7.x` there is a deprecated system property that bypasses the
check that prevents nodes of incompatible builds from communicating.
This commit removes the system property in `master` so that the check is
always enforced.

Relates #65601, #65249
@jrodewig jrodewig mentioned this pull request Sep 14, 2021
Merged
jrodewig added a commit that referenced this pull request Sep 16, 2021
@jrodewig
[DOCS] Add deprecation docs for incompatible builds (#77730)
8402d6d 
We deprecated the `es.unsafely_permit_handshake_from_incompatible_builds` system
property in 7.11 with PR #65601. However, we didn't add a related item to the
7.11 deprecation docs. This adds the missing item.

Relates to #65753.
jrodewig added a commit that referenced this pull request Sep 16, 2021
@jrodewig
[DOCS] Add deprecation docs for incompatible builds (#77730) (#77960)
9332e5f 
We deprecated the `es.unsafely_permit_handshake_from_incompatible_builds` system
property in 7.11 with PR #65601. However, we didn't add a related item to the
7.11 deprecation docs. This adds the missing item.

Relates to #65753.
jrodewig added a commit that referenced this pull request Sep 16, 2021
@jrodewig
[DOCS] Add deprecation docs for incompatible builds (#77730) (#77961)
68fa321 
We deprecated the `es.unsafely_permit_handshake_from_incompatible_builds` system
property in 7.11 with PR #65601. However, we didn't add a related item to the
7.11 deprecation docs. This adds the missing item.

Relates to #65753.
jrodewig added a commit that referenced this pull request Sep 16, 2021
@jrodewig
[DOCS] Add deprecation docs for incompatible builds (#77730) (#77962)
b6af7e1 
We deprecated the `es.unsafely_permit_handshake_from_incompatible_builds` system
property in 7.11 with PR #65601. However, we didn't add a related item to the
7.11 deprecation docs. This adds the missing item.

Relates to #65753.
jrodewig added a commit that referenced this pull request Sep 16, 2021
@jrodewig
[DOCS] Add deprecation docs for incompatible builds (#77730) (#77963)
b77322a 
We deprecated the `es.unsafely_permit_handshake_from_incompatible_builds` system
property in 7.11 with PR #65601. However, we didn't add a related item to the
7.11 deprecation docs. This adds the missing item.

Relates to #65753.
jrodewig added a commit that referenced this pull request Sep 16, 2021
@jrodewig
[DOCS] Add deprecation docs for incompatible builds (#77730) (#77964)
68a28c9 
We deprecated the `es.unsafely_permit_handshake_from_incompatible_builds` system
property in 7.11 with PR #65601. However, we didn't add a related item to the
7.11 deprecation docs. This adds the missing item.

Relates to #65753.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Tim-Brooks Tim-Brooks Tim-Brooks approved these changes

@original-brownbear original-brownbear original-brownbear approved these changes

Assignees
No one assigned
Labels
backport :Distributed Coordination/Network Http and internode communication implementations >enhancement Team:Distributed (Obsolete) Meta label for distributed team (obsolete). Replaced by Distributed Indexing/Coordination. v7.11.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@DaveCTurner @elasticmachine @Tim-Brooks @original-brownbear