Java 11.

[Erick Erickson <er...@gmail.com>]

I just noticed that Solr's CHANGES.txt has this at the beginning:

You need a Java 1.8 VM or later installed.

Is this still what we want to say between now and whenever we
understand the various failures on jdk 9, 10, 11 and 12? Do we want to
specifically say that 9 and 10 are not recommended?

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org

Re: Java 11.

[Erick Erickson <er...@gmail.com>]

Thanks for the explanation Uwe!

I just tracked this down and Jetty has been upgraded to Jetty
9.4.14.v20181114 in 7.7 as well as master, in SOLR-13030 as part of
Mark's bug swatting work.

So to recap, Java 9, 10, 11 are OK for production use as long as TLS
1.3 is _not_ in the picture. The (seemingly) increased number of test
failures are timing related test issues, not relevant to production
use of Solr/Lucene.  Solr 7.7 is the minimum version that _may_
support TLS 1.3 since Jetty has been upgraded to 9.4.14 in that
version, but that has not been verified yet.

Is the above accurate? I'm assuming this includes OpenJDK as well
(people will ask).

I'm trying to get a succinct statement here for clients...

Thanks again,
Erick

Thanks again
Erick
On Wed, Dec 12, 2018 at 12:54 AM Uwe Schindler <uw...@thetaphi.de> wrote:
>
> Hi Erick,
>
> according to Jetty release logs: For Java 11 support, Jetty should be updated to latest version released this November: 9.4.14 - which we have already done in master (not sure about 7.x). Unfortunately the release candidate of 7.6 is on Jetty 9.4.11 which has no Java 11 support for TLS 1.3 at all. IMHO, we should update this ASAP, but this only affects support for TLS 1.3 - so it's more a security fix.
>
> From what I see, the issues are more test issues because it happens randomly like "no live nodes available, connection timed out /...." I think the issues here is that timing slightly changed, so tests fail more often (there seems to be the problem that tests don't really get the correct time when "jetty has fully started and accepts connections" - this is at least how it was explained to me on berlinbuzzwords). Depending on timing (e.g, Jetty is slow in starting up, it's hammered with requests already). The new TLS functionality in JDK 11 seem to slow down startup times - no idea. Maybe Mark Miller can explain better what's sometimes wrong with timing. The previous statement can be nonsense at all, it was just my understanding when talking with other committers on berlinbuzzwords.
>
> But the test failures seemed to happen inside HttpClient. So not only the server can be the problem, maybe it's the client, too. I can say: those issues do not happen in production, I had no problem to connect to a jetty server with standard TLS browser on Java 11.
>
> The HTTP2 branch has some problems, but when tests pass it almost 100% and it looks much more stable. Recently we just had some other test problems regarding "what HTTP version randomly to support".
>
> Uwe
>
> -----
> Uwe Schindler
> Achterdiek 19, D-28357 Bremen
> http://www.thetaphi.de
> eMail: uwe@thetaphi.de
>
> > -----Original Message-----
> > From: Erick Erickson <er...@gmail.com>
> > Sent: Wednesday, December 12, 2018 1:45 AM
> > To: dev@lucene.apache.org
> > Subject: Re: Java 11.
> >
> > Well, you've done a lot more thorough testing of the different
> > versions of Java than I have. I regularly see many more tests failing
> > that have JDK11 in the title, but perhaps it's all the TLS stuff.
> >
> > bq.  ...think, if you want to use SSL/TLS, the status in Java 11 is undefined
> >
> > This is a pretty important caveat, I have numerous clients that insist
> > on TLS. So are you saying that this problem is in the _tests_ or
> > enabling SSL/TLS with JDK11 in general?
> > On Tue, Dec 11, 2018 at 3:57 PM Uwe Schindler <uw...@thetaphi.de> wrote:
> > >
> > > Hi Erick,
> > >
> > > > I just noticed that Solr's CHANGES.txt has this at the beginning:
> > > >
> > > > You need a Java 1.8 VM or later installed.
> > > >
> > > > Is this still what we want to say between now and whenever we
> > > > understand the various failures on jdk 9, 10, 11 and 12? Do we want to
> > > > specifically say that 9 and 10 are not recommended?
> > >
> > > I think, if you want to use SSL/TLS, the status in Java 11 is undefined. The
> > error rate with Java 11 is higher than with Java 8 to Java 10 (because of
> > support for TLS 1.3 which seem to cause some SSL-related tests to fail). But
> > standard Solr usage is perfectly possible with Java 8 to 11 and actually some
> > of my customers (none of them uses SSL) have already changed without any
> > problems.
> > >
> > > As far as I see, the HTTP2 branch is also in a good shape (with Java 11), so
> > the statement in the CHANGES.txt and SYSTEM_REQUIREMENTS.txt is in
> > perfect shape. No idea what you are talking about? Why do you think that
> > Java 9 or 10 does not work?
> > >
> > > On my machines, Smoke tester on Policeman running with Java 9 finished
> > on the first run (it ran tests with both Java 8 and Java 9). SUCCESS!
> > >
> > > The issues with tests is less Java version than more flakey tests. I cannot
> > see any significance depending on Java version - sorry!
> > >
> > > Uwe
> > >
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
> > > For additional commands, e-mail: dev-help@lucene.apache.org
> > >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
> > For additional commands, e-mail: dev-help@lucene.apache.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
> For additional commands, e-mail: dev-help@lucene.apache.org
>

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org

RE: Java 11.

[Uwe Schindler <uw...@thetaphi.de>]

Hi Erick,

according to Jetty release logs: For Java 11 support, Jetty should be updated to latest version released this November: 9.4.14 - which we have already done in master (not sure about 7.x). Unfortunately the release candidate of 7.6 is on Jetty 9.4.11 which has no Java 11 support for TLS 1.3 at all. IMHO, we should update this ASAP, but this only affects support for TLS 1.3 - so it's more a security fix.

From what I see, the issues are more test issues because it happens randomly like "no live nodes available, connection timed out /...." I think the issues here is that timing slightly changed, so tests fail more often (there seems to be the problem that tests don't really get the correct time when "jetty has fully started and accepts connections" - this is at least how it was explained to me on berlinbuzzwords). Depending on timing (e.g, Jetty is slow in starting up, it's hammered with requests already). The new TLS functionality in JDK 11 seem to slow down startup times - no idea. Maybe Mark Miller can explain better what's sometimes wrong with timing. The previous statement can be nonsense at all, it was just my understanding when talking with other committers on berlinbuzzwords.

But the test failures seemed to happen inside HttpClient. So not only the server can be the problem, maybe it's the client, too. I can say: those issues do not happen in production, I had no problem to connect to a jetty server with standard TLS browser on Java 11.

The HTTP2 branch has some problems, but when tests pass it almost 100% and it looks much more stable. Recently we just had some other test problems regarding "what HTTP version randomly to support".

Uwe

-----
Uwe Schindler
Achterdiek 19, D-28357 Bremen
http://www.thetaphi.de
eMail: uwe@thetaphi.de

> -----Original Message-----
> From: Erick Erickson <er...@gmail.com>
> Sent: Wednesday, December 12, 2018 1:45 AM
> To: dev@lucene.apache.org
> Subject: Re: Java 11.
> 
> Well, you've done a lot more thorough testing of the different
> versions of Java than I have. I regularly see many more tests failing
> that have JDK11 in the title, but perhaps it's all the TLS stuff.
> 
> bq.  ...think, if you want to use SSL/TLS, the status in Java 11 is undefined
> 
> This is a pretty important caveat, I have numerous clients that insist
> on TLS. So are you saying that this problem is in the _tests_ or
> enabling SSL/TLS with JDK11 in general?
> On Tue, Dec 11, 2018 at 3:57 PM Uwe Schindler <uw...@thetaphi.de> wrote:
> >
> > Hi Erick,
> >
> > > I just noticed that Solr's CHANGES.txt has this at the beginning:
> > >
> > > You need a Java 1.8 VM or later installed.
> > >
> > > Is this still what we want to say between now and whenever we
> > > understand the various failures on jdk 9, 10, 11 and 12? Do we want to
> > > specifically say that 9 and 10 are not recommended?
> >
> > I think, if you want to use SSL/TLS, the status in Java 11 is undefined. The
> error rate with Java 11 is higher than with Java 8 to Java 10 (because of
> support for TLS 1.3 which seem to cause some SSL-related tests to fail). But
> standard Solr usage is perfectly possible with Java 8 to 11 and actually some
> of my customers (none of them uses SSL) have already changed without any
> problems.
> >
> > As far as I see, the HTTP2 branch is also in a good shape (with Java 11), so
> the statement in the CHANGES.txt and SYSTEM_REQUIREMENTS.txt is in
> perfect shape. No idea what you are talking about? Why do you think that
> Java 9 or 10 does not work?
> >
> > On my machines, Smoke tester on Policeman running with Java 9 finished
> on the first run (it ran tests with both Java 8 and Java 9). SUCCESS!
> >
> > The issues with tests is less Java version than more flakey tests. I cannot
> see any significance depending on Java version - sorry!
> >
> > Uwe
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
> > For additional commands, e-mail: dev-help@lucene.apache.org
> >
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
> For additional commands, e-mail: dev-help@lucene.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org

Re: Java 11.

[Erick Erickson <er...@gmail.com>]

Well, you've done a lot more thorough testing of the different
versions of Java than I have. I regularly see many more tests failing
that have JDK11 in the title, but perhaps it's all the TLS stuff.

bq.  ...think, if you want to use SSL/TLS, the status in Java 11 is undefined

This is a pretty important caveat, I have numerous clients that insist
on TLS. So are you saying that this problem is in the _tests_ or
enabling SSL/TLS with JDK11 in general?
On Tue, Dec 11, 2018 at 3:57 PM Uwe Schindler <uw...@thetaphi.de> wrote:
>
> Hi Erick,
>
> > I just noticed that Solr's CHANGES.txt has this at the beginning:
> >
> > You need a Java 1.8 VM or later installed.
> >
> > Is this still what we want to say between now and whenever we
> > understand the various failures on jdk 9, 10, 11 and 12? Do we want to
> > specifically say that 9 and 10 are not recommended?
>
> I think, if you want to use SSL/TLS, the status in Java 11 is undefined. The error rate with Java 11 is higher than with Java 8 to Java 10 (because of support for TLS 1.3 which seem to cause some SSL-related tests to fail). But standard Solr usage is perfectly possible with Java 8 to 11 and actually some of my customers (none of them uses SSL) have already changed without any problems.
>
> As far as I see, the HTTP2 branch is also in a good shape (with Java 11), so the statement in the CHANGES.txt and SYSTEM_REQUIREMENTS.txt is in perfect shape. No idea what you are talking about? Why do you think that Java 9 or 10 does not work?
>
> On my machines, Smoke tester on Policeman running with Java 9 finished on the first run (it ran tests with both Java 8 and Java 9). SUCCESS!
>
> The issues with tests is less Java version than more flakey tests. I cannot see any significance depending on Java version - sorry!
>
> Uwe
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
> For additional commands, e-mail: dev-help@lucene.apache.org
>

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org

RE: Java 11.

[Uwe Schindler <uw...@thetaphi.de>]

Hi Erick,

> I just noticed that Solr's CHANGES.txt has this at the beginning:
> 
> You need a Java 1.8 VM or later installed.
> 
> Is this still what we want to say between now and whenever we
> understand the various failures on jdk 9, 10, 11 and 12? Do we want to
> specifically say that 9 and 10 are not recommended?

I think, if you want to use SSL/TLS, the status in Java 11 is undefined. The error rate with Java 11 is higher than with Java 8 to Java 10 (because of support for TLS 1.3 which seem to cause some SSL-related tests to fail). But standard Solr usage is perfectly possible with Java 8 to 11 and actually some of my customers (none of them uses SSL) have already changed without any problems.

As far as I see, the HTTP2 branch is also in a good shape (with Java 11), so the statement in the CHANGES.txt and SYSTEM_REQUIREMENTS.txt is in perfect shape. No idea what you are talking about? Why do you think that Java 9 or 10 does not work?

On my machines, Smoke tester on Policeman running with Java 9 finished on the first run (it ran tests with both Java 8 and Java 9). SUCCESS!

The issues with tests is less Java version than more flakey tests. I cannot see any significance depending on Java version - sorry!

Uwe


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org