Upgrades to Spark 3.4/JRE 17 and fixes all high/critical CVEs#226
Upgrades to Spark 3.4/JRE 17 and fixes all high/critical CVEs#226codefromthecrypt merged 4 commits intomasterfrom
Conversation
Signed-off-by: Adrian Cole <adrian@tetrate.io>
|
trivy is clean now, so even if we don't release until 8.14 final... at least we can apply the security settings same as other repos after merge: |
Signed-off-by: Adrian Cole <adrian@tetrate.io>
codefromthecrypt
left a comment
codefromthecrypt
left a comment
There was a problem hiding this comment.
elastic/elasticsearch-hadoop#2187 unlocked this (releasing in elastic-hadoop 8.14, but not sure when)
other notes below
| this.dateStamp = df.format(new Date(builder.day)); | ||
| this.conf = new SparkConf(true).setMaster(builder.sparkMaster).setAppName(getClass().getName()); | ||
| if (builder.sparkMaster.startsWith("local[")) { | ||
| conf.set("spark.driver.bindAddress", "127.0.0.1"); |
There was a problem hiding this comment.
this is a spark 3.4 thing
There was a problem hiding this comment.
basically it tries to detect with the hostname, which isn't needed for local mode anyway.
There was a problem hiding this comment.
Not sure it is worth looking into, but InetAddress.getLocalHost().getHostAddress() may be more reliable option (fe if the host uses IPv6 only).
| .values() | ||
| .map(DEPENDENCY_LINK_JSON); | ||
| JavaRDD<Map<String, Object>> links; | ||
| try (JavaSparkContext sc = new JavaSparkContext(conf)) { |
There was a problem hiding this comment.
this is just polish as we can use try/resources with some of the drivers
| @@ -0,0 +1,14 @@ | |||
| # Set everything to be logged to the console | |||
There was a problem hiding this comment.
this is also spark 3.4 thing (log4j 2 not 1.2 config)
| <scope>import</scope> | ||
| </dependency> | ||
|
|
||
| <!-- CVE fix versions --> |
There was a problem hiding this comment.
to keep the build without CVE will be difficult, but anyway at least once it is clean ;)
|
some big wins from merging this include:
|
|
oh yeah spent so much time doing this I forgot why.. I was trying to polish this up prior to adding dependencies to helm. There was a point where I though maybe we need to rewrite the entire thing (like in beam) to solve the revlock. I'm glad it didn't get that far. |
|
openzipkin/zipkin#3763 for zipkin changes we can now do |
Signed-off-by: Adrian Cole <adrian@tetrate.io>
Signed-off-by: Adrian Cole <adrian@tetrate.io>
| exec java ${JAVA_OPTS} -Djava.io.tmpdir=/tmp -cp classes zipkin2.dependencies.ZipkinDependenciesJob $@ | ||
| # Spark 3.4 module config from: | ||
| # https://github.com/apache/spark/blob/branch-3.4/launcher/src/main/java/org/apache/spark/launcher/JavaModuleOptions.java#L29 | ||
| exec java ${JAVA_OPTS} -Djava.io.tmpdir=/tmp \ |
|
thanks for the look folks! |
4 participants
I manually tested this on all three storage types in docker as well (using zipkin's docker/examples instructions)