tests/start_server: include TLS support

BBVA · Feb 19, 2019 · 8032e29 · 8032e29
1 parent c88ba61
commit 8032e29
Show file tree

Hide file tree

Showing 3 changed files with 72 additions and 5 deletions.
diff --git a/tests/build_certs b/tests/build_certs
@@ -0,0 +1,59 @@
+#!/bin/bash
+
+function _readlink() { (
+  # INFO: readlink does not exists on OSX ¯\_(ツ)_/¯
+  cd $(dirname $1)
+  echo $PWD/$(basename $1)
+) }
+
+pub=$(_readlink /var/tmp/certs)
+tdir=$(mktemp -d /tmp/qed_build.XXX)
+mkdir -p $pub
+sign_path=${pub}/id_ed25519
+cert_path=${pub}/server.crt
+key_path=${pub}/server.key
+
+(
+cd ${tdir}
+
+if [ ! -f ${sign_path} ]; then
+    #build shared signing key
+    ssh-keygen -t ed25519 -f id_ed25519 -P ''
+
+    cp id_ed25519 ${sign_path}
+fi
+
+if [ ! -f ${cert_path} ] && [ ! -f ${key_path} ]; then
+
+    #build shared server cert
+    openssl req \
+        -newkey rsa:2048 \
+        -nodes \
+        -days 3650 \
+        -x509 \
+        -keyout ca.key \
+        -out ca.crt \
+        -subj "/CN=*"
+    openssl req \
+        -newkey rsa:2048 \
+        -nodes \
+        -keyout server.key \
+        -out server.csr \
+        -subj "/C=GB/ST=London/L=London/O=Global Security/OU=IT Department/CN=*"
+    openssl x509 \
+        -req \
+        -days 365 \
+        -sha256 \
+        -in server.csr \
+        -CA ca.crt \
+        -CAkey ca.key \
+        -CAcreateserial \
+        -out server.crt \
+        -extfile <(echo subjectAltName = IP:127.0.0.1)
+
+    cp server.crt ${cert_path}
+    cp server.key ${key_path}
+
+fi
+
+)
diff --git a/tests/start_server b/tests/start_server
@@ -18,9 +18,7 @@ echo "export CLUSTER_SIZE=N [2|4] env variable to execute the benchmark in repli
 echo "export PROFILING=true env variable to enable go profiling"
 
 tdir=$(mktemp -d /var/tmp/demo.XXX)
-
-echo Create id_ed25519 key
-ssh-keygen -t ed25519 -N '' -f ${tdir}/id_ed25519
+certs="/var/tmp/certs"
 
 if [ ! -z "$PROFILING" ]
 then
@@ -31,16 +29,24 @@ else
     echo PROFILING=disabled
 fi
 
+if [ ! -z "$TLS" ]
+then
+    TLS="--certificate ${certs}/server.crt \ --certificate-key ${certs}/server.key"
+else
+    echo "TLS=disabled" 
+fi
+
 leader() {
     mkdir -p ${tdir}/0/
 
     go run ../main.go start \
         -k test_key \
         -p ${tdir}/0/ \
         --node-id leader \
-        --keypath ${tdir}/id_ed25519 \
+        --keypath ${certs}/id_ed25519 \
         --gossip-addr 127.0.0.1:8400 \
         -l error \
+        $TLS \
         $PROFILING \
         &
 }
@@ -52,7 +58,7 @@ follower() {
         -k test_key \
         --node-id follower_$1 \
         -p ${tdir}/$1 \
-        --keypath ${tdir}/id_ed25519 \
+        --keypath ${certs}/id_ed25519 \
         -l error \
         --http-addr :880$1 \
         --mgmt-addr :870$1 \
@@ -61,6 +67,7 @@ follower() {
         --gossip-addr 127.0.0.1:840$1 \
         --join-addr 127.0.0.1:8700 \
         --gossip-join-addr 127.0.0.1:8400 \
+        $TLS \
         $PROFILING  \
         &
 }

diff --git a/tests/stress b/tests/stress
@@ -15,6 +15,7 @@
 # limitations under the License.
 
 
+./build_certs
 ./start_server
 ./start_profiler &