github.com/pingcap/br@v5.3.0-alpha.0.20220125034240-ec59c7b6ce30+incompatible/tests/br_restore_TDE_enable/run.sh

github.com/pingcap/br@v5.3.0-alpha.0.20220125034240-ec59c7b6ce30+incompatible/tests/br_restore_TDE_enable/run.sh (about)

     1  #!/bin/bash
     2  #
     3  # Copyright 2020 PingCAP, Inc.
     4  #
     5  # Licensed under the Apache License, Version 2.0 (the "License");
     6  # you may not use this file except in compliance with the License.
     7  # You may obtain a copy of the License at
     8  #
     9  #     http://www.apache.org/licenses/LICENSE-2.0
    10  #
    11  # Unless required by applicable law or agreed to in writing, software
    12  # distributed under the License is distributed on an "AS IS" BASIS,
    13  # See the License for the specific language governing permissions and
    14  # limitations under the License.
    15  
    16  set -eux
    17  DB="$TEST_NAME"
    18  TABLE="usertable"
    19  DB_COUNT=3
    20  
    21  # start Minio KMS service
    22  # curl -sSL --tlsv1.2 \
    23  #     -O 'https://raw.githubusercontent.com/minio/kes/master/root.key' \
    24  #     -O 'https://raw.githubusercontent.com/minio/kes/master/root.cert'
    25  
    26  rm -rf ./keys
    27  rm -f server.key server.cert
    28  bin/kes tool identity new --server --key server.key --cert server.cert --ip "127.0.0.1" --dns localhost
    29  
    30  
    31  # create private key and cert for restoration
    32  rm -f root.key root.cert
    33  bin/kes tool identity new --key=root.key --cert=root.cert root
    34  
    35  bin/kes server --key=server.key --cert=server.cert --root=$(kes tool identity of root.cert) --auth=off &
    36  KES_pid=$!
    37  trap 'kill -9 $KES_pid' EXIT
    38  
    39  sleep 5
    40  
    41  export KES_CLIENT_CERT=root.cert
    42  export KES_CLIENT_KEY=root.key 
    43  bin/kes key create -k my-minio-key
    44  
    45  export MINIO_KMS_KES_ENDPOINT=https://127.0.0.1:7373
    46  export MINIO_KMS_KES_CERT_FILE=root.cert
    47  export MINIO_KMS_KES_KEY_FILE=root.key
    48  export MINIO_KMS_KES_CA_PATH=server.cert
    49  export MINIO_KMS_KES_KEY_NAME=my-minio-key
    50  
    51  
    52  # start the s3 server
    53  export MINIO_ACCESS_KEY='KEXI7MANNASOPDLAOIEF'
    54  export MINIO_SECRET_KEY='MaKYxEGDInMPtEYECXRJLU+FPNKb/wAX/MElir7E'
    55  export MINIO_BROWSER=off
    56  export AWS_ACCESS_KEY_ID=$MINIO_ACCESS_KEY
    57  export AWS_SECRET_ACCESS_KEY=$MINIO_SECRET_KEY
    58  export S3_ENDPOINT=127.0.0.1:24927
    59  
    60  rm -rf "$TEST_DIR/$DB"
    61  mkdir -p "$TEST_DIR/$DB"
    62  
    63  start_s3() {
    64      bin/minio server --address $S3_ENDPOINT "$TEST_DIR/$DB" &
    65      s3_pid=$!
    66      i=0
    67      while ! curl -o /dev/null -v -s "http://$S3_ENDPOINT/"; do
    68          i=$(($i+1))
    69          if [ $i -gt 30 ]; then
    70              echo 'Failed to start minio'
    71              exit 1
    72          fi
    73          sleep 2
    74      done
    75  }
    76  
    77  start_s3
    78  echo "started s3 with pid = $s3_pid"
    79  
    80  bin/mc config --config-dir "$TEST_DIR/$TEST_NAME"  \
    81      host add minio http://$S3_ENDPOINT $MINIO_ACCESS_KEY $MINIO_SECRET_KEY
    82  
    83  # Fill in the database
    84  for i in $(seq $DB_COUNT); do
    85      run_sql "CREATE DATABASE $DB${i};"
    86      go-ycsb load mysql -P tests/$TEST_NAME/workload -p mysql.host=$TIDB_IP -p mysql.port=$TIDB_PORT -p mysql.user=root -p mysql.db=$DB${i}
    87  done
    88  
    89  bin/mc mb --config-dir "$TEST_DIR/$TEST_NAME" minio/mybucket
    90  S3_KEY=""
    91  for p in $(seq 2); do
    92  
    93    for i in $(seq $DB_COUNT); do
    94        row_count_ori[${i}]=$(run_sql "SELECT COUNT(*) FROM $DB${i}.$TABLE;" | awk '/COUNT/{print $2}')
    95    done
    96  
    97    # backup full
    98    echo "backup start..."
    99    BACKUP_LOG="backup.log"
   100    rm -f $BACKUP_LOG
   101    unset BR_LOG_TO_TERM
   102  
   103    # using --s3.sse AES256 to ensure backup file are encrypted
   104    run_br --pd $PD_ADDR backup full -s "s3://mybucket/$DB?endpoint=http://$S3_ENDPOINT$S3_KEY" \
   105        --log-file $BACKUP_LOG \
   106        --s3.sse AES256
   107      
   108  # ensure the tikv data file are encrypted
   109  bin/tikv-ctl --config=tests/config/tikv.toml encryption-meta dump-file | grep "Aes256Ctr"
   110  
   111  
   112    for i in $(seq $DB_COUNT); do
   113        run_sql "DROP DATABASE $DB${i};"
   114    done
   115  
   116    # restore full
   117    echo "restore start..."
   118    RESTORE_LOG="restore.log"
   119    rm -f $RESTORE_LOG
   120    unset BR_LOG_TO_TERM
   121    run_br restore full -s "s3://mybucket/$DB?$S3_KEY" --pd $PD_ADDR --s3.endpoint="http://$S3_ENDPOINT" \
   122        --log-file $RESTORE_LOG 
   123  
   124    for i in $(seq $DB_COUNT); do
   125        row_count_new[${i}]=$(run_sql "SELECT COUNT(*) FROM $DB${i}.$TABLE;" | awk '/COUNT/{print $2}')
   126    done
   127  
   128    fail=false
   129    for i in $(seq $DB_COUNT); do
   130        if [ "${row_count_ori[i]}" != "${row_count_new[i]}" ];then
   131            fail=true
   132            echo "TEST: [$TEST_NAME] fail on database $DB${i}"
   133        fi
   134        echo "database $DB${i} [original] row count: ${row_count_ori[i]}, [after br] row count: ${row_count_new[i]}"
   135    done
   136  
   137    if $fail; then
   138        echo "TEST: [$TEST_NAME] failed!"
   139        exit 1
   140    fi
   141  
   142    # prepare for next test
   143    bin/mc rm --config-dir "$TEST_DIR/$TEST_NAME" --recursive --force minio/mybucket
   144    S3_KEY="&access-key=$MINIO_ACCESS_KEY&secret-access-key=$MINIO_SECRET_KEY"
   145    export AWS_ACCESS_KEY_ID=""
   146    export AWS_SECRET_ACCESS_KEY=""
   147  done
   148  
   149  for i in $(seq $DB_COUNT); do
   150      run_sql "DROP DATABASE $DB${i};"
   151  done