github.com/pingcap/ticdc@v0.0.0-20220526033649-485a10ef2652/tests/_utils/start_tls_tidb_cluster_impl

github.com/pingcap/ticdc@v0.0.0-20220526033649-485a10ef2652/tests/_utils/start_tls_tidb_cluster_impl (about)

     1  #!/bin/bash
     2  
     3  # --workdir: work directory
     4  # --tlsdir: certificates directory
     5  
     6  set -e
     7  
     8  OUT_DIR=
     9  TLS_DIR=
    10  
    11  while [[ ${1} ]]; do
    12      case "${1}" in
    13          --workdir)
    14              OUT_DIR=${2}
    15              shift
    16              ;;
    17          --tlsdir)
    18              TLS_DIR=${2}
    19              shift
    20              ;;
    21          *)
    22              echo "Unknown parameter: ${1}" >&2
    23              exit 1
    24      esac
    25  
    26      if ! shift; then
    27          echo 'Missing parameter argument.' >&2
    28          exit 1
    29      fi
    30  done
    31  
    32  CUR=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)
    33  source $CUR/../_utils/test_prepare
    34  
    35  cd $OUT_DIR && echo "start tidb cluster in $OUT_DIR"
    36  
    37  cat - > "$OUT_DIR/pd-config-tls.toml" <<EOF
    38  [replication]
    39  # The number of replicas for each region.
    40  max-replicas = 1
    41  [security]
    42  cacert-path = "$TLS_DIR/ca.pem"
    43  cert-path = "$TLS_DIR/server.pem"
    44  key-path = "$TLS_DIR/server-key.pem"
    45  EOF
    46  
    47  echo "Starting TLS PD..."
    48  pd-server \
    49      --client-urls https://${TLS_PD_HOST}:${TLS_PD_PORT}\
    50      --peer-urls https://${TLS_PD_HOST}:${TLS_PD_PEER_PORT}\
    51      --config "$OUT_DIR/pd-config-tls.toml" \
    52      --log-file "$OUT_DIR/pd_tls.log" \
    53      --data-dir "$OUT_DIR/pd_tls" &
    54  
    55  # wait until PD is online...
    56  while ! curl --cacert $TLS_DIR/ca.pem \
    57          --cert $TLS_DIR/client.pem \
    58          --key $TLS_DIR/client-key.pem \
    59          -o /dev/null -sf https://${TLS_PD_HOST}:${TLS_PD_PORT}/pd/api/v1/version; do
    60      sleep 1
    61  done
    62  
    63  while [ -z "$(curl --cacert $TLS_DIR/ca.pem \
    64          --cert $TLS_DIR/client.pem \
    65          --key $TLS_DIR/client-key.pem \
    66          https://${TLS_PD_HOST}:${TLS_PD_PORT}/pd/health 2> /dev/null | grep 'health' | grep 'true')" ]; do
    67      sleep 1
    68  done
    69  
    70  # Tries to limit the max number of open files under the system limit
    71  cat - > "$OUT_DIR/tikv-config-tls.toml" <<EOF
    72  [storage]
    73  # Disable creating a large temp file.
    74  reserve-space = "0MB"
    75  [rocksdb]
    76  max-open-files = 4096
    77  [raftdb]
    78  max-open-files = 4096
    79  [raftstore]
    80  # true (default value) for high reliability, this can prevent data loss when power failure.
    81  sync-log = false
    82  [security]
    83  ca-path = "$TLS_DIR/ca.pem"
    84  cert-path = "$TLS_DIR/server.pem"
    85  key-path = "$TLS_DIR/server-key.pem"
    86  EOF
    87  
    88  # tidb server config file
    89  cat - > "$OUT_DIR/tidb-config-tls.toml" <<EOF
    90  split-table = true
    91  alter-primary-key = true
    92  new_collations_enabled_on_first_bootstrap = true
    93  [security]
    94  ssl-ca = "$TLS_DIR/ca.pem"
    95  ssl-cert = "$TLS_DIR/server.pem"
    96  ssl-key = "$TLS_DIR/server-key.pem"
    97  cluster-ssl-ca = "$TLS_DIR/ca.pem"
    98  cluster-ssl-cert = "$TLS_DIR/server.pem"
    99  cluster-ssl-key = "$TLS_DIR/server-key.pem"
   100  EOF
   101  
   102  echo "Starting TLS TiKV..."
   103  
   104  # Uncomment to turn on grpc versbose log.
   105  # GRPC_VERBOSITY=debug \
   106  # GRPC_TRACE=server_channel,call_error,handshaker,tsi \
   107  tikv-server \
   108      --pd ${TLS_PD_HOST}:${TLS_PD_PORT} \
   109      -A ${TLS_TIKV_HOST}:${TLS_TIKV_PORT} \
   110      --status-addr ${TLS_TIKV_HOST}:${TLS_TIKV_STATUS_PORT} \
   111      --log-file "$OUT_DIR/tikv_tls.log" \
   112      -C "$OUT_DIR/tikv-config-tls.toml" \
   113      -s "$OUT_DIR/tikv_tls" &> $OUT_DIR/tikv_tls.stdout &
   114  
   115  sleep 2
   116  
   117  echo "Starting TLS TiDB..."
   118  tidb-server \
   119      -P ${TLS_TIDB_PORT} \
   120      -config "$OUT_DIR/tidb-config-tls.toml" \
   121      --store tikv \
   122      --path ${TLS_PD_HOST}:${TLS_PD_PORT} \
   123      --status=${TLS_TIDB_STATUS} \
   124      --log-file "$OUT_DIR/tidb_tls.log" &
   125  
   126  echo "Verifying TLS TiDB is started..."
   127  i=0
   128  while ! mysql -uroot -h${TLS_TIDB_HOST} -P${TLS_TIDB_PORT} --default-character-set utf8mb4 -e 'select * from mysql.tidb;'; do
   129      i=$((i + 1))
   130      if [ "$i" -gt 60 ]; then
   131          echo 'Failed to start upstream TiDB'
   132          exit 2
   133      fi
   134      sleep 2
   135  done
   136  
   137  run_sql "update mysql.tidb set variable_value='60m' where variable_name='tikv_gc_life_time';" ${TLS_TIDB_HOST} ${TLS_TIDB_PORT} \
   138      --ssl-ca=$TLS_DIR/ca.pem \
   139      --ssl-cert=$TLS_DIR/server.pem \
   140      --ssl-key=$TLS_DIR/server-key.pem
   141  
   142  echo "Starting CDC state checker..."
   143  cd $CUR/../../testing_utils/cdc_state_checker
   144  if [ ! -f ./cdc_state_checker ]; then
   145    GO111MODULE=on go build
   146  fi
   147  ./cdc_state_checker -pd ${TLS_PD_HOST}:${TLS_PD_PORT} \
   148      -ca $TLS_DIR/ca.pem \
   149      -cert $TLS_DIR/server.pem \
   150      -key $TLS_DIR/server-key.pem > $OUT_DIR/cdc_etcd_check.log &
   151  cd $OUT_DIR