github.com/pingcap/tiflow@v0.0.0-20240520035814-5bf52d54e205/engine/test/integration_tests/dm_tls/run.sh

github.com/pingcap/tiflow@v0.0.0-20240520035814-5bf52d54e205/engine/test/integration_tests/dm_tls/run.sh (about)

     1  #!/bin/bash
     2  
     3  set -eux
     4  
     5  WORK_DIR=$OUT_DIR/$TEST_NAME
     6  CUR_DIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)
     7  
     8  CONFIG="$DOCKER_COMPOSE_DIR/3m3e_with_tls.yaml $DOCKER_COMPOSE_DIR/dm_databases_with_tls.yaml"
     9  CONFIG=$(adjust_config $OUT_DIR $TEST_NAME $CONFIG)
    10  echo "using adjusted configs to deploy cluster: $CONFIG"
    11  
    12  if which docker-compose &>/dev/null; then
    13  	COMPOSECMD="docker-compose"
    14  else
    15  	COMPOSECMD="docker compose"
    16  fi
    17  
    18  function run() {
    19  	seq=($CONFIG)
    20  	echo ${seq[0]}
    21  	generate_cert /tmp/certs/downstream tidb
    22  
    23  	# start a cluster with tls, but now master can't access the certificate so exit
    24  	start_engine_cluster $CONFIG
    25  	$COMPOSECMD -f ${seq[0]} stop server-master-0 server-master-1 server-master-2
    26  	$COMPOSECMD -f ${seq[0]} ps | grep "server-master-0" | grep -q "exited"
    27  
    28  	# copy auto-generated certificates from MySQL to bypass permission
    29  	mkdir -p $WORK_DIR/mysql1
    30  	mkdir -p $WORK_DIR/mysql2
    31  
    32  	# sleep for a while to wait for the client-key.pem
    33  	sleep 30
    34  	docker cp dm_upstream_mysql:/var/lib/mysql/client-key.pem $WORK_DIR/mysql1/client-key.pem
    35  	docker cp dm_upstream_mysql:/var/lib/mysql/client-cert.pem $WORK_DIR/mysql1/client-cert.pem
    36  	docker cp dm_upstream_mysql2:/var/lib/mysql/client-key.pem $WORK_DIR/mysql2/client-key.pem
    37  	docker cp dm_upstream_mysql2:/var/lib/mysql/client-cert.pem $WORK_DIR/mysql2/client-cert.pem
    38  	docker cp mysql-standalone:/var/lib/mysql/ca.pem $WORK_DIR/meta_ca.pem
    39  	docker cp $WORK_DIR/meta_ca.pem server-master-0:/ca.pem
    40  	docker cp $WORK_DIR/meta_ca.pem server-master-1:/ca.pem
    41  	docker cp $WORK_DIR/meta_ca.pem server-master-2:/ca.pem
    42  	docker cp $WORK_DIR/meta_ca.pem server-executor-0:/ca.pem
    43  	docker cp $WORK_DIR/meta_ca.pem server-executor-1:/ca.pem
    44  	docker cp $WORK_DIR/meta_ca.pem server-executor-2:/ca.pem
    45  
    46  	$COMPOSECMD -f ${seq[0]} up -d server-master-0 server-master-1 server-master-2
    47  
    48  	wait_mysql_online.sh --password 123456 --ssl-key $WORK_DIR/mysql1/client-key.pem --ssl-cert $WORK_DIR/mysql1/client-cert.pem
    49  	wait_mysql_online.sh --port 3307 --password 123456 --ssl-key $WORK_DIR/mysql2/client-key.pem --ssl-cert $WORK_DIR/mysql2/client-cert.pem
    50  
    51  	# comment this test. different client may have different behavior
    52  	#echo "verify can't connect to upstream without certificates"
    53  	#mysql -P3306 -h127.0.0.1 -uroot -p123456 -e "show databases" 2>&1 | grep -q "Connections using insecure transport are prohibited"
    54  
    55  	# prepare data
    56  	echo "prepare data"
    57  	run_sql_file --password 123456 --ssl-key $WORK_DIR/mysql1/client-key.pem --ssl-cert $WORK_DIR/mysql1/client-cert.pem $CUR_DIR/data/db1.prepare.sql
    58  	run_sql_file --port 3307 --password 123456 --ssl-key $WORK_DIR/mysql2/client-key.pem --ssl-cert $WORK_DIR/mysql2/client-cert.pem $CUR_DIR/data/db2.prepare.sql
    59  
    60  	# create downstream user
    61  
    62  	run_sql --port 4000 --ssl-key /tmp/certs/downstream/client.key --ssl-cert /tmp/certs/downstream/client.pem "CREATE USER 'dm_user'@'%' REQUIRE X509;"
    63  	run_sql --port 4000 --ssl-key /tmp/certs/downstream/client.key --ssl-cert /tmp/certs/downstream/client.pem "GRANT ALL PRIVILEGES ON *.* TO 'dm_user'@'%';"
    64  
    65  	# create job
    66  	echo "create job"
    67  	cp $CUR_DIR/conf/job.yaml $WORK_DIR/job.yaml
    68  	sed -i "s,<downstream-key>,$(base64 -w0 /tmp/certs/downstream/client.key)," $WORK_DIR/job.yaml
    69  	sed -i "s,<downstream-cert>,$(base64 -w0 /tmp/certs/downstream/client.pem)," $WORK_DIR/job.yaml
    70  	sed -i "s,<mysql1-key>,$(base64 -w0 $WORK_DIR/mysql1/client-key.pem)," $WORK_DIR/job.yaml
    71  	sed -i "s,<mysql1-cert>,$(base64 -w0 $WORK_DIR/mysql1/client-cert.pem)," $WORK_DIR/job.yaml
    72  	sed -i "s,<mysql2-key>,$(base64 -w0 $WORK_DIR/mysql2/client-key.pem)," $WORK_DIR/job.yaml
    73  	sed -i "s,<mysql2-cert>,$(base64 -w0 $WORK_DIR/mysql2/client-cert.pem)," $WORK_DIR/job.yaml
    74  
    75  	# wait executor online
    76  	exec_with_retry --count 60 "curl \"http://127.0.0.1:10245/api/v1/executors\" | tee /dev/stderr | jq -e '.executors | length == 3'"
    77  
    78  	# create job & wait for job finished
    79  	job_id=$(create_job "DM" "$WORK_DIR/job.yaml" "dm_tls")
    80  
    81  	# wait for dump and load finished
    82  	exec_with_retry --count 60 "curl \"http://127.0.0.1:10245/api/v1/jobs/$job_id/status\" | tee /dev/stderr | jq -e '.task_status.\"mysql-02\".status.unit == \"DMSyncTask\"'"
    83  
    84  	# insert increment data
    85  
    86  	run_sql_file --password 123456 --ssl-key $WORK_DIR/mysql1/client-key.pem --ssl-cert $WORK_DIR/mysql1/client-cert.pem $CUR_DIR/data/db1.increment.sql
    87  	run_sql_file --port 3307 --password 123456 --ssl-key $WORK_DIR/mysql2/client-key.pem --ssl-cert $WORK_DIR/mysql2/client-cert.pem $CUR_DIR/data/db2.increment.sql
    88  
    89  	# check data
    90  
    91  	exec_with_retry 'run_sql --port 4000 --ssl-key /tmp/certs/downstream/client.key --ssl-cert /tmp/certs/downstream/client.pem "select count(1) from tls.t1\G" | grep -Fq "count(1): 2"'
    92  	exec_with_retry 'run_sql --port 4000 --ssl-key /tmp/certs/downstream/client.key --ssl-cert /tmp/certs/downstream/client.pem "select count(1) from tls.t2\G" | grep -Fq "count(1): 2"'
    93  }
    94  
    95  trap "stop_engine_cluster $WORK_DIR $CONFIG" EXIT
    96  run $*
    97  echo "[$(date)] <<<<<< run test case $TEST_NAME success! >>>>>>"