github.com/pingcap/tiflow@v0.0.0-20240520035814-5bf52d54e205/tests/integration_tests/_utils/run_pulsar_cluster (about)

     1  #!/bin/bash
     2  
     3  # parameter 1: work directory
     4  # parameter 2: cluster_type,  mtls or oauth, otherwise use default configuration to start pulsar cluster
     5  
     6  set -eux
     7  
     8  echo "[$(date)] <<<<<< START pulsar cluster in $TEST_NAME case >>>>>>"
     9  workdir=$1
    10  cluster_type=$2
    11  
    12  cd $workdir
    13  
    14  DEFAULT_PULSAR_HOME="/usr/local/pulsar"
    15  # use PULSAR_HOME if it is set, otherwise use default pulsar home
    16  pulsar_dir=${PULSAR_HOME:-$DEFAULT_PULSAR_HOME}
    17  
    18  mtls_conf=$(
    19  	cat <<-EOF
    20  
    21  		authenticationEnabled=true
    22  		authenticationProviders=org.apache.pulsar.broker.authentication.AuthenticationProviderTls
    23  		brokerClientTlsEnabled=true
    24  		brokerClientTrustCertsFilePath=${workdir}/ca.cert.pem
    25  		brokerClientAuthenticationPlugin=org.apache.pulsar.client.impl.auth.AuthenticationTls
    26  		brokerClientAuthenticationParameters={"tlsCertFile":"${workdir}/broker_client.cert.pem","tlsKeyFile":"${workdir}/broker_client.key-pk8.pem"}
    27  		brokerServicePortTls=6651
    28  		webServicePortTls=8443
    29  		tlsTrustCertsFilePath=${workdir}/ca.cert.pem
    30  		tlsCertificateFilePath=${workdir}/server.cert.pem
    31  		tlsKeyFilePath=${workdir}/server.key-pk8.pem
    32  		tlsRequireTrustedClientCertOnConnect=true
    33  		tlsAllowInsecureConnection=false
    34  		tlsCertRefreshCheckDurationSec=300
    35  	EOF
    36  )
    37  
    38  normal_client_conf=$(
    39  	cat <<-EOF
    40  
    41  		webServiceUrl=http://localhost:8080/
    42  		brokerServiceUrl=pulsar://localhost:6650/
    43  	EOF
    44  )
    45  
    46  mtls_client_conf=$(
    47  	cat <<-EOF
    48  
    49  		webServiceUrl=https://localhost:8443/
    50  		brokerServiceUrl=pulsar+ssl://localhost:6651/
    51  		authPlugin=org.apache.pulsar.client.impl.auth.AuthenticationTls
    52  		authParams=tlsCertFile:${workdir}/broker_client.cert.pem,tlsKeyFile:${workdir}/broker_client.key-pk8.pem
    53  		tlsTrustCertsFilePath=${workdir}/ca.cert.pem
    54  	EOF
    55  )
    56  
    57  oauth_client_conf=$(
    58  	cat <<-EOF
    59  
    60  		    webServiceUrl=http://localhost:8080/
    61  		    brokerServiceUrl=pulsar://localhost:6650/
    62  		    authPlugin=org.apache.pulsar.client.impl.auth.oauth2.AuthenticationOAuth2
    63  		    authParams={"privateKey":"${workdir}/credential.json","audience":"cdc-api-uri","issuerUrl":"http://localhost:9096"}
    64  	EOF
    65  )
    66  
    67  oauth_conf=$(
    68  	cat <<-EOF
    69  
    70  		authenticationEnabled=true
    71  		authenticationProviders=org.apache.pulsar.broker.authentication.AuthenticationProviderToken
    72  
    73  		brokerClientAuthenticationPlugin=org.apache.pulsar.client.impl.auth.oauth2.AuthenticationOAuth2
    74  		brokerClientAuthenticationParameters={"privateKey":"file://${workdir}/credential.json","audience":"cdc-api-uri","issuerUrl":"http://localhost:9096"}
    75  		tokenSecretKey=data:;base64,U0poWDM2X0thcFlTeWJCdEpxMzVseFhfQnJyNExSVVJTa203UW1YSkdteThwVUZXOUVJT2NWUVBzeWt6OS1qag==
    76  	EOF
    77  )
    78  
    79  credential_json=$(
    80  	cat <<-EOF
    81  
    82  		    {
    83  		        "client_id":"1234",
    84  		        "client_secret":"e0KVlA2EiBfjoN13olyZd2kv1KL",
    85  		        "audience":"cdc-api-uri",
    86  		        "issuer_url":"http://localhost:9096",
    87  		        "type": "client_credentials"
    88  		    }
    89  	EOF
    90  )
    91  
    92  cert_server_conf=$(
    93  	cat <<-'EOF'
    94  		[ req ]
    95  		default_bits = 2048
    96  		prompt = no
    97  		default_md = sha256
    98  		distinguished_name = dn
    99  
   100  		[ v3_ext ]
   101  		authorityKeyIdentifier=keyid,issuer:always
   102  		basicConstraints=CA:FALSE
   103  		keyUsage=critical, digitalSignature, keyEncipherment
   104  		extendedKeyUsage=serverAuth
   105  		subjectAltName=@alt_names
   106  
   107  		[ dn ]
   108  		CN = server
   109  
   110  		[ alt_names ]
   111  		DNS.1 = localhost
   112  		IP.1 = 127.0.0.1
   113  	EOF
   114  )
   115  
   116  function gen_mtls_config() {
   117  	openssl genrsa -out ca.key.pem 2048
   118  	openssl req -x509 -new -nodes -key ca.key.pem -subj "/CN=CARoot" -days 365 -out ca.cert.pem
   119  	openssl genrsa -out server.key.pem 2048
   120  	openssl pkcs8 -topk8 -inform PEM -outform PEM -in server.key.pem -out server.key-pk8.pem -nocrypt
   121  	echo "$cert_server_conf" >server.conf
   122  	openssl req -new -config server.conf -key server.key.pem -out server.csr.pem -sha256
   123  	openssl x509 -req -in server.csr.pem -CA ca.cert.pem -CAkey ca.key.pem -CAcreateserial -out server.cert.pem -days 365 -extensions v3_ext -extfile server.conf -sha256
   124  	openssl genrsa -out broker_client.key.pem 2048
   125  	openssl pkcs8 -topk8 -inform PEM -outform PEM -in broker_client.key.pem -out broker_client.key-pk8.pem -nocrypt
   126  	openssl req -new -subj "/CN=broker_client" -key broker_client.key.pem -out broker_client.csr.pem -sha256
   127  	openssl x509 -req -in broker_client.csr.pem -CA ca.cert.pem -CAkey ca.key.pem -CAcreateserial -out broker_client.cert.pem -days 365 -sha256
   128  	echo "$mtls_conf" >>${workdir}/pulsar_standalone.conf
   129  	echo "$mtls_client_conf" >${pulsar_dir}/conf/client.conf
   130  }
   131  
   132  function gen_oauth_config() {
   133  	echo "$credential_json" >${workdir}/credential.json
   134  	echo "$oauth_conf" >>${workdir}/pulsar_standalone.conf
   135  	echo "$oauth_client_conf" >${pulsar_dir}/conf/client.conf
   136  }
   137  
   138  echo "$normal_client_conf" >${pulsar_dir}/conf/client.conf
   139  # copy the origin config to work directory
   140  cp $pulsar_dir/conf/standalone.conf ${workdir}/pulsar_standalone.conf
   141  pulsar_port=6650
   142  if [ "$cluster_type" == "mtls" ]; then
   143  	pulsar_port=6651
   144  	gen_mtls_config
   145  elif [ "$cluster_type" == "oauth" ]; then
   146  	oauth2-server >>$workdir/oauth_server.log 2>&1 &
   147  	echo "Waiting for oauth2 server to be ready..."
   148  	i=0
   149  	while ! nc -z localhost "9096"; do
   150  		i=$((i + 1))
   151  		if [ "$i" -gt 10 ]; then
   152  			cat $workdir/oauth_server.log
   153  			echo 'Failed to start oauth2 server'
   154  			exit 1
   155  		fi
   156  		sleep 2
   157  	done
   158  	gen_oauth_config
   159  else
   160  	echo "no cluster type specified, using default configuration."
   161  fi
   162  
   163  echo "[$(date)] <<<<<< START pulsar cluster in $cluster_type mode in $TEST_NAME case >>>>>>"
   164  $pulsar_dir/bin/pulsar standalone --config $workdir/pulsar_standalone.conf -nfw --metadata-dir $workdir/pulsar-metadata --bookkeeper-dir $workdir/pulsar-bookie >>$workdir/pulsar_stdout.log 2>&1 &
   165  echo "Waiting for pulsar port to be ready..."
   166  i=0
   167  while ! nc -z localhost "$pulsar_port"; do
   168  	i=$((i + 1))
   169  	if [ "$i" -gt 20 ]; then
   170  		cat $workdir/pulsar_stdout.log
   171  		echo 'Failed to start pulsar'
   172  		exit 1
   173  	fi
   174  	sleep 2
   175  done
   176  
   177  echo "Waiting for pulsar namespace to be ready..."
   178  i=0
   179  while ! $pulsar_dir/bin/pulsar-admin namespaces list public; do
   180  	i=$((i + 1))
   181  	if [ "$i" -gt 20 ]; then
   182  		cat $workdir/pulsar_stdout.log
   183  		echo 'Failed to list pulsar namespace'
   184  		exit 1
   185  	fi
   186  	sleep 2
   187  done
   188  echo "[$(date)] <<<<<< pulsar is ready >>>>>>"