github.com/pingcap/tiflow@v0.0.0-20240520035814-5bf52d54e205/tests/integration_tests/_utils/start_tls_tidb_cluster_impl (about) 1 #!/bin/bash 2 3 # --workdir: work directory 4 # --tlsdir: certificates directory 5 6 set -e 7 8 OUT_DIR= 9 TLS_DIR= 10 11 while [[ ${1} ]]; do 12 case "${1}" in 13 --workdir) 14 OUT_DIR=${2} 15 shift 16 ;; 17 --tlsdir) 18 TLS_DIR=${2} 19 shift 20 ;; 21 *) 22 echo "Unknown parameter: ${1}" >&2 23 exit 1 24 ;; 25 esac 26 27 if ! shift; then 28 echo 'Missing parameter argument.' >&2 29 exit 1 30 fi 31 done 32 33 CUR=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd) 34 source $CUR/../_utils/test_prepare 35 36 cd $OUT_DIR && echo "start tidb cluster in $OUT_DIR" 37 38 cat - >"$OUT_DIR/pd-config-tls.toml" <<EOF 39 [replication] 40 # The number of replicas for each region. 41 max-replicas = 1 42 [security] 43 cacert-path = "$TLS_DIR/ca.pem" 44 cert-path = "$TLS_DIR/server.pem" 45 key-path = "$TLS_DIR/server-key.pem" 46 EOF 47 48 echo "Starting TLS PD..." 49 pd-server --version 50 pd-server \ 51 --client-urls https://${TLS_PD_HOST}:${TLS_PD_PORT} \ 52 --peer-urls https://${TLS_PD_HOST}:${TLS_PD_PEER_PORT} \ 53 --config "$OUT_DIR/pd-config-tls.toml" \ 54 --log-file "$OUT_DIR/pd_tls.log" \ 55 --data-dir "$OUT_DIR/pd_tls" & 56 57 # wait until PD is online... 58 while ! curl --cacert $TLS_DIR/ca.pem \ 59 --cert $TLS_DIR/client.pem \ 60 --key $TLS_DIR/client-key.pem \ 61 -o /dev/null -sf https://${TLS_PD_HOST}:${TLS_PD_PORT}/pd/api/v1/version; do 62 sleep 1 63 done 64 65 while [ -z "$(curl --cacert $TLS_DIR/ca.pem \ 66 --cert $TLS_DIR/client.pem \ 67 --key $TLS_DIR/client-key.pem \ 68 https://${TLS_PD_HOST}:${TLS_PD_PORT}/pd/api/v1/health 2>/dev/null | grep 'health' | grep 'true')" ]; do 69 sleep 1 70 done 71 72 # Tries to limit the max number of open files under the system limit 73 cat - >"$OUT_DIR/tikv-config-tls.toml" <<EOF 74 [storage] 75 # Disable creating a large temp file. 76 reserve-space = "0MB" 77 [rocksdb] 78 max-open-files = 4096 79 [raftdb] 80 max-open-files = 4096 81 [raftstore] 82 # true (default value) for high reliability, this can prevent data loss when power failure. 83 sync-log = false 84 [security] 85 ca-path = "$TLS_DIR/ca.pem" 86 cert-path = "$TLS_DIR/server.pem" 87 key-path = "$TLS_DIR/server-key.pem" 88 EOF 89 90 # tidb server config file 91 cat - >"$OUT_DIR/tidb-config-tls.toml" <<EOF 92 socket = "/tmp/tidb-tls.sock" 93 split-table = true 94 alter-primary-key = true 95 new_collations_enabled_on_first_bootstrap = true 96 [security] 97 ssl-ca = "$TLS_DIR/ca.pem" 98 ssl-cert = "$TLS_DIR/server.pem" 99 ssl-key = "$TLS_DIR/server-key.pem" 100 cluster-ssl-ca = "$TLS_DIR/ca.pem" 101 cluster-ssl-cert = "$TLS_DIR/server.pem" 102 cluster-ssl-key = "$TLS_DIR/server-key.pem" 103 EOF 104 105 echo "Starting TLS TiKV..." 106 tikv-server --version 107 # Uncomment to turn on grpc versbose log. 108 # GRPC_VERBOSITY=debug \ 109 # GRPC_TRACE=server_channel,call_error,handshaker,tsi \ 110 tikv-server \ 111 --pd ${TLS_PD_HOST}:${TLS_PD_PORT} \ 112 -A ${TLS_TIKV_HOST}:${TLS_TIKV_PORT} \ 113 --status-addr ${TLS_TIKV_HOST}:${TLS_TIKV_STATUS_PORT} \ 114 --log-file "$OUT_DIR/tikv_tls.log" \ 115 -C "$OUT_DIR/tikv-config-tls.toml" \ 116 -s "$OUT_DIR/tikv_tls" &>$OUT_DIR/tikv_tls.stdout & 117 118 sleep 2 119 120 echo "Starting TLS TiDB..." 121 tidb-server -V 122 tidb-server \ 123 -P ${TLS_TIDB_PORT} \ 124 -config "$OUT_DIR/tidb-config-tls.toml" \ 125 --store tikv \ 126 --path ${TLS_PD_HOST}:${TLS_PD_PORT} \ 127 --status=${TLS_TIDB_STATUS} \ 128 --log-file "$OUT_DIR/tidb_tls.log" & 129 130 echo "Verifying TLS TiDB is started..." 131 i=0 132 while ! mysql -uroot -h${TLS_TIDB_HOST} -P${TLS_TIDB_PORT} --default-character-set utf8mb4 -e 'select * from mysql.tidb;'; do 133 i=$((i + 1)) 134 if [ "$i" -gt 60 ]; then 135 echo 'Failed to start upstream TiDB' 136 exit 2 137 fi 138 sleep 2 139 done 140 141 run_sql "update mysql.tidb set variable_value='60m' where variable_name='tikv_gc_life_time';" ${TLS_TIDB_HOST} ${TLS_TIDB_PORT} \ 142 --ssl-ca=$TLS_DIR/ca.pem \ 143 --ssl-cert=$TLS_DIR/server.pem \ 144 --ssl-key=$TLS_DIR/server-key.pem