You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@geode.apache.org by jb...@apache.org on 2019/07/22 16:27:34 UTC
[geode-benchmarks] branch develop updated: Generate a self-signed
certificate for SSL (#90)
This is an automated email from the ASF dual-hosted git repository.
jbarrett pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/geode-benchmarks.git
The following commit(s) were added to refs/heads/develop by this push:
new dd05f32 Generate a self-signed certificate for SSL (#90)
dd05f32 is described below
commit dd05f32e9dfbe31b5a0794d56c615fe0d1ed7437
Author: Murtuza Boxwala <mb...@pivotal.io>
AuthorDate: Mon Jul 22 12:27:29 2019 -0400
Generate a self-signed certificate for SSL (#90)
Co-authored-by: Murtuza Boxwala <mb...@pivotal.io>
Co-authored-by: Kamilla Aslami <ka...@pivotal.io>
---
.gitignore | 1 +
README.md | 1 +
.../benchmark/parameters/GeodeProperties.java | 10 ----
harness/build.gradle | 6 +++
.../apache/geode/perftest/jvms/JVMLauncher.java | 14 +++++
.../geode/perftest/jvms/RemoteJVMFactory.java | 60 +++++++++++++++++++++-
infrastructure/scripts/aws/README.md | 11 ----
7 files changed, 80 insertions(+), 23 deletions(-)
diff --git a/.gitignore b/.gitignore
index 59d0740..a60eafb 100644
--- a/.gitignore
+++ b/.gitignore
@@ -3,3 +3,4 @@ out
.gradle
build/
output*/
+temp-self-signed.jks
diff --git a/README.md b/README.md
index 5c36ab7..0387b6f 100644
--- a/README.md
+++ b/README.md
@@ -53,6 +53,7 @@ Options:
-Phosts : Hosts used by benchmarks on the order of client,locator,server,server (-Phosts=localhost,localhost,localhost,localhost)
-PoutputDir : Results output directory (-PoutputDir=/tmp/results)
-PtestJVM : Path to an alternative JVM for running the client, locator, and servers. If not specified JAVA_HOME will be used. Note all compilation tasks will still use JAVA_HOME.
+ -PwithSsl : Flag to run geode with SSL. A self-signed certificate will be generated at runtime.
--tests : Specific benchmarks to run (--tests=PartitionedPutBenchmark)
-d : Debug
-i : Info
diff --git a/geode-benchmarks/src/main/java/org/apache/geode/benchmark/parameters/GeodeProperties.java b/geode-benchmarks/src/main/java/org/apache/geode/benchmark/parameters/GeodeProperties.java
index aa4149e..0df623e 100644
--- a/geode-benchmarks/src/main/java/org/apache/geode/benchmark/parameters/GeodeProperties.java
+++ b/geode-benchmarks/src/main/java/org/apache/geode/benchmark/parameters/GeodeProperties.java
@@ -28,10 +28,6 @@ import static org.apache.geode.distributed.ConfigurationProperties.MEMBER_TIMEOU
import static org.apache.geode.distributed.ConfigurationProperties.REMOVE_UNRESPONSIVE_CLIENT;
import static org.apache.geode.distributed.ConfigurationProperties.SERIALIZABLE_OBJECT_FILTER;
import static org.apache.geode.distributed.ConfigurationProperties.SSL_ENABLED_COMPONENTS;
-import static org.apache.geode.distributed.ConfigurationProperties.SSL_KEYSTORE;
-import static org.apache.geode.distributed.ConfigurationProperties.SSL_KEYSTORE_PASSWORD;
-import static org.apache.geode.distributed.ConfigurationProperties.SSL_TRUSTSTORE;
-import static org.apache.geode.distributed.ConfigurationProperties.SSL_TRUSTSTORE_PASSWORD;
import static org.apache.geode.distributed.ConfigurationProperties.STATISTIC_SAMPLING_ENABLED;
import static org.apache.geode.distributed.ConfigurationProperties.USE_CLUSTER_CONFIGURATION;
import static org.apache.geode.security.SecurableCommunicationChannels.ALL;
@@ -81,12 +77,6 @@ public class GeodeProperties {
public static Properties withSsl(Properties properties) {
properties.setProperty(SSL_ENABLED_COMPONENTS, ALL);
-
- properties.setProperty(SSL_KEYSTORE, "/home/geode/selfsigned.jks");
- properties.setProperty(SSL_KEYSTORE_PASSWORD, "123456");
- properties.setProperty(SSL_TRUSTSTORE, "/home/geode/selfsigned.jks");
- properties.setProperty(SSL_TRUSTSTORE_PASSWORD, "123456");
-
return properties;
}
}
diff --git a/harness/build.gradle b/harness/build.gradle
index 9cbdd85..e6b45e8 100644
--- a/harness/build.gradle
+++ b/harness/build.gradle
@@ -55,6 +55,12 @@ dependencies {
testCompile(group: 'org.assertj', name: 'assertj-core', version: project.'assertj-core.version')
}
+compileJava {
+ options.fork = true
+ options.forkOptions.executable = 'javac'
+ options.compilerArgs << '-XDignore.symbol.file'
+}
+
test{
useJUnitPlatform()
}
diff --git a/harness/src/main/java/org/apache/geode/perftest/jvms/JVMLauncher.java b/harness/src/main/java/org/apache/geode/perftest/jvms/JVMLauncher.java
index c0d008e..1a675c6 100644
--- a/harness/src/main/java/org/apache/geode/perftest/jvms/JVMLauncher.java
+++ b/harness/src/main/java/org/apache/geode/perftest/jvms/JVMLauncher.java
@@ -17,6 +17,11 @@
package org.apache.geode.perftest.jvms;
+import static org.apache.geode.distributed.ConfigurationProperties.SSL_KEYSTORE;
+import static org.apache.geode.distributed.ConfigurationProperties.SSL_KEYSTORE_PASSWORD;
+import static org.apache.geode.distributed.ConfigurationProperties.SSL_TRUSTSTORE;
+import static org.apache.geode.distributed.ConfigurationProperties.SSL_TRUSTSTORE_PASSWORD;
+
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.util.ArrayList;
@@ -85,6 +90,15 @@ class JVMLauncher {
command.add("-D" + RemoteJVMFactory.RMI_PORT_PROPERTY + "=" + rmiPort);
command.add("-D" + RemoteJVMFactory.JVM_ID + "=" + jvmConfig.getId());
command.add("-D" + RemoteJVMFactory.OUTPUT_DIR + "=" + jvmConfig.getOutputDir());
+
+ if (Boolean.getBoolean("withSsl")) {
+ command
+ .add("-Dgemfire." + SSL_KEYSTORE + "=" + jvmConfig.getLibDir() + "/temp-self-signed.jks");
+ command.add("-Dgemfire." + SSL_KEYSTORE_PASSWORD + "=123456");
+ command.add(
+ "-Dgemfire." + SSL_TRUSTSTORE + "=" + jvmConfig.getLibDir() + "/temp-self-signed.jks");
+ command.add("-Dgemfire." + SSL_TRUSTSTORE_PASSWORD + "=123456");
+ }
command.add("-Xloggc:" + jvmConfig.getOutputDir() + "/gc.log");
command.addAll(replaceTokens(jvmConfig.getJvmArgs(), jvmConfig));
command.add(ChildJVM.class.getName());
diff --git a/harness/src/main/java/org/apache/geode/perftest/jvms/RemoteJVMFactory.java b/harness/src/main/java/org/apache/geode/perftest/jvms/RemoteJVMFactory.java
index fe0bc52..7eb84a5 100644
--- a/harness/src/main/java/org/apache/geode/perftest/jvms/RemoteJVMFactory.java
+++ b/harness/src/main/java/org/apache/geode/perftest/jvms/RemoteJVMFactory.java
@@ -17,7 +17,22 @@
package org.apache.geode.perftest.jvms;
+import static java.util.concurrent.TimeUnit.DAYS;
+
+import java.io.File;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.security.InvalidKeyException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.PrivateKey;
+import java.security.SignatureException;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
import java.util.ArrayList;
+import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
@@ -28,6 +43,8 @@ import java.util.concurrent.TimeUnit;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import sun.security.tools.keytool.CertAndKeyGen;
+import sun.security.x509.X500Name;
import org.apache.geode.perftest.infrastructure.Infrastructure;
import org.apache.geode.perftest.infrastructure.InfrastructureFactory;
@@ -98,6 +115,8 @@ public class RemoteJVMFactory {
controllerFactory.createController(new SharedContext(mapping), numWorkers);
classPathCopier.copyToNodes(infra, node -> getLibDir(mapping, node));
+ File keyStore = createKeystore();
+ infra.copyToNodes(Arrays.asList(keyStore), node -> getLibDir(mapping, node), false);
CompletableFuture<Void> processesExited = jvmLauncher.launchProcesses(infra, RMI_PORT, mapping);
@@ -108,14 +127,51 @@ public class RemoteJVMFactory {
return new RemoteJVMs(infra, mapping, controller, processesExited);
}
- private String getLibDir(List<JVMMapping> mapping, Infrastructure.Node node) {
+ private JVMMapping getJvmMapping(List<JVMMapping> mapping, Infrastructure.Node node) {
return mapping.stream()
.filter(entry -> entry.getNode().equals(node))
.findFirst()
- .orElseThrow(() -> new IllegalStateException("Could not find lib dir for node " + node))
+ .orElseThrow(() -> new IllegalStateException("Could not find node dir " + node));
+ }
+
+ private String getLibDir(List<JVMMapping> mapping, Infrastructure.Node node) {
+ return getJvmMapping(mapping, node)
.getLibDir();
}
+ private String getOutputDir(List<JVMMapping> mapping, Infrastructure.Node node) {
+ return getJvmMapping(mapping, node)
+ .getOutputDir();
+ }
+
+ private File createKeystore()
+ throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException,
+ NoSuchProviderException, InvalidKeyException, SignatureException {
+
+ CertAndKeyGen keyGen = new CertAndKeyGen("RSA", "SHA1WithRSA", null);
+ keyGen.generate(1024);
+
+ char[] password = "123456".toCharArray();
+ PrivateKey privateKey = keyGen.getPrivateKey();
+
+ // Generate self signed certificate
+ X509Certificate[] chain = new X509Certificate[1];
+ chain[0] = keyGen.getSelfCertificate(new X500Name("CN=ROOT"), DAYS.toSeconds(365));
+
+ logger.info("Certificate : {}", chain[0]);
+
+ KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
+ ks.load(null, null);
+ ks.setKeyEntry("default", privateKey, password, chain);
+
+ File jksFile = new File("temp-self-signed.jks");
+ FileOutputStream fos = new FileOutputStream(jksFile);
+ ks.store(fos, password);
+ fos.close();
+
+ return jksFile;
+ }
+
public InfrastructureFactory getInfrastructureFactory() {
return infrastructureFactory;
}
diff --git a/infrastructure/scripts/aws/README.md b/infrastructure/scripts/aws/README.md
index 18106ad..227fb01 100644
--- a/infrastructure/scripts/aws/README.md
+++ b/infrastructure/scripts/aws/README.md
@@ -179,17 +179,6 @@ monitor the test.
```
# Running with SSL enabled
-
-## Prerequisites
-* You must have fulfilled the prerequisites at the beginning of this doc
-* Generate a self-signed SSL certificate using the keytool command:
- * `keytool -genkey -keyalg RSA -alias tomcat -keystore selfsigned.jks -validity 365 -keysize 2048`
- * The keystore password must be `123456`
-* Copy the generated certificate to the AWS VMs using the following command:
- * `./copy_to_cluster.sh -tag <clusterTag> -- <path to selfsigned.jks> /home/geode/selfsigned.jks`
- * The destination path must be `/home/geode/selfsigned.jks`
-
-## Running in AWS
To run benchmarks with SSL enabled, run the test using the `run_tests.sh` script, with the additional CLI option `-PwithSsl`:
```
./run_tests.sh --tag <clusterTag> [other CLI options] -- -PwithSsl