modify CI ssl configuration (#284)

* modify CI ssl configuration * fix * fix
vesoft-inc · Aug 23, 2023 · 8fca693 · 8fca693
1 parent d79d26b
commit 8fca693
Show file tree

Hide file tree

Showing 27 changed files with 259 additions and 260 deletions.
diff --git a/.gitignore b/.gitignore
@@ -18,3 +18,8 @@ nebula-docker-compose/logs/
 .DS_Store
 
 .idea/
+
+# ssl 
+*.cnf
+*.csr
+*.srl
diff --git a/client_test.go b/client_test.go
@@ -1240,7 +1240,7 @@ func TestReconnect(t *testing.T) {
 	for i := 0; i < timeoutConfig.MaxConnPoolSize; i++ {
 		time.Sleep(200 * time.Millisecond)
 		if i == 3 {
-			stopContainer(t, "nebula-docker-compose_graphd_1")
+			stopContainer(t, "nebula-docker-compose_graphd0_1")
 		}
 		if i == 7 {
 			stopContainer(t, "nebula-docker-compose_graphd1_1")
@@ -1261,22 +1261,13 @@ func TestReconnect(t *testing.T) {
 	}
 	checkResultSet(t, "SHOW HOSTS;", resp)
 
-	startContainer(t, "nebula-docker-compose_graphd_1")
+	startContainer(t, "nebula-docker-compose_graphd0_1")
 	startContainer(t, "nebula-docker-compose_graphd1_1")
 
 	// Wait for graphd to be up
 	time.Sleep(5 * time.Second)
 }
 
-func TestIpLookup(t *testing.T) {
-	hostAddress := HostAddress{Host: "192.168.10.105", Port: 3699}
-	hostList := []HostAddress{hostAddress}
-	_, err := DomainToIP(hostList)
-	if err != nil {
-		t.Errorf(err.Error())
-	}
-}
-
 // Method used to check execution response
 func checkResultSet(t *testing.T, prefix string, err *ResultSet) {
 	t.Helper()

diff --git a/connection_pool.go b/connection_pool.go
@@ -38,14 +38,8 @@ func NewConnectionPool(addresses []HostAddress, conf PoolConfig, log Logger) (*C
 
 // NewConnectionPool constructs a new SSL connection pool using the given addresses and configs
 func NewSslConnectionPool(addresses []HostAddress, conf PoolConfig, sslConfig *tls.Config, log Logger) (*ConnectionPool, error) {
-	// Process domain to IP
-	convAddress, err := DomainToIP(addresses)
-	if err != nil {
-		return nil, fmt.Errorf("failed to find IP, error: %s ", err.Error())
-	}
-
 	// Check input
-	if len(convAddress) == 0 {
+	if len(addresses) == 0 {
 		return nil, fmt.Errorf("failed to initialize connection pool: illegal address input")
 	}
 
@@ -55,13 +49,13 @@ func NewSslConnectionPool(addresses []HostAddress, conf PoolConfig, sslConfig *t
 	newPool := &ConnectionPool{
 		conf:      conf,
 		log:       log,
-		addresses: convAddress,
+		addresses: addresses,
 		hostIndex: 0,
 		sslConfig: sslConfig,
 	}
 
 	// Init pool with SSL socket
-	if err = newPool.initPool(); err != nil {
+	if err := newPool.initPool(); err != nil {
 		return nil, err
 	}
 	newPool.startCleaner()

diff --git a/host_address.go b/host_address.go
@@ -8,28 +8,7 @@
 
 package nebula_go
 
-import (
-	"fmt"
-	"net"
-	"os"
-)
-
 type HostAddress struct {
 	Host string
 	Port int
 }
-
-func DomainToIP(addresses []HostAddress) ([]HostAddress, error) {
-	var newHostsList []HostAddress
-	for _, host := range addresses {
-		// Get ip from domain
-		ips, err := net.LookupIP(host.Host)
-		if err != nil {
-			fmt.Fprintf(os.Stderr, "Could not get IPs: %v\n", err)
-			return nil, err
-		}
-		convHost := HostAddress{Host: ips[0].String(), Port: host.Port}
-		newHostsList = append(newHostsList, convHost)
-	}
-	return newHostsList, nil
-}
diff --git a/nebula-docker-compose/.env b/nebula-docker-compose/.env
@@ -1,5 +1,5 @@
 enable_ssl=false
-ca_path=/secrets/test.ca.pem
-password_path=/secrets/test.ca.password
-cert_path=/secrets/test.client.crt
-key_path=/secrets/test.client.key
+ca_path=/secrets/root.crt
+password_path=
+cert_path=/secrets/server.crt
+key_path=/secrets/server.key
diff --git a/nebula-docker-compose/docker-compose-ssl.yaml b/nebula-docker-compose/docker-compose-ssl.yaml
@@ -22,7 +22,6 @@ services:
       - --cert_path=${cert_path}
       - --key_path=${key_path}
       - --enable_ssl=${enable_ssl}
-      - --password_path=${password_path}
     healthcheck:
       test: ["CMD", "curl", "-sf", "http://metad0:11000/status"]
       interval: 30s
@@ -65,7 +64,6 @@ services:
       - --cert_path=${cert_path}
       - --key_path=${key_path}
       - --enable_ssl=${enable_ssl}
-      - --password_path=${password_path}
     healthcheck:
       test: ["CMD", "curl", "-sf", "http://metad1:11000/status"]
       interval: 30s
@@ -108,7 +106,6 @@ services:
       - --cert_path=${cert_path}
       - --key_path=${key_path}
       - --enable_ssl=${enable_ssl}
-      - --password_path=${password_path}
     healthcheck:
       test: ["CMD", "curl", "-sf", "http://metad2:11000/status"]
       interval: 30s
@@ -151,7 +148,6 @@ services:
       - --cert_path=${cert_path}
       - --key_path=${key_path}
       - --enable_ssl=${enable_ssl}
-      - --password_path=${password_path}
     depends_on:
       - metad0
       - metad1
@@ -198,7 +194,6 @@ services:
       - --cert_path=${cert_path}
       - --key_path=${key_path}
       - --enable_ssl=${enable_ssl}
-      - --password_path=${password_path}
     depends_on:
       - metad0
       - metad1
@@ -245,7 +240,6 @@ services:
       - --cert_path=${cert_path}
       - --key_path=${key_path}
       - --enable_ssl=${enable_ssl}
-      - --password_path=${password_path}
     depends_on:
       - metad0
       - metad1
@@ -270,15 +264,15 @@ services:
     cap_add:
       - SYS_PTRACE
 
-  graphd:
+  graphd0:
     image: vesoft/nebula-graphd:v3
     environment:
       USER: root
       TZ:   "${TZ}"
     command:
       - --meta_server_addrs=metad0:45500,metad1:45500,metad2:45500
       - --port=3699
-      - --ws_ip=graphd
+      - --ws_ip=graphd0
       - --ws_http_port=13000
       - --log_dir=/logs
       - --v=0
@@ -292,13 +286,12 @@ services:
       - --cert_path=${cert_path}
       - --key_path=${key_path}
       - --enable_ssl=${enable_ssl}
-      - --password_path=${password_path}
     depends_on:
       - metad0
       - metad1
       - metad2
     healthcheck:
-      test: ["CMD", "curl", "-sf", "http://graphd:13000/status"]
+      test: ["CMD", "curl", "-sf", "http://graphd0:13000/status"]
       interval: 30s
       timeout: 10s
       retries: 3
@@ -309,7 +302,7 @@ services:
       - 13002
     volumes:
       - ./secrets:/secrets
-      - ./logs/graph:/logs
+      - ./logs/graph0:/logs
     networks:
       - nebula-net
     restart: on-failure
@@ -338,7 +331,6 @@ services:
       - --cert_path=${cert_path}
       - --key_path=${key_path}
       - --enable_ssl=${enable_ssl}
-      - --password_path=${password_path}
     depends_on:
       - metad0
       - metad1
@@ -384,7 +376,6 @@ services:
       - --cert_path=${cert_path}
       - --key_path=${key_path}
       - --enable_ssl=${enable_ssl}
-      - --password_path=${password_path}
 
 
     depends_on:
@@ -419,7 +410,12 @@ services:
       - |
         for i in `seq 1 60`;do
           echo "Adding hosts..."
-          var=`nebula-console -addr graphd -port 3699 -u root -p nebula -enable_ssl=true -ssl_root_ca_path /secrets/test.ca.pem -ssl_cert_path /secrets/test.client.crt -ssl_private_key_path /secrets/test.client.key --ssl_insecure_skip_verify=true -e 'ADD HOSTS "storaged0":44500,"storaged1":44500,"storaged2":44500'`;
+          var=`nebula-console -addr graphd0 -port 3699 -u root -p nebula -enable_ssl=true \
+            -ssl_root_ca_path /secrets/root.crt \
+            -ssl_cert_path /secrets/client.crt \
+            -ssl_private_key_path /secrets/client.key \
+            --ssl_insecure_skip_verify=true \
+            -e 'ADD HOSTS "storaged0":44500,"storaged1":44500,"storaged2":44500'`;
           if [[ $$? == 0 ]];then
             echo "Hosts added successfully"
             break;
@@ -430,7 +426,7 @@ services:
     volumes:
       - ./secrets:/secrets
     depends_on:
-      - graphd
+      - graphd0
     networks:
       - nebula-net
 

diff --git a/nebula-docker-compose/docker-compose.yaml b/nebula-docker-compose/docker-compose.yaml
@@ -22,7 +22,6 @@ services:
       - --cert_path=${cert_path}
       - --key_path=${key_path}
       - --enable_ssl=${enable_ssl}
-      - --password_path=${password_path}
     healthcheck:
       test: ["CMD", "curl", "-sf", "http://metad0:11000/status"]
       interval: 30s
@@ -65,7 +64,6 @@ services:
       - --cert_path=${cert_path}
       - --key_path=${key_path}
       - --enable_ssl=${enable_ssl}
-      - --password_path=${password_path}
     healthcheck:
       test: ["CMD", "curl", "-sf", "http://metad1:11000/status"]
       interval: 30s
@@ -108,7 +106,6 @@ services:
       - --cert_path=${cert_path}
       - --key_path=${key_path}
       - --enable_ssl=${enable_ssl}
-      - --password_path=${password_path}
     healthcheck:
       test: ["CMD", "curl", "-sf", "http://metad2:11000/status"]
       interval: 30s
@@ -151,7 +148,6 @@ services:
       - --cert_path=${cert_path}
       - --key_path=${key_path}
       - --enable_ssl=${enable_ssl}
-      - --password_path=${password_path}
     depends_on:
       - metad0
       - metad1
@@ -198,7 +194,6 @@ services:
       - --cert_path=${cert_path}
       - --key_path=${key_path}
       - --enable_ssl=${enable_ssl}
-      - --password_path=${password_path}
     depends_on:
       - metad0
       - metad1
@@ -245,7 +240,6 @@ services:
       - --cert_path=${cert_path}
       - --key_path=${key_path}
       - --enable_ssl=${enable_ssl}
-      - --password_path=${password_path}
     depends_on:
       - metad0
       - metad1
@@ -270,15 +264,15 @@ services:
     cap_add:
       - SYS_PTRACE
 
-  graphd:
+  graphd0:
     image: vesoft/nebula-graphd:nightly
     environment:
       USER: root
       TZ:   "${TZ}"
     command:
       - --meta_server_addrs=metad0:45500,metad1:45500,metad2:45500
       - --port=3699
-      - --ws_ip=graphd
+      - --ws_ip=graphd0
       - --ws_http_port=13000
       - --log_dir=/logs
       - --v=0
@@ -293,13 +287,12 @@ services:
       - --cert_path=${cert_path}
       - --key_path=${key_path}
       - --enable_ssl=${enable_ssl}
-      - --password_path=${password_path}
     depends_on:
       - metad0
       - metad1
       - metad2
     healthcheck:
-      test: ["CMD", "curl", "-sf", "http://graphd:13000/status"]
+      test: ["CMD", "curl", "-sf", "http://graphd0:13000/status"]
       interval: 30s
       timeout: 10s
       retries: 3
@@ -310,7 +303,7 @@ services:
       - 13002
     volumes:
       - ./secrets:/secrets
-      - ./logs/graph:/logs
+      - ./logs/graph0:/logs
     networks:
       - nebula-net
     restart: on-failure
@@ -340,7 +333,6 @@ services:
       - --cert_path=${cert_path}
       - --key_path=${key_path}
       - --enable_ssl=${enable_ssl}
-      - --password_path=${password_path}
     depends_on:
       - metad0
       - metad1
@@ -387,9 +379,6 @@ services:
       - --cert_path=${cert_path}
       - --key_path=${key_path}
       - --enable_ssl=${enable_ssl}
-      - --password_path=${password_path}
-
-
     depends_on:
       - metad0
       - metad1
@@ -421,15 +410,15 @@ services:
       - -c
       - |
         for i in `seq 1 60`;do
-          var=`nebula-console -addr graphd -port 3699 -u root -p nebula -e 'ADD HOSTS "storaged0":44500,"storaged1":44500,"storaged2":44500'`;
+          var=`nebula-console -addr graphd0 -port 3699 -u root -p nebula -e 'ADD HOSTS "storaged0":44500,"storaged1":44500,"storaged2":44500'`;
           if [[ $$? == 0 ]];then
             break;
           fi;
           sleep 1;
           echo "retry to add hosts.";
         done && tail -f /dev/null;
     depends_on:
-      - graphd
+      - graphd0
     networks:
       - nebula-net
 

diff --git a/nebula-docker-compose/secrets/client.crt b/nebula-docker-compose/secrets/client.crt
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB+jCCAWOgAwIBAgIUGPV76GVV7ASOQ4OTmIrYLMUPS5IwDQYJKoZIhvcNAQEL
+BQAwLjELMAkGA1UEBhMCQ0gxEDAOBgNVBAoMB3Rlc3QtY2ExDTALBgNVBAMMBHJv
+b3QwHhcNMjMwODIzMDM0MTI5WhcNMjMwOTAyMDM0MTI5WjAwMQswCQYDVQQGEwJD
+SDEQMA4GA1UECgwHdGVzdC1jYTEPMA0GA1UEAwwGY2xpZW50MIGfMA0GCSqGSIb3
+DQEBAQUAA4GNADCBiQKBgQCbKsaKHccqg6N3yl8C9fDk1xdlxdRax6fjvFll/QB/
+1INoKTqvDZZvok7gyJPC3i5vo24m9QMfv48TfTcSWzTeEifaqSdsKUCnJJk962Ur
+Wdn2ta7Myk6fv4jHQJVil5etXvsASb9EPVRZ+4cQOINzkukk/+bMqm6p5DIbGC8F
+1QIDAQABoxMwETAPBgNVHREECDAGhwR/AAABMA0GCSqGSIb3DQEBCwUAA4GBAErf
+z7zH4Uir8wQH1/wgcDvqyZzRAgaHNP7X8U/E6Ainy6yX1vCe0Ee7M0Blmq6cgn8u
+sGC74TC9hsQ4LL8JlvRA2ioJgnxL9wNe1E55hJvSj1SMWAjo8sHe63QJt354/enp
+tmVysYqsZbC4Xu/hrko2FRJEvVD2m/VZ75ahqOLS
+-----END CERTIFICATE-----
diff --git a/nebula-docker-compose/secrets/client.key b/nebula-docker-compose/secrets/client.key
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQCbKsaKHccqg6N3yl8C9fDk1xdlxdRax6fjvFll/QB/1INoKTqv
+DZZvok7gyJPC3i5vo24m9QMfv48TfTcSWzTeEifaqSdsKUCnJJk962UrWdn2ta7M
+yk6fv4jHQJVil5etXvsASb9EPVRZ+4cQOINzkukk/+bMqm6p5DIbGC8F1QIDAQAB
+AoGAEzTIPnBRJsIEid9Sw1sN5kV5b+98yX/NGDNIHYejeC8l1M7FpMVZyZedi9VH
+9ObreIYSLGBHcraTTyZAmtUPRfxB8b9g+2c37wuFt+bRyDbHpznusM68ekollMED
+h/wJTrV1lizKZ3J8275BqPUO43YLifjoVK48MqBHyyvJQEECQQDI2kfQxdT2qc7k
+trOwEcTYVrJeY7oY0rlC4EDb012Swv5SX1eeB4FnqeXuqQvQT7xyP6nHSkosQ9of
+MCsjm0XzAkEAxcVOIgPWj2QnaiYXuL98c+JBxCvu7KWGV0woRK+O4PCe7i03fcA2
+DpZP2XI9QJHeW0P9Wl56ti/Vb1hsj3OPFwJACXhRPoS1X9Ptz1bV7g1IbLLZwh2N
+nrIAzihopnS2yr6q4xNfvDG6ZjrafoA18GJyDij2RlE4YhHo7OOGhS1DBQJBAJ++
+p0XCY+SeuVd8PVz1Dslr0ENsWSi86q5IzZ3tUDNRKI6p51CjmQZfU1AIfoFRUZHW
+cSY1elj+eh/eBJI6fTECQQC8bOWvOcn/Epm5vvn3l3f0G67IXhZTX0ZCfRtuuF8e
+xe+j+aPflVteUBylgOfJ5oJ+hmmv3XfdUWrD5mfHfsVv
+-----END RSA PRIVATE KEY-----
-Original file line number
+Diff line change
@@ Expand Up / @@ -18,3 +18,8 @@ nebula-docker-compose/logs/ @@
     .DS_Store
     .idea/
+    # ssl
+    *.cnf
+    *.csr
+    *.srl