From 8fca693fa01e8e38d0f986192694daa8495bed61 Mon Sep 17 00:00:00 2001 From: "Harris.Chu" <1726587+HarrisChu@users.noreply.github.com> Date: Wed, 23 Aug 2023 14:20:25 +0800 Subject: [PATCH] modify CI ssl configuration (#284) * modify CI ssl configuration * fix * fix --- .gitignore | 5 + client_test.go | 13 +-- connection_pool.go | 12 +-- host_address.go | 21 ---- nebula-docker-compose/.env | 8 +- nebula-docker-compose/docker-compose-ssl.yaml | 26 ++--- nebula-docker-compose/docker-compose.yaml | 23 ++-- nebula-docker-compose/secrets/client.crt | 13 +++ nebula-docker-compose/secrets/client.key | 15 +++ nebula-docker-compose/secrets/readme.md | 28 +++++ nebula-docker-compose/secrets/root.crt | 16 +++ nebula-docker-compose/secrets/root.key | 15 +++ nebula-docker-compose/secrets/run.sh | 102 ++++++++++++++++++ nebula-docker-compose/secrets/server.crt | 14 +++ nebula-docker-compose/secrets/server.key | 15 +++ nebula-docker-compose/secrets/test.ca.key | 30 ------ .../secrets/test.ca.password | 1 - nebula-docker-compose/secrets/test.ca.pem | 24 ----- nebula-docker-compose/secrets/test.ca.srl | 1 - nebula-docker-compose/secrets/test.client.crt | 21 ---- nebula-docker-compose/secrets/test.client.csr | 17 --- nebula-docker-compose/secrets/test.client.key | 27 ----- .../secrets/test.self-signed.key | 27 ----- .../secrets/test.self-signed.password | 1 - .../secrets/test.self-signed.pem | 24 ----- session_test.go | 4 +- ssl_connection_test.go | 16 +-- 27 files changed, 259 insertions(+), 260 deletions(-) create mode 100644 nebula-docker-compose/secrets/client.crt create mode 100644 nebula-docker-compose/secrets/client.key create mode 100644 nebula-docker-compose/secrets/readme.md create mode 100644 nebula-docker-compose/secrets/root.crt create mode 100644 nebula-docker-compose/secrets/root.key create mode 100755 nebula-docker-compose/secrets/run.sh create mode 100644 nebula-docker-compose/secrets/server.crt create mode 100644 nebula-docker-compose/secrets/server.key delete mode 100644 nebula-docker-compose/secrets/test.ca.key delete mode 100644 nebula-docker-compose/secrets/test.ca.password delete mode 100644 nebula-docker-compose/secrets/test.ca.pem delete mode 100644 nebula-docker-compose/secrets/test.ca.srl delete mode 100644 nebula-docker-compose/secrets/test.client.crt delete mode 100644 nebula-docker-compose/secrets/test.client.csr delete mode 100644 nebula-docker-compose/secrets/test.client.key delete mode 100644 nebula-docker-compose/secrets/test.self-signed.key delete mode 100644 nebula-docker-compose/secrets/test.self-signed.password delete mode 100644 nebula-docker-compose/secrets/test.self-signed.pem diff --git a/.gitignore b/.gitignore index 90531103..6e6cf30a 100644 --- a/.gitignore +++ b/.gitignore @@ -18,3 +18,8 @@ nebula-docker-compose/logs/ .DS_Store .idea/ + +# ssl +*.cnf +*.csr +*.srl diff --git a/client_test.go b/client_test.go index 09ee80b9..5a791f5e 100644 --- a/client_test.go +++ b/client_test.go @@ -1240,7 +1240,7 @@ func TestReconnect(t *testing.T) { for i := 0; i < timeoutConfig.MaxConnPoolSize; i++ { time.Sleep(200 * time.Millisecond) if i == 3 { - stopContainer(t, "nebula-docker-compose_graphd_1") + stopContainer(t, "nebula-docker-compose_graphd0_1") } if i == 7 { stopContainer(t, "nebula-docker-compose_graphd1_1") @@ -1261,22 +1261,13 @@ func TestReconnect(t *testing.T) { } checkResultSet(t, "SHOW HOSTS;", resp) - startContainer(t, "nebula-docker-compose_graphd_1") + startContainer(t, "nebula-docker-compose_graphd0_1") startContainer(t, "nebula-docker-compose_graphd1_1") // Wait for graphd to be up time.Sleep(5 * time.Second) } -func TestIpLookup(t *testing.T) { - hostAddress := HostAddress{Host: "192.168.10.105", Port: 3699} - hostList := []HostAddress{hostAddress} - _, err := DomainToIP(hostList) - if err != nil { - t.Errorf(err.Error()) - } -} - // Method used to check execution response func checkResultSet(t *testing.T, prefix string, err *ResultSet) { t.Helper() diff --git a/connection_pool.go b/connection_pool.go index 3950b2fa..f18c8924 100644 --- a/connection_pool.go +++ b/connection_pool.go @@ -38,14 +38,8 @@ func NewConnectionPool(addresses []HostAddress, conf PoolConfig, log Logger) (*C // NewConnectionPool constructs a new SSL connection pool using the given addresses and configs func NewSslConnectionPool(addresses []HostAddress, conf PoolConfig, sslConfig *tls.Config, log Logger) (*ConnectionPool, error) { - // Process domain to IP - convAddress, err := DomainToIP(addresses) - if err != nil { - return nil, fmt.Errorf("failed to find IP, error: %s ", err.Error()) - } - // Check input - if len(convAddress) == 0 { + if len(addresses) == 0 { return nil, fmt.Errorf("failed to initialize connection pool: illegal address input") } @@ -55,13 +49,13 @@ func NewSslConnectionPool(addresses []HostAddress, conf PoolConfig, sslConfig *t newPool := &ConnectionPool{ conf: conf, log: log, - addresses: convAddress, + addresses: addresses, hostIndex: 0, sslConfig: sslConfig, } // Init pool with SSL socket - if err = newPool.initPool(); err != nil { + if err := newPool.initPool(); err != nil { return nil, err } newPool.startCleaner() diff --git a/host_address.go b/host_address.go index f1609ffa..418f52f0 100644 --- a/host_address.go +++ b/host_address.go @@ -8,28 +8,7 @@ package nebula_go -import ( - "fmt" - "net" - "os" -) - type HostAddress struct { Host string Port int } - -func DomainToIP(addresses []HostAddress) ([]HostAddress, error) { - var newHostsList []HostAddress - for _, host := range addresses { - // Get ip from domain - ips, err := net.LookupIP(host.Host) - if err != nil { - fmt.Fprintf(os.Stderr, "Could not get IPs: %v\n", err) - return nil, err - } - convHost := HostAddress{Host: ips[0].String(), Port: host.Port} - newHostsList = append(newHostsList, convHost) - } - return newHostsList, nil -} diff --git a/nebula-docker-compose/.env b/nebula-docker-compose/.env index c5124223..875761d1 100644 --- a/nebula-docker-compose/.env +++ b/nebula-docker-compose/.env @@ -1,5 +1,5 @@ enable_ssl=false -ca_path=/secrets/test.ca.pem -password_path=/secrets/test.ca.password -cert_path=/secrets/test.client.crt -key_path=/secrets/test.client.key +ca_path=/secrets/root.crt +password_path= +cert_path=/secrets/server.crt +key_path=/secrets/server.key diff --git a/nebula-docker-compose/docker-compose-ssl.yaml b/nebula-docker-compose/docker-compose-ssl.yaml index 23c0719b..0fa8b882 100644 --- a/nebula-docker-compose/docker-compose-ssl.yaml +++ b/nebula-docker-compose/docker-compose-ssl.yaml @@ -22,7 +22,6 @@ services: - --cert_path=${cert_path} - --key_path=${key_path} - --enable_ssl=${enable_ssl} - - --password_path=${password_path} healthcheck: test: ["CMD", "curl", "-sf", "http://metad0:11000/status"] interval: 30s @@ -65,7 +64,6 @@ services: - --cert_path=${cert_path} - --key_path=${key_path} - --enable_ssl=${enable_ssl} - - --password_path=${password_path} healthcheck: test: ["CMD", "curl", "-sf", "http://metad1:11000/status"] interval: 30s @@ -108,7 +106,6 @@ services: - --cert_path=${cert_path} - --key_path=${key_path} - --enable_ssl=${enable_ssl} - - --password_path=${password_path} healthcheck: test: ["CMD", "curl", "-sf", "http://metad2:11000/status"] interval: 30s @@ -151,7 +148,6 @@ services: - --cert_path=${cert_path} - --key_path=${key_path} - --enable_ssl=${enable_ssl} - - --password_path=${password_path} depends_on: - metad0 - metad1 @@ -198,7 +194,6 @@ services: - --cert_path=${cert_path} - --key_path=${key_path} - --enable_ssl=${enable_ssl} - - --password_path=${password_path} depends_on: - metad0 - metad1 @@ -245,7 +240,6 @@ services: - --cert_path=${cert_path} - --key_path=${key_path} - --enable_ssl=${enable_ssl} - - --password_path=${password_path} depends_on: - metad0 - metad1 @@ -270,7 +264,7 @@ services: cap_add: - SYS_PTRACE - graphd: + graphd0: image: vesoft/nebula-graphd:v3 environment: USER: root @@ -278,7 +272,7 @@ services: command: - --meta_server_addrs=metad0:45500,metad1:45500,metad2:45500 - --port=3699 - - --ws_ip=graphd + - --ws_ip=graphd0 - --ws_http_port=13000 - --log_dir=/logs - --v=0 @@ -292,13 +286,12 @@ services: - --cert_path=${cert_path} - --key_path=${key_path} - --enable_ssl=${enable_ssl} - - --password_path=${password_path} depends_on: - metad0 - metad1 - metad2 healthcheck: - test: ["CMD", "curl", "-sf", "http://graphd:13000/status"] + test: ["CMD", "curl", "-sf", "http://graphd0:13000/status"] interval: 30s timeout: 10s retries: 3 @@ -309,7 +302,7 @@ services: - 13002 volumes: - ./secrets:/secrets - - ./logs/graph:/logs + - ./logs/graph0:/logs networks: - nebula-net restart: on-failure @@ -338,7 +331,6 @@ services: - --cert_path=${cert_path} - --key_path=${key_path} - --enable_ssl=${enable_ssl} - - --password_path=${password_path} depends_on: - metad0 - metad1 @@ -384,7 +376,6 @@ services: - --cert_path=${cert_path} - --key_path=${key_path} - --enable_ssl=${enable_ssl} - - --password_path=${password_path} depends_on: @@ -419,7 +410,12 @@ services: - | for i in `seq 1 60`;do echo "Adding hosts..." - var=`nebula-console -addr graphd -port 3699 -u root -p nebula -enable_ssl=true -ssl_root_ca_path /secrets/test.ca.pem -ssl_cert_path /secrets/test.client.crt -ssl_private_key_path /secrets/test.client.key --ssl_insecure_skip_verify=true -e 'ADD HOSTS "storaged0":44500,"storaged1":44500,"storaged2":44500'`; + var=`nebula-console -addr graphd0 -port 3699 -u root -p nebula -enable_ssl=true \ + -ssl_root_ca_path /secrets/root.crt \ + -ssl_cert_path /secrets/client.crt \ + -ssl_private_key_path /secrets/client.key \ + --ssl_insecure_skip_verify=true \ + -e 'ADD HOSTS "storaged0":44500,"storaged1":44500,"storaged2":44500'`; if [[ $$? == 0 ]];then echo "Hosts added successfully" break; @@ -430,7 +426,7 @@ services: volumes: - ./secrets:/secrets depends_on: - - graphd + - graphd0 networks: - nebula-net diff --git a/nebula-docker-compose/docker-compose.yaml b/nebula-docker-compose/docker-compose.yaml index 99dcf7e6..820ac387 100644 --- a/nebula-docker-compose/docker-compose.yaml +++ b/nebula-docker-compose/docker-compose.yaml @@ -22,7 +22,6 @@ services: - --cert_path=${cert_path} - --key_path=${key_path} - --enable_ssl=${enable_ssl} - - --password_path=${password_path} healthcheck: test: ["CMD", "curl", "-sf", "http://metad0:11000/status"] interval: 30s @@ -65,7 +64,6 @@ services: - --cert_path=${cert_path} - --key_path=${key_path} - --enable_ssl=${enable_ssl} - - --password_path=${password_path} healthcheck: test: ["CMD", "curl", "-sf", "http://metad1:11000/status"] interval: 30s @@ -108,7 +106,6 @@ services: - --cert_path=${cert_path} - --key_path=${key_path} - --enable_ssl=${enable_ssl} - - --password_path=${password_path} healthcheck: test: ["CMD", "curl", "-sf", "http://metad2:11000/status"] interval: 30s @@ -151,7 +148,6 @@ services: - --cert_path=${cert_path} - --key_path=${key_path} - --enable_ssl=${enable_ssl} - - --password_path=${password_path} depends_on: - metad0 - metad1 @@ -198,7 +194,6 @@ services: - --cert_path=${cert_path} - --key_path=${key_path} - --enable_ssl=${enable_ssl} - - --password_path=${password_path} depends_on: - metad0 - metad1 @@ -245,7 +240,6 @@ services: - --cert_path=${cert_path} - --key_path=${key_path} - --enable_ssl=${enable_ssl} - - --password_path=${password_path} depends_on: - metad0 - metad1 @@ -270,7 +264,7 @@ services: cap_add: - SYS_PTRACE - graphd: + graphd0: image: vesoft/nebula-graphd:nightly environment: USER: root @@ -278,7 +272,7 @@ services: command: - --meta_server_addrs=metad0:45500,metad1:45500,metad2:45500 - --port=3699 - - --ws_ip=graphd + - --ws_ip=graphd0 - --ws_http_port=13000 - --log_dir=/logs - --v=0 @@ -293,13 +287,12 @@ services: - --cert_path=${cert_path} - --key_path=${key_path} - --enable_ssl=${enable_ssl} - - --password_path=${password_path} depends_on: - metad0 - metad1 - metad2 healthcheck: - test: ["CMD", "curl", "-sf", "http://graphd:13000/status"] + test: ["CMD", "curl", "-sf", "http://graphd0:13000/status"] interval: 30s timeout: 10s retries: 3 @@ -310,7 +303,7 @@ services: - 13002 volumes: - ./secrets:/secrets - - ./logs/graph:/logs + - ./logs/graph0:/logs networks: - nebula-net restart: on-failure @@ -340,7 +333,6 @@ services: - --cert_path=${cert_path} - --key_path=${key_path} - --enable_ssl=${enable_ssl} - - --password_path=${password_path} depends_on: - metad0 - metad1 @@ -387,9 +379,6 @@ services: - --cert_path=${cert_path} - --key_path=${key_path} - --enable_ssl=${enable_ssl} - - --password_path=${password_path} - - depends_on: - metad0 - metad1 @@ -421,7 +410,7 @@ services: - -c - | for i in `seq 1 60`;do - var=`nebula-console -addr graphd -port 3699 -u root -p nebula -e 'ADD HOSTS "storaged0":44500,"storaged1":44500,"storaged2":44500'`; + var=`nebula-console -addr graphd0 -port 3699 -u root -p nebula -e 'ADD HOSTS "storaged0":44500,"storaged1":44500,"storaged2":44500'`; if [[ $$? == 0 ]];then break; fi; @@ -429,7 +418,7 @@ services: echo "retry to add hosts."; done && tail -f /dev/null; depends_on: - - graphd + - graphd0 networks: - nebula-net diff --git a/nebula-docker-compose/secrets/client.crt b/nebula-docker-compose/secrets/client.crt new file mode 100644 index 00000000..215b9026 --- /dev/null +++ b/nebula-docker-compose/secrets/client.crt @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIIB+jCCAWOgAwIBAgIUGPV76GVV7ASOQ4OTmIrYLMUPS5IwDQYJKoZIhvcNAQEL +BQAwLjELMAkGA1UEBhMCQ0gxEDAOBgNVBAoMB3Rlc3QtY2ExDTALBgNVBAMMBHJv +b3QwHhcNMjMwODIzMDM0MTI5WhcNMjMwOTAyMDM0MTI5WjAwMQswCQYDVQQGEwJD +SDEQMA4GA1UECgwHdGVzdC1jYTEPMA0GA1UEAwwGY2xpZW50MIGfMA0GCSqGSIb3 +DQEBAQUAA4GNADCBiQKBgQCbKsaKHccqg6N3yl8C9fDk1xdlxdRax6fjvFll/QB/ +1INoKTqvDZZvok7gyJPC3i5vo24m9QMfv48TfTcSWzTeEifaqSdsKUCnJJk962Ur +Wdn2ta7Myk6fv4jHQJVil5etXvsASb9EPVRZ+4cQOINzkukk/+bMqm6p5DIbGC8F +1QIDAQABoxMwETAPBgNVHREECDAGhwR/AAABMA0GCSqGSIb3DQEBCwUAA4GBAErf +z7zH4Uir8wQH1/wgcDvqyZzRAgaHNP7X8U/E6Ainy6yX1vCe0Ee7M0Blmq6cgn8u +sGC74TC9hsQ4LL8JlvRA2ioJgnxL9wNe1E55hJvSj1SMWAjo8sHe63QJt354/enp +tmVysYqsZbC4Xu/hrko2FRJEvVD2m/VZ75ahqOLS +-----END CERTIFICATE----- diff --git a/nebula-docker-compose/secrets/client.key b/nebula-docker-compose/secrets/client.key new file mode 100644 index 00000000..b74d03cc --- /dev/null +++ b/nebula-docker-compose/secrets/client.key @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXQIBAAKBgQCbKsaKHccqg6N3yl8C9fDk1xdlxdRax6fjvFll/QB/1INoKTqv +DZZvok7gyJPC3i5vo24m9QMfv48TfTcSWzTeEifaqSdsKUCnJJk962UrWdn2ta7M +yk6fv4jHQJVil5etXvsASb9EPVRZ+4cQOINzkukk/+bMqm6p5DIbGC8F1QIDAQAB +AoGAEzTIPnBRJsIEid9Sw1sN5kV5b+98yX/NGDNIHYejeC8l1M7FpMVZyZedi9VH +9ObreIYSLGBHcraTTyZAmtUPRfxB8b9g+2c37wuFt+bRyDbHpznusM68ekollMED +h/wJTrV1lizKZ3J8275BqPUO43YLifjoVK48MqBHyyvJQEECQQDI2kfQxdT2qc7k +trOwEcTYVrJeY7oY0rlC4EDb012Swv5SX1eeB4FnqeXuqQvQT7xyP6nHSkosQ9of +MCsjm0XzAkEAxcVOIgPWj2QnaiYXuL98c+JBxCvu7KWGV0woRK+O4PCe7i03fcA2 +DpZP2XI9QJHeW0P9Wl56ti/Vb1hsj3OPFwJACXhRPoS1X9Ptz1bV7g1IbLLZwh2N +nrIAzihopnS2yr6q4xNfvDG6ZjrafoA18GJyDij2RlE4YhHo7OOGhS1DBQJBAJ++ +p0XCY+SeuVd8PVz1Dslr0ENsWSi86q5IzZ3tUDNRKI6p51CjmQZfU1AIfoFRUZHW +cSY1elj+eh/eBJI6fTECQQC8bOWvOcn/Epm5vvn3l3f0G67IXhZTX0ZCfRtuuF8e +xe+j+aPflVteUBylgOfJ5oJ+hmmv3XfdUWrD5mfHfsVv +-----END RSA PRIVATE KEY----- diff --git a/nebula-docker-compose/secrets/readme.md b/nebula-docker-compose/secrets/readme.md new file mode 100644 index 00000000..6fef6ed5 --- /dev/null +++ b/nebula-docker-compose/secrets/readme.md @@ -0,0 +1,28 @@ +# readme for run.sh + +```bash +./run.sh root +./run.sh server +./run.sh client +``` + +and then the output should be + +```bash +. +├── client.cnf +├── client.crt +├── client.csr +├── client.key +├── readme.md +├── root.cnf +├── root.crt +├── root.csr +├── root.key +├── root.srl +├── run.sh +├── server.cnf +├── server.crt +├── server.csr +├── server.key +``` diff --git a/nebula-docker-compose/secrets/root.crt b/nebula-docker-compose/secrets/root.crt new file mode 100644 index 00000000..71ab903c --- /dev/null +++ b/nebula-docker-compose/secrets/root.crt @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE----- +MIIChDCCAe2gAwIBAgIUXQxeBP1zbaGeVEtKjV+EncGlWfAwDQYJKoZIhvcNAQEL +BQAwLjELMAkGA1UEBhMCQ0gxEDAOBgNVBAoMB3Rlc3QtY2ExDTALBgNVBAMMBHJv +b3QwHhcNMjMwODIzMDM0MDQ5WhcNMzMwODIwMDM0MDQ5WjAuMQswCQYDVQQGEwJD +SDEQMA4GA1UECgwHdGVzdC1jYTENMAsGA1UEAwwEcm9vdDCBnzANBgkqhkiG9w0B +AQEFAAOBjQAwgYkCgYEAt+CM4IZKC0poJKHUFhbZw7+I213gwDQARHsNy0n70q4B +yiw8MXLHIfXCYXhmviay1dyPYT/HTxf/a4rRedvLLPHzrGiLR6HdkNqt11ZnLHau +tpgaui2RNPedkPA6Rsiy0tVJB+HU6Oy3Z/nOodKe6mcpChHetB2yvApQYn9kQfEC +AwEAAaOBnjCBmzAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTMEQlAQDTclq+d +vBcrCfykTBpn6zBpBgNVHSMEYjBggBTMEQlAQDTclq+dvBcrCfykTBpn66EypDAw +LjELMAkGA1UEBhMCQ0gxEDAOBgNVBAoMB3Rlc3QtY2ExDTALBgNVBAMMBHJvb3SC +FF0MXgT9c22hnlRLSo1fhJ3BpVnwMA0GCSqGSIb3DQEBCwUAA4GBAG46WEPWLn9g +ob2gE1V3Op5/YwkAeiBBcLho94CY3niGE9JLe5AgQqFG10PM9IMSOemuvoJHuCND +LNyoMh4D73fRToUIMKPCVoboWLFX9kpaMAwBylAEmAVhyVotKfSXVXNOMRg5Idto +GcO6tFTbpyZtONufp+BNWjNI7+ZkcvoD +-----END CERTIFICATE----- diff --git a/nebula-docker-compose/secrets/root.key b/nebula-docker-compose/secrets/root.key new file mode 100644 index 00000000..7c8ef65d --- /dev/null +++ b/nebula-docker-compose/secrets/root.key @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXQIBAAKBgQC34IzghkoLSmgkodQWFtnDv4jbXeDANABEew3LSfvSrgHKLDwx +csch9cJheGa+JrLV3I9hP8dPF/9ritF528ss8fOsaItHod2Q2q3XVmcsdq62mBq6 +LZE0952Q8DpGyLLS1UkH4dTo7Ldn+c6h0p7qZykKEd60HbK8ClBif2RB8QIDAQAB +AoGBAKsiN5tkAJffiWvGncBtRgG0Sqh4CAx6mWEi8eSpF9GuF4ZVgzQ2cfU+aMoU +p/MDy1/VpjBJjrMjT5qEmY+Dq+S1a5OvVEhA50pHmyMxI/9droqdTB/H5/z5LyjO +ZvNAYnpL9eYbOUugdRs6q2K2vOO3HQbO9R+Z9uc9WNYhrqztAkEA5GHIP9KgPm+5 +I96L0TGAKNpfZNyr9jqolNdLlmOV7T/jG1kqDA3g6jP6nNeWY3c6qnQCeKN1ri53 +k05wp5T8dwJBAM4c/oAP95fx1drwxp1q48UDj4ElLd/fSPrxV1qezMuxvzGdj9Le +AbPh6sOVutquaiD40AeMIJxjux56hBd+FtcCQDBGTwrWndK00QC5APr2KK36AuIS +FzNUEOBtZefjIwTkVUApp86mfF1lIVtX4s0hnb/8B62yd6Sa4+G6WevCfV8CQQCu +1ueIaIMF8E4RiBdjJ24JDIkp6wjsFDOLMzh/lZ9x1tix1M9Q96QIHEcSHCxCHpvG +VmnZTSPIpczwAMuWRg5HAkAn/326/DImJHYn2x/rMH72YRBz2/7O2kPETgqJCUmB +X6vHHHcKLWaeeSJJMHkhz5diexalrTDrS0CocoRO3CQr +-----END RSA PRIVATE KEY----- diff --git a/nebula-docker-compose/secrets/run.sh b/nebula-docker-compose/secrets/run.sh new file mode 100755 index 00000000..c933d9c9 --- /dev/null +++ b/nebula-docker-compose/secrets/run.sh @@ -0,0 +1,102 @@ +#! /bin/bash + +# used to generate certs for nebula-graph +# usage: +# 1. ./cert.sh root +# 2. ./cert.sh server +# 3. ./cert.sh client + +# config: +# server: +# --cert_path=server.crt +# --key_path=server.key +# --ca_path=root.crt + +# client: follow per client repo + +set -eu +DN_C=CH +DN_O=vesoft +DN_OU=Eng +DN_CN= +DN_EMAIL=harris.chu@xxxx.com + +SERVER_ADDRESS_IP="" +SERVER_ADDRESS_DNS="localhost graphd0 graphd1 graphd2" +CLIENT_ADDRESS_IP="" +CLIENT_ADDRESS_DNS="" + +if [ $# != 1 ]; then + echo "USAGE: $0 " + exit 1; +fi + +function gen_cert { + cert_type=$1 + subject_name_ip=$2 + subject_name_dns=$3 + cat << EOF > ${cert_type}.cnf +[ req ] +default_bits = 2048 +prompt = no +distinguished_name = dn +req_extensions = req_ext + +[ dn ] +C = CH +O = test-ca +CN = ${cert_type} + +[ v3_ca ] +basicConstraints = critical,CA:TRUE +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer:always + +[ req_ext ] +subjectAltName = @alt_names + +[alt_names] +IP.1 = 127.0.0.1 +EOF + if [ "$subject_name_ip" != "" ];then + start=2 + for i in ${subject_name_ip}; do + cat << EOF >> ${cert_type}.cnf +IP.${start} = ${i} +EOF + start=$(($start+1)) + done + fi + if [ "$subject_name_dns" != "" ];then + start=1 + for i in ${subject_name_dns}; do + cat << EOF >> ${cert_type}.cnf +DNS.${start} = ${i} +EOF + start=$(($start+1)) + done + fi + openssl genrsa -out ${cert_type}.key 1024 + openssl req -new -config ${cert_type}.cnf -out ${cert_type}.csr -key ${cert_type}.key + if [ ${cert_type} == "root" ]; then + openssl x509 -req -in ${cert_type}.csr -out ${cert_type}.crt -extfile ${cert_type}.cnf -extensions v3_ca -signkey ${cert_type}.key -CAcreateserial -days 3650 + else + openssl x509 -req -in ${cert_type}.csr -out ${cert_type}.crt -CA root.crt -CAkey root.key -CAcreateserial -days 10 -extfile ${cert_type}.cnf -extensions req_ext + fi + +} + +cert_type=${1} +if [ ${cert_type} != "root" ] && [ ! -e root.crt ];then + echo "root.crt not exist" + exit 1 +fi +echo "generate ${cert_type} cert" +if [ ${cert_type} == "server" ]; then + gen_cert ${cert_type} "${SERVER_ADDRESS_IP[*]}" "${SERVER_ADDRESS_DNS[*]}" +elif [ ${cert_type} == "client" ]; then + gen_cert ${cert_type} "${CLIENT_ADDRESS_IP[*]}" "${CLIENT_ADDRESS_DNS[*]}" +else + gen_cert ${cert_type} "" "" +fi +echo "finish" \ No newline at end of file diff --git a/nebula-docker-compose/secrets/server.crt b/nebula-docker-compose/secrets/server.crt new file mode 100644 index 00000000..69e53c55 --- /dev/null +++ b/nebula-docker-compose/secrets/server.crt @@ -0,0 +1,14 @@ +-----BEGIN CERTIFICATE----- +MIICIDCCAYmgAwIBAgIUGPV76GVV7ASOQ4OTmIrYLMUPS5MwDQYJKoZIhvcNAQEL +BQAwLjELMAkGA1UEBhMCQ0gxEDAOBgNVBAoMB3Rlc3QtY2ExDTALBgNVBAMMBHJv +b3QwHhcNMjMwODIzMDM0MzAzWhcNMjMwOTAyMDM0MzAzWjAwMQswCQYDVQQGEwJD +SDEQMA4GA1UECgwHdGVzdC1jYTEPMA0GA1UEAwwGc2VydmVyMIGfMA0GCSqGSIb3 +DQEBAQUAA4GNADCBiQKBgQDuxsEJMhvp3NvPIJTzc9QaER/q6BEtslmXdLTKT6jO +KsQ6hmsJseUEfjVFus3IJmoYyefkIhwrljT/24bdx0Aj26A43kHN6SGcHDfgrDDr +rZLDH7GVypojFi1hFmoIMy+Xk+FcH5lgVpcAl3VVQDIHBtUCpZSYls8KHcGFWTxr +cQIDAQABozkwNzA1BgNVHREELjAshwR/AAABgglsb2NhbGhvc3SCB2dyYXBoZDCC +B2dyYXBoZDGCB2dyYXBoZDIwDQYJKoZIhvcNAQELBQADgYEAOZd+3PJEpejVkb+v +Pb4sgnptYoeAPHmCLsa9A8fD2allHxPSSgi7rk5h79PR9fcKP4FzBbfwUKR6lc7s +Mmo06CApTQXjUOOz1KFitou6JIAa58NVcHoNcKSOHynwJEi9hON+DGZxleU4X1SC +nnva1E6RoCUmG4Qa3ezPnoQy5ao= +-----END CERTIFICATE----- diff --git a/nebula-docker-compose/secrets/server.key b/nebula-docker-compose/secrets/server.key new file mode 100644 index 00000000..73325b2b --- /dev/null +++ b/nebula-docker-compose/secrets/server.key @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXgIBAAKBgQDuxsEJMhvp3NvPIJTzc9QaER/q6BEtslmXdLTKT6jOKsQ6hmsJ +seUEfjVFus3IJmoYyefkIhwrljT/24bdx0Aj26A43kHN6SGcHDfgrDDrrZLDH7GV +ypojFi1hFmoIMy+Xk+FcH5lgVpcAl3VVQDIHBtUCpZSYls8KHcGFWTxrcQIDAQAB +AoGBAN2dtW6uhn/hkFZHPFhVSihDeqdRaxhJr6PGG0Km+tsXkHdtaQ1fgltQNGua +vQImvVRymXsBObouuNQ8UYmoNFsIge/GxFewOouVhVhju6F1RXBja0zJtV8tSfWJ +dhvxXflMaHXo0C3Zbg1jtFnQ48kSQzlwJ/nh5mQ3mwWd31HBAkEA/yGEKI+ql4Wn +aG7W6xNzNtdTt6s3y3IxjmV7mt5l1Mzx1oN2FgxUD+3ySryzNLVOVbbJaH7y413x +p4JT4rXxCQJBAO+W+d0KxkrcmxhxrevOwmsyWRe3chBEi8ZgKYOGy/tdSXjCHjWH +8+N0Tiie1f/ukNgWx5yXAjQbkijRtVEDiSkCQD3Q2huVy6iQ2qIEERC+ErFb9M3Q +r2Ec1wMAdbVtY1DvIz1tdsQa0pdVeNpA5E7GCyfbdOtbrvAGCBIlErwghzkCQQDJ ++ayJ+xtO4MqewLato4+ibr9MjwlJTX/HrClTB7/OF8ZoVrzAw+uGQ/XfqIcfSi4w +/IMqLuNcqiF858zCjwiBAkEAts+c+3pJXOZr18Wadn5tquh5d8cFVg6DVBp10JXc +ZYDDMtfYbwPxGX7M104wUwKTXxNvddA00NsGgrbTEnUvHQ== +-----END RSA PRIVATE KEY----- diff --git a/nebula-docker-compose/secrets/test.ca.key b/nebula-docker-compose/secrets/test.ca.key deleted file mode 100644 index 6006d0f2..00000000 --- a/nebula-docker-compose/secrets/test.ca.key +++ /dev/null @@ -1,30 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -Proc-Type: 4,ENCRYPTED -DEK-Info: DES-EDE3-CBC,6D12ED8559E80FA3 - -tv9epnwlt4dP6Q5ee0dACOyFA5BTwYTdoMykQRJrKGwfaNeXUXn+sQ/U/oFHp1Wx -O8VZE+z2aHpiFSTw+Eh6MPt86X5yVG3tpeVO6dErvr8Kd+NpuI8zn7rNoOFRh8wD -33EFcQMLQPneDl10O18hooIoi0qwp1pd63hYZPwEhB3eOrM5Mnv9OVJs65bzYfyf -Wku33YWYxeqlDvMCsou8PZnv/M2wYsr7+QoTcNmGKP45igMthMDBzwgF+q0p9ZZU -N11c6ojAs01kfuqFf3vKfHNYe6zsBiNhnUuEy8enXSxD5E7tR/OI8aEzPLdk7fmN -/UsMK2LE0Yd5iS3O1x/1ZjSBxJ+M/UzzCO692GTAiD6Hc13iJOavq/vt1mEPjfCD -neF38Bhb5DfFi+UAHrz6EHMreamGCzP82us2maIs7mSTq7nXDZfbBc7mBDLAUUnT -J6tlrTyc+DQXzkJa6jmbxJhcsWm6XvjIBEzSXVHxEDPLnZICQk3VXODjCXTD75Rg -0WaS78Ven7DW8wn07q3VzWAFDKaet3VI+TVTv7EfIavlfiA6LSshaENdFLeHahNE -s/V/j5K3Pg6+WQcZRgOsfqIwUCSQxY13R6TTdaaCkLay5BggF5iiAO3pkqsJiadf -w843Ak4USBptymJxoZgJyFtQHpQyNiFfsAbs9BaYbg2evvE7/VQhLk0gQ7HgQMeJ -wgxEQqZQKDCCSugSzY1YEGXKnrZYCKyipzyyH936mE15zNwhYp/Pi2020+gmtP3h -CDfcPs1yeLI2/1JuimafbuKsv9xchWa6ASU8p8Q7wTLtUj9ylLKyA4A/75pK0DXG -Hv/q0O+UfhAMD438SoPBle7RSvIsDU1VjUqstlNybBglBZxGIME7/18+Ms7U32wh -4xFkZwxT2nqFgyk37tXMdMz9UBh12/AXR9NU4XY37C3Ao2TDT7/0DvU6KdJhsDpv -rGcaC2zzhko+0CPrLlk52KbqP003JXiWvOSI+FylyPPDB/YGitmndJUuQblf3u/E -l+tGi9MeSBQeWKV6D3AVnO05AZjfTUzSK0vw4DgNh5YPNJvLy31B7kDAS88vyGI1 -t6MBwjW4/tz/nS/p1Go3mSzBhPkIsCrZE+ar7lH8p8JqkLl4fXIMaVKIfyfJdzyS -lkh3K7bOGDPegxxxaWdb+EnC7k+1R3EOU7uJFW61HyrGI3q6Y7kOl5aYSJ5Ge1Uv -PycFWHWVTHq/R7HRE6HIJzGe/PnLIbStXLDFeivjfcYq1YaSaF8Vl+xg+0u3ULOl -P6IuPTph6dlcgttRZVl3ETcF0T+2wfbUwgjf0ZiguCJfR2jLGhPl1KBg0Kd9cTSY -zI3YMMd2G8hApt/QFlm4Ry8CqaJUmDcjDNIJT3M+RldUgfz37NsX05cA5e9+I1AL -2406F/v5U9gWsYx7HuwJtQrDzYYDbl1GD4H+qHFJE5JYhPP4AyWYxJ1NR5dqyvrt -+3r5+xlwZrS76c10RsBWL7th8ZEzRxOZxbtLwbf4bG/tIGfQP2sTnWwA+qym6b2S -sRduqOTP+xwnhOq/ZKn8lfsDfhT8CPnKHBsd09kM9y/UWuxFe0upLydRLE/Wsb9s ------END RSA PRIVATE KEY----- diff --git a/nebula-docker-compose/secrets/test.ca.password b/nebula-docker-compose/secrets/test.ca.password deleted file mode 100644 index 143be9ab..00000000 --- a/nebula-docker-compose/secrets/test.ca.password +++ /dev/null @@ -1 +0,0 @@ -vesoft diff --git a/nebula-docker-compose/secrets/test.ca.pem b/nebula-docker-compose/secrets/test.ca.pem deleted file mode 100644 index 412ba316..00000000 --- a/nebula-docker-compose/secrets/test.ca.pem +++ /dev/null @@ -1,24 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEGzCCAwOgAwIBAgIUDcmZFpL4PcdCXfLRBK8bR2vb39cwDQYJKoZIhvcNAQEL -BQAwgZwxCzAJBgNVBAYTAkNOMREwDwYDVQQIDAhaaGVqaWFuZzERMA8GA1UEBwwI -SGFuZ3pob3UxFDASBgNVBAoMC1Zlc29mdCBJbmMuMRAwDgYDVQQLDAdzZWN0aW9u -MRYwFAYDVQQDDA1zaHlsb2NrIGh1YW5nMScwJQYJKoZIhvcNAQkBFhhzaHlsb2Nr -Lmh1YW5nQHZlc29mdC5jb20wHhcNMjEwODE5MDkyNDQ3WhcNMjUwODE4MDkyNDQ3 -WjCBnDELMAkGA1UEBhMCQ04xETAPBgNVBAgMCFpoZWppYW5nMREwDwYDVQQHDAhI -YW5nemhvdTEUMBIGA1UECgwLVmVzb2Z0IEluYy4xEDAOBgNVBAsMB3NlY3Rpb24x -FjAUBgNVBAMMDXNoeWxvY2sgaHVhbmcxJzAlBgkqhkiG9w0BCQEWGHNoeWxvY2su -aHVhbmdAdmVzb2Z0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB -AMEAgpamCQHl+8JnUHI6/VmJHjDLYJLTliN/CwpFrhMqIVjJ8wG57WYLpXpn91Lz -eHu52LkVzcikybIJ2a+LOTvnhNFdbmTbqDtrb+s6wM/sO+nF6tU2Av4e5zhyKoeR -LL+rHMk3nymohbdN4djySFmOOU5A1O/4b0bZz4Ylu995kUawdiaEo13BzxxOC7Ik -Gge5RyDcm0uLXZqTAPy5Sjv/zpOyj0AqL1CJUH7XBN9OMRhVU0ZX9nHWl1vgLRld -J6XT17Y9QbbHhCNEdAmFE5kEFgCvZc+MungUYABlkvoj86TLmC/FMV6fWdxQssyd -hS+ssfJFLaTDaEFz5a/Tr48CAwEAAaNTMFEwHQYDVR0OBBYEFK0GVrQx+wX1GCHy -e+6fl4X+prmYMB8GA1UdIwQYMBaAFK0GVrQx+wX1GCHye+6fl4X+prmYMA8GA1Ud -EwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAHqP8P+ZUHmngviHLSSN1ln5 -Mx4BCkVeFRUaFx0yFXytV/iLXcG2HpFg3A9rAFoYgCDwi1xpsERnBZ/ShTv/eFOc -IxBY5yggx3/lGi8tAgvUdarhd7mQO67UJ0V4YU3hAkbnZ8grHHXj+4hfgUpY4ok6 -yaed6HXwknBb9W8N1jZI8ginhkhjaeRCHdMiF+fBvNCtmeR1bCml1Uz7ailrpcaT -Mf84+5VYuFEnaRZYWFNsWNCOBlJ/6/b3V10vMXzMmYHqz3xgAq0M3fVTFTzopnAX -DLSzorL/dYVdqEDCQi5XI9YAlgWN4VeGzJI+glkLOCNzHxRNP6Qev+YI+7Uxz6I= ------END CERTIFICATE----- diff --git a/nebula-docker-compose/secrets/test.ca.srl b/nebula-docker-compose/secrets/test.ca.srl deleted file mode 100644 index fbf9cacc..00000000 --- a/nebula-docker-compose/secrets/test.ca.srl +++ /dev/null @@ -1 +0,0 @@ -7E73E19D9FB0276F6149040F5FEB802543EBB3F9 diff --git a/nebula-docker-compose/secrets/test.client.crt b/nebula-docker-compose/secrets/test.client.crt deleted file mode 100644 index f50fa816..00000000 --- a/nebula-docker-compose/secrets/test.client.crt +++ /dev/null @@ -1,21 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDZjCCAk4CFH5z4Z2fsCdvYUkED1/rgCVD67P5MA0GCSqGSIb3DQEBCwUAMIGc -MQswCQYDVQQGEwJDTjERMA8GA1UECAwIWmhlamlhbmcxETAPBgNVBAcMCEhhbmd6 -aG91MRQwEgYDVQQKDAtWZXNvZnQgSW5jLjEQMA4GA1UECwwHc2VjdGlvbjEWMBQG -A1UEAwwNc2h5bG9jayBodWFuZzEnMCUGCSqGSIb3DQEJARYYc2h5bG9jay5odWFu -Z0B2ZXNvZnQuY29tMB4XDTIxMDkyODEyMzk1NloXDTI0MDEwMTEyMzk1NlowQjEL -MAkGA1UEBhMCWFgxFTATBgNVBAcMDERlZmF1bHQgQ2l0eTEcMBoGA1UECgwTRGVm -YXVsdCBDb21wYW55IEx0ZDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB -ANqFy+Fhsb9ptr9CfcmqAt/AP2ibrUH1j9UVQZTwgSrApAAOjgWqLWaO+o6gz7Ds -ZSSx6OBXpyuA+blYcCeFjr45c2l4sdpy6G9bfSOKCzh8yZLlPAaDzgbNnsta/kqR -fePM3kV2DWxQQEXXKyHCjMgYPFl2nVpJ4/z669SLvDCr4UocmE7PG5OcK4AURgnc -eIGLszurBBgyFmxKZVxrdMRx5Xmidi8gIL5i97laMGWE6qtiOSRnWoh52vdB+2Dm -rkByY/7tsApXRPzSNjA/D9DYRzN7n3gz/2ndUFO7qLZBNv9rnvauqeaksdP+xpWb -jfMG7rVV6w7bE2PGqLp4v4kCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAhyJ/ZgYR -2EddiwHPT+twKTzgUjPKgnSkCfAE0dTRlkZIB9K/XPKhoG1ocalgxuyfwTKQhSmf -uWcV43jWpj9rizERcekugJoElz9JqF19u01RdoIIv10aZVb4+nhpYJ3ETNlV+pM6 -59WgSGqx53Cbrm9WaVqepGsFHtpU9SGZ/kmL4Yu9omWoyJ1uOf1aO4T9q5M/kA8O -Feb3MKTUwBZn+axsIzMpnNlqhltvLzPvTfVP/s9bzbP/VsQkIpNOM833gVU1IREM -LMNTliOkO6heVHs5tja9NjgTmpgZJASbUk5k7xAVk7obrlD/auYo/HN+pMMCsSeu -WMAMtzWQz/fA9w== ------END CERTIFICATE----- diff --git a/nebula-docker-compose/secrets/test.client.csr b/nebula-docker-compose/secrets/test.client.csr deleted file mode 100644 index 4468adc1..00000000 --- a/nebula-docker-compose/secrets/test.client.csr +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN CERTIFICATE REQUEST----- -MIICnjCCAYYCAQAwQjELMAkGA1UEBhMCWFgxFTATBgNVBAcMDERlZmF1bHQgQ2l0 -eTEcMBoGA1UECgwTRGVmYXVsdCBDb21wYW55IEx0ZDCCASIwDQYJKoZIhvcNAQEB -BQADggEPADCCAQoCggEBANqFy+Fhsb9ptr9CfcmqAt/AP2ibrUH1j9UVQZTwgSrA -pAAOjgWqLWaO+o6gz7DsZSSx6OBXpyuA+blYcCeFjr45c2l4sdpy6G9bfSOKCzh8 -yZLlPAaDzgbNnsta/kqRfePM3kV2DWxQQEXXKyHCjMgYPFl2nVpJ4/z669SLvDCr -4UocmE7PG5OcK4AURgnceIGLszurBBgyFmxKZVxrdMRx5Xmidi8gIL5i97laMGWE -6qtiOSRnWoh52vdB+2DmrkByY/7tsApXRPzSNjA/D9DYRzN7n3gz/2ndUFO7qLZB -Nv9rnvauqeaksdP+xpWbjfMG7rVV6w7bE2PGqLp4v4kCAwEAAaAXMBUGCSqGSIb3 -DQEJBzEIDAYxMjM0NTYwDQYJKoZIhvcNAQELBQADggEBAHWHy1/p9Vn9klqdADBl -74SFoPFg6ErUQyBtBAJf+9m43hPIH7UNiPXb7R3p8fnsnKEO6Rb37I9nY3WeMLaG -MLjzzHg1+cbjgfsbFa/IZbjeRwVTAil5h/9E8Hm7E3fIllwetAFSIXOs1CvsCieR -zi+fnyX0s+az3AaV74wB2+1EODq+881oj6Y063DNa43fop7vHq37KJP0DnjjF3pv -xtf6uyyKvNhsEh4gIRBdEzBJ4A00TcI+uZ3gOdYEv7sIjwmKZzzEHFgpNXbj1D2Y -QLtZ/d+BwxN4ItzuyMYEc7sTlEKZJQvH1C8DA7SgIT3BSyRC8TQsBUWZ7tg1StlM -jLI= ------END CERTIFICATE REQUEST----- diff --git a/nebula-docker-compose/secrets/test.client.key b/nebula-docker-compose/secrets/test.client.key deleted file mode 100644 index 2c4eacad..00000000 --- a/nebula-docker-compose/secrets/test.client.key +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEA2oXL4WGxv2m2v0J9yaoC38A/aJutQfWP1RVBlPCBKsCkAA6O -BaotZo76jqDPsOxlJLHo4FenK4D5uVhwJ4WOvjlzaXix2nLob1t9I4oLOHzJkuU8 -BoPOBs2ey1r+SpF948zeRXYNbFBARdcrIcKMyBg8WXadWknj/Prr1Iu8MKvhShyY -Ts8bk5wrgBRGCdx4gYuzO6sEGDIWbEplXGt0xHHleaJ2LyAgvmL3uVowZYTqq2I5 -JGdaiHna90H7YOauQHJj/u2wCldE/NI2MD8P0NhHM3ufeDP/ad1QU7uotkE2/2ue -9q6p5qSx0/7GlZuN8wbutVXrDtsTY8aouni/iQIDAQABAoIBAAoCevZV/UhhVUep -ig2ExiDts3ndN7B/yRjfomNqKOCGdnyyLftAclfyULPb1eeqzG9D3wD3wuaRP98n -l+uXiJRaGVlJeAwjm1YOgMrx9dWekbUy3u8FdpiFLrLt9hwAUh3vMndIExFVE7yf -QJCJUt2PjqQidM6/97uM2uSfif1IrJCVt7G9Q1ukI2X5RsTihmFLJjVkfYE83T5N -8wNGKKDyy+PuMjXl3gaHux7mOiorILHVFqzMMzgfEvghobTN/axLEAzgVJu+0Sqq -XrueMht4QIIST5ix1d9KN9kGZ5dq1MJ4Lfy5NjZ6eYhxdkq41O3USSJQQN/zW+uM -Ig/0JAECgYEA/DsRsWfaV7vo/fh0rZGP5pRDUSXKXliqnyukjCPTyuk9VHOSIDPh -uEvcdcP47iu2VwnKum5RRS8lu0Nd4I3qmvgepUp71cBsM9Bn/89WoLU5/lw3pbDs -saOW1lI5kZ/FCzDSGnGLFcC8PMd9MmqUIzzOkhvDn2XiQGeOkv5b7UECgYEA3cnG -JTNIPg1L55fwX9Uj3tyb03T8iqdHd6oeUS+fsBKDdgOrL5lW+WIsUJ1uIUZ8+pA2 -v4f2W+4yQueEcDvmi3+GB12Zzlfz26n7O9ZW+cvE1NZXycRtdZaDRFijovTZnnpv -3SFvDcdc8aUQ833SZ5XhzykPCfrRRFNd+x8EGEkCgYAhsfZsH7aQb97xRqa3pTF3 -GSlhBs5hCjFI8DicLBEYE06JIKNNwACQcTnzVYnEr3w9ZmZ5v1EGEAVXXemFnQ/R -QgI+DJQ8euc5iMbL6rPk5jDoJQOeE+Oa24LEANoF9TUKiKwYskBlWIkNCY1VFd3S -U0Y5SJI6kg7Gkc7/HhHDwQKBgQCT1zqT9ZlEc8yTNn7vAr8Egf4FeMgXDObg56+J -4rsJvW2QL2XfNtH5Lu3nVungmIIa7CLyjYk1QpSScI2h2uwVNQ58vnIWUB6n4Kkt -+/TCUoiEb9TZFGz6ozghSQzbRWgC8g67UtwaTTixg5zHEqo8jnaVhwMVXfI9H21Y -RhaOsQKBgQCOf8JLdIEMH8z0bGh2He0mv0qBcN9EUuhSw85+JZUReq+2sEeT8zM3 -hl1RMXKS3K+u8IiGAffESju5EK85/hD0NsSv4EGOWfuuN4/jRQ9MGJ9kEL6BBM9T -FAxvY63PS6yOy+rgT21dc8GOjlM1DOTPZzCrnKW1kvwaBsSZeNF59A== ------END RSA PRIVATE KEY----- diff --git a/nebula-docker-compose/secrets/test.self-signed.key b/nebula-docker-compose/secrets/test.self-signed.key deleted file mode 100644 index 5a94b69a..00000000 --- a/nebula-docker-compose/secrets/test.self-signed.key +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpQIBAAKCAQEAwQCClqYJAeX7wmdQcjr9WYkeMMtgktOWI38LCkWuEyohWMnz -AbntZgulemf3UvN4e7nYuRXNyKTJsgnZr4s5O+eE0V1uZNuoO2tv6zrAz+w76cXq -1TYC/h7nOHIqh5Esv6scyTefKaiFt03h2PJIWY45TkDU7/hvRtnPhiW733mRRrB2 -JoSjXcHPHE4LsiQaB7lHINybS4tdmpMA/LlKO//Ok7KPQCovUIlQftcE304xGFVT -Rlf2cdaXW+AtGV0npdPXtj1BtseEI0R0CYUTmQQWAK9lz4y6eBRgAGWS+iPzpMuY -L8UxXp9Z3FCyzJ2FL6yx8kUtpMNoQXPlr9OvjwIDAQABAoIBAFcIFNs8OhmaDQJo -NlWcljx24Z9dRspPEYgmNONH8qx/thPk1Wk034HBxLhDA7trQSyB7OHhnC9bZ/ya -Bojrfj6uMy16NVrT1rQcyZZIo0PfolDTyAanWYgghWHl0ZnadFRmJA/0vhg5/zpe -q3Z6IvgHc33/LEaeQAeyFqvGfkbSMZz2cj9na9MgW5usMHrQxtBdtuwVrtj4dKY+ -SXhQz7G5gaq5byromeE7U0fhPwGVqHy/QvHJbIQhowzu2cCFAQaBOMcgy8hqKVB3 -dZlcRkFU1/iS0MsLmsv7rRAt/r43zW0dvFqZ7WzN9McQGF7Og4CN/GNGul0Q1bIu -NcKdJLkCgYEA4RXEGLzR1gTolYXImRdXmeTU7XqoXt/CNtg5dumqUYRDD1WmOtp5 -XfEZdcEHTCfPQWIXsC8dM6+MFujHcnZV+NPx7xPe/pKJ4adAe+yHH1gsj4elvl7z -shcgT3/0fsj3dGFnsxBww1djIBH+gf5Niz44+QaqDlDNEkYBXdBmB6sCgYEA24Kr -fYaU7qP+SPamVC6p8NU6nddmuJl+n5XBmnDwbYaM6OyCEetCH3LQHYSkxjtJ3q/O -iSezxZzcBReP1MbZZbn2oqo8w/nE/LKrJytClLyDoJYaF5WigInaZ/D3QGLFH4J+ -kjYrjTuJGXq5LJjJ1hsxIowi+CQcAr67wSrcg60CgYEA2VVa80felPhIW5fCCZAw -VbhOoL8+s9z6elptohQdEHjVB4l76HfrmHmkS78GfNIznL5KgSP83lsyuSwq6Kq6 -eHitsltNhiGYYPpNmVrZXbqVzED+GMM2K0+JMzopqgICba1fo9bMCtHmNKErTflu -hnSeLlXw/cGnQW23BA6ldeECgYEA0NsfeCvZAMagZ6Pm1iogH7mCMDSG1BWX2ReQ -QfY7jLp80BJYH9yL6YhAZBWVAdffjTYReYaBEgERhvbIL1eT+apa9KKtdnnr59PH -7VjH3OURCHZJFS+Wkl6XpFYtquFPVY/ABjXsclC3Pbr6/WfSgxkUQx67FwakcCgy -VLUHY3ECgYEAnCZybgd3rpZwqSdljHne4xvvDFRwRev4JKAkXhXehQa8Yeb/vEBp -9unBdzWR8EbE/QmyiUAKKaqFVHtsneGCwtzB08tJeb9QXZ09rtf5dRAMUbQW/gHg -Bj3Uz0ZzisnXqy6JTXQzaCveVQlLzsmVsCoe5nA3yrkOam3BG3i16KI= ------END RSA PRIVATE KEY----- diff --git a/nebula-docker-compose/secrets/test.self-signed.password b/nebula-docker-compose/secrets/test.self-signed.password deleted file mode 100644 index 143be9ab..00000000 --- a/nebula-docker-compose/secrets/test.self-signed.password +++ /dev/null @@ -1 +0,0 @@ -vesoft diff --git a/nebula-docker-compose/secrets/test.self-signed.pem b/nebula-docker-compose/secrets/test.self-signed.pem deleted file mode 100644 index 85eb39f6..00000000 --- a/nebula-docker-compose/secrets/test.self-signed.pem +++ /dev/null @@ -1,24 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEGzCCAwOgAwIBAgIUDcmZFpL4PcdCXfLRBK8bR2vb39cwDQYJKoZIhvcNAQEL -BQAwgZwxCzAJBgNVBAYTAkNOMREwDwYDVQQIDAhaaGVqaWFuZzERMA8GA1UEBwwI -SGFuZ3pob3UxFDASBgNVBAoMC1Zlc29mdCBJbmMuMRAwDgYDVQQLDAdzZWN0aW9u -MRYwFAYDVQQDDA1zaHlsb2NrIGh1YW5nMScwJQYJKoZIhvcNAQkBFhhzaHlsb2Nr -Lmh1YW5nQHZlc29mdC5jb20wHhcNMjEwODE5MDkyNDQ3WhcNMjUwODE4MDkyNDQ3 -WjCBnDELMAkGA1UEBhMCQ04xETAPBgNVBAgMCFpoZWppYW5nMREwDwYDVQQHDAhI -YW5nemhvdTEUMBIGA1UECgwLVmVzb2Z0IEluYy4xEDAOBgNVBAsMB3NlY3Rpb24x -FjAUBgNVBAMMDXNoeWxvY2sgaHVhbmcxJzAlBgkqhkiG9w0BCQEWGHNoeWxvY2su -aHVhbmdAdmVzb2Z0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB -AMEAgpamCQHl+8JnUHI6/VmJHjDLYJLTliN/CwpFrhMqIVjJ8wG57WYLpXpn91Lz -eHu52LkVzcikybIJ2a+LOTvnhNFdbmTbqDtrb+s6wM/sO+nF6tU2Av4e5zhyKoeR -LL+rHMk3nymohbdN4djySFmOOU5A1O/4b0bZz4Ylu995kUawdiaEo13BzxxOC7Ik -Gge5RyDcm0uLXZqTAPy5Sjv/zpOyj0AqL1CJUH7XBN9OMRhVU0ZX9nHWl1vgLRld -J6XT17Y9QbbHhCNEdAmFE5kEFgCvZc+MungUYABlkvoj86TLmC/FMV6fWdxQssyd -hS+ssfJFLaTDaEFz5a/Tr48CAwEAAaNTMFEwHQYDVR0OBBYEFK0GVrQx+wX1GCHy -e+6fl4X+prmYMB8GA1UdIwQYMBaAFK0GVrQx+wX1GCHye+6fl4X+prmYMA8GA1Ud -EwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAHqP8P+ZUHmngviHLSSN1ln5 -Mx4BCkVeFRUaFx0yFXytV/iLXcG2HpFg3A9rAFoYgCDwi1xpsERnBZ/ShTv/eFOc -IxBY5yggx3/lGi8tAgvUdarhd7mQO67UJ0V4YU3hAkbnZ8grHHXj+4hfgUpY4ok6 -yaed6HXwknBb9W8N1jZI8ginhkhjaeRCHdMiF+fBvNCtmeR1bCml1Uz7ailrpcaT -Mf84+5VYuFEnaRZYWFNsWNCOBlJ/6/b3V10vMXzMmYHqz3xgAq0M3fVTFTzopnAX -DLSzorL/dYVdqEDCQi5XI9YAlgWN4VeGzJI+glkLOCNzHxRNP6Qev+YI+7Uxz6I= ------END CERTIFICATE----- diff --git a/session_test.go b/session_test.go index 0e94e515..4f73e34b 100644 --- a/session_test.go +++ b/session_test.go @@ -90,7 +90,7 @@ func TestSession_Recover(t *testing.T) { _, _ = sess.Execute(query) } }() - stopContainer(t, "nebula-docker-compose_graphd_1") + stopContainer(t, "nebula-docker-compose_graphd0_1") stopContainer(t, "nebula-docker-compose_graphd1_1") stopContainer(t, "nebula-docker-compose_graphd2_1") defer func() { @@ -98,7 +98,7 @@ func TestSession_Recover(t *testing.T) { startContainer(t, "nebula-docker-compose_graphd2_1") }() <-time.After(3 * time.Second) - startContainer(t, "nebula-docker-compose_graphd_1") + startContainer(t, "nebula-docker-compose_graphd0_1") <-time.After(3 * time.Second) _, err = sess.Execute(query) if err != nil { diff --git a/ssl_connection_test.go b/ssl_connection_test.go index 8e35cc7a..35abad40 100644 --- a/ssl_connection_test.go +++ b/ssl_connection_test.go @@ -33,15 +33,15 @@ func TestSslConnection(t *testing.T) { } sslConfig, err := GetDefaultSSLConfig( - "./nebula-docker-compose/secrets/test.ca.pem", - "./nebula-docker-compose/secrets/test.client.crt", - "./nebula-docker-compose/secrets/test.client.key", + "./nebula-docker-compose/secrets/root.crt", + "./nebula-docker-compose/secrets/client.crt", + "./nebula-docker-compose/secrets/client.key", ) if err != nil { t.Fatal(err) } - sslConfig.InsecureSkipVerify = true // This is only used for testing + sslConfig.InsecureSkipVerify = false // Initialize connection pool pool, err := NewSslConnectionPool(hostList, testPoolConfig, sslConfig, nebulaLog) @@ -98,15 +98,15 @@ func TestSslConnectionSelfSigned(t *testing.T) { } sslConfig, err := GetDefaultSSLConfig( - "./nebula-docker-compose/secrets/test.self-signed.pem", - "./nebula-docker-compose/secrets/test.self-signed.pem", - "./nebula-docker-compose/secrets/test.self-signed.key", + "./nebula-docker-compose/secrets/root.crt", + "./nebula-docker-compose/secrets/client.crt", + "./nebula-docker-compose/secrets/client.key", ) if err != nil { t.Fatal(err) } - sslConfig.InsecureSkipVerify = true // This is only used for testing + sslConfig.InsecureSkipVerify = false // Initialize connection pool pool, err := NewSslConnectionPool(hostList, testPoolConfig, sslConfig, nebulaLog)