diff options
-rw-r--r-- | reltool.config | 6 | ||||
-rw-r--r-- | src/catlfish_sup.erl | 2 | ||||
-rw-r--r-- | test/catlfish-test-local-merge.cfg | 15 | ||||
-rwxr-xr-x | test/scripts/light-system-test-prepare.sh | 1 | ||||
-rwxr-xr-x | test/scripts/light-system-test-start.sh | 9 | ||||
-rwxr-xr-x | test/scripts/light-system-test-stop.sh | 7 | ||||
-rw-r--r-- | test/scripts/testutils.sh | 1 | ||||
-rwxr-xr-x | tools/compileconfig.py | 59 | ||||
-rwxr-xr-x | tools/merge | 2 | ||||
-rwxr-xr-x | tools/merge_fetch.py | 2 | ||||
-rwxr-xr-x | tools/testcase1.py | 5 |
11 files changed, 81 insertions, 28 deletions
diff --git a/reltool.config b/reltool.config index b00f48b..5f837d1 100644 --- a/reltool.config +++ b/reltool.config @@ -3,13 +3,15 @@ {erts, [{mod_cond, derived}, {app_file, strip}]}, {app_file, strip}, {rel, "catlfish", "0.10.0-dev", [kernel, stdlib, sasl, catlfish]}, + {rel, "merge", "0.10.0-dev", [sasl, merge]}, {boot_rel, "catlfish"}, {profile, standalone}, {incl_sys_filters, ["^bin/", "^erts-.*/", "^lib"]}, - {incl_app_filters, ["^ebin/", "^priv/", "^src/"]}, - {app, catlfish, [{app_file, all}, {lib_dir, "."}]}, + {incl_app_filters, ["ebin/", "priv/", "src/"]}, {escript, "./verifycert.erl", [{incl_cond, include}]}, + {app, catlfish, [{app_file, all}, {lib_dir, "."}]}, {app, plop, [{app_file, all}, {lib_dir, "../plop"}]}, + {app, merge, [{app_file, all}, {lib_dir, "../plop/merge"}]}, {app, mochiweb, [{app_file, all}, {lib_dir, "../mochiweb"}]}, {app, idna, [{app_file, all}, {lib_dir, "../hackney/deps/idna"}]}, {app, hackney, [{app_file, all}, {lib_dir, "../hackney"}]}, diff --git a/src/catlfish_sup.erl b/src/catlfish_sup.erl index 8b43faf..f0fcee2 100644 --- a/src/catlfish_sup.erl +++ b/src/catlfish_sup.erl @@ -37,7 +37,7 @@ init([]) -> SSLOptions = [{certfile, application:get_env(catlfish, https_certfile, none)}, {keyfile, application:get_env(catlfish, https_keyfile, none)}, - {cacertfile, application:get_env(catlfish, https_cacertfile, none)}], + {cacertfile, application:get_env(plop, https_cacertfile, none)}], Servers = lists:map(fun (Config) -> gen_http_config(Config, SSLOptions, true) diff --git a/test/catlfish-test-local-merge.cfg b/test/catlfish-test-local-merge.cfg index 273b68e..2931e6c 100644 --- a/test/catlfish-test-local-merge.cfg +++ b/test/catlfish-test-local-merge.cfg @@ -1,10 +1,23 @@ nodename: merge-1 +localnodes: + - merge-1 + paths: + configdir: . mergedb: mergedb + # TODO: https_certfile and https_keyfile not strictly necessary for primary merge + https_certfile: httpscert/httpscert-1.pem + https_keyfile: httpscert/httpskey-1.pem https_cacertfile: httpsca/demoCA/cacert.pem publickeys: publickeys logpublickey: keys/logkey.pem privatekeys: privatekeys verifycert_bin: ../bin/verifycert.erl.escript - known_roots: known_roots/ + knownroots: known_roots/ + +merge: + min-delay: 1 + dist-window-size: 2 + dist-sendlog-chunksize: 1 + dist-sendentries-chunksize: 1 diff --git a/test/scripts/light-system-test-prepare.sh b/test/scripts/light-system-test-prepare.sh index df45d25..bf1f1b8 100755 --- a/test/scripts/light-system-test-prepare.sh +++ b/test/scripts/light-system-test-prepare.sh @@ -71,6 +71,7 @@ for machine in ${MACHINES}; do \ mkdir -p machine/machine-${machine}/db touch machine/machine-${machine}/db/index && touch machine/machine-${machine}/db/newentries done +${top_srcdir}/tools/compileconfig.py --config ${top_srcdir}/test/catlfish-test.cfg --localconfig ${top_srcdir}/test/catlfish-test-local-merge.cfg ${top_srcdir}/tools/compileconfig.py --config ${top_srcdir}/test/catlfish-test.cfg --localconfig ${top_srcdir}/test/catlfish-test-local-merge-2.cfg ${top_srcdir}/tools/compileconfig.py --config ${top_srcdir}/test/catlfish-test.cfg --localconfig ${top_srcdir}/test/catlfish-test-local-signing.cfg test -x ${SOFTHSM} && ${SOFTHSM} --init-token --slot=0 --label=mylabel --so-pin=ffff --pin=ffff || true diff --git a/test/scripts/light-system-test-start.sh b/test/scripts/light-system-test-start.sh index 1623d7e..4520945 100755 --- a/test/scripts/light-system-test-start.sh +++ b/test/scripts/light-system-test-start.sh @@ -7,8 +7,15 @@ top_srcdir=$(cd $(dirname $0)/../..; pwd) . ${top_srcdir}/test/scripts/testutils.sh +start_node() { + node=$1 + node_app=$2 + ../bin/run_erl -daemon nodes/${node}/ nodes/${node}/log/ \ + "exec ../bin/erl -boot ${node_app} -config ${node}" +} + for node in ${ERLANGNODES}; do - (../bin/run_erl -daemon nodes/${node}/ nodes/${node}/log/ "exec ../bin/erl -config ${node}") + start_node $(echo $node | tr ':' ' ') done for i in 1 2 3 4 5 6 7 8 9 10; do echo "waiting for system to start" diff --git a/test/scripts/light-system-test-stop.sh b/test/scripts/light-system-test-stop.sh index 575ef38..0bf4374 100755 --- a/test/scripts/light-system-test-stop.sh +++ b/test/scripts/light-system-test-stop.sh @@ -7,6 +7,11 @@ top_srcdir=$(cd $(dirname $0)/../..; pwd) . ${top_srcdir}/test/scripts/testutils.sh -for node in ${ERLANGNODES}; do +stop_node() { + node=$1 ${top_srcdir}/tools/to_catlfish.py to_erl nodes/${node}/ "init:stop()" +} + +for node in ${ERLANGNODES}; do + stop_node $(echo $node | tr ':' ' ') done diff --git a/test/scripts/testutils.sh b/test/scripts/testutils.sh index e779e07..6879695 100644 --- a/test/scripts/testutils.sh +++ b/test/scripts/testutils.sh @@ -19,4 +19,5 @@ check_sth() { do_merge() { ${top_srcdir}/tools/merge --config ${top_srcdir}/test/catlfish-test.cfg --timing --localconfig ${top_srcdir}/test/catlfish-test-local-merge.cfg || fail "Merge failed" + sleep 5 # FIXME: Just wait for dist instead. } diff --git a/tools/compileconfig.py b/tools/compileconfig.py index f8d1d39..d6f9271 100755 --- a/tools/compileconfig.py +++ b/tools/compileconfig.py @@ -132,24 +132,24 @@ def gen_http_servers(nodetype, nodeconfig, bind_addresses, bind_publicaddress, b return (http_servers, https_servers) -def allowed_clients_frontend(mergenodenames, primarymergenode): +def allowed_clients_frontend(mergenodenames, primarymergenodename): return [ ("/plop/v1/frontend/sendentry", mergenodenames), ("/plop/v1/frontend/sendlog", mergenodenames), - ("/plop/v1/frontend/publish-sth", [primarymergenode]), - ("/plop/v1/frontend/verify-entries", [primarymergenode]), + ("/plop/v1/frontend/publish-sth", [primarymergenodename]), + ("/plop/v1/frontend/verify-entries", [primarymergenodename]), ("/plop/v1/frontend/currentposition", mergenodenames), ("/plop/v1/frontend/missingentries", mergenodenames), ] -def allowed_clients_mergesecondary(primarymergenode): +def allowed_clients_mergesecondary(primarymergenodename): return [ - ("/plop/v1/merge/sendentry", [primarymergenode]), - ("/plop/v1/merge/sendlog", [primarymergenode]), - ("/plop/v1/merge/verifyroot", [primarymergenode]), - ("/plop/v1/merge/verifiedsize", [primarymergenode]), - ("/plop/v1/merge/setverifiedsize", [primarymergenode]), - ("/plop/v1/merge/missingentries", [primarymergenode]), + ("/plop/v1/merge/sendentry", [primarymergenodename]), + ("/plop/v1/merge/sendlog", [primarymergenodename]), + ("/plop/v1/merge/verifyroot", [primarymergenodename]), + ("/plop/v1/merge/verifiedsize", [primarymergenodename]), + ("/plop/v1/merge/setverifiedsize", [primarymergenodename]), + ("/plop/v1/merge/missingentries", [primarymergenodename]), ] def allowed_clients_public(): @@ -165,10 +165,10 @@ def allowed_clients_public(): ("/ct/v1/get-roots", noauth), ] -def allowed_clients_signing(frontendnodenames, primarymergenode): +def allowed_clients_signing(frontendnodenames, primarymergenodename): return [ ("/plop/v1/signing/sct", frontendnodenames), - ("/plop/v1/signing/sth", [primarymergenode]), + ("/plop/v1/signing/sth", [primarymergenodename]), ] def allowed_clients_storage(frontendnodenames, mergenodenames): @@ -186,6 +186,14 @@ def allowed_servers_frontend(signingnodenames, storagenodenames): ("/plop/v1/signing/sct", signingnodenames), ] +def allowed_servers_primarymerge(frontendnodenames): + return [ + ("/plop/v1/frontend/verify-entries", frontendnodenames), + ("/plop/v1/frontend/sendlog", frontendnodenames), + ("/plop/v1/frontend/sendentry", frontendnodenames), + ("/plop/v1/frontend/publish-sth", frontendnodenames), + ] + def parse_ratelimit_expression(expression): if expression == "none": return Symbol("none") @@ -241,8 +249,6 @@ def gen_config(nodename, config, localconfig): (Symbol("http_servers"), http_servers), (Symbol("https_certfile"), paths["https_certfile"]), (Symbol("https_keyfile"), paths["https_keyfile"]), - (Symbol("https_cacertfile"), paths["https_cacertfile"]), - (Symbol("https_cacert_fingerprint"), Binary(base64.b16decode(config["cafingerprint"]))), ] catlfishconfig.append((Symbol("mmd"), config["mmd"])) @@ -256,6 +262,11 @@ def gen_config(nodename, config, localconfig): ]) ] + plopconfig += [ + (Symbol("https_cacertfile"), paths["https_cacertfile"]), + (Symbol("https_cacert_fingerprint"), Binary(base64.b16decode(config["cafingerprint"]))), + ] + if "dbbackend" in localconfig: dbbackend = localconfig["dbbackend"] if dbbackend not in ("fsdb", "permdb"): @@ -268,7 +279,7 @@ def gen_config(nodename, config, localconfig): print >>sys.stderr, "When using permdb, all services have to be in the same node" sys.exit(1) - print "nodetype", ", ".join(nodetype) + #print "nodetype", ", ".join(nodetype) if nodetype & set(["frontendnodes", "storagenodes"]): plopconfig += [ (Symbol("entry_root_path"), paths["db"] + "certentries"), @@ -306,6 +317,7 @@ def gen_config(nodename, config, localconfig): primarymergenodename = config["primarymergenode"] storagenodeaddresses = ["https://%s/plop/v1/storage/" % node["address"] for node in config["storagenodes"]] frontendnodenames = [node["name"] for node in config["frontendnodes"]] + frontendnodeaddresses = ["https://%s/plop/v1/frontend/" % node["address"] for node in config["frontendnodes"]] allowed_clients = [] allowed_servers = [] @@ -328,7 +340,17 @@ def gen_config(nodename, config, localconfig): plopconfig.append((Symbol("storage_nodes"), storagenodeaddresses)) plopconfig.append((Symbol("storage_nodes_quorum"), config["storage-quorum-size"])) services.add(Symbol("ht")) - allowed_clients += allowed_clients_mergesecondary(primarymergenodename) + if nodename == primarymergenodename: + merge = localconfig["merge"] + plopconfig.append((Symbol("merge_delay"), merge["min-delay"])) + plopconfig.append((Symbol("merge_dist_winsize"), merge["dist-window-size"])) + plopconfig.append((Symbol("merge_dist_sendlog_chunksize"), merge["dist-sendlog-chunksize"])) + plopconfig.append((Symbol("merge_dist_sendentries_chunksize"), merge["dist-sendentries-chunksize"])) + plopconfig.append((Symbol("frontend_nodes"), frontendnodeaddresses)) + plopconfig.append((Symbol("sth_path"), paths["mergedb"] + "/sth")) + allowed_servers += allowed_servers_primarymerge(frontendnodenames) + else: + allowed_clients += allowed_clients_mergesecondary(primarymergenodename) plopconfig += [ (Symbol("publickey_path"), paths["publickeys"]), @@ -375,8 +397,7 @@ def gen_testmakefile(config, testmakefile, machines, shellvars=False): storagenodenames = set([node["name"] for node in config["storagenodes"]]) signingnodenames = set([node["name"] for node in config["signingnodes"]]) mergenodenames = set([node["name"] for node in config["mergenodes"]]) - erlangnodenames = frontendnodenames | storagenodenames | signingnodenames | \ - set(filter(lambda name: name != config["primarymergenode"], mergenodenames)) + erlangnodenames_and_apps = ['%s:%s' % (nn, 'catlfish' if nn != config["primarymergenode"] else "merge") for nn in frontendnodenames | storagenodenames | signingnodenames | mergenodenames] frontendnodeaddresses = [node["publicaddress"] for node in config["frontendnodes"]] storagenodeaddresses = [node["address"] for node in config["storagenodes"]] @@ -386,7 +407,7 @@ def gen_testmakefile(config, testmakefile, machines, shellvars=False): delimiter = '"' if shellvars else '' print >>configfile, "NODES=" + delimiter + " ".join(frontendnodenames|storagenodenames|signingnodenames|mergenodenames) + delimiter - print >>configfile, "ERLANGNODES=" + delimiter + " ".join(erlangnodenames) + delimiter + print >>configfile, "ERLANGNODES=" + delimiter + " ".join(erlangnodenames_and_apps) + delimiter print >>configfile, "MACHINES=" + delimiter + " ".join([str(e) for e in range(1, machines+1)]) + delimiter print >>configfile, "TESTURLS=" + delimiter + " ".join(frontendnodeaddresses+storagenodeaddresses+signingnodeaddresses+mergenodeaddresses) + delimiter print >>configfile, "BASEURL=" + delimiter + config["baseurl"] + delimiter diff --git a/tools/merge b/tools/merge index b5a50d5..0d3f36c 100755 --- a/tools/merge +++ b/tools/merge @@ -7,4 +7,4 @@ BINDIR=$(dirname $0) $BINDIR/merge_fetch.py "$@" $BINDIR/merge_backup.py "$@" $BINDIR/merge_sth.py "$@" -$BINDIR/merge_dist.py "$@" +#$BINDIR/merge_dist.py "$@" diff --git a/tools/merge_fetch.py b/tools/merge_fetch.py index 8f94aed..42a3089 100755 --- a/tools/merge_fetch.py +++ b/tools/merge_fetch.py @@ -59,7 +59,7 @@ def merge_fetch(args, config, localconfig): break verifycert = subprocess.Popen( - [paths["verifycert_bin"], paths["known_roots"]], + [paths["verifycert_bin"], paths["knownroots"]], stdin=subprocess.PIPE, stdout=subprocess.PIPE) added_entries = 0 diff --git a/tools/testcase1.py b/tools/testcase1.py index dbafe7a..5192074 100755 --- a/tools/testcase1.py +++ b/tools/testcase1.py @@ -13,6 +13,7 @@ import struct import hashlib import itertools import os.path +from time import sleep from certtools import * baseurls = [sys.argv[1]] @@ -148,8 +149,10 @@ def get_and_check_entry(timestamp, chain, leaf_index, baseurl): len(submittedcertchain)) def merge(): - return subprocess.call([toolsdir + "/merge", "--config", testdir + "/catlfish-test.cfg", + rv = subprocess.call([toolsdir + "/merge", "--config", testdir + "/catlfish-test.cfg", "--localconfig", testdir + "/catlfish-test-local-merge.cfg"]) + sleep(5) # FIXME: Just wait for dist instead. + return rv mergeresult = merge() assert_equal(mergeresult, 0, "merge", quiet=True, fatal=True) |