diff --git a/fdbrpc/TLSConnection.actor.cpp b/fdbrpc/TLSConnection.actor.cpp index f9c9341e8b..b64b31850f 100644 --- a/fdbrpc/TLSConnection.actor.cpp +++ b/fdbrpc/TLSConnection.actor.cpp @@ -250,6 +250,8 @@ void TLSOptions::set_verify_peers( std::string const& verify_peers ) { } void TLSOptions::register_network() { + // Simulation relies upon being able to call this multiple times, and have it override g_network + // each time it's called. new TLSNetworkConnections( Reference::addRef( this ) ); } diff --git a/fdbrpc/TLSConnection.h b/fdbrpc/TLSConnection.h index 885ee8ca44..8c3f56a673 100644 --- a/fdbrpc/TLSConnection.h +++ b/fdbrpc/TLSConnection.h @@ -124,7 +124,7 @@ private: #define TLS_VERIFY_PEERS_FLAG "--tls_verify_peers" #define TLS_OPTION_FLAGS \ - { TLSOptions::OPT_TLS_PLUGIN, TLS_PLUGIN_FLAG, SO_REQ_SEP }, \ + { TLSOptions::OPT_TLS_PLUGIN, TLS_PLUGIN_FLAG, SO_OPT }, \ { TLSOptions::OPT_TLS_CERTIFICATES, TLS_CERTIFICATE_FILE_FLAG, SO_REQ_SEP }, \ { TLSOptions::OPT_TLS_KEY, TLS_KEY_FILE_FLAG, SO_REQ_SEP }, \ { TLSOptions::OPT_TLS_VERIFY_PEERS, TLS_VERIFY_PEERS_FLAG, SO_REQ_SEP }, diff --git a/fdbserver/SimulatedCluster.actor.cpp b/fdbserver/SimulatedCluster.actor.cpp index 1193c5ca83..b767036f38 100644 --- a/fdbserver/SimulatedCluster.actor.cpp +++ b/fdbserver/SimulatedCluster.actor.cpp @@ -116,11 +116,10 @@ T simulate( const T& in ) { return out; } -static void simInitTLS() { - Reference options( new TLSOptions ); - options->set_cert_data( certBytes ); - options->set_key_data( certBytes ); - options->register_network(); +static void simInitTLS(Reference tlsOptions) { + tlsOptions->set_cert_data( certBytes ); + tlsOptions->set_key_data( certBytes ); + tlsOptions->register_network(); } ACTOR Future runBackup( Reference connFile ) { @@ -198,7 +197,8 @@ ACTOR Future runDr( Reference connFile ) { ACTOR Future simulatedFDBDRebooter( Reference connFile, uint32_t ip, - bool useSSL, + bool sslEnabled, + Reference tlsOptions, uint16_t port, LocalityData localities, ProcessClass processClass, @@ -233,7 +233,7 @@ ACTOR Future simulatedFDBDRebooter( .detailext("DataHall", localities.dataHallId()) .detail("Address", process->address.toString()) .detail("Excluded", process->excluded) - .detail("UsingSSL", useSSL); + .detail("UsingSSL", sslEnabled); TraceEvent("ProgramStart").detail("Cycles", cycles).detail("RandomId", randomId) .detail("SourceVersion", getHGVersion()) .detail("Version", FDB_VT_VERSION) @@ -250,10 +250,10 @@ ACTOR Future simulatedFDBDRebooter( //SOMEDAY: test lower memory limits, without making them too small and causing the database to stop making progress FlowTransport::createInstance(1); Sim2FileSystem::newFileSystem(); - if (useSSL) { - simInitTLS(); + if (sslEnabled) { + tlsOptions->register_network(); } - NetworkAddress n(ip, port, true, useSSL); + NetworkAddress n(ip, port, true, sslEnabled); Future listen = FlowTransport::transport().bind( n, n ); Future fd = fdbd( connFile, localities, processClass, *dataFolder, *coordFolder, 500e6, "", ""); Future backup = runBackupAgents ? runBackup(connFile) : Future(Never()); @@ -361,6 +361,7 @@ ACTOR Future simulatedMachine( ClusterConnectionString connStr, std::vector ips, bool sslEnabled, + Reference tlsOptions, LocalityData localities, ProcessClass processClass, std::string baseFolder, @@ -407,7 +408,7 @@ ACTOR Future simulatedMachine( for( int i = 0; i < ips.size(); i++ ) { std::string path = joinPath(myFolders[i], "fdb.cluster"); Reference clusterFile(useSeedFile ? new ClusterConnectionFile(path, connStr.toString()) : new ClusterConnectionFile(path)); - processes.push_back(simulatedFDBDRebooter(clusterFile, ips[i], sslEnabled, i + 1, localities, processClass, &myFolders[i], &coordFolders[i], baseFolder, connStr, useSeedFile, runBackupAgents)); + processes.push_back(simulatedFDBDRebooter(clusterFile, ips[i], sslEnabled, tlsOptions, i + 1, localities, processClass, &myFolders[i], &coordFolders[i], baseFolder, connStr, useSeedFile, runBackupAgents)); TraceEvent("SimulatedMachineProcess", randomId).detail("Address", NetworkAddress(ips[i], i+1, true, false)).detailext("ZoneId", localities.zoneId()).detailext("DataHall", localities.dataHallId()).detail("Folder", myFolders[i]); } @@ -593,8 +594,9 @@ ACTOR Future simulatedMachine( #include "fdbclient/MonitorLeader.h" -ACTOR Future restartSimulatedSystem(vector> *systemActors, std::string baseFolder, - int* pTesterCount, Optional *pConnString, int extraDB) { +ACTOR Future restartSimulatedSystem( + vector> *systemActors, std::string baseFolder, int* pTesterCount, + Optional *pConnString, Reference tlsOptions, int extraDB) { CSimpleIni ini; ini.SetUnicode(); ini.LoadFile(joinPath(baseFolder, "restartInfo.ini").c_str()); @@ -647,7 +649,7 @@ ACTOR Future restartSimulatedSystem(vector> *systemActors, st // SOMEDAY: parse backup agent from test file systemActors->push_back( reportErrors( simulatedMachine( - conn, ipAddrs, usingSSL, localities, processClass, baseFolder, true, i == useSeedForMachine, enableExtraDB ), + conn, ipAddrs, usingSSL, tlsOptions, localities, processClass, baseFolder, true, i == useSeedForMachine, enableExtraDB ), processClass == ProcessClass::TesterClass ? "SimulatedTesterMachine" : "SimulatedMachine") ); } @@ -891,8 +893,8 @@ void SimulationConfig::generateNormalConfig(int minimumReplication) { } void setupSimulatedSystem( vector> *systemActors, std::string baseFolder, - int* pTesterCount, Optional *pConnString, - Standalone *pStartingConfiguration, int extraDB, int minimumReplication) + int* pTesterCount, Optional *pConnString, + Standalone *pStartingConfiguration, int extraDB, int minimumReplication, Reference tlsOptions) { // SOMEDAY: this does not test multi-interface configurations SimulationConfig simconfig(extraDB, minimumReplication); @@ -958,7 +960,7 @@ void setupSimulatedSystem( vector> *systemActors, std::string baseF bool assignClasses = machineCount - dataCenters > 4 && g_random->random01() < 0.5; // Use SSL 5% of the time - bool sslEnabled = g_random->random01() < 0.05; + bool sslEnabled = g_random->random01() < 0.05 && tlsOptions->enabled(); TEST( sslEnabled ); // SSL enabled TEST( !sslEnabled ); // SSL disabled @@ -1033,7 +1035,7 @@ void setupSimulatedSystem( vector> *systemActors, std::string baseF // check the sslEnablementMap using only one ip( LocalityData localities(Optional>(), zoneId, zoneId, dcUID); localities.set(LiteralStringRef("data_hall"), dcUID); - systemActors->push_back(reportErrors(simulatedMachine(conn, ips, sslEnabled, + systemActors->push_back(reportErrors(simulatedMachine(conn, ips, sslEnabled, tlsOptions, localities, processClass, baseFolder, false, machine == useSeedForMachine, true ), "SimulatedMachine")); if (extraDB && g_simulator.extraDB->toString() != conn.toString()) { @@ -1045,7 +1047,7 @@ void setupSimulatedSystem( vector> *systemActors, std::string baseF Standalone newZoneId = Standalone(g_random->randomUniqueID().toString()); LocalityData localities(Optional>(), newZoneId, newZoneId, dcUID); localities.set(LiteralStringRef("data_hall"), dcUID); - systemActors->push_back(reportErrors(simulatedMachine(*g_simulator.extraDB, extraIps, sslEnabled, + systemActors->push_back(reportErrors(simulatedMachine(*g_simulator.extraDB, extraIps, sslEnabled, tlsOptions, localities, processClass, baseFolder, false, machine == useSeedForMachine, false ), "SimulatedMachine")); } @@ -1073,7 +1075,7 @@ void setupSimulatedSystem( vector> *systemActors, std::string baseF Standalone newZoneId = Standalone(g_random->randomUniqueID().toString()); LocalityData localities(Optional>(), newZoneId, newZoneId, Optional>()); systemActors->push_back( reportErrors( simulatedMachine( - conn, ips, sslEnabled, + conn, ips, sslEnabled, tlsOptions, localities, ProcessClass(ProcessClass::TesterClass, ProcessClass::CommandLineSource), baseFolder, false, i == useSeedForMachine, false ), "SimulatedTesterMachine") ); @@ -1142,7 +1144,7 @@ void checkExtraDB(const char *testFile, int &extraDB, int &minimumReplication) { ifs.close(); } -ACTOR void setupAndRun(std::string dataFolder, const char *testFile, bool rebooting, bool useSSL ) { +ACTOR void setupAndRun(std::string dataFolder, const char *testFile, bool rebooting, Reference tlsOptions ) { state vector> systemActors; state Optional connFile; state Standalone startingConfiguration; @@ -1155,8 +1157,8 @@ ACTOR void setupAndRun(std::string dataFolder, const char *testFile, bool reboot "TestSystem", 0x01010101, 1, LocalityData(Optional>(), Standalone(g_random->randomUniqueID().toString()), Optional>(), Optional>()), ProcessClass(ProcessClass::TesterClass, ProcessClass::CommandLineSource), "", "" ), TaskDefaultYield ) ); Sim2FileSystem::newFileSystem(); FlowTransport::createInstance(1); - if (useSSL) { - simInitTLS(); + if (tlsOptions->enabled()) { + simInitTLS(tlsOptions); } TEST(true); // Simulation start @@ -1164,11 +1166,11 @@ ACTOR void setupAndRun(std::string dataFolder, const char *testFile, bool reboot try { //systemActors.push_back( startSystemMonitor(dataFolder) ); if (rebooting) { - Void _ = wait( timeoutError( restartSimulatedSystem( &systemActors, dataFolder, &testerCount, &connFile, extraDB), 100.0 ) ); + Void _ = wait( timeoutError( restartSimulatedSystem( &systemActors, dataFolder, &testerCount, &connFile, tlsOptions, extraDB), 100.0 ) ); } else { g_expect_full_pointermap = 1; - setupSimulatedSystem( &systemActors, dataFolder, &testerCount, &connFile, &startingConfiguration, extraDB, minimumReplication ); + setupSimulatedSystem( &systemActors, dataFolder, &testerCount, &connFile, &startingConfiguration, extraDB, minimumReplication, tlsOptions ); Void _ = wait( delay(1.0) ); // FIXME: WHY!!! //wait for machines to boot } std::string clusterFileDir = joinPath( dataFolder, g_random->randomUniqueID().toString() ); diff --git a/fdbserver/SimulatedCluster.h b/fdbserver/SimulatedCluster.h index 4751cded14..eb8f325bd3 100644 --- a/fdbserver/SimulatedCluster.h +++ b/fdbserver/SimulatedCluster.h @@ -18,10 +18,12 @@ * limitations under the License. */ +#include "fdbrpc/TLSConnection.h" + #ifndef FDBSERVER_SIMULATEDCLUSTER_H #define FDBSERVER_SIMULATEDCLUSTER_H #pragma once -void setupAndRun(std::string const& dataFolder, const char* const& testFile, bool const& rebooting, bool const& useSSL); +void setupAndRun(std::string const& dataFolder, const char* const& testFile, bool const& rebooting, Reference const& useSSL); #endif diff --git a/fdbserver/fdbserver.actor.cpp b/fdbserver/fdbserver.actor.cpp index 5c1f4d5325..13a242f3aa 100644 --- a/fdbserver/fdbserver.actor.cpp +++ b/fdbserver/fdbserver.actor.cpp @@ -1192,7 +1192,8 @@ int main(int argc, char* argv[]) { break; case TLSOptions::OPT_TLS_PLUGIN: try { - tlsOptions->set_plugin_name_or_path( args.OptionArg() ); + const char* plugin_path = args.OptionArg(); + tlsOptions->set_plugin_name_or_path( plugin_path ? plugin_path : "" ); } catch (Error& e) { fprintf(stderr, "ERROR: cannot load TLS plugin `%s' (%s)\n", args.OptionArg(), e.what()); printHelpTeaser(argv[0]); @@ -1471,8 +1472,7 @@ int main(int argc, char* argv[]) { if ( tlsVerifyPeers.size() ) tlsOptions->set_verify_peers( tlsVerifyPeers ); - if (tlsOptions->get_policy()) - tlsOptions->register_network(); + tlsOptions->register_network(); if (role == FDBD || role == NetworkTestServer) { try { @@ -1586,7 +1586,7 @@ int main(int argc, char* argv[]) { platform::createDirectory( dataFolder ); } - setupAndRun( dataFolder, testFile, restarting, tlsOptions->enabled() ); + setupAndRun( dataFolder, testFile, restarting, tlsOptions ); g_simulator.run(); } else if (role == FDBD) { ASSERT( connectionFile );