Enable gpfdists protocol for gpdemo

Generate certificates for gpfdists then place them into master and segments' data directories. After this commit, specifying gpfdist's `--ssl` option with `$MASTER_DATA_DIRECTORY/gpfdists` could enable gpfdists protocol for gpdemo. Also update `lalshell` to remove unnecessary lines. Signed-off-by: N Adam Lee <ali@pivotal.io> Signed-off-by: N Yuan Zhao <yuzhao@pivotal.io>

Enable gpfdists protocol for gpdemo
Generate certificates for gpfdists then place them into master and segments' data directories. After this commit, specifying gpfdist's `--ssl` option with `$MASTER_DATA_DIRECTORY/gpfdists` could enable gpfdists protocol for gpdemo. Also update `lalshell` to remove unnecessary lines. Signed-off-by: N Adam Lee <ali@pivotal.io> Signed-off-by: N Yuan Zhao <yuzhao@pivotal.io>
de93ffd5 · Adam Lee · Adam Lee · a0168969 · de93ffd5 · de93ffd5
5 changed file
--- a/gpAux/gpdemo/.gitignore
+++ b/gpAux/gpdemo/.gitignore
@@ -2,4 +2,4 @@ clusterConfigFile
 hostfile
 datadirs
 gpdemo-env.sh
-
+certificate
--- a/gpAux/gpdemo/Makefile
+++ b/gpAux/gpdemo/Makefile
@@ -2,15 +2,27 @@
 # Makefile for Greenplum Demo
 # ----------------------------------------------------------------------

-SHELL=/bin/bash
+#
+# INCLUDES
+#
+
+top_builddir = ../..
+-include $(top_builddir)/src/Makefile.global

 #
 # VARIABLES
 #

-MASTER_PORT?=15432
-PORT_BASE?=25432
-NUM_PRIMARY_MIRROR_PAIRS?=3
+export enable_gpfdist
+export with_openssl
+
+MASTER_PORT ?= 15432
+PORT_BASE ?= 25432
+NUM_PRIMARY_MIRROR_PAIRS ?= 3
+
+export MASTER_DEMO_PORT=$(MASTER_PORT)
+export DEMO_PORT_BASE=$(PORT_BASE)
+export NUM_PRIMARY_MIRROR_PAIRS

 all:
 	$(MAKE) clean
@@ -18,23 +30,23 @@ all:
 	$(MAKE) cluster
 	$(MAKE) probe

-cluster:	
-	@ MASTER_DEMO_PORT=$(MASTER_PORT) DEMO_PORT_BASE=$(PORT_BASE) NUM_PRIMARY_MIRROR_PAIRS=$(NUM_PRIMARY_MIRROR_PAIRS) ./demo_cluster.sh
-	@ echo ""
+cluster:
+	@./demo_cluster.sh
+	@echo ""

 probe:
-	@ MASTER_DEMO_PORT=$(MASTER_PORT) DEMO_PORT_BASE=$(PORT_BASE) NUM_PRIMARY_MIRROR_PAIRS=$(NUM_PRIMARY_MIRROR_PAIRS) ./probe_config.sh
-	@ echo ""
-
-.PHONY : clean 
+	@./probe_config.sh
+	@echo ""

 check: 
-	@ MASTER_DEMO_PORT=$(MASTER_PORT) DEMO_PORT_BASE=$(PORT_BASE) NUM_PRIMARY_MIRROR_PAIRS=$(NUM_PRIMARY_MIRROR_PAIRS) ./demo_cluster.sh -c
-	@ echo ""
+	@./demo_cluster.sh -c
+	@echo ""

 clean:
-	@ echo "======================================================================"
-	@ echo "Deleting cluster.... "
-	@ echo "======================================================================"
-	@ MASTER_DEMO_PORT=$(MASTER_PORT) DEMO_PORT_BASE=$(PORT_BASE) NUM_PRIMARY_MIRROR_PAIRS=$(NUM_PRIMARY_MIRROR_PAIRS) ./demo_cluster.sh -d
-	@ echo ""
+	@echo "======================================================================"
+	@echo "Deleting cluster.... "
+	@echo "======================================================================"
+	@./demo_cluster.sh -d
+	@echo ""
+
+.PHONY: all cluster probe clean check clean
--- a/gpAux/gpdemo/demo_cluster.sh
+++ b/gpAux/gpdemo/demo_cluster.sh
@@ -362,6 +362,24 @@ echo "gpinitsystem returned: ${RETURN}"
 echo "========================================"
 echo ""

+if [ "$enable_gpfdist" = "yes" ] && [ "$with_openssl" = "yes" ]; then
+	echo "======================================================================"
+	echo "Generating SSL certificates for gpfdists:"
+	echo "======================================================================"
+	echo ""
+
+	./generate_certs.sh >> generate_certs.log
+
+	cp -r certificate/gpfdists $QDDIR/$SEG_PREFIX-1/
+
+	for (( i=1; i<=$NUM_PRIMARY_MIRROR_PAIRS; i++ ))
+	do
+		cp -r certificate/gpfdists $DATADIRS/dbfast$i/${SEG_PREFIX}$((i-1))/
+		cp -r certificate/gpfdists $DATADIRS/dbfast_mirror$i/${SEG_PREFIX}$((i-1))/
+	done
+	echo ""
+fi
+
 OPTIMIZER=$(psql -t -p ${MASTER_DEMO_PORT} -d template1 -c "show optimizer"   2>&1)

 echo "======================================================================" 2>&1 | tee -a optimizer-state.log

--- a/gpAux/gpdemo/generate_certs.sh
+++ b/gpAux/gpdemo/generate_certs.sh
+#!/bin/sh
+
+csr="server.req"
+key="server.key"
+cert="server.crt"
+
+# create the csr
+openssl req -new -passin pass:password -passout pass:password -text -out $csr 2>&1 <<-EOF
+US
+California
+Palo Alto
+Pivotal
+GPDB
+127.0.0.1
+gpdb@127.0.0.1
+.
+.
+EOF
+
+[ -f ${csr} ] && openssl req -text -noout -in ${csr} 2>&1
+
+# create the key
+openssl rsa -in privkey.pem -passin pass:password -passout pass:password -out ${key}
+
+# create the certificate
+openssl x509 -in ${csr} -out ${cert} -req -signkey ${key} -days 1000
+
+chmod og-rwx ${key}
+
+mkdir -p certificate/gpfdists
+
+cp server.key certificate/gpfdists/server.key
+cp server.crt certificate/gpfdists/server.crt
+cp server.key certificate/gpfdists/client.key
+cp server.crt certificate/gpfdists/client.crt
+cp server.crt certificate/gpfdists/root.crt
+
+rm -f server.* privkey.pem
--- a/gpAux/gpdemo/lalshell
+++ b/gpAux/gpdemo/lalshell
 #!/bin/bash

 shift
-#CMD=$1
-#shift
-bash -c "$*"

-RETVAL=$?
+bash -c "$*"

-if [ $RETVAL -ne 0 ]; then
-  exit $RETVAL
-fi
+exit $?