Skip to content

Commit 7c3d18a

Browse files
committed
roachtest: create secure clusters by default
In order to run on secure clusters, many tests were changed to explicity specify a pgurl or certs directory to authenticate with. Currently most tests authenticate with the root user, but in the future we want to use a non root user when possible. This change also fixes roachtests to use the new defaultHTTPClient helper to disable cert verification and automatically retrieve and use sessionID for auth. Release note: None
1 parent 7c6c6e4 commit 7c3d18a

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

85 files changed

+423
-465
lines changed

pkg/cmd/roachtest/cluster.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1428,7 +1428,7 @@ func (c *clusterImpl) HealthStatus(
14281428
return nil, errors.WithDetail(err, "Unable to get admin UI address(es)")
14291429
}
14301430
getStatus := func(ctx context.Context, node int) *HealthStatusResult {
1431-
url := fmt.Sprintf(`http://%s/health?ready=1`, adminAddrs[node-1])
1431+
url := fmt.Sprintf(`https://%s/health?ready=1`, adminAddrs[node-1])
14321432
resp, err := httputil.Get(ctx, url)
14331433
if err != nil {
14341434
return newHealthStatusResult(node, 0, nil, err)

pkg/cmd/roachtest/clusterstats/BUILD.bazel

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,6 @@ go_library(
1515
deps = [
1616
"//pkg/cmd/roachtest/cluster",
1717
"//pkg/cmd/roachtest/option",
18-
"//pkg/cmd/roachtest/roachtestutil",
1918
"//pkg/cmd/roachtest/test",
2019
"//pkg/roachprod/logger",
2120
"//pkg/roachprod/prometheus",

pkg/cmd/roachtest/roachtestutil/BUILD.bazel

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,7 @@ go_library(
66
"commandbuilder.go",
77
"disk_usage.go",
88
"health_checker.go",
9+
"httpclient.go",
910
"jaeger.go",
1011
"utils.go",
1112
"validation_check.go",
@@ -25,9 +26,10 @@ go_library(
2526
"//pkg/util/httputil",
2627
"//pkg/util/humanizeutil",
2728
"//pkg/util/log",
29+
"//pkg/util/protoutil",
30+
"//pkg/util/syncutil",
2831
"//pkg/util/timeutil",
2932
"@com_github_cockroachdb_errors//:errors",
30-
"@com_github_pkg_errors//:errors",
3133
],
3234
)
3335

pkg/cmd/roachtest/roachtestutil/mixedversion/mixedversion.go

Lines changed: 1 addition & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -141,9 +141,7 @@ var (
141141
// defaultClusterSettings is the set of cluster settings always
142142
// passed to `clusterupgrade.StartWithSettings` when (re)starting
143143
// nodes in a cluster.
144-
defaultClusterSettings = []install.ClusterSettingOption{
145-
install.SecureOption(true),
146-
}
144+
defaultClusterSettings = []install.ClusterSettingOption{}
147145

148146
// minSupportedARM64Version is the minimum version for which there
149147
// is a published ARM64 build. If we are running a mixedversion test

pkg/cmd/roachtest/roachtestutil/utils.go

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -30,9 +30,13 @@ func SystemInterfaceSystemdUnitName() string {
3030
// DefaultPGUrl is a wrapper over roachprod.PgUrl that calls it with the arguments
3131
// that *almost* all roachtests want: single tenant and only a single node.
3232
func DefaultPGUrl(
33-
ctx context.Context, c cluster.Cluster, l *logger.Logger, node option.NodeListOption,
33+
ctx context.Context,
34+
c cluster.Cluster,
35+
l *logger.Logger,
36+
node option.NodeListOption,
37+
auth install.PGAuthMode,
3438
) (string, error) {
35-
opts := roachprod.PGURLOptions{Secure: c.IsSecure()}
39+
opts := roachprod.PGURLOptions{Auth: auth, Secure: c.IsSecure()}
3640
pgurl, err := roachprod.PgURL(ctx, l, c.MakeNodes(node), "certs", opts)
3741
if err != nil {
3842
return "", err

pkg/cmd/roachtest/tests/activerecord.go

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -51,7 +51,8 @@ func registerActiveRecord(r registry.Registry) {
5151
t.Status("setting up cockroach")
5252
startOpts := option.DefaultStartOptsInMemory()
5353
startOpts.RoachprodOpts.SQLPort = config.DefaultSQLPort
54-
c.Start(ctx, t.L(), startOpts, install.MakeClusterSettings(), c.All())
54+
// Activerecord uses root user with ssl disabled.
55+
c.Start(ctx, t.L(), startOpts, install.MakeClusterSettings(install.SecureOption(false)), c.All())
5556

5657
version, err := fetchCockroachVersion(ctx, t.L(), c, node[0])
5758
if err != nil {

pkg/cmd/roachtest/tests/admission_control_elastic_io.go

Lines changed: 4 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -65,17 +65,16 @@ func registerElasticIO(r registry.Registry) {
6565
WithGrafanaDashboardJSON(grafana.ChangefeedAdmissionControlGrafana)
6666
err := c.StartGrafana(ctx, t.L(), promCfg)
6767
require.NoError(t, err)
68-
promClient, err := clusterstats.SetupCollectorPromClient(ctx, c, t.L(), promCfg)
69-
require.NoError(t, err)
70-
statCollector := clusterstats.NewStatsCollector(ctx, promClient)
71-
7268
c.Put(ctx, t.DeprecatedWorkload(), "./workload", c.Node(workAndPromNode))
7369
startOpts := option.DefaultStartOptsNoBackups()
7470
roachtestutil.SetDefaultAdminUIPort(c, &startOpts.RoachprodOpts)
7571
startOpts.RoachprodOpts.ExtraArgs = append(startOpts.RoachprodOpts.ExtraArgs,
7672
"--vmodule=io_load_listener=2")
7773
settings := install.MakeClusterSettings()
7874
c.Start(ctx, t.L(), startOpts, settings, c.Range(1, crdbNodes))
75+
promClient, err := clusterstats.SetupCollectorPromClient(ctx, c, t.L(), promCfg)
76+
require.NoError(t, err)
77+
statCollector := clusterstats.NewStatsCollector(ctx, promClient)
7978
setAdmissionControl(ctx, t, c, true)
8079
duration := 30 * time.Minute
8180
t.Status("running workload")
@@ -85,7 +84,7 @@ func registerElasticIO(r registry.Registry) {
8584
url := fmt.Sprintf(" {pgurl:1-%d}", crdbNodes)
8685
cmd := "./workload run kv --init --histograms=perf/stats.json --concurrency=512 " +
8786
"--splits=1000 --read-percent=0 --min-block-bytes=65536 --max-block-bytes=65536 " +
88-
"--txn-qos=background --tolerate-errors" + dur + url
87+
"--txn-qos=background --tolerate-errors --secure" + dur + url
8988
c.Run(ctx, option.WithNodes(c.Node(workAndPromNode)), cmd)
9089
return nil
9190
})

pkg/cmd/roachtest/tests/admission_control_intent_resolution.go

Lines changed: 5 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -64,17 +64,18 @@ func registerIntentResolutionOverload(r registry.Registry) {
6464
WithGrafanaDashboardJSON(grafana.ChangefeedAdmissionControlGrafana)
6565
err := c.StartGrafana(ctx, t.L(), promCfg)
6666
require.NoError(t, err)
67-
promClient, err := clusterstats.SetupCollectorPromClient(ctx, c, t.L(), promCfg)
68-
require.NoError(t, err)
69-
statCollector := clusterstats.NewStatsCollector(ctx, promClient)
7067

7168
startOpts := option.DefaultStartOptsNoBackups()
7269
startOpts.RoachprodOpts.ExtraArgs = append(startOpts.RoachprodOpts.ExtraArgs,
7370
"--vmodule=io_load_listener=2")
74-
roachtestutil.SetDefaultSQLPort(c, &startOpts.RoachprodOpts)
7571
roachtestutil.SetDefaultAdminUIPort(c, &startOpts.RoachprodOpts)
7672
settings := install.MakeClusterSettings()
7773
c.Start(ctx, t.L(), startOpts, settings, c.Range(1, crdbNodes))
74+
75+
promClient, err := clusterstats.SetupCollectorPromClient(ctx, c, t.L(), promCfg)
76+
require.NoError(t, err)
77+
statCollector := clusterstats.NewStatsCollector(ctx, promClient)
78+
7879
setAdmissionControl(ctx, t, c, true)
7980
t.Status("running txn")
8081
m := c.NewMonitor(ctx, c.Range(1, crdbNodes))

pkg/cmd/roachtest/tests/admission_control_multitenant_fairness.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -145,7 +145,7 @@ func runMultiTenantFairness(
145145
t.L().Printf("starting cockroach securely (<%s)", time.Minute)
146146
c.Start(ctx, t.L(),
147147
option.DefaultStartOptsNoBackups(),
148-
install.MakeClusterSettings(install.SecureOption(true)),
148+
install.MakeClusterSettings(),
149149
crdbNode,
150150
)
151151

pkg/cmd/roachtest/tests/admission_control_tpcc_overload.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -124,7 +124,7 @@ func verifyNodeLiveness(
124124
if err := retry.WithMaxAttempts(ctx, retry.Options{
125125
MaxBackoff: 500 * time.Millisecond,
126126
}, 60, func() (err error) {
127-
response, err = getMetrics(ctx, adminURLs[0], now.Add(-runDuration), now, []tsQuery{
127+
response, err = getMetrics(ctx, c, t, adminURLs[0], now.Add(-runDuration), now, []tsQuery{
128128
{
129129
name: "cr.node.liveness.heartbeatfailures",
130130
queryType: total,

0 commit comments

Comments
 (0)