Created
September 7, 2021 15:22
-
-
Save angrycub/e37492cbf0cc066da9ebc85696fe6937 to your computer and use it in GitHub Desktop.
Reproducer for RPCUpgradeMode PR
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
nomad_bin=${HOME}/github/hashicorp/nomad/pkg/darwin_amd64/nomad | |
#nomad_bin=/usr/local/bin/nomad | |
show_file () { | |
echo "" | |
echo "+================================================" | |
echo "| 📄 ${1}" | |
echo "+------------------------------------------------" | |
cat ${1} | awk '{print "| "$0}' | |
echo "+================================================" | |
echo "" | |
} | |
repeat_char () { | |
length=$1 | |
char=$2 | |
head -c ${length} < /dev/zero | tr '\0' "${char}" | |
} | |
mkdir -p tls | |
if [ $? -ne 0 ] | |
then | |
echo "tls directory exists; exiting." | |
exit 1 | |
fi | |
pidcount=$(ps aux | grep nomad | grep -v grep | wc -l | tr -d " \t\n") | |
if [ ${pidcount} -ne 0 ] | |
then | |
echo "Found a nomad pid; exiting..." | |
exit 1 | |
fi | |
cd tls && rm -rf * | |
consul tls ca create -domain=nomad | |
consul tls cert create -domain=nomad -dc=global -server | |
consul tls cert create -domain=nomad -dc=global -client | |
consul tls cert create -domain=nomad -dc=global -cli | |
cd .. | |
cat <<EOF > tls.hcl | |
tls { | |
http = true | |
rpc = true | |
ca_file = "tls/nomad-agent-ca.pem" | |
cert_file = "tls/global-server-nomad-0.pem" | |
key_file = "tls/global-server-nomad-0-key.pem" | |
verify_server_hostname = true | |
verify_https_client = true | |
rpc_upgrade_mode = true | |
} | |
EOF | |
sleep 1 | |
echo "Starting Nomad Dev Agent..." | |
$nomad_bin agent -dev -config=tls.hcl & | |
nomad_pid=$! | |
err () { | |
echo "${1}" | |
show_file nomad.log | |
echo "Deleting tls folder contents..." | |
# rm -rf tls/* | |
echo "Killing nomad agent..." | |
kill -9 ${nomad_pid} | |
echo "Done." | |
exit 1 | |
} | |
show_file tls.hcl | |
echo "Sleeping for 10 seconds..." | |
sleep 10 | |
export NOMAD_ADDR=https://127.0.0.1:4646 | |
export CURL_FLAGS="--cacert tls/nomad-agent-ca.pem --cert tls/global-server-nomad-0.pem --key tls/global-server-nomad-0-key.pem" | |
SELF="$(curl --silent --show-error --fail $CURL_FLAGS $NOMAD_ADDR/v1/agent/self 2>&1)" | |
EXIT_CODE=$? | |
echo "" | |
echo "$(repeat_char 70 '^')" | |
echo "${SELF:0:60} . . ." | |
echo "$(repeat_char 70 '^')" | |
echo "Validating \${SELF} is json..." | |
JQ_TEST="$(jq '.config.TLSConfig' <<< ${SELF} 2>&1)" | |
EXIT_CODE=$? | |
echo "===================================" | |
echo "${JQ_TEST}" | |
echo "===================================" | |
if [ $EXIT_CODE -ne 0 ] | |
then | |
err "FAIL: \${SELF} is not json: ${JQ_TEST}" | |
fi | |
echo "Checking RPCUpgradeMode..." | |
echo " - RPCUpgradeMode: \"$(jq -r '.config.TLSConfig.RPCUpgradeMode' <<< $SELF)\" " | |
if [ "$(jq -r '.config.TLSConfig.RPCUpgradeMode' <<< $SELF)" != "true" ] | |
then | |
err "FAIL: tls.rpc_upgrade_mode is not enabled." | |
fi | |
echo "Updating configuration file" | |
sed 's/rpc_upgrade_mode = true/rpc_upgrade_mode = false/g' tls.hcl > tls.hcl.new | |
mv tls.hcl.new tls.hcl | |
show_file tls.hcl | |
kill -HUP ${nomad_pid} | |
sleep 10 | |
SELF="$(curl --silent --show-error --fail $CURL_FLAGS $NOMAD_ADDR/v1/agent/self 2>&1)" | |
EXIT_CODE=$? | |
echo "" | |
echo "$(repeat_char 70 '^')" | |
echo "${SELF:0:60} . . ." | |
echo "$(repeat_char 70 '^')" | |
echo "Validating \${SELF} is json..." | |
JQ_TEST="$(jq '.config.TLSConfig' <<< ${SELF} 2>&1)" | |
echo "===================================" | |
echo "${JQ_TEST}" | |
echo "===================================" | |
EXIT_CODE=$? | |
if [ $EXIT_CODE -ne 0 ] | |
then | |
err "FAIL: \${SELF} is not json: ${JQ_TEST}" | |
fi | |
echo "Checking RPCUpgradeMode..." | |
echo " - RPCUpgradeMode: \"$(jq -r '.config.TLSConfig.RPCUpgradeMode' <<< $SELF)\" " | |
if [ "$(jq -r '.config.TLSConfig.RPCUpgradeMode' <<< $SELF)" != "false" ] | |
then | |
err "FAIL: tls.rpc_upgrade_mode is still enabled" | |
fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment