This is an automated email from the ASF dual-hosted git repository.
xuanwo pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/incubator-opendal.git
The following commit(s) were added to refs/heads/main by this push:
new 292cd8846 ci(services/tikv): add tikv integration test with tls (#3026)
292cd8846 is described below
commit 292cd88464a7cec39682d2399359a9116b782e07
Author: G-XD <[email protected]>
AuthorDate: Sun Sep 10 00:44:09 2023 +0800
ci(services/tikv): add tikv integration test with tls (#3026)
---
.github/workflows/service_test_tikv.yml | 68 ++++++++++++++++-
core/src/services/tikv/fixtures/gen_cert.sh | 85 ++++++++++++++++++++++
core/src/services/tikv/fixtures/pd-tls.toml | 29 ++++++++
core/src/services/tikv/fixtures/ssl/ca-key.pem | 27 +++++++
core/src/services/tikv/fixtures/ssl/ca.pem | 22 ++++++
core/src/services/tikv/fixtures/ssl/client-key.pem | 27 +++++++
core/src/services/tikv/fixtures/ssl/client.pem | 21 ++++++
.../services/tikv/fixtures/ssl/pd-server-key.pem | 27 +++++++
core/src/services/tikv/fixtures/ssl/pd-server.pem | 21 ++++++
.../services/tikv/fixtures/ssl/tikv-server-key.pem | 27 +++++++
.../src/services/tikv/fixtures/ssl/tikv-server.pem | 22 ++++++
core/src/services/tikv/fixtures/tikv-tls.toml | 43 +++++++++++
12 files changed, 418 insertions(+), 1 deletion(-)
diff --git a/.github/workflows/service_test_tikv.yml
b/.github/workflows/service_test_tikv.yml
index 9e45173dd..a70173bb7 100644
--- a/.github/workflows/service_test_tikv.yml
+++ b/.github/workflows/service_test_tikv.yml
@@ -71,4 +71,70 @@ jobs:
RUST_LOG: debug
OPENDAL_TIKV_TEST: on
OPENDAL_TIKV_ENDPOINTS: "127.0.0.1:2379"
- OPENDAL_TIKV_INSECURE: true
\ No newline at end of file
+ OPENDAL_TIKV_INSECURE: true
+
+ tikv-tls:
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v3
+
+ - name: Copy Tikv Certificate Files
+ shell: bash
+ working-directory: core/src/services/tikv/fixtures/
+ run: |
+ mkdir -p /tmp/tikv/ssl
+ cp -r `pwd`/ssl/* /tmp/tikv/ssl
+
+ - name: install tiup
+ run: curl --proto '=https' --tlsv1.2 -sSf
https://tiup-mirrors.pingcap.com/install.sh | sh
+ - name: Start tikv-tls
+ run: |
+ # use latest stable version
+ ~/.tiup/bin/tiup install tikv:v7.3.0 pd:v7.3.0
+
+ ~/.tiup/components/tikv/v7.3.0/tikv-server \
+ --addr=127.0.0.1:20160 \
+ --advertise-addr=127.0.0.1:20160 \
+ --status-addr=127.0.0.1:20180 \
+ --pd-endpoints=https://127.0.0.1:2379 \
+ --data-dir=/tmp/tikv/data \
+ --log-file=/tmp/tikv/tikv.log \
+ --config=tikv-tls.toml &
+
+ ~/.tiup/components/pd/v7.3.0/pd-server \
+ --name=pd1 \
+ --peer-urls=https://127.0.0.1:2380 \
+ --advertise-peer-urls=https://127.0.0.1:2380 \
+ --client-urls=https://127.0.0.1:2379 \
+ --advertise-client-urls=https://127.0.0.1:2379 \
+ --initial-cluster=pd1=https://127.0.0.1:2380 \
+ --data-dir=/tmp/pd1/data \
+ --log-file=/tmp/pd1/pd.log \
+ --config=pd-tls.toml &
+
+ while :; do
+ echo "waiting tikv-tls-cluster to be ready"
+ [[ "$(curl -I --cacert /tmp/tikv/ssl/ca.pem --cert
/tmp/tikv/ssl/client.pem --key /tmp/tikv/ssl/client-key.pem
https://127.0.0.1:2379/pd/api/v1/regions 2>/dev/null | head -n 1 | cut -d$' '
-f2)" -ne "405" ]] || break
+ sleep 1
+ done
+ working-directory: core/src/services/tikv/fixtures/
+
+ - name: Setup Rust toolchain
+ uses: ./.github/actions/setup
+ with:
+ need-protoc: true
+ need-nextest: true
+
+ - name: Test
+ shell: bash
+ working-directory: core
+ run: cargo nextest run tikv --features services-tikv
+ env:
+ RUST_BACKTRACE: full
+ RUST_LOG: debug
+ OPENDAL_TIKV_TEST: on
+ OPENDAL_TIKV_ENDPOINTS: "https://127.0.0.1:2379";
+ OPENDAL_TIKV_INSECURE: false
+ OPENDAL_TIKV_CA_PATH: "/tmp/tikv/ssl/ca.pem"
+ OPENDAL_TIKV_CERT_PATH: "/tmp/tikv/ssl/client.pem"
+ OPENDAL_TIKV_KEY_PATH: "/tmp/tikv/ssl/client-key.pem"
diff --git a/core/src/services/tikv/fixtures/gen_cert.sh
b/core/src/services/tikv/fixtures/gen_cert.sh
new file mode 100755
index 000000000..919c1f2be
--- /dev/null
+++ b/core/src/services/tikv/fixtures/gen_cert.sh
@@ -0,0 +1,85 @@
+#! /bin/bash
+
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+set +e
+
+mkdir -p /tmp/tikv/ssl
+
+cd /tmp/tikv/ssl
+
+cat << EOF > ca-csr.json
+{
+ "CN": "Opendal Test CA",
+ "key": {
+ "algo": "rsa",
+ "size": 2048
+ },
+ "names": [
+ {
+ "C": "CN",
+ "L": "BJ",
+ "O": "Opendal",
+ "ST": "Beijing"
+ }
+ ]
+}
+EOF
+
+cat << EOF > ca-config.json
+{
+ "signing": {
+ "default": {
+ "expiry": "43800h"
+ },
+ "profiles": {
+ "server": {
+ "expiry": "43800h",
+ "usages": [
+ "signing",
+ "key encipherment",
+ "server auth",
+ "client auth"
+ ]
+ },
+ "client": {
+ "expiry": "43800h",
+ "usages": [
+ "signing",
+ "key encipherment",
+ "client auth"
+ ]
+ }
+ }
+ }
+}
+EOF
+
+curl -L -o cfssl https://pkg.cfssl.org/R1.2/cfssl_linux-amd64
+
+curl -L -o cfssljson https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64
+
+chmod +x cfssl*
+
+./cfssl gencert -initca ca-csr.json | ./cfssljson -bare ca -
+
+echo '{"CN":"tikv-server","hosts":[""],"key":{"algo":"rsa","size":2048}}' |
./cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json
-profile=server -hostname="127.0.0.1" - | ./cfssljson -bare tikv-server
+
+echo '{"CN":"pd-server","hosts":[""],"key":{"algo":"rsa","size":2048}}' |
./cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json
-profile=server -hostname="127.0.0.1" - | ./cfssljson -bare pd-server
+
+echo '{"CN":"client","hosts":[""],"key":{"algo":"rsa","size":2048}}' | ./cfssl
gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=client
-hostname="" - | ./cfssljson -bare client
diff --git a/core/src/services/tikv/fixtures/pd-tls.toml
b/core/src/services/tikv/fixtures/pd-tls.toml
new file mode 100644
index 000000000..e1f0d7eec
--- /dev/null
+++ b/core/src/services/tikv/fixtures/pd-tls.toml
@@ -0,0 +1,29 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+[schedule]
+max-merge-region-keys = 3
+max-merge-region-size = 1
+
+# Using empty strings here means disabling secure connections.
+[security]
+# The path to the file that contains the PEM encoding of the server’s CA
certificates.
+cacert-path = "/tmp/tikv/ssl/ca.pem"
+# The path to the file that contains the PEM encoding of the server’s
certificate chain.
+cert-path = "/tmp/tikv/ssl/pd-server.pem"
+# The path to the file that contains the PEM encoding of the server’s private
key.
+key-path = "/tmp/tikv/ssl/pd-server-key.pem"
diff --git a/core/src/services/tikv/fixtures/ssl/ca-key.pem
b/core/src/services/tikv/fixtures/ssl/ca-key.pem
new file mode 100644
index 000000000..2fe8710a3
--- /dev/null
+++ b/core/src/services/tikv/fixtures/ssl/ca-key.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpQIBAAKCAQEA8d2uu/Vu8xstL/vS6wSPJPlK9KlZKd3UPIGbmXSgo25g+sg1
+AeNk+Qwain3+IOmn41HZZ24xmY/cuFQs+T1tdU8z9oH0ZrDViRiO6nnw/6i6/owv
+BzjsoSoopwcHL9A65/09s09mngm1Ea9G7FSHTZ+ew8CY3U1Qznp4PQDiGQaphYju
+EOYAGI/aajXr3osT9mDLP29VGTL970g1IlP1Cz8UFty8raiQ+XXuV7KW5soeO4A4
+n6tboqjX6b556rmtYzq5vmn1W1Cl429q71eweTmwA1qAdSPRxCNlA0ExtTvVUgbF
+hhD9mjTYK7XnjazYqUG2kgGik3Gl5Leww+BB9wIDAQABAoIBAEUvr7sukwVRwdRX
+CdeWn0fpU+q2wr26KesA/DyiYw09FtrGCHu4y3p+Xt08+0P48sCQ+kqe9+tAftfv
+pEnLq5MCDBA4zmvNq9eiwccLCMhpQMxt10oOm4nioGxfE0w3GZKhG1Q+o1ET38rm
+Q7h42Zd30JeYcWHkqvfViq2Qohyb/98RzIyL5pXAMQl30oDCFvRzts0YpEzOVsCN
+eWoXkyCh9pK8DxC3LbziXjzQ3HfASgIzATRhtitSeoNw6McMpOr2g0mzuqVru+1G
+4GdUg78SOvjaCpihiO0CW7CL4o1xXUolPM5ICQo1wQKC0n03homwn0BVlIby7A1E
+xU3bjQkCgYEA82tA+L2CqX1b8/7O8YqkR15VkRr57P6W3BBWzW//HKDqehCyV8wW
+Jt1w0u/gzLfJQCBeEmeNCkVirUFhNsMWWpXJlTFHL87LwCxaPprb+ubENqqa/kpf
+gCfvspaMQCffwWVPJB8+VpYTjLVNGawUXpDgcQIBfrVdeM7cWmJmZDMCgYEA/l3h
+Yh1R2AK97tYDR4A0o7qtw+pgKrrcwZnXzSm8RO7UJ7DIXSQ8Hnv9Tt7k7lJHZtGA
+rlGIUW6ik2WHRwGaAsXbdhJi2i4q/5CeJ/Ga0MQR178DmjgJylvFdcgi5X1pQlG0
+0W9HHa3idnXMFHBSqNzI/HcRYBFEaEsIpvsPxy0CgYEA8F6dDgO1n0DXKJ4aJJLP
+nlodDOkim1DcD/tifAN4XADbCiaqteAmj8Jjwyh1SDLEXLqZqnru35Gc25GQOc9z
+p4f6Q4Uh0qfWs7IYe3HYgG6Ym5Lk8u7mV1sYa7YWUNQPNJ6iA/2GRWJ1c6EkvZEb
+nDZcK7vbVhAqeT1sgyRgD9kCgYEA1T+hd177QWwzDWswPp5WAzm6+feg/dHAxzIR
+wHeP1f6fsFK995AsMqZiG+Az7zTdlW5oQjwqW5K0C3xfqADIvDBiJ5+MbjusYqs8
+XGJqF0F5b/U8sOrwEk1TwsWxs9GrECVtwPNYnKItrIBfQndUZSsL+NRdpbt0LTdS
+nqL2fFUCgYEAnUjlttSdEJXxSqMh4XuIPQCq7s1eyKqgTWi1Z+OFxkssoOuVdECy
+drjL2rn1qFTjwLX7D0EMlmy6uS/Z+o81rSQoLuoy8T4HyBG48PG2dTq6zqTt9c7r
+SjTPTL1ysFtPSonNoMT1gkA4Uj722ipVw4ce5a7zm4ZWiVI2UhGtzIQ=
+-----END RSA PRIVATE KEY-----
diff --git a/core/src/services/tikv/fixtures/ssl/ca.pem
b/core/src/services/tikv/fixtures/ssl/ca.pem
new file mode 100644
index 000000000..498b23010
--- /dev/null
+++ b/core/src/services/tikv/fixtures/ssl/ca.pem
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDpDCCAoygAwIBAgIUWXPIvGjwUtdODCumPCsfrRlS/7EwDQYJKoZIhvcNAQEL
+BQAwWDELMAkGA1UEBhMCQ04xEDAOBgNVBAgTB0JlaWppbmcxCzAJBgNVBAcTAkJK
+MRAwDgYDVQQKEwdPcGVuZGFsMRgwFgYDVQQDEw9PcGVuZGFsIFRlc3QgQ0EwHhcN
+MjMwOTA4MTcwNzAwWhcNMjgwOTA2MTcwNzAwWjBYMQswCQYDVQQGEwJDTjEQMA4G
+A1UECBMHQmVpamluZzELMAkGA1UEBxMCQkoxEDAOBgNVBAoTB09wZW5kYWwxGDAW
+BgNVBAMTD09wZW5kYWwgVGVzdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAPHdrrv1bvMbLS/70usEjyT5SvSpWSnd1DyBm5l0oKNuYPrINQHjZPkM
+Gop9/iDpp+NR2WduMZmP3LhULPk9bXVPM/aB9Gaw1YkYjup58P+ouv6MLwc47KEq
+KKcHBy/QOuf9PbNPZp4JtRGvRuxUh02fnsPAmN1NUM56eD0A4hkGqYWI7hDmABiP
+2mo1696LE/Zgyz9vVRky/e9INSJT9Qs/FBbcvK2okPl17leylubKHjuAOJ+rW6Ko
+1+m+eeq5rWM6ub5p9VtQpeNvau9XsHk5sANagHUj0cQjZQNBMbU71VIGxYYQ/Zo0
+2Cu1542s2KlBtpIBopNxpeS3sMPgQfcCAwEAAaNmMGQwDgYDVR0PAQH/BAQDAgEG
+MBIGA1UdEwEB/wQIMAYBAf8CAQIwHQYDVR0OBBYEFDAtw/yFYwW5kXA2L/W3egib
+zNWiMB8GA1UdIwQYMBaAFDAtw/yFYwW5kXA2L/W3egibzNWiMA0GCSqGSIb3DQEB
+CwUAA4IBAQAUmtThwXaeBokpsF1YjYcjU1GkPtLzLemxJKCidjNNQJh4ssD3CdKv
+vll0jGOS3J6IXuTBeb/ihaSFsLAKs90+iKC4IV6fJwEKedGZC1rM40deDRNkgi2L
+0oEVQ0hYs0vPrjR+eoDkk6bclcGCIkSYE2H5dOWu1uw2ssxwLuvltAoUko17e9kr
+nzieHhE5uanijucgcezUPXKsAofEEqHU+6wnpi9uhT+Xebpobn5p+miFQRzDBNSF
+RlgVDMiozEs3OhQr3CkZHc0XQa0gDy6gBNcznEtl/3sVUdGO6v5VxfQsdsHoRRfJ
+oqc32cGdwg67BR71buJiwd+SHfjTvR8F
+-----END CERTIFICATE-----
diff --git a/core/src/services/tikv/fixtures/ssl/client-key.pem
b/core/src/services/tikv/fixtures/ssl/client-key.pem
new file mode 100644
index 000000000..8f11a4d51
--- /dev/null
+++ b/core/src/services/tikv/fixtures/ssl/client-key.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEA9CGlhtROBrlyNxRImAo9GCxrdEcfDjnlmsuQzDxbSAkNo8F8
+Fd7XM+yGQrbKtPKLMq2Mmcr/M1r8n7xEiJocRq5Asxx4f6XwcH6NCOxUASNGCkSH
+eK1YvI2ROVUa9YboaRyFOSxHKLkibRcXB6KQe/FS8aCQjoKEv4qOs/J8byKwL7hv
+fyXDOgA+/gxI5H8q957oyLjk9Bmfyk4GeacOfp3Bf2l5XEQg2rAu/Kiue68i4aAw
+VtPTN2Sjd+4/l0HIlA3A/oHmrkp+4q+uDGi1vMGYMT4gRwX7daAfPx57WbvBOPmi
+dKTop5JzPLdzdRMJqifT/+sIkqV6HEbHw7YGiQIDAQABAoIBADGTx6aq5LGO5Xf0
+AY4GvkNzedriOpdMAKm/30bqlur5E7EGsOlMGM3toZJYxq+addQz1FLDG7JVLupN
+dGl9SnK8Hl2BUaMykrJ1sLR4MdMNU8LwCcbjBRs9cJmBA/mKjRYTeaaTrFvDxQ78
+WmvtgoP5DQwOvGyEauru+23lt4llz26K0IzETGtbxIskPA+ksFLRV7nMwuDMA6UV
+j9tUdIdRAMt1tP6OKnwFQ4XKCEuGkw42TYq2zl2QdWhntN461Km4jbOAxn222ORr
+dJMdBxz3Wk7ueRN3om8bw6+tcwsIP0dw2xDz4es0yxmcLFrFfDqfwp8P7J8/DOUc
+KS7ekMUCgYEA/jSNOT/Q1l9QMahMzCEHoOjvqjzkc3Rn49ciU0uToz2snlEOGJAb
+dw0KGgPCIEHO2+dB7lW/Moxw6XTNowgtJ7qMPCCGLFeqXnEJf3z/qCuaJt7VsWVH
+8yzogbAEwtjO+cPpnl242DNkcAdKfPhazQ0gcxnz1vQyz7rtCgzGSHcCgYEA9drj
+NpAuBztvyhwpkKetUj8f/XOuMOCaUQoOdrT3NCsyMDuZrABv0Cx7j9hYGUj/VK1w
+q6mN3WyiOl7lV8ttSPQuTMHaOG8upa4s4qqxgdzQ5g3ljq23iGUQ47hbbuadhkaH
+vqeNRrHy/kvFhZ3dZiPPNRCeWlsJASCkgJW46P8CgYAmACsgZMbOVR9C3Rrl5QYj
+6s5xD3tDOyKQr8dk1kZyv7R/UjSePWStrlhVPTyW39+RhgeYHl9fqhjy/VAEUCOX
+7c4q6t3D4TMJvTIjScdaF3KK3wLo6vAPjSYQxQRhMFH4im3xC6enQj+Ac8aR2fqQ
+7qZsLnQCLS0vWo021GQLzwKBgQC3luOy/AmTFvxMlakoPz47O648yqSaFS7HM1ZH
+qK0sxNDumaMQgSb98im26dwnzY31gqqvVab9YUDni7OBUwRhxQ3J/bxiBgx0ZlNY
+VBTHn8hS8q+oUurJrIbnNeT5NLcO7R4y7dWepAWLhbOTKqaIvlbeDnHhkTdxIxoU
+dzmkqwKBgQC+GQ6cQzCwMPREYcmwkxlwLM4pPMr3KKnqEXGucttqWmvPKR6dXiuJ
+vFrzcI5DEylNVOysD2bH5GHNXImovi7uMIgW97+kY6T+GP2DJcZw+X0xhMmTgYEG
+1spIPx+sWs7I+j7gyQ/tYPossawnypQSbKv/QDK0c8WZlrqdg3lweQ==
+-----END RSA PRIVATE KEY-----
diff --git a/core/src/services/tikv/fixtures/ssl/client.pem
b/core/src/services/tikv/fixtures/ssl/client.pem
new file mode 100644
index 000000000..2e2a722e5
--- /dev/null
+++ b/core/src/services/tikv/fixtures/ssl/client.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDezCCAmOgAwIBAgIUQNwWtaZiZEEHyHznzpAzv4ylRsMwDQYJKoZIhvcNAQEL
+BQAwWDELMAkGA1UEBhMCQ04xEDAOBgNVBAgTB0JlaWppbmcxCzAJBgNVBAcTAkJK
+MRAwDgYDVQQKEwdPcGVuZGFsMRgwFgYDVQQDEw9PcGVuZGFsIFRlc3QgQ0EwHhcN
+MjMwOTA4MTcxMTAwWhcNMjgwOTA2MTcxMTAwWjARMQ8wDQYDVQQDEwZjbGllbnQw
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD0IaWG1E4GuXI3FEiYCj0Y
+LGt0Rx8OOeWay5DMPFtICQ2jwXwV3tcz7IZCtsq08osyrYyZyv8zWvyfvESImhxG
+rkCzHHh/pfBwfo0I7FQBI0YKRId4rVi8jZE5VRr1huhpHIU5LEcouSJtFxcHopB7
+8VLxoJCOgoS/io6z8nxvIrAvuG9/JcM6AD7+DEjkfyr3nujIuOT0GZ/KTgZ5pw5+
+ncF/aXlcRCDasC78qK57ryLhoDBW09M3ZKN37j+XQciUDcD+geauSn7ir64MaLW8
+wZgxPiBHBft1oB8/HntZu8E4+aJ0pOinknM8t3N1EwmqJ9P/6wiSpXocRsfDtgaJ
+AgMBAAGjgYMwgYAwDgYDVR0PAQH/BAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMC
+MAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFFZiVWlCfpDqvOsg7ygApUiSQkRMMB8G
+A1UdIwQYMBaAFDAtw/yFYwW5kXA2L/W3egibzNWiMAsGA1UdEQQEMAKCADANBgkq
+hkiG9w0BAQsFAAOCAQEArPCvyPtW8Yv4F2F1o8WLr/4cO0F6R7xE36w45xd8PdDy
+Op3Dg4jsNuFIOc7U58pNKAfOeUCeE0RAGEiwJ6OY0UeVLoN+huQO8/NVmzQq/JPm
+zThUYdCqR2Eltnzkcrutcg+cug0uRvqpjh1M+WBM/xSFhHtYRhvCsLOkbeXF1kx9
+JqiqerdcYPgojFOOFLMIjUBDurXjf94RX47OCRQDDwT01EIEuln1PB2m0d07dTlg
+1fQM9MrgWj66BUT55cHqCHVyHe/iWKVvIQTgCNdnCJt9fztkyP2t++U0NfuPVbSs
+nLZIqBBfYa9fzOzngOiXR9zsJyPaiiTZ3sTAu/17eg==
+-----END CERTIFICATE-----
diff --git a/core/src/services/tikv/fixtures/ssl/pd-server-key.pem
b/core/src/services/tikv/fixtures/ssl/pd-server-key.pem
new file mode 100644
index 000000000..d034185bb
--- /dev/null
+++ b/core/src/services/tikv/fixtures/ssl/pd-server-key.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAzveCV4rt8Z9Vu61lSMJGZ+DcqcIhgrUmgdnbBfoFLxJiBGyj
+tV6YXQ6W/NJ/MnbqZ9/W8s/Sy1Va/NndzY7Ss4cban4K2na3OkarWc6jTDDCh2ds
+bxEnyuSij827my+k8fJMsrqqenfG/NKUV/c4Dz3Vg6jVH+eEpeREbK+kzLLJGa5T
+KAjLIVIywTXt2gnlaF3S1XNiowrF2ilX1rjRoVbnPd8RgJfT1dy40M/TliFlafve
+YJTMagrzZZ36KgW5DY+d31Tmt4C3RUk2fOPGd6tQcWI3XeVHLaJ4aFLItii5lRop
+/+SHO6Qf862z+b3JK6jIzcklBvy/aiwILE2dIQIDAQABAoIBAQDE1GDyTp8iVm0b
+krkrbA+3RQO2snhaLVuUzJJe6bs6XBo5qPQ8Td1LSs/PW4U6ghtFdHyg6YLIe8GP
+jMdDcdvyfsBVE8/QmmyBEKpvO3TTxd+LFJHsQv18GNp9NqR/3tzYeJ32sE3nMLhe
+wwnvap626BCCKPOfZvghKKjmUFjDjmKUfWj1MzoZ+HMJzz6xlfPiuOei2qymadkn
+kevWoGot3KYZHy08DcooO7W0RCZ8dUQ4QPnY4MPiKwyVRaS5VDM9spCYP5+5hDai
+GXexCb8LpAYCQJLazB1/+dg27rCDUtiiEZF/faaLjLazOUJ6hQLdfoFG7ne4y60o
+aY6jidlBAoGBAOk+fogevB9DOMmuPUGnktIkIM8mDeWkvXw3jwfeQnoAYBwiMj+9
+cAtpTD3IWLO7ax+xR6eYbZO2y8upo6X1Flcouj0Upddh2a3ooXNDKFV0I37h1EOh
+HkUhUbFBpM4nd1IHtw5O+BkhnTyZX0/ApzPhjwPVtHQAIzK/Vyb/haK5AoGBAOMo
+tpyPFowc2XE2vtKIKraVyXKvBXn3Q5E4hX2OVcR+Urys/h+QK6fBBDwXgt9du+aY
+x9riWPVmtdOLUi50wGh+rg+n0MLPQnaBeju3m+NoExWhjPQdH8JBlSTxm9KEyeSP
+eAAB15wUKAqwdV0KRTmQ0u0rkmUVo4id+PmVqjmpAoGBAOPqlWod3mYOIeexw1ns
+jaOaehTxcpL8L8y53aIqpXrh8wiKwd9XFa2Q71dP9p1qfnsxmHtEj47QCMSyt57r
+pzD0M0iMbKHSlAtETr962GboXecWdXzAa/vRWyqCorBwEECwGUh6EiU8m5EjrecY
+skoYFtAAe5z+pWZpYphRCBzBAoGAQRcadHP/1vgxSmKQfU0tSBJVnfoOzKsQfl0+
+ywJtCxfTZ2L+klbCW5hQOVPXWV/HhsUCh3LSYMcklNBYJR2pQIgEIlJI3Hl9Ju3k
+85WiIqBgz5LyC8UIo6YdMW/V4ZXRMB/4F7BvcrbH3oA/sQBPY7Ze6jzQ/wwbRvtV
+K1c6ZrkCgYAIPRMspvc47aSgwAOCW9WgFBWBdSB1gv/FXli8KikZ8rP1c084wZnZ
+WWzgivb/ZkRlD0sKDdq8W/5BQKczCwJ8lM57yDau5F95yLzZBtSc4QBlKKfnArRv
+sp+bxynBBGfCHbE/iqYtKaK5Zsg145WcIsDnbDf8OKK9/i3ZdSpXjA==
+-----END RSA PRIVATE KEY-----
diff --git a/core/src/services/tikv/fixtures/ssl/pd-server.pem
b/core/src/services/tikv/fixtures/ssl/pd-server.pem
new file mode 100644
index 000000000..6b9168de9
--- /dev/null
+++ b/core/src/services/tikv/fixtures/ssl/pd-server.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDjDCCAnSgAwIBAgIUFVn3GLrU365PDFT8/6bivV2z+9AwDQYJKoZIhvcNAQEL
+BQAwWDELMAkGA1UEBhMCQ04xEDAOBgNVBAgTB0JlaWppbmcxCzAJBgNVBAcTAkJK
+MRAwDgYDVQQKEwdPcGVuZGFsMRgwFgYDVQQDEw9PcGVuZGFsIFRlc3QgQ0EwHhcN
+MjMwOTA4MTcxMDAwWhcNMjgwOTA2MTcxMDAwWjAUMRIwEAYDVQQDEwlwZC1zZXJ2
+ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDO94JXiu3xn1W7rWVI
+wkZn4NypwiGCtSaB2dsF+gUvEmIEbKO1XphdDpb80n8ydupn39byz9LLVVr82d3N
+jtKzhxtqfgradrc6RqtZzqNMMMKHZ2xvESfK5KKPzbubL6Tx8kyyuqp6d8b80pRX
+9zgPPdWDqNUf54Sl5ERsr6TMsskZrlMoCMshUjLBNe3aCeVoXdLVc2KjCsXaKVfW
+uNGhVuc93xGAl9PV3LjQz9OWIWVp+95glMxqCvNlnfoqBbkNj53fVOa3gLdFSTZ8
+48Z3q1BxYjdd5UctonhoUsi2KLmVGin/5Ic7pB/zrbP5vckrqMjNySUG/L9qLAgs
+TZ0hAgMBAAGjgZEwgY4wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUF
+BwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQM8rpNIf2l6T9r
+zk/FT7w4+OjJTzAfBgNVHSMEGDAWgBQwLcP8hWMFuZFwNi/1t3oIm8zVojAPBgNV
+HREECDAGhwR/AAABMA0GCSqGSIb3DQEBCwUAA4IBAQB9YsLBHn8KWN770kL1gkNy
+i1LTn/G6RXi1wsss50a4ZcjgHoHCYjtHLqMrFQCvfdCrHo8VkXWLn3+SkrmzImc7
+cZypvcpJhufxE0VDZON/zDdOhPGoBGTfhNv22uXsAAa1beBkRP/F3wIxwFaF0szR
+x2RcALCm/wcehd+fj+kd5lEwCu/F8lVV3CwA8L0tb2HdtIH3mgx0o/E1jt+5XEnH
+nWmBNVUl8btTJQEjdNnr5E/me39g98QA1NewtQVqlvQm1GM4YfX1m5gre4PtlAJ4
+Nm1hEpEGRUzF3J1emOLqfRCXfXmkdYWh3L62f56LfUOKUwv3rdkBpYkUYtQw+vZY
+-----END CERTIFICATE-----
diff --git a/core/src/services/tikv/fixtures/ssl/tikv-server-key.pem
b/core/src/services/tikv/fixtures/ssl/tikv-server-key.pem
new file mode 100644
index 000000000..49e82f4bf
--- /dev/null
+++ b/core/src/services/tikv/fixtures/ssl/tikv-server-key.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAxhY5xyxNsmPJwqOGkBXOvC7+kfNild04ly4d7VC7vqwyZC0b
+BrBT9qzkvl7f2zKs8bfbR0PmFeZyO8UFY082fULceKb9UP5sXGFakN/AAihwXOpG
+RdNjuQlaA7bQQ5O8wZa6IrMNCkEhjKHJwpRSnj3vUU9JV2Ug7islJaBr9B2ubCb2
+fJ3m8GQwGymZPb6BDkKuNtwuYA7vr2hlpwKcyp7pInSNZBUEDerqoK6wn2VLxRFZ
+jIkNgbDbgO04P5RE0yiDLRP5WGug1o5HhOdknrCHbQxyf5u82IHjAZnzqwWhKwxR
+cdzigrxCMoUbx9Bv/sPZAK2pv9OV9K0yvJix5wIDAQABAoIBAFGltZkADOJ7uRzu
+FDftlTIB2NJF1Jva/ElsK8+2mDwmc/rQkLQ4F9O0PfCt4G1UPO7BDrQYK41ZWDqE
+ogzmCJqm5YMhqYYp6HZHdnICl/0LuAzET8TWNeN+FEk1oDBKg+Hzg7Nrw/M3F2IF
+CcmXI1qwQqVsHdnVCDbDN+ODdRvAKdoujB3HnbwZKe/oLBKXnmilbsbm9Qb+wkao
+Eb0qUTgAQ/d3fJUKZ3UvJIJv9BNsWfiwDhEbYzLZntN33OA9qhGUtJl8IQtoNuWI
+FZO2xvwlbv3KrZsSvAjy6KV8xGVimmLm1tIBld9isMzXHvqcbl2PQe9IHfVZjijj
+zFNG0/kCgYEAzjs7bT2VVew7JuEl+vB9cYvFynKasLOdEiu8zEraLCFT7kPNOtwA
+xtf0AfXIIZj/emtoFaVHtKYuqO8uumKc6RsVXHg6HVG6g8Ph/nPPLMt83ZuipiL3
+LEI3e2owCeR6a9AGmxBrkacnG+NWpWcVi5JZoWdJcgKwGOzUQwp44oMCgYEA9ePU
+vcYQKX47wxjEoB+im0NpNiy7XWBxIgwnU3JQgT4uH4AlPeLF9uo4IcUebgNoj/WJ
+jF8ubaNZntUxvLj6LfF1rlabCpwOG5GKafQezENAv+qC46/bPt7f+STJVl7AqRBe
+2HEwfrA616LpKzznRd2BrWbSeEz3BwA6dhPqRc0CgYAUgFjpBC07TG+Y7trqtkuS
+JRX1iS0Nkd10d/qdyHcl2e5RClZ1mndNTRyJsVhC1sXW8qR3OmYFdFvBGX3os3Lr
+zXBzL9R/I6fJ/4gQ1oxq5JO2KAmkQGeX88E2OJkr8pWk8BooAhrfcOF3aUMs0DGZ
+HWRhojXv6op8/9YeEAVyZwKBgQC2bg1VqxAsqMJQEh03q6Dpzs7NacytD7OADkJT
+D/oYmXiA2INI8ensMoPo0iWse4zlWcduROPeZhZE2GnpWdgLpByqdwjai0OQQp/N
+0lfTNoZgnO31XXCtqY/Eef2CvhP0mvezX+8Z30gY2n5iHPJ9jET80M+Qf5G7OPkm
+x8nFdQKBgHSGulWtZbRuuXymi/atXJCKi3VNOktzDjGMPLTrU16K9jxAwOn1b4YY
+cJsrznNdNZN3anVHDWLsYBTIO69lw7EKCKHESTl8+C1mQNW7CJGmC/DEEQYiG3Hu
+hF2jdFw4DUjOPg29QkHx1Fd3/3trjR1yfjg353Mxwax2fLPs9xhx
+-----END RSA PRIVATE KEY-----
diff --git a/core/src/services/tikv/fixtures/ssl/tikv-server.pem
b/core/src/services/tikv/fixtures/ssl/tikv-server.pem
new file mode 100644
index 000000000..d76b9b1d3
--- /dev/null
+++ b/core/src/services/tikv/fixtures/ssl/tikv-server.pem
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDjjCCAnagAwIBAgIUF/Vdy9TFj5hSk1J+2i6BRAGpEbcwDQYJKoZIhvcNAQEL
+BQAwWDELMAkGA1UEBhMCQ04xEDAOBgNVBAgTB0JlaWppbmcxCzAJBgNVBAcTAkJK
+MRAwDgYDVQQKEwdPcGVuZGFsMRgwFgYDVQQDEw9PcGVuZGFsIFRlc3QgQ0EwHhcN
+MjMwOTA4MTcwOTAwWhcNMjgwOTA2MTcwOTAwWjAWMRQwEgYDVQQDEwt0aWt2LXNl
+cnZlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMYWOccsTbJjycKj
+hpAVzrwu/pHzYpXdOJcuHe1Qu76sMmQtGwawU/as5L5e39syrPG320dD5hXmcjvF
+BWNPNn1C3Him/VD+bFxhWpDfwAIocFzqRkXTY7kJWgO20EOTvMGWuiKzDQpBIYyh
+ycKUUp4971FPSVdlIO4rJSWga/Qdrmwm9nyd5vBkMBspmT2+gQ5CrjbcLmAO769o
+ZacCnMqe6SJ0jWQVBA3q6qCusJ9lS8URWYyJDYGw24DtOD+URNMogy0T+VhroNaO
+R4TnZJ6wh20Mcn+bvNiB4wGZ86sFoSsMUXHc4oK8QjKFG8fQb/7D2QCtqb/TlfSt
+MryYsecCAwEAAaOBkTCBjjAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYB
+BQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFOtZnfP/quO/
+5gdCoM5C7NVXlkwaMB8GA1UdIwQYMBaAFDAtw/yFYwW5kXA2L/W3egibzNWiMA8G
+A1UdEQQIMAaHBH8AAAEwDQYJKoZIhvcNAQELBQADggEBANIs3uNcBNAdSMqoVwlH
+1gCvUX8LfTslN+T+us5+xK6I35cbt+76+y0kLAY6X/FuwsIgkLJSVyNfyhNf67Gm
+IKxTxkxhs43VSeCmPOr5LAeME/rVmhLVdiTjXhA1/aTeUo3MtJHJGAhDIAyjVOd1
+bPQLLKZhvs7ZedsvdkWiQ4iJdN0bK/8nBh3eIT6Ey4+rC3LLBMDTyW101ocFvmcW
+kv9AYqGJtbNrueN1+pecwuw5iRMYzTgMBcrbD7ddwPXO67kOZesvf29CNEhD5qmJ
+MG9feqX8GMANCv5J3mBCN2kdFOjpcqv4rcmCJFYJDOxTMLGVQhVAdoJ/0vDVt4pI
+OU0=
+-----END CERTIFICATE-----
diff --git a/core/src/services/tikv/fixtures/tikv-tls.toml
b/core/src/services/tikv/fixtures/tikv-tls.toml
new file mode 100644
index 000000000..525c376c5
--- /dev/null
+++ b/core/src/services/tikv/fixtures/tikv-tls.toml
@@ -0,0 +1,43 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+[coprocessor]
+batch-split-limit = 100
+region-max-keys = 10
+region-split-keys = 7
+
+[raftstore]
+pd-heartbeat-tick-interval = "2s"
+pd-store-heartbeat-tick-interval = "5s"
+raft-entry-max-size = "10MB"
+region-split-check-diff = "1B"
+split-region-check-tick-interval = "1s"
+
+[rocksdb]
+max-open-files = 10000
+
+[raftdb]
+max-open-files = 10000
+
+# Using empty strings here means disabling secure connections.
+[security]
+# The path to the file that contains the PEM encoding of the server’s CA
certificates.
+ca-path = "/tmp/tikv/ssl/ca.pem"
+# The path to the file that contains the PEM encoding of the server’s
certificate chain.
+cert-path = "/tmp/tikv/ssl/tikv-server.pem"
+# The path to the file that contains the PEM encoding of the server’s private
key.
+key-path = "/tmp/tikv/ssl/tikv-server-key.pem"
