[GitHub] flink pull request #6327: [FLINK-9839][e2e] add a streaming allround test wi...

[zentol]

Github user zentol commented on a diff in the pull request:

    https://github.com/apache/flink/pull/6327#discussion_r202648993
  
    --- Diff: flink-end-to-end-tests/test-scripts/common.sh ---
    @@ -148,6 +151,41 @@ function create_ha_config() {
     EOL
     }
     
    +function set_conf_ssl {
    +
    +    # clean up the dir that will be used for SSL certificates and trust 
stores
    +    if [ -e "${TEST_DATA_DIR}/ssl" ]; then
    +       echo "File ${TEST_DATA_DIR}/ssl exists. Deleting it..."
    +       rm -rf "${TEST_DATA_DIR}/ssl"
    +    fi
    +    mkdir -p "${TEST_DATA_DIR}/ssl"
    +    NODENAME=`hostname -f`
    +    SANSTRING="dns:${NODENAME}"
    +    for NODEIP in `hostname -I | cut -d' ' -f1` ; do
    +        SANSTRING="${SANSTRING},ip:${NODEIP}"
    +    done
    +
    +    # create certificates
    +    keytool -genkeypair -alias ca -keystore 
"${TEST_DATA_DIR}/ssl/ca.keystore" -dname "CN=Sample CA" -storepass password 
-keypass password -keyalg RSA -ext bc=ca:true
    +    keytool -keystore "${TEST_DATA_DIR}/ssl/ca.keystore" -storepass 
password -alias ca -exportcert > "${TEST_DATA_DIR}/ssl/ca.cer"
    +    keytool -importcert -keystore "${TEST_DATA_DIR}/ssl/ca.truststore" 
-alias ca -storepass password -noprompt -file "${TEST_DATA_DIR}/ssl/ca.cer"
    +
    +    keytool -genkeypair -alias node -keystore 
"${TEST_DATA_DIR}/ssl/node.keystore" -dname "CN=${NODENAME}" -ext 
SAN=${SANSTRING} -storepass password -keypass password -keyalg RSA
    +    keytool -certreq -keystore "${TEST_DATA_DIR}/ssl/node.keystore" 
-storepass password -alias node -file "${TEST_DATA_DIR}/ssl/node.csr"
    +    keytool -gencert -keystore "${TEST_DATA_DIR}/ssl/ca.keystore" 
-storepass password -alias ca -ext SAN=${SANSTRING} -infile 
"${TEST_DATA_DIR}/ssl/node.csr" -outfile "${TEST_DATA_DIR}/ssl/node.cer"
    +    keytool -importcert -keystore "${TEST_DATA_DIR}/ssl/node.keystore" 
-storepass password -file "${TEST_DATA_DIR}/ssl/ca.cer" -alias ca -noprompt
    +    keytool -importcert -keystore "${TEST_DATA_DIR}/ssl/node.keystore" 
-storepass password -file "${TEST_DATA_DIR}/ssl/node.cer" -alias node -noprompt
    +
    +    # adapt config
    +    set_conf security.ssl.enabled true
    --- End diff --
    
    maybe add a comment that this relies on component-specific ssl switches 
being enabled by default.


---