[jira] [Commented] (FLINK-10842) Waiting loops are broken in e2e/common.sh

Mon, 03 Dec 2018 07:54:02 -0800 


    [ 
https://issues.apache.org/jira/browse/FLINK-10842?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16707380#comment-16707380
 ] 

ASF GitHub Bot commented on FLINK-10842:
----------------------------------------

azagrebin commented on a change in pull request #7221: [FLINK-10842][E2E tests] 
fix broken waiting loops in common.sh
URL: https://github.com/apache/flink/pull/7221#discussion_r238319837
 
 

 ##########
 File path: flink-end-to-end-tests/test-scripts/common.sh
 ##########
 @@ -185,16 +186,19 @@ function set_conf_ssl {
     echo "Using SAN ${SANSTRING}"
 
     # create certificates
-    keytool -genkeypair -alias ca -keystore "${TEST_DATA_DIR}/ssl/ca.keystore" 
-dname "CN=Sample CA" -storepass password -keypass password -keyalg RSA -ext 
bc=ca:true
+    keytool -genkeypair -alias ca -keystore "${TEST_DATA_DIR}/ssl/ca.keystore" 
-dname "CN=Sample CA" -storepass password -keypass password -keyalg RSA -ext 
bc=ca:true -storetype PKCS12
     keytool -keystore "${TEST_DATA_DIR}/ssl/ca.keystore" -storepass password 
-alias ca -exportcert > "${TEST_DATA_DIR}/ssl/ca.cer"
     keytool -importcert -keystore "${TEST_DATA_DIR}/ssl/ca.truststore" -alias 
ca -storepass password -noprompt -file "${TEST_DATA_DIR}/ssl/ca.cer"
 
-    keytool -genkeypair -alias node -keystore 
"${TEST_DATA_DIR}/ssl/node.keystore" -dname "CN=${NODENAME}" -ext 
SAN=${SANSTRING} -storepass password -keypass password -keyalg RSA
+    keytool -genkeypair -alias node -keystore 
"${TEST_DATA_DIR}/ssl/node.keystore" -dname "CN=${NODENAME}" -ext 
SAN=${SANSTRING} -storepass password -keypass password -keyalg RSA -storetype 
PKCS12
     keytool -certreq -keystore "${TEST_DATA_DIR}/ssl/node.keystore" -storepass 
password -alias node -file "${TEST_DATA_DIR}/ssl/node.csr"
     keytool -gencert -keystore "${TEST_DATA_DIR}/ssl/ca.keystore" -storepass 
password -alias ca -ext SAN=${SANSTRING} -infile 
"${TEST_DATA_DIR}/ssl/node.csr" -outfile "${TEST_DATA_DIR}/ssl/node.cer"
     keytool -importcert -keystore "${TEST_DATA_DIR}/ssl/node.keystore" 
-storepass password -file "${TEST_DATA_DIR}/ssl/ca.cer" -alias ca -noprompt
     keytool -importcert -keystore "${TEST_DATA_DIR}/ssl/node.keystore" 
-storepass password -file "${TEST_DATA_DIR}/ssl/node.cer" -alias node -noprompt
 
+    # keystore is converted into a pem format to use it as node.pem with curl 
in Flink REST API queries, see also $CURL_SSL_ARGS
+    openssl pkcs12 -passin pass:password -in 
"${TEST_DATA_DIR}/ssl/node.keystore" -out "${TEST_DATA_DIR}/ssl/node.pem" -nodes
 
 Review comment:
   `start_cluster` uses `query_running_tms` in `common.sh`.
   `query_running_tms` has to use certs in `curl` command if SSL is enabled 
(previously it was not a problem because if `"x$USE_SSL" = "xON"` was wrong and 
used http url but failed curl was ignored in broken timeout'ed waiting loop, I 
think along with cert exceptions in JM logs).
   `openssl` generates `node.pem` used with `curl` in `CURL_SSL_ARGS` to 
properly connect to SSL'ed cluster.
   `keytool` uses by default deprecated `JKS`, this fact was also logged 
previously in test run.
   From what I found for 1.7, `openssl` uses another changed non-deprecated 
protocol to generate understandable `node.pem` for `curl`.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


> Waiting loops are broken in e2e/common.sh
> -----------------------------------------
>
>                 Key: FLINK-10842
>                 URL: https://issues.apache.org/jira/browse/FLINK-10842
>             Project: Flink
>          Issue Type: Bug
>          Components: E2E Tests
>    Affects Versions: 1.7.0
>            Reporter: Andrey Zagrebin
>            Assignee: Andrey Zagrebin
>            Priority: Major
>              Labels: pull-request-available
>             Fix For: 1.7.0
>
>
> There are 3 loops in flink-end-to-end-tests/test-scripts/common.sh where the 
> script waits for some event to happen (for i in \{1..10}; do):
>  - wait_dispatcher_running
>  - start_and_wait_for_tm
>  - wait_job_running
> All loops have 10 iterations and the loop breaks if the awaited event 
> happens. If timeout occurs then the script does not fail and the function 
> just continues after 10 iterations ignoring that the awaited event did not 
> happen.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to