search

cockroachdb / loadgen

CockroachDB load generators
Apache License 2.0
30 stars 25 forks source link

Cannot use secure connection with TCPP #180

Open SJAnderson opened 6 years ago

SJAnderson commented 6 years ago

my docker file

FROM golang
RUN mkdir -p /u/certs
RUN chmod 701 /u/certs
RUN echo -e "-----BEGIN RSA PRIVATE KEY-----..." > /u/certs/client.root.key
RUN chmod 600 /u/certs/client.root.key
RUN echo -e "-----BEGIN CERTIFICATE-----..." > /u/certs/client.root.crt
RUN chmod 600 /u/certs/client.root.crt
RUN echo -e "-----BEGIN CERTIFICATE-----..." > /u/certs/ca.crt
RUN chmod 600 /u/certs/ca.crt
RUN chown root /u/certs/*
RUN chgrp root /u/certs/*
RUN ls -l /u/certs/
RUN go get github.com/cockroachdb/loadgen/tpcc

ENTRYPOINT ["tpcc"]

execution

sudo docker run -it --rm abcdefghij -tolerate-errors   "postgresql://root@my.host.com:12345/tpcc?sslcert=/u/certs/ca.crt&sslkey=/u/certs/client.root.key&sslmode=verify-ca&sslrootcert=/u/certs/client.root.crt"
_time______opName__ops/s(inst)__ops/s(cum)__p50(ms)__p90(ms)__p95(ms)__p99(ms)_pMax(ms)
   1s    newOrder          0.0         0.0      0.0      0.0      0.0      0.0      0.0
   2s    newOrder          0.0         0.0      0.0      0.0      0.0      0.0      0.0
   3s    newOrder          0.0         0.0      0.0      0.0      0.0      0.0      0.0
   4s    newOrder          0.0         0.0      0.0      0.0      0.0      0.0      0.0
   5s    newOrder          0.0         0.0      0.0      0.0      0.0      0.0      0.0
2018/05/15 04:22:35 error in delivery: tls: failed to find any PEM data in certificate input
   6s    newOrder          0.0         0.0      0.0      0.0      0.0      0.0      0.0
   7s    newOrder          0.0         0.0      0.0      0.0      0.0      0.0      0.0
   8s    newOrder          0.0         0.0      0.0      0.0      0.0      0.0      0.0
2018/05/15 04:22:38 error in payment: tls: failed to find any PEM data in certificate input

Seems like I can only use an insecure connection.

mberhault commented 6 years ago

The error message is directly from the Go TLS library. This occurs when the certificate/key files do not parse properly. Make sure the argument to echo is correct, it looks like it's getting garbled.

SJAnderson commented 6 years ago

@mberhault have you been able to use this with secure DBs?

mberhault commented 6 years ago

Sure:

./tpcc/tpcc -load 'postgres://root@localhost:26257/?sslmode=verify-full&sslrootcert=certs/ca.crt&sslcert=certs/client.root.crt&sslkey=certs/client.root.key'
Created 9 tables
Loaded 100000/100000 items
TPCCLoadItem      100000         28456.9 ns/op
Loading warehouse 1/1
Loaded 100000/100000 stocks
TPCCLoadStock     100000         63232.9 ns/op
etc...

Again, the error you listed is from the Go TLS library (used in our tpcc code) trying to parse a certificate. Also, you switched sslcert and sslrootcert in your connection url.