Open hdleviathan opened 5 years ago
dsperling
commented
5 years ago The JMETER_FLAGS are passed to Gru here: https://github.com/smithmicro/jmeter-ecs/blob/f9f4459b8b738103aef1818879fd40a776b4e376/lucy/lucy.sh#L160-L161
This has been a recent change, so I a wondering if you might have an older Lucy image. Can you try the following to see if you have the latest?
docker pull smithmicro/lucy
hdleviathan
commented
5 years ago The JMETER_FLAGS are passed to Gru here: jmeter-ecs/lucy/lucy.sh
Lines 160 to 161 in f9f4459
ssh -i $PEM_PATH/$KEY_NAME.pem -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no ec2-user@${GRU_HOST} \ "docker run --network host -v /tmp:/plans -v /logs:/logs --env MINION_HOSTS=$MINION_HOSTS --env JMETER_FLAGS=$JMETER_FLAGS smithmicro/jmeter:$JMETER_VERSION $JMX_IN_COMTAINER" This has been a recent change, so I a wondering if you might have an older Lucy image. Can you try the following to see if you have the latest?
docker pull smithmicro/lucy
Thanks for the quick reply, I am running the latest lucy, I've also tried CSV file test case, and I can confirm that the whole /plans folder are being copied to ECS since the CSV tests are running fine. So I guess my question now is, does "JMETER_FLAGS=-Djavax.net.ssl.keyStore=/plans/someCert.p12" this System property line need to be added to the minions as well? in order to run the ssl related test.
dsperling
commented
5 years ago OK, I understand the scenario now. Currently, JMETER_FLAGS are only passed to Gru.
Passing JMETER_FLAGS to the Minions is straightforward and would be a simple edition to lucy.sh and lucy.yml. I will take a look.
dsperling
commented
5 years ago I have the change coded but not yet tested. If you want to give it a try, change your docker run command line to:
docker run ... smithmicro/lucy:feature-39
hdleviathan
commented
5 years ago Hi @dsperling , I have just run the 'smithmicro/lucy:feature-39', but still got 401s in my test. And I lwent through the jmeter-server.log files in both of my minions, I don't see the line 'Setting System property: javax.net.ssl.keyStore=/plans/someCert.p12' which is there in the Gru jmeter.log So don't know if the new code is working correctly? Thanks.
dsperling
commented
5 years ago Strike 1. Is there a jmx and p12 file you could share with me to duplicate the issue?
hdleviathan
commented
5 years ago Hi @dsperling here is my test file and cert file. Please just use it as your debug purpose. Thanks.
hdleviathan
commented
5 years ago Hi @dsperling any update on this issue?
dsperling
commented
5 years ago Code changes may not be required assuming the --globalproperty (-G) switch works as advertised. Try using the production lucy:latest and change your JMETER_FLAGS variable to:
--env JMETER_FLAGS=-Gjavax.net.ssl.keyStore=/plans/someCert.p12 You should see the following in your log:
Setting Global property: javax.net.ssl.keyStore=/plans/test.p12Does this work for you?
dsperling
commented
5 years ago There is a missing piece. In order to unlock the keystore remotely, we will need to pass the following variable:
javax.net.ssl.keyStorePasswordCould you send the password for your .p12 file sent previously?
hdleviathan
commented
5 years ago Hi @dsperling, I didn't set the password for this certificate. And I also tried running locally using jmeter CLI "jmeter -n -t test.jmx -l log.jtl -Djavax.net.ssl.keyStore=path_to/someCert.p12" (you can try run this locally and see the log also). This command is good enough to get the right result.
Also I tried -G on latest Lucy. Still got unauthorized. Also "-G" says it's global property, not sure if it's the same as System properties(-D)..
Really appreciate your help. Di
hdleviathan
commented
5 years ago Hi @dsperling , I edited the entrypoint.sh for jmeter. Added the properties in the "# run jmeter in server (minion) mode" section. And it's working now.
Thanks, Di
dsperling
commented
5 years ago Just to confirm, you are using lucy:feature-39 from above and edited entrypoint.sh here:
to read:
exec jmeter-server -n $JMETER_FLAGS \Correct?
dsperling
commented
5 years ago Glad it is working now. I was looking into the password required for the .p12 file since when I run the following locally on JMeter using:
./jmeter -Djavax.net.ssl.keyStore=test.p12I am asked for a password when running the plan.
I could see how your local keystore might cache the password, but am wondering how JAVA inside the Docker image knows the keystore password.
Are you using the identical test.p12 file that you sent me, or something different?
hdleviathan
commented
5 years ago Hi @dsperling, it failed for me without password too. So I added a password to the certificate. Then it was working fine.
Also the screenshot you sent seems like you were trying on GUI mode, try using Non-Gui mode, and you may not need the password.
Thanks, Di
dsperling
commented
5 years ago I was only trying GUI mode to ensure I could run your JMX first. Are you comfortable in sharing your .p12 password out of band?
Hi, so the server I am testing against needs ssl certificate. I am aware that we can copy the whole /plans folder to ECS now. So I copied the p12 file into the /plans folder, and added "--env JMETER_FLAGS=-Djavax.net.ssl.keyStore=/plans/someCert.p12 \" to add as system properties when running lucy.
After running it, the result are still all 401. And going throught the logs, The log on Gru has "Setting System property: javax.net.ssl.keyStore=/plans/.....p12" line, but the logs on minions don't have this line. So just wondering if the variable line I added is enough or is there some changes need to be made?