vernemq / vmq_mzbench

An MQTT loadtest and usage scenario tool for VerneMQ and other MQTT systems.
Apache License 2.0
42 stars 44 forks source link

How to run with TLS? #7

Closed gdhgdhgdh closed 4 years ago

gdhgdhgdh commented 7 years ago

Hello :)

Thank you for this software - is there a way to connect to port 8883 and present a client-side TLS certificate when running VMQ load tests?

I can see that the connect state is linked to that record in vmq_commons : https://github.com/erlio/vmq_commons/blob/master/src/gen_emqtt.erl#L53-L75 and I see the ssl:socket as a type of sock but I don't get how I can bring a TLS client certificate into the mix :/

ioolkos commented 7 years ago

Hi @gdhgdhgdh! Thanks for asking. I basically still owe an answer to this... see https://github.com/erlio/vmq_mzbench/issues/5#issuecomment-279728820 Maybe this helps to get you started, but the main problem is how to load the client certs into the MZBench workers. (I could probably upload the prepared cert files for our test certs, if you're interested)

gdhgdhgdh commented 7 years ago

Thank you :) Ahh I did read through many Github issues and didn't see that one ....

Yes please if you could upload the test certs, then hopefully there will be a clue in there as to how I can reformat our own certs. I knew the transport was the key, but had no idea how to specify the multiple cert files....

Stasik0 commented 4 years ago

@ioolkos @gdhgdhgdh anyone got luck with tls? I try to connect to hivemq without certificates atm, so setting transport=t(ssl, [t(verify, "verify_none")]) but no connection is possible...

gdhgdhgdh commented 4 years ago

I haven't used vernemq or the vmq_mzbench since mid 2017, but here's what scrappy info I kept...

The `.erl` files for TLS keys can be created using something like this inside the `erl` shell:

{ok, File} = file:read_file('/path/to/admin.crt').
rp(public_key:pem_decode(File)).

You should end up with output like this that you can put into a .erl file:

<<48,130,3,57,48,130,2,33,160,3,2,1,2,2,1,
                  4,48,13,6,9,42,134,72,134,247,13,1,1,11,
                  5,0,48,22,49,20,48,18,6,3,85,4,3,12,11,
                  69,97,115,121,45,82,83,65,32,67,65,48,
[.........]

or

{'RSAPrivateKey',<<48,130,4,165,2,1,0,2,130,1,1,0,218,
                    163,26,215,182,245,155,59,173,61,26,
                    34,47,249,29,102,117,131,149,0,79,207,
                    252,52,74,161,89,63,116,32,254,80,98,
                    105,31,58,104,89,171,45,129,226,110,

and then use a bench descrption like:

#!benchDL

make_install(git = "https://github.com/gdhgdhgdh/vmq_mzbench.git", branch = "refs/heads/master")

include_resource(cacertsfile1, "ca.erl", erlang)
include_resource(certfile1, "admin.erl", erlang)
include_resource(keyfile1, "admin-priv.erl", erlang)

pool(size = 1,
     worker_type = mqtt_worker):

            connect([t(host, "xxxxxxxxxxxxxxxx.eu-west-2.elb.amazonaws.com"),
                    t(port,8883),
                    t(client,"subscriber1"),
                    t(clean_session,true),
                    t(keepalive_interval,60),
                    t(proto_version,4), t(reconnect_timeout,4),
                    t(transport,
                      t(ssl, [
                        t(reuse_sessions, false),
                        t(cacerts, resource(cacertsfile1)),
                        t(cert,resource(certfile1)),
                        t(key, resource(keyfile1))]
                      ))
                    ])
            wait(1 sec)
            subscribe("loadtest/clients/#", 1)

Hope that helps!

Stasik0 commented 4 years ago

@gdhgdhgdh public_key:pem_decode(File). gives me just "[], hmmm...

Stasik0 commented 4 years ago

@gdhgdhgdh

i got it somehow running just by including vertificates from gist (also allows to use web-based ui)

include_resource(cacertsfile, "https://gist.githubusercontent.com/ioolkos/1e6e0107b961caf910a0deb61a7e4a23/raw/041e3c747d75880d0811409c0955ee3f1bfc0784/erlang_ca.erl", erlang) include_resource(certfile, "https://gist.githubusercontent.com/ioolkos/1e6e0107b961caf910a0deb61a7e4a23/raw/041e3c747d75880d0811409c0955ee3f1bfc0784/erlang_client_cert.erl", erlang) include_resource(keyfile, "https://gist.githubusercontent.com/ioolkos/1e6e0107b961caf910a0deb61a7e4a23/raw/041e3c747d75880d0811409c0955ee3f1bfc0784/erlang_client_key.erl", erlang