| #! /usr/bin/env bash |
| |
| # Licensed to the Apache Software Foundation (ASF) under one |
| # or more contributor license agreements. See the NOTICE file |
| # distributed with this work for additional information |
| # regarding copyright ownership. The ASF licenses this file |
| # to you under the Apache License, Version 2.0 (the |
| # "License"); you may not use this file except in compliance |
| # with the License. You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, software |
| # distributed under the License is distributed on an "AS IS" BASIS, |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| # See the License for the specific language governing permissions and |
| # limitations under the License. |
| |
| # test-multicert-loading: test loading large numbers of SSL certificates. |
| |
| TSQA_TSXS=${TSQA_TSXS:-/opt/ats/bin/tsxs} |
| TSQA_TESTNAME=$(basename $0) |
| source $(dirname $0)/functions |
| |
| bootstrap |
| |
| # If Traffic Server is not up, bring it up ... |
| alive cop || startup || fatal unable to start Traffic Server |
| trap shutdown 0 EXIT |
| |
| #msg unpacking the SSL certificates into \$sysconfdir/ssl. |
| #( |
| # tarball=$(cd $(dirname $0) && pwd)/ssl-multicert-bundle.tar.bz2 |
| # conf=$TSQA_ROOT/$(sysconfdir)/ssl |
| # |
| # cd $TSQA_ROOT/$(sysconfdir) && tar -xf $tarball |
| #) |
| |
| msg updating SSL configuration paths |
| tsexec traffic_line -s proxy.config.ssl.server.cert.path -v $TSQA_ROOT/$(sysconfdir)/ssl |
| tsexec traffic_line -s proxy.config.ssl.server.multicert.filename -v $TSQA_ROOT/$(sysconfdir)/ssl/ssl_multicert.config |
| |
| # XXX configure an exampe plugin that uses the TS-2437 SSL lifecycle hooks |
| |
| # XXX hardcoding the ports is lame ... |
| PORT=9443:ssl,10443:ssl,11443:ssl |
| |
| # Enable SSL and bounce Traffic Server. |
| tsexec traffic_line -s proxy.config.diags.action.enabled -v 1 |
| tsexec traffic_line -s proxy.config.diags.action.tags -v test.multicert.delay |
| |
| tsexec traffic_line -s proxy.config.http.server_ports -v $PORT |
| tsexec traffic_line -s proxy.config.diags.debug.enabled -v 1 |
| tsexec traffic_line -s proxy.config.diags.debug.tags -v ssl |
| |
| # Stash the admin port while we have traffic_server running. It won't be |
| # available later if traffic_server does not come back up. |
| admin_port=$(tsexec traffic_line -r proxy.config.process_manager.mgmt_port) |
| |
| # The sleep is needed to let Traffic Server schedule the config change. |
| msgwait 2 to restart with SSL ports enabled |
| tsexec traffic_line -L |
| |
| msgwait 6 for traffic_server to restart |
| alive server || startup || fatal unable to start Traffic Server |
| |
| # XXX use the SSL lifecycle hooks in TS-2437 to verify that we loaded the |
| # certificates. |
| |
| START=$(date +%s) |
| |
| # Verify that the healthcheck comes up within about 60 seconds. |
| for c in $(seq 60) ; do |
| curl --silent --max-time 1 -o /dev/null http://127.0.0.1:${admin_port}/synthetic.txt && exit $TSQA_FAIL |
| sleep 1 |
| done |
| |
| fail unable to start traffic_server after $(( $(date +%s) - $START )) seconds |
| exit $TSQA_FAIL |
| |
| # vim: set sw=2 ts=2 et : |
