loadgen icon indicating copy to clipboard operation
loadgen copied to clipboard

Published 20 hours ago verified publisher icon cockroachdb

Cannot use secure connection with TCPP

Open SJAnderson opened this issue 6 years ago • 3 comments

my docker file

FROM golang
RUN mkdir -p /u/certs
RUN chmod 701 /u/certs
RUN echo -e "-----BEGIN RSA PRIVATE KEY-----..." > /u/certs/client.root.key
RUN chmod 600 /u/certs/client.root.key
RUN echo -e "-----BEGIN CERTIFICATE-----..." > /u/certs/client.root.crt
RUN chmod 600 /u/certs/client.root.crt
RUN echo -e "-----BEGIN CERTIFICATE-----..." > /u/certs/ca.crt
RUN chmod 600 /u/certs/ca.crt
RUN chown root /u/certs/*
RUN chgrp root /u/certs/*
RUN ls -l /u/certs/
RUN go get github.com/cockroachdb/loadgen/tpcc

ENTRYPOINT ["tpcc"]

execution

sudo docker run -it --rm abcdefghij -tolerate-errors   "postgresql://[email protected]:12345/tpcc?sslcert=/u/certs/ca.crt&sslkey=/u/certs/client.root.key&sslmode=verify-ca&sslrootcert=/u/certs/client.root.crt"
_time______opName__ops/s(inst)__ops/s(cum)__p50(ms)__p90(ms)__p95(ms)__p99(ms)_pMax(ms)
   1s    newOrder          0.0         0.0      0.0      0.0      0.0      0.0      0.0
   2s    newOrder          0.0         0.0      0.0      0.0      0.0      0.0      0.0
   3s    newOrder          0.0         0.0      0.0      0.0      0.0      0.0      0.0
   4s    newOrder          0.0         0.0      0.0      0.0      0.0      0.0      0.0
   5s    newOrder          0.0         0.0      0.0      0.0      0.0      0.0      0.0
2018/05/15 04:22:35 error in delivery: tls: failed to find any PEM data in certificate input
   6s    newOrder          0.0         0.0      0.0      0.0      0.0      0.0      0.0
   7s    newOrder          0.0         0.0      0.0      0.0      0.0      0.0      0.0
   8s    newOrder          0.0         0.0      0.0      0.0      0.0      0.0      0.0
2018/05/15 04:22:38 error in payment: tls: failed to find any PEM data in certificate input

Seems like I can only use an insecure connection.

SJAnderson avatar May 15 '18 04:05 SJAnderson

The error message is directly from the Go TLS library. This occurs when the certificate/key files do not parse properly. Make sure the argument to echo is correct, it looks like it's getting garbled.

mberhault avatar May 15 '18 10:05 mberhault

@mberhault have you been able to use this with secure DBs?

SJAnderson avatar May 16 '18 05:05 SJAnderson

Sure:

./tpcc/tpcc -load 'postgres://root@localhost:26257/?sslmode=verify-full&sslrootcert=certs/ca.crt&sslcert=certs/client.root.crt&sslkey=certs/client.root.key'
Created 9 tables
Loaded 100000/100000 items
TPCCLoadItem	  100000	     28456.9 ns/op
Loading warehouse 1/1
Loaded 100000/100000 stocks
TPCCLoadStock	  100000	     63232.9 ns/op
etc...

Again, the error you listed is from the Go TLS library (used in our tpcc code) trying to parse a certificate. Also, you switched sslcert and sslrootcert in your connection url.

mberhault avatar May 16 '18 10:05 mberhault