Skip to content
This repository has been archived by the owner on Jul 24, 2024. It is now read-only.

test: Add TDE feature test #1273

Merged
merged 14 commits into from
Jul 14, 2021
Merged

test: Add TDE feature test #1273

merged 14 commits into from
Jul 14, 2021

Conversation

ZipFast
Copy link
Contributor

@ZipFast ZipFast commented Jun 23, 2021
edited
Loading

What problem does this PR solve?

close issure # 1265
Add integration test for backup and restore when TDE feature enable

What is changed and how it works?

Add test case in integration tests

Check List

Tests

  • Unit test
  • Integration test

Related changes

  • Need to cherry-pick to the release branch

Release note

  • No Release Note

@ti-chi-bot ti-chi-bot requested review from glorv and overvenus June 23, 2021 11:52
@ZipFast ZipFast linked an issue Jun 23, 2021 that may be closed by this pull request
Add a test include TDE feature. #1265
Closed
@ZipFast ZipFast marked this pull request as ready for review June 24, 2021 05:11
@ZipFast ZipFast requested a review from 3pointer June 24, 2021 05:11
@ZipFast ZipFast marked this pull request as draft June 30, 2021 00:58
@ZipFast ZipFast marked this pull request as ready for review July 1, 2021 07:49
overvenus
overvenus reviewed Jul 2, 2021
View reviewed changes
Copy link
Member

@overvenus overvenus left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Rest LGTM

@ZipFast ZipFast mentioned this pull request Jul 5, 2021
Merged
@ZipFast
Copy link
Contributor Author

ZipFast commented Jul 5, 2021

/run-integration-test

@ZipFast ZipFast requested review from kennytm and overvenus July 6, 2021 09:18
kennytm
kennytm reviewed Jul 8, 2021
View reviewed changes
tests/br_restore_TDE_enable/run.sh Outdated

# start Minio KMS service

export MINIO_KMS_KES_ENDPOINT=https://play.min.io:7373
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The KES instance at https://play.min.io:7373 is meant to experiment and provides a way to get started quickly.
Note that anyone can access or delete master keys at https://play.min.io:7373. You should run your own KES instance in production.

is it possible the KMS become unavailable 🤔

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have no idea, and I had built a KES instance based on filesystem keystore, the backup process will cause the following problem:

2021/07/08 17:25:23 http: TLS handshake error from 127.0.0.1:50530: remote error: tls: bad certificate

API: PutObject(bucket=mybucket, object=br_restore_TDE_enable/backup.lock)
Time: 17:25:23 CST 07/08/2021
DeploymentID: 62ea50fd-5f6e-4148-83b1-4a5d44dd14f2
RequestID: 168FC69289933DF3
RemoteHost: 127.0.0.1
Host: 127.0.0.1:24927
UserAgent: aws-sdk-go/1.35.3 (go1.16.5; linux; amd64)
Error: Post https://127.0.0.1:7391/v1/key/generate/my-minio-key: x509: certificate signed by unknown authority
       4: cmd/api-errors.go:1786:cmd.toAPIErrorCode()
       3: cmd/api-errors.go:1811:cmd.toAPIError()
       2: cmd/object-handlers.go:1360:cmd.objectAPIHandlers.PutObjectHandler()
       1: net/http/server.go:2007:http.HandlerFunc.ServeHTTP()

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Zwj-coder is the KES server configured like https://github.com/minio/kes/wiki/Getting-Started#22-create-the-root-identity?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It seems that the tikv node have not certification to access KES server.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@kennytm Yes

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@kennytm I had replaced outside instance https://play.min.io:7373 with a self-made KES Server , the previous problem was caused by that KES Server not trust the self-signed certification, and we should explicitly set
export MINIO_KMS_KES_CA_PATH=<CA-or-KES-server-certificate>

overvenus
overvenus approved these changes Jul 9, 2021
View reviewed changes
Copy link
Member

@overvenus overvenus left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@ti-chi-bot ti-chi-bot added the status/LGT1 LGTM1 label Jul 9, 2021
@ZipFast
Copy link
Contributor Author

ZipFast commented Jul 9, 2021

/run-integration-test

@ZipFast
Copy link
Contributor Author

ZipFast commented Jul 9, 2021

@kennytm CI problem fixed

@ZipFast ZipFast requested a review from kennytm July 13, 2021 01:44
kennytm
kennytm reviewed Jul 13, 2021
View reviewed changes
Copy link
Collaborator

@kennytm kennytm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

rest LGTM

tests/br_restore_TDE_enable/run.sh Outdated Show resolved Hide resolved
@ZipFast ZipFast requested a review from kennytm July 14, 2021 00:41
@ti-chi-bot
Copy link
Member

[REVIEW NOTIFICATION]

This pull request has been approved by:

  • kennytm
  • overvenus

To complete the pull request process, please ask the reviewers in the list to review by filling /cc @reviewer in the comment.
After your PR has acquired the required number of LGTMs, you can assign this pull request to the committer in the list by filling /assign @committer in the comment to help you merge this pull request.

The full list of commands accepted by this bot can be found here.

Reviewer can indicate their review by submitting an approval review.
Reviewer can cancel approval by submitting a request changes review.

@ti-chi-bot ti-chi-bot added status/LGT2 LGTM2 and removed status/LGT1 LGTM1 labels Jul 14, 2021
@glorv
Copy link
Collaborator

glorv commented Jul 14, 2021

/merge

@ti-chi-bot
Copy link
Member

This pull request has been accepted and is ready to merge.

Commit hash: 9975d81

@ti-chi-bot ti-chi-bot merged commit 65ae7dd into pingcap:master Jul 14, 2021
@ti-chi-bot ti-chi-bot mentioned this pull request Jul 14, 2021
Merged
@ti-chi-bot
Copy link
Member

In response to a cherrypick label: new pull request created: #1347.

@ti-chi-bot
Copy link
Member

In response to a cherrypick label: new pull request created: #1348.

This was referenced Jul 14, 2021
Merged
Merged
@ti-chi-bot
Copy link
Member

In response to a cherrypick label: new pull request created: #1349.

ti-chi-bot added a commit that referenced this pull request Jul 21, 2021
@ti-chi-bot
test: Add TDE feature test (#1273) (#1348)
2f4dab6
ti-chi-bot added a commit that referenced this pull request Jul 21, 2021
@ti-chi-bot
test: Add TDE feature test (#1273) (#1349)
1273b5b
ti-chi-bot added a commit that referenced this pull request Jul 23, 2021
@ti-chi-bot
test: Add TDE feature test (#1273) (#1347)
b0abbca
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@overvenus overvenus overvenus approved these changes

@kennytm kennytm kennytm approved these changes

@glorv glorv Awaiting requested review from glorv

@3pointer 3pointer Awaiting requested review from 3pointer

Assignees
No one assigned
Labels
component/test needs-cherry-pick-release-4.0 needs-cherry-pick-release-5.0 needs-cherry-pick-release-5.1 size/L status/can-merge status/LGT2 LGTM2
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add a test include TDE feature.
6 participants
@ZipFast @kennytm @ti-chi-bot @glorv @overvenus @Relax4Life