Commit 918c03ae authored by pfandzelter's avatar pfandzelter
Browse files

add cluster script

parent 3044e32b
Pipeline #40667 passed with stages
in 16 minutes and 38 seconds
......@@ -566,6 +566,11 @@ It uses the Docker API to destroy and start the corresponding containers.
The code can be found in `./tests/FailingNodeTest` but can be started with `make failtest` in `./tests/3NodeTest/` after a deployment has been created with `make fred`.
#### Cluster
You can easily set up a cluster of FReD nodes by using the `run-cluster.sh` script in the `cluster/` folder.
Simply run `bash run-cluster.sh [NUM_NODES]` to spawn up to 263 FReD nodes.
#### Profiling
FReD supports CPU and memory profiling for the main `frednode` binary.
......
node*
etcd*
\ No newline at end of file
-----BEGIN CERTIFICATE-----
MIIDMjCCAhoCCQCX6zxD98jlUTANBgkqhkiG9w0BAQsFADBbMQswCQYDVQQGEwJE
RTEPMA0GA1UECAwGQmVybGluMQ8wDQYDVQQHDAZCZXJsaW4xDDAKBgNVBAoMA01D
QzENMAsGA1UECwwERlJFRDENMAsGA1UEAwwEZXRjZDAeFw0yMDA5MjIxNzA4NTVa
Fw0yNTA5MjExNzA4NTVaMFsxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIDAZCZXJsaW4x
DzANBgNVBAcMBkJlcmxpbjEMMAoGA1UECgwDTUNDMQ0wCwYDVQQLDARGUkVEMQ0w
CwYDVQQDDARldGNkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx1Uh
o/fV22yZa5dD1Ra0WHnl2nSvjF+MlthlBwnW1oFXJYTHBeFY0Y5Iw4CPU+664ZIS
ODit0Vm7zmb8Usvf2ZrZwqwdz9bSWGU8/FzkcEPDJjj/Wh6RHrlvPS2xBTTL6wqq
Moxmy+G9ec7fUT4MFwBDUKzkY0Ft6GDLMvSvqfGlOCOYhdbVS7waEbNxbk442/bp
79w9OkHhW7scKsrbrRwq2lxvlDMfpdbC27wg5affpcqgnD+26cBh5ahBqW5AvBG6
EX0QFRDv+v2NgQsb3vSTvhIsJlY/j0/+AgqKYtCUUWRvBwTEkgVmHzXvlf4P9cKi
/nOv8kmaLi6VSRxF+QIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAoiHfqXwActenW
IWfomSyguI8U4UTk78uUji689od8Wkd7XJH+s1dw40oE3NFpWx10lkM7n3FfnkSQ
BeVQ8H0VsJvFHp/7E+q2z/x2dwd20YkWwIYlpDSvsMo4RMq8Ef82VTfvnY4yWZJp
7uEcOYqiGj/ks2VvMLtPJ6qJo1ziGt0/D1ExLzGw8f5A73mja/DM9YylZGNYgACm
3qaZdAxZXvknGy1YVAv4IfT8FQWLvS8Urrd6mIPNUkDvWVlL0XUEnU10ufCjzWL2
atN5aWGz+h51i0/Nb3crZv7jQmM9PRDFfsgP0vqdNrPXloK4FNs/QATDL61kui9A
7+6tXObW
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAx1Uho/fV22yZa5dD1Ra0WHnl2nSvjF+MlthlBwnW1oFXJYTH
BeFY0Y5Iw4CPU+664ZISODit0Vm7zmb8Usvf2ZrZwqwdz9bSWGU8/FzkcEPDJjj/
Wh6RHrlvPS2xBTTL6wqqMoxmy+G9ec7fUT4MFwBDUKzkY0Ft6GDLMvSvqfGlOCOY
hdbVS7waEbNxbk442/bp79w9OkHhW7scKsrbrRwq2lxvlDMfpdbC27wg5affpcqg
nD+26cBh5ahBqW5AvBG6EX0QFRDv+v2NgQsb3vSTvhIsJlY/j0/+AgqKYtCUUWRv
BwTEkgVmHzXvlf4P9cKi/nOv8kmaLi6VSRxF+QIDAQABAoIBAFgn1lDl8rawOMnU
hDNhbzER+A29PUYfm9W6rjOGrnT/jsMRDdQT7WwAOT39RWYhVpUcPOKQbo7/2IdY
FI+pir56NYRbCnQ41Z4yZ95UVtMvpMbqvkPk8NlduUydQITE7MpuVQc2AOB6XYnZ
a/pKLp6dhyfOztL2xNzYsgU/IdFOPaih8AKFMKLvBgy6s6sEBlL7vkj7O2ornsvp
kkBHyj1sj5YgpGAYJu4GZtoIjyzIXwM7OCfxMUsf6sx+9aRFWb8+AjA33qXUqDP+
ut9qTTVcQf9M55OQB+n0/y6GyUDpglutU7XbxltRZAbP9PhLGCm/dMUyPvdQUm6h
sZ2GV+ECgYEA5J0+3Nmc6D2valqPp6L2AGCK1x6EH8OVADamoRDIeuiIL7ilNhCn
drqsRfn1bcm1xrfAgCOz+oSF7d4ex+q+ou7v7tXTkFzA0EimEHncKyKm557/blp/
6ObvNsDtyaaCavZbgH25b0fWCSnQ95QWylUPXjJQ2C8D7tes/pbDddMCgYEA3zXs
pCyjvw3pRvbwWDGXhRYB3F4555K8WGwpDx4E1C4DS985EzW1kdQ5ovayVsfLRY4Q
YrjDebmn7GUBFWEtRE46uV8vjOILLWYcAMELEzhwg2PVs4vkywRDTZ4wZfDH8y86
ilAQgdA6iHuu6oJctE8FY2wwX2pjeOVqDorZOYMCgYBFevz2BjVH6Cd9/VQXsNFv
P+gyhRXGyZxpWjK+VOl5YV6ykj2z9s/Op+Ffyx4qZdmXMZWR3EgA5XIG3zEftVqH
DnNhdR89itMW+l1uOHsPqRJs5sfe9CZX1IfzbiNW3AJbG9Cndo57IawNUOYvuJRM
nhlzmXs0mOVrG6V6Irv4/QKBgQC422v0O5QRMnAz+WbrY4bdDXDVFKRYCMo7YLhQ
cMgHAWRxfZlDM4QAFgb10+G2xRivrgwb9nDNatiLisru7eATZcZ0p0Q2JS6klqAy
b63AaUmlRxVA8Wa2S/2BVrU2d8bgvAh7a/t/xvfy+JvQU8569ca8pGkbXHytLzI6
gPuOCQKBgQDUUWble7woV4QWIw/WAckUQIpH6808lN06Qz3pWNi2rbAiWzco+OT2
yd9f82G4qSk+iad5AinAVBzvCWyyhorZJ6DCZtAn1E9GNYvVYAx8f0LBei6GmfEO
Rm5zj9ze1boSw5biKWAa3KA8UwJ6aVL+JuxqULOeqV0UjiB60w3tKQ==
-----END RSA PRIVATE KEY-----
E07FC2396E9D667B
#!/bin/bash
#constants
CLUSTER_NAME=cluster-
NET_NAME=clusternetwork
CERT_FOLDER="$(pwd)"/certs
GATEWAY=172.18.20.1
SUBNET=172.18.20.0/24
BASE_IP=172.18.20.
ETCD_IP=172.18.20.2
docker network remove "$NET_NAME" 2&> /dev/null || true
gen_cert() {
NAME=$1
IP=$2
rm "$CERT_FOLDER"/"${NAME}".crt || true
rm "$CERT_FOLDER"/"${NAME}".key || true
# generate a key
openssl genrsa -out "$CERT_FOLDER"/"${NAME}".key 2048
# write the config file
# shellcheck disable=SC2086
cat > "$CERT_FOLDER"/${NAME}.conf <<EOF
[ req ]
default_bits = 2048
prompt = no
default_md = sha256
req_extensions = v3_req
distinguished_name = dn
[ dn ]
C = DE
ST = Berlin
L = Berlin
O = MCC
OU = FRED
EOF
# write the CN into the config file
echo "CN = ${NAME}" >> "$CERT_FOLDER"/"${NAME}".conf
cat >> "$CERT_FOLDER"/"${NAME}".conf <<EOF
[v3_req]
keyUsage = keyEncipherment, dataEncipherment, digitalSignature
extendedKeyUsage = serverAuth, clientAuth
subjectAltName = @alt_names
[alt_names]
DNS.1 = localhost
IP.1 = 127.0.0.1
EOF
# write the IP SAN into the config file
echo "IP.2 = ${IP}" >> "$CERT_FOLDER"/"${NAME}".conf
# generate the CSR
openssl req -new \
-key "$CERT_FOLDER"/"${NAME}".key \
-out "$CERT_FOLDER"/"${NAME}".csr \
-config "$CERT_FOLDER"/"${NAME}".conf
# build the certificate
openssl x509 -req -in "$CERT_FOLDER"/"${NAME}".csr \
-CA "$CERT_FOLDER"/ca.crt \
-CAkey "$CERT_FOLDER"/ca.key \
-CAcreateserial \
-out "$CERT_FOLDER"/"${NAME}".crt \
-days 1825 \
-extfile "$CERT_FOLDER"/"${NAME}".conf \
-extensions v3_req
# delete the config file and csr
rm "$CERT_FOLDER"/"${NAME}".conf
rm "$CERT_FOLDER"/"${NAME}".csr
}
# usage: run-cluster.sh <num_nodes>
# check that we got the parameter we needed or exit the script with a usage message
[ $# -ne 1 ] || echo "$1" | grep -E -q -v '^[0-9]+$' && { echo "Usage: $0 num_nodes"; exit 1; }
# prettier name
NUM_NODES=$1
# create a network
docker network create "$NET_NAME" --gateway "$GATEWAY" --subnet "$SUBNET" || exit 1
# generate certificates
gen_cert etcd "$ETCD_IP" || exit 1
for (( i = 1; i <= NUM_NODES; i=i+1 ))
do
gen_cert node"$i" "$BASE_IP$(( i+2 ))" || exit 1
done
# start etcd
docker pull gcr.io/etcd-development/etcd:v3.5.0
docker run -d \
--name "$CLUSTER_NAME"etcd \
-v "$CERT_FOLDER"/etcd.crt:/cert/etcd.crt \
-v "$CERT_FOLDER"/etcd.key:/cert/etcd.key \
-v "$CERT_FOLDER"/ca.crt:/cert/ca.crt \
--network="$NET_NAME" \
--ip="$ETCD_IP" \
gcr.io/etcd-development/etcd:v3.5.0 \
etcd \
--name s-1 \
--data-dir /tmp/etcd/s-1 \
--listen-client-urls https://"$ETCD_IP":2379 \
--advertise-client-urls https://"$ETCD_IP":2379 \
--listen-peer-urls http://"$ETCD_IP":2380 \
--initial-advertise-peer-urls http://"$ETCD_IP":2380 \
--initial-cluster s-1=http://"$ETCD_IP":2380 \
--initial-cluster-token tkn \
--initial-cluster-state new \
--cert-file=/cert/etcd.crt \
--key-file=/cert/etcd.key \
--client-cert-auth \
--trusted-ca-file=/cert/ca.crt
# start as many containers as needed
docker build -t fred ../.
for (( i = 1; i <= NUM_NODES; i=i+1 ))
do
docker run -d \
--name "$CLUSTER_NAME"node"$(( i ))" \
-v "$CERT_FOLDER"/node"$i".crt:/cert/node.crt \
-v "$CERT_FOLDER"/node"$i".key:/cert/node.key \
-v "$CERT_FOLDER"/ca.crt:/cert/ca.crt \
--network="$NET_NAME" \
--ip="$BASE_IP$(( i+2 ))" \
fred \
--log-level debug \
--handler dev \
--peer-host "$BASE_IP$(( i+2 ))":5555 \
--nodeID node"$(( i ))" \
--host "$BASE_IP$(( i+2 ))":9001 \
--cert /cert/node.crt \
--key /cert/node.key \
--ca-file /cert/ca.crt \
--peer-cert /cert/node.crt \
--peer-key /cert/node.key \
--peer-ca /cert/ca.crt \
--adaptor memory \
--nase-host https://"$ETCD_IP":2379 \
--nase-cert /cert/node.crt \
--nase-key /cert/node.key \
--nase-ca /cert/ca.crt \
--nase-cached \
--handler dev \
--remote-storage-cert /cert/node.crt \
--remote-storage-key /cert/node.key \
--remote-storage-ca /cert/ca.crt \
--trigger-cert /cert/node.crt \
--trigger-key /cert/node.key \
--trigger-ca /cert/ca.crt
done
cleanup() {
docker stop "$CLUSTER_NAME"etcd
docker rm "$CLUSTER_NAME"etcd
for (( i = 1; i <= NUM_NODES; i=i+1 ))
do
docker stop "$CLUSTER_NAME"node"$(( i ))"
docker rm "$CLUSTER_NAME"node"$(( i ))"
done
docker network remove "$NET_NAME"
exit 0
}
trap 'cleanup' INT
echo "press Ctrl-C to stop cluster..."
while true ; do
true
done
\ No newline at end of file
......@@ -40,6 +40,7 @@ extendedKeyUsage = serverAuth, clientAuth
subjectAltName = @alt_names
[alt_names]
DNS.1 = localhost
IP.1 = 127.0.0.1
EOF
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment