Allow to add CA for HTTPS-connections
Tests against Gerrit servers using HTTPS were failing, since no valid
CA was available.
Now certificates that are mounted to `/var/loadtest/certs` will be used
as a CA.
Change-Id: I92d115cb9fc593c49a26f6abcaa62f9fee27ea6b
diff --git a/README.md b/README.md
index 6bc5200..34764f3 100644
--- a/README.md
+++ b/README.md
@@ -108,6 +108,15 @@
- `--url`: URL of Gerrit (REQUIRED; e.g. `https://gerrit.example.com`)
- `--user` (default: `admin`): User to be used for executing actions
+If the target Gerrit server is using the HTTPS-protocol, the load test requires
+a valid not self-signed CA. Certificates that are mounted to the
+`/var/loadtest/certs` will be used to that perpose. This can be done like this:
+
+```sh
+docker run -it gerrit/loadtester \
+ -v <certificate dir>:/var/loadtest/certs
+```
+
### Kubernetes
The docker containers may be used to run the load tests in Kubernetes to simulate
@@ -115,7 +124,8 @@
example deployment yaml: `./kubernetes/load-tester/load-tester.*.yaml`.
To install the Kubernetes setup, adjust the configuration in the yaml-files.
-- Configure the Gerrit user data in `./kubernetes/load-tester/load-tester.secret.yaml`.
+- Configure the Gerrit user data and add certificates for HTTPS-connections
+ in `./kubernetes/load-tester/load-tester.secret.yaml`.
The values have to be base64-encoded.
- Adjust the configuration file in `./kubernetes/load-tester/load-tester.configmap.yaml`.
The config-file structure is the same as described above.
diff --git a/container/Dockerfile b/container/Dockerfile
index a9ed3e4..559ea0e 100644
--- a/container/Dockerfile
+++ b/container/Dockerfile
@@ -17,7 +17,12 @@
RUN adduser -D loadtest -u 1000 -G users && \
chown -R 1000:100 /usr/src/app && \
mkdir -p /var/logs && \
- chown -R 1000:100 /var/logs
+ mkdir -p /var/loadtest && \
+ chown -R 1000:100 /var/logs && \
+ chown -R 1000:100 /var/loadtest
USER loadtest
-ENTRYPOINT [ "python3", "./start_test.py" ]
+RUN git config --global http.sslCAInfo /var/loadtest/ca-certificates.crt
+ENV REQUESTS_CA_BUNDLE=/var/loadtest/ca-certificates.crt
+
+ENTRYPOINT [ "./start.sh" ]
diff --git a/container/tools/start.sh b/container/tools/start.sh
new file mode 100755
index 0000000..0f4dc48
--- /dev/null
+++ b/container/tools/start.sh
@@ -0,0 +1,13 @@
+#!/bin/ash
+
+CA_CERT="/var/loadtest/certs"
+
+test -f $REQUESTS_CA_BUNDLE || touch $REQUESTS_CA_BUNDLE
+
+if [ -d "$CA_CERT" ]; then
+ for file in "$CA_CERT/"*; do
+ (cat "$file"; echo) >> "$REQUESTS_CA_BUNDLE"
+ done
+fi
+
+python3 ./start_test.py $@
diff --git a/kubernetes/load-tester/load-tester.deployment.yaml b/kubernetes/load-tester/load-tester.deployment.yaml
index 8c2cb75..351d836 100644
--- a/kubernetes/load-tester/load-tester.deployment.yaml
+++ b/kubernetes/load-tester/load-tester.deployment.yaml
@@ -45,7 +45,12 @@
- name: config
mountPath: "/var/config/test.yaml"
subPath: test.yaml
+ - name: certs
+ mountPath: "/var/loadtest/certs"
volumes:
- name: config
configMap:
name: load-test-config
+ - name: certs
+ secret:
+ secretName: load-test-ca-certs
diff --git a/kubernetes/load-tester/load-tester.secret.yaml b/kubernetes/load-tester/load-tester.secret.yaml
index 0563a76..6cca59f 100644
--- a/kubernetes/load-tester/load-tester.secret.yaml
+++ b/kubernetes/load-tester/load-tester.secret.yaml
@@ -6,3 +6,11 @@
data:
user: YWRtaW4= # Change
pwd: c2VjcmV0 # Change
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: load-test-ca-certs
+type: Opaque
+data:
+ ca.crt: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQoKICAgIC0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0t # Change
