Add Integration tests with Custom SSL IdentityStore/TrustSore #2282
Conversation
anpanigr
changed the title
| @@ -0,0 +1,21 @@ | |||
| # Copyright (c) 2020, 2021, Oracle and/or its affiliates. | |||
| # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. | |||
| public class SslTestClient { | ||
| private String url; | ||
|
|
||
| public SslTestClient(String[] args) |
There was a problem hiding this comment.
Why do we call it ssl client? there the ssl invoke happen?
There was a problem hiding this comment.
It takes t3s URL to get initial context.
| adminServerPodName, domainNamespace); | ||
| checkPodReadyAndServiceExists(adminServerPodName, domainUid, domainNamespace); | ||
| // Generate JKS Keystore using openssl before | ||
| // managed server services and pods are ready |
There was a problem hiding this comment.
Is JKS Keystore required before the managed server service and pods are ready? How do you control the keystore is copied before the managed server service and pods are ready?
There was a problem hiding this comment.
I copy the file immediately after the admin pod is ready and before managed server is being started. That is why insert the copy command between admin server service check and managed server service check.
There was a problem hiding this comment.
I think there will be possible race condition. If the keystore is required before the managed server is started, then you can start the admin server first, then copy the files and start the managed servers. CheckPodReady() method only checks the status of the pod and does not control when to start the pod.
There was a problem hiding this comment.
After admin server is started it takes few seconds to create the table/JKS files before introspector picks the managed server which takes a minutes to start the server. I also checks if the JMS Server MBean are in proper managed server before proceeding tests. If I see the failure in nightly I have to create a dummy WebLogic Pod to create the table before the domain starts.
| -storepass changeit -noprompt | ||
|
|
||
| #keytool -list -v -keystore TrustKeyStore.jks -storepass changeit | ||
| #keytool -list -v -keystore IdentityKeyStore.jks -storepass changeit |
There was a problem hiding this comment.
remove commented out lines
| @@ -0,0 +1,51 @@ | |||
| // Copyright (c) 2020, 2021, Oracle and/or its affiliates. | |||
|
|
||
| public SslTestClient(String[] args) | ||
| { | ||
| url = args[0]; |
| url = args[0]; | ||
| try { | ||
| Context ctx = getInitialContext(); | ||
| System.out.println("Got the Initial JNDI Context ["+ctx+"]"); |
| System.out.println("Got the Initial JNDI Context ["+ctx+"]"); | ||
| String cfName="weblogic.jms.ConnectionFactory"; | ||
| ConnectionFactory qcf=(ConnectionFactory)ctx.lookup(cfName); | ||
| System.out.println("Looked up default JMS connection factory ["+qcf+"]"); |
| ConnectionFactory qcf=(ConnectionFactory)ctx.lookup(cfName); | ||
| System.out.println("Looked up default JMS connection factory ["+qcf+"]"); | ||
| } catch ( Exception ex ) { | ||
| System.out.println("Got Unknown Exception ["+ ex + "]"); |
4 participants
Here is the usecase description
Create a MII domain with an attached persistent volume.
Configure custom identity and custom trust on server template
Enable SSL on server template with port 8002 (default 7002 does not work)
Put the IdentityKeyStore.jks and TrustKeyStore.jks on /shared directory
after administration server pod is started so that it can be accessible
from all managed server pods
Once all servers are started get the JNDI initial context using cluster
service URL with t3s protocol.
Repeat the same after scaling the cluster
Note - Added a new SslUtils class to deal with SSL related tasks
Jenkin Result
https://build.weblogick8s.org:8443/job/weblogic-kubernetes-operator-kind-new/4413/
https://build.weblogick8s.org:8443/job/weblogic-kubernetes-operator-kind-new/4419/