1#!/bin/bash
2# This is a linear script for demonstrating a Trillian-backed CT log; its contents
3# are extracted from the main trillian/integration/ct_integration_test.sh script.
4
5if [ $(uname) == "Darwin" ]; then
6 URLOPEN=open
7else
8 URLOPEN=xdg-open
9fi
10hash ${URLOPEN} 2>/dev/null || { echo >&2 "WARNING: ${URLOPEN} not found - browser windows will fail to open"; }
11if [[ ! -d "${GOPATH}" ]]; then
12 echo "Error: GOPATH not set"
13 exit 1
14fi
15if [[ ${PWD} -ef ${GOPATH}/src/github.com/google/certificate-transparency-go/trillian/integration ]]; then
16 echo "Error: cannot run from directory ${PWD}; try: cd ../..; ./trillian/integration/demo-script.sh"
17 exit 1
18fi
19
20echo 'Prepared before demo: edit trillian/integration/demo-script.cfg to fill in local GOPATH'
21sed "s~@TESTDATA@~${GOPATH}/src/github.com/google/certificate-transparency-go/trillian/testdata~" ${GOPATH}/src/github.com/google/certificate-transparency-go/trillian/integration/demo-script.cfg > demo-script.cfg
22
23echo '-----------------------------------------------'
24set -x
25
26echo 'Reset MySQL database'
27yes | ${GOPATH}/src/github.com/google/trillian/scripts/resetdb.sh
28
29echo 'Building Trillian log code'
30go build github.com/google/trillian/server/trillian_log_server/
31go build github.com/google/trillian/server/trillian_log_signer/
32
33echo 'Start a Trillian Log server (do in separate terminal)'
34./trillian_log_server --rpc_endpoint=localhost:6962 --http_endpoint=localhost:6963 --logtostderr &
35
36echo 'Start a Trillian Log signer (do in separate terminal)'
37./trillian_log_signer --force_master --sequencer_interval=1s --batch_size=500 --rpc_endpoint=localhost:6961 --http_endpoint=localhost:6964 --num_sequencers 2 --logtostderr &
38
39echo 'Wait for things to come up'
40sleep 8
41
42echo 'Building provisioning tool'
43go build github.com/google/trillian/cmd/createtree/
44
45echo 'Provision a log and remember the its tree ID'
46tree_id=$(./createtree --admin_server=localhost:6962)
47echo ${tree_id}
48
49echo 'Manually edit CT config file to put the tree ID value in place of @TREE_ID@'
50sed -i'.bak' "1,/@TREE_ID@/s/@TREE_ID@/${tree_id}/" demo-script.cfg
51
52echo 'Building CT personality code'
53go build github.com/google/certificate-transparency-go/trillian/ctfe/ct_server
54
55echo 'Running the CT personality (do in separate terminal)'
56./ct_server --log_config=demo-script.cfg --log_rpc_server=localhost:6962 --http_endpoint=localhost:6965 &
57ct_pid=$!
58sleep 5
59
60echo 'Log is now accessible -- see in browser window'
61${URLOPEN} http://localhost:6965/athos/ct/v1/get-sth
62
63echo 'But is has no data, so building the Hammer test tool'
64go build github.com/google/certificate-transparency-go/trillian/integration/ct_hammer
65
66echo 'Hammer time'
67./ct_hammer --log_config demo-script.cfg --ct_http_servers=localhost:6965 --mmd=30s --testdata_dir=${GOPATH}/src/github.com/google/certificate-transparency-go/trillian/testdata --logtostderr &
68hammer_pid=$!
69
70echo 'After waiting for a while, refresh the browser window to see a bigger tree'
71sleep 5
72${URLOPEN} http://localhost:6965/athos/ct/v1/get-sth
73
74
75
76sleep 10
77echo 'Now lets add another log. First kill the hammer'
78kill -9 ${hammer_pid}
79
80echo 'Provision a log and remember the its tree ID'
81tree_id_2=$(./createtree --admin_server=localhost:6962 --private_key_format=PrivateKey --pem_key_path=${GOPATH}/src/github.com/google/certificate-transparency-go/trillian/testdata/log-rpc-server.privkey.pem --pem_key_password=towel --signature_algorithm=ECDSA)
82echo ${tree_id_2}
83
84echo 'Manually edit CT config file to copy the athos config to be a second config with prefix: "porthos" and with the new tree ID'
85cp demo-script.cfg demo-script-2.cfg
86cat demo-script.cfg | sed 's/athos/porthos/' | sed "s/${tree_id}/${tree_id_2}/" >> demo-script-2.cfg
87
88echo 'Stop and restart the CT personality to use the new config (note changed --log_config)'
89kill -9 ${ct_pid}
90./ct_server --log_config=demo-script-2.cfg --log_rpc_server=localhost:6962 --http_endpoint=localhost:6965 &
91sleep 5
92
93echo 'See the new (empty) log'
94${URLOPEN} http://localhost:6965/porthos/ct/v1/get-sth
95
96echo 'Double Hammer time (note changed --log_config)'
97./ct_hammer --log_config demo-script-2.cfg --ct_http_servers=localhost:6965 --mmd=30s --testdata_dir=${GOPATH}/src/github.com/google/certificate-transparency-go/trillian/testdata --logtostderr &
98hammer_pid=$!
99
100
101sleep 30
102
103echo 'Remember to kill off all of the jobs, so their (hard-coded) ports get freed up. Shortcut:'
104${GOPATH}/src/github.com/google/certificate-transparency-go/trillian/integration/ct_killall.sh
105echo '...but ct_killall does not kill the hammer'
106killall -9 ct_hammer
107
108
109# Other ideas to extend a linear demo:
110# 1) Add a temporal log config, which just involves adding a fragment like the following (for 2017):
111# not_after_start {
112# seconds: 1483228800
113# }
114# not_after_limit {
115# seconds: 1514764800
116# }
117# 2) Run multiple signers and use etcd to provide mastership election:
118# - install etcd with: go install ./vendor/github.com/coreos/etcd/cmd/etcd
119# - run etcd, which listens on default port :2379
120# - drop the --force_master argument to the signer
121# - add argument to the signers: --etcd_servers=localhost:2379
122# 3) Run Prometheus for metrics collection and examination (best to use top-level scripts for this):
123# - go get github.com/prometheus/prometheus/cmd/...
124# - export ETCD_DIR=${GOPATH}/bin
125# - export PROMETHEUS_DIR=${GOPATH}/bin
126# - ./trillian/integration/ct_hammer_test.sh 3 3 1
127# - open http://localhost:9090/targets to see what's being monitored
128# - open http://localhost:9090/consoles/trillian.html to see Trillian-specific metrics
View as plain text