1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
|
#!/bin/bash
# This is a linear script for demonstrating a Trillian-backed CT log; its contents
# are extracted from the main trillian/integration/ct_integration_test.sh script.
if [ $(uname) == "Darwin" ]; then
URLOPEN=open
else
URLOPEN=xdg-open
fi
hash ${URLOPEN} 2>/dev/null || { echo >&2 "WARNING: ${URLOPEN} not found - browser windows will fail to open"; }
if [[ ! -d "${GOPATH}" ]]; then
echo "Error: GOPATH not set"
exit 1
fi
if [[ ${PWD} -ef ${GOPATH}/src/github.com/google/certificate-transparency-go/trillian/integration ]]; then
echo "Error: cannot run from directory ${PWD}; try: cd ../..; ./trillian/integration/demo-script.sh"
exit 1
fi
echo 'Prepared before demo: edit trillian/integration/demo-script.cfg to fill in local GOPATH'
sed "s~@TESTDATA@~${GOPATH}/src/github.com/google/certificate-transparency-go/trillian/testdata~" ${GOPATH}/src/github.com/google/certificate-transparency-go/trillian/integration/demo-script.cfg > demo-script.cfg
echo '-----------------------------------------------'
set -x
echo 'Reset MySQL database'
yes | ${GOPATH}/src/github.com/google/trillian/scripts/resetdb.sh
echo 'Building Trillian log code'
go build github.com/google/trillian/server/trillian_log_server/
go build github.com/google/trillian/server/trillian_log_signer/
echo 'Start a Trillian Log server (do in separate terminal)'
./trillian_log_server --rpc_endpoint=localhost:6962 --http_endpoint=localhost:6963 --logtostderr &
echo 'Start a Trillian Log signer (do in separate terminal)'
./trillian_log_signer --force_master --sequencer_interval=1s --batch_size=500 --rpc_endpoint=localhost:6961 --http_endpoint=localhost:6964 --num_sequencers 2 --logtostderr &
echo 'Wait for things to come up'
sleep 8
echo 'Building provisioning tool'
go build github.com/google/trillian/cmd/createtree/
echo 'Provision a log and remember the its tree ID'
tree_id=$(./createtree --admin_server=localhost:6962)
echo ${tree_id}
echo 'Manually edit CT config file to put the tree ID value in place of @TREE_ID@'
sed -i'.bak' "1,/@TREE_ID@/s/@TREE_ID@/${tree_id}/" demo-script.cfg
echo 'Building CT personality code'
go build github.com/google/certificate-transparency-go/trillian/ctfe/ct_server
echo 'Running the CT personality (do in separate terminal)'
./ct_server --log_config=demo-script.cfg --log_rpc_server=localhost:6962 --http_endpoint=localhost:6965 &
ct_pid=$!
sleep 5
echo 'Log is now accessible -- see in browser window'
${URLOPEN} http://localhost:6965/athos/ct/v1/get-sth
echo 'But is has no data, so building the Hammer test tool'
go build github.com/google/certificate-transparency-go/trillian/integration/ct_hammer
echo 'Hammer time'
./ct_hammer --log_config demo-script.cfg --ct_http_servers=localhost:6965 --mmd=30s --testdata_dir=${GOPATH}/src/github.com/google/certificate-transparency-go/trillian/testdata --logtostderr &
hammer_pid=$!
echo 'After waiting for a while, refresh the browser window to see a bigger tree'
sleep 5
${URLOPEN} http://localhost:6965/athos/ct/v1/get-sth
sleep 10
echo 'Now lets add another log. First kill the hammer'
kill -9 ${hammer_pid}
echo 'Provision a log and remember the its tree ID'
tree_id_2=$(./createtree --admin_server=localhost:6962 --private_key_format=PrivateKey --pem_key_path=${GOPATH}/src/github.com/google/certificate-transparency-go/trillian/testdata/log-rpc-server.privkey.pem --pem_key_password=towel --signature_algorithm=ECDSA)
echo ${tree_id_2}
echo 'Manually edit CT config file to copy the athos config to be a second config with prefix: "porthos" and with the new tree ID'
cp demo-script.cfg demo-script-2.cfg
cat demo-script.cfg | sed 's/athos/porthos/' | sed "s/${tree_id}/${tree_id_2}/" >> demo-script-2.cfg
echo 'Stop and restart the CT personality to use the new config (note changed --log_config)'
kill -9 ${ct_pid}
./ct_server --log_config=demo-script-2.cfg --log_rpc_server=localhost:6962 --http_endpoint=localhost:6965 &
sleep 5
echo 'See the new (empty) log'
${URLOPEN} http://localhost:6965/porthos/ct/v1/get-sth
echo 'Double Hammer time (note changed --log_config)'
./ct_hammer --log_config demo-script-2.cfg --ct_http_servers=localhost:6965 --mmd=30s --testdata_dir=${GOPATH}/src/github.com/google/certificate-transparency-go/trillian/testdata --logtostderr &
hammer_pid=$!
sleep 30
echo 'Remember to kill off all of the jobs, so their (hard-coded) ports get freed up. Shortcut:'
${GOPATH}/src/github.com/google/certificate-transparency-go/trillian/integration/ct_killall.sh
echo '...but ct_killall does not kill the hammer'
killall -9 ct_hammer
# Other ideas to extend a linear demo:
# 1) Add a temporal log config, which just involves adding a fragment like the following (for 2017):
# not_after_start {
# seconds: 1483228800
# }
# not_after_limit {
# seconds: 1514764800
# }
# 2) Run multiple signers and use etcd to provide mastership election:
# - install etcd with: go install ./vendor/github.com/coreos/etcd/cmd/etcd
# - run etcd, which listens on default port :2379
# - drop the --force_master argument to the signer
# - add argument to the signers: --etcd_servers=localhost:2379
# 3) Run Prometheus for metrics collection and examination (best to use top-level scripts for this):
# - go get github.com/prometheus/prometheus/cmd/...
# - export ETCD_DIR=${GOPATH}/bin
# - export PROMETHEUS_DIR=${GOPATH}/bin
# - ./trillian/integration/ct_hammer_test.sh 3 3 1
# - open http://localhost:9090/targets to see what's being monitored
# - open http://localhost:9090/consoles/trillian.html to see Trillian-specific metrics
|
