basho · hanssv · Mar 25, 2020 · Mar 25, 2020 · martincox · Mar 25, 2020
diff --git a/priv/riak.schema b/priv/riak.schema
@@ -218,6 +218,12 @@
   merge
 ]}.
 
+%% TLS/SSL setting
+{mapping, "erlang.proto_dist", "vm_args.-proto_dist", [
+  %% {default, "inet_tcp"}
+  {default, "inet_tls -ssl_dist_optfile etc/riak_ssl.conf"}
+]}.
+
 {{#devrel}}
 %% Because of the 'merge' keyword in the proplist below, the docs and datatype
 %% are pulled from the leveldb schema.

diff --git a/rebar.config b/rebar.config
@@ -45,14 +45,15 @@
 {relx, [{release, {riak, "3.0"},
     [kernel,
      stdlib,
-     lager,
-     sasl,
+     crypto,
+     asn1,
      public_key,
      ssl,
+     sasl,
+     lager,
      exometer_core,
      riak_sysmon,
      os_mon,
-     crypto,
      runtime_tools,
      xmerl,
      mochiweb,
@@ -77,6 +78,8 @@
          {mkdir, "data/ring"},
 
          {template, "rel/files/advanced.config", "etc/advanced.config"},
+         {copy,     "rel/files/riak_ssl.conf",   "etc/riak_ssl.conf"},
+         {copy,     "rel/files/phoney_cert.pem", "etc/phoney_cert.pem"},
 
          %% Copy additional bin scripts
          {template, "rel/files/riak-admin",        "bin/riak-admin"},

diff --git a/rel/files/phoney_cert.pem b/rel/files/phoney_cert.pem
@@ -0,0 +1,49 @@
+-----BEGIN CERTIFICATE-----
+MIIDbjCCAlYCCQCAvNvby7tjaDANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJT
+RTEMMAoGA1UECAwDTi9BMRMwEQYDVQQHDApHb3RoZW5idXJnMRUwEwYDVQQKDAxF
+eGFtcGxlLCBMTEMxETAPBgNVBAMMCFF1dmlxIEFCMR0wGwYJKoZIhvcNAQkBFg5j
+ZXJ0QHF1dmlxLmNvbTAeFw0yMDAyMjQxMzIxMjVaFw0yMTAyMjMxMzIxMjVaMHkx
+CzAJBgNVBAYTAlNFMQwwCgYDVQQIDANOL0ExEzARBgNVBAcMCkdvdGhlbmJ1cmcx
+FTATBgNVBAoMDEV4YW1wbGUsIExMQzERMA8GA1UEAwwIUXV2aXEgQUIxHTAbBgkq
+hkiG9w0BCQEWDmNlcnRAcXV2aXEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAm3Gp3Vmr+jQOut67+h9e7G0u4E2tE8GmTNA/g60vwE6aHkBsQxHz
+Xz5OuRCLQZdVgK31Ex+fSHbJZ7xf7HotpN/byzT2H2O6JnTA5yWAVyQmqd45r8eN
+4+CsNl4YLDBArFwfadFC6thGfjKPcM5VmgjWrzSfrQg8AgSphsb3zXViLPxMdU1R
+E/94/TOmRG6MA4en4wkEsjjspHH1GnzpuLYTTD/HvwpF/PWwchjb9NMo71j0v7ja
+P3s605FRqcukgJz7gZ7Qv+e05UfOC2YuSCEshxHsoiaRy9hsN971kDtmmcj6w0zy
+SVGa8URCXYDmueSfeFvcrdvsSHz2E2o9owIDAQABMA0GCSqGSIb3DQEBCwUAA4IB
+AQA4vegr55hJHbecx8ry7xBizlK33nDVaZkkMyDy/RiJoj1mlNtTRjLLvSbVe68x
+rtsAvEaBu6yPJTn+8x8HqH73eVsMYrB5XRLMNNzWE1Dn1bMwXYfLFg8GLh1U8JDS
+1hzOjlWdvjXPE545N0OU8Fv2YWoRp0B7okvoQEoUahx0Wd0HIdBjZMbv1JiV+qi6
+7PnUak2AQxddyolwOmgZrF+ssXhfOkd0XuYsn8ycrFoTjmJujxnEzjA7twIjllw1
+kPw0qy6kpa7VZnjL3stNSl3g3nupLm/SL1wckZrTQs+3qEPLf5R/GyTMC4v22DMZ
+dR70apXT2gF7BbTKAhLGx7IJ
+-----END CERTIFICATE-----
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCbcandWav6NA66
+3rv6H17sbS7gTa0TwaZM0D+DrS/ATpoeQGxDEfNfPk65EItBl1WArfUTH59Idsln
+vF/sei2k39vLNPYfY7omdMDnJYBXJCap3jmvx43j4Kw2XhgsMECsXB9p0ULq2EZ+
+Mo9wzlWaCNavNJ+tCDwCBKmGxvfNdWIs/Ex1TVET/3j9M6ZEbowDh6fjCQSyOOyk
+cfUafOm4thNMP8e/CkX89bByGNv00yjvWPS/uNo/ezrTkVGpy6SAnPuBntC/57Tl
+R84LZi5IISyHEeyiJpHL2Gw33vWQO2aZyPrDTPJJUZrxREJdgOa55J94W9yt2+xI
+fPYTaj2jAgMBAAECggEAZVZbfB+qm2n2tGLiv3RWKOIhLj/VdszHQsp8rbZpLADS
+PqiXK753H/95yPJ9JpynNEW0QOxbph0yvjszefJI8XSzUK3NSrd0Mv/ohoiPO8Ao
+qJNknjEFUqs0+hirv5sRfoxsOksfSgUHJ9yEYPFTIyFh/ETdWCvHGzW441GxWTKK
+ToakF/wcKacioqTeNGYU9+Rz4LMVMkYppbUpEHq247f/HQNtWk9/olNOL0jRTboB
+4wpj3nh9wTNsRiAuhebOfX7+my9oBR9h5tYtkeS+EaU4jzmgDcksGWCS/55uYuUL
+Xv3Xbs3i+1V94QFmQzbpxaUZj66XlUIZAdwqJT2SiQKBgQDL1kF0ufc5P3B29Qmq
+/pHeM0AHQa8xtNqZ2pXysCWuwEPo57XRusRTixS0kQF4gkGA1g/La3s2rfvu8luP
+qeFdY2n4us89k0AdKX7mue+6p0OAMuy5g2NhiHxIkO8JjlWzjNxjSr5tScByF7bW
+8iFcOFIKArXqT+O7FpaxRtlF7QKBgQDDORg9QlxIIC3wXQXgNNBJI67o3dmztFBt
+ydMZ2fzIJBEnOp97O/Ah+RD+Qq4PmdTYWDK3d7K5N/Xp05T2uJlCnMYgiW5BNZYG
+SwZDZNadSwgR6UAW2S2gsKuhXXUDDMmslED+6N2BO/AJ4Au+SE7fNYBZehTMso1B
+OSePuu8fzwKBgFiNWNxT2dIV/E7BfxS5CTelviAo6epHLlx+eHv5CDXVsurglr1p
+TNcaacFT6Xan57sHw87Uf6+uf+87fIl5/LzsbmIvDc8rREQm/clQZ5QIDCwKc4rY
+SHlbqNqBlEbrfdHF1QyRsQ6bZq5qHPVeNR3yHbnZmZwUXtOtKYQUSlm1AoGAWuJD
+pJE2QOWqPVIxIBW2ObaBASv247A4GURyIIDZK5uO2MJz6H0Y59f5z0Tfn6ev7R/y
+THNPIucodrjnioyZ3Ob7Xb5dM8Jsm3Vl7w4M06FQmnYKPhjRIxPccvz9MnRLlypV
+r9Zc+IMc1pwVG3qyLTvNCtrIwBsHo6ul/UW7eQUCgYEAmvaVViCdQO1SzY57P88t
+SFQ59qcbVf35rsWjGK6VavCtQnzoiViDn8DRo7WHfAc2d9sLUGswDoFtNr5PX9Eg
+Y9fsyN2xg4wE2IEvanPRu96CGAg7/PU05TFbCvdeljRNP+0oJ+OIqMH4tmFGhcAt
+hh7ODr+2KSCXlCLn5I+mCSo=
+-----END PRIVATE KEY-----
diff --git a/rel/files/riak-admin b/rel/files/riak-admin
@@ -6,6 +6,7 @@
 ORIGINAL_DIR=$(pwd)
 
 # Make sure CWD is set to runner run dir
+RUNNER_BASE_DIR={{runner_base_dir}}
 cd $RUNNER_BASE_DIR
 
 # Identify the script name

diff --git a/rel/files/riak-repl b/rel/files/riak-repl
@@ -6,6 +6,7 @@
 ORIGINAL_DIR=$(pwd)
 
 # Make sure CWD is set to runner run dir
+RUNNER_BASE_DIR={{runner_base_dir}}
 cd $RUNNER_BASE_DIR
 
 # Identify the script name

diff --git a/rel/files/riak_ssl.conf b/rel/files/riak_ssl.conf
@@ -0,0 +1,6 @@
+[{server,
+  [{certfile, "./etc/phoney_cert.pem"},
+   {server_fail_if_no_peer_cert, true},
+   {secure_renegotiate, true}]},
+ {client,
+  [{secure_renegotiate, true}]}].
diff --git a/rel/vars.config b/rel/vars.config
@@ -41,7 +41,7 @@
 %%
 %% bin/riak
 %%
-{runner_script_dir,  "\`cd \\`dirname $0\\` && /bin/pwd\`"}.
+{runner_script_dir,  "\`! cd \\`dirname $0\\` || /bin/pwd\`"}.
 {runner_base_dir,    "{{runner_script_dir}}/.."}.
 {runner_etc_dir,     "$RUNNER_BASE_DIR/etc"}.
 {runner_log_dir,     "$RUNNER_BASE_DIR/log"}.

diff --git a/rel/vars/dev_vars.config.src b/rel/vars/dev_vars.config.src
@@ -43,7 +43,7 @@
 %%
 %% bin/riak
 %%
-{runner_script_dir,  "\`cd \\`dirname $0\\` && /bin/pwd\`"}.
+{runner_script_dir,  "\`! cd \\`dirname $0\\` || /bin/pwd\`"}.
 {runner_base_dir,    "{{runner_script_dir}}/.."}.
 {runner_etc_dir,     "$RUNNER_BASE_DIR/etc"}.
 {runner_log_dir,     "$RUNNER_BASE_DIR/log"}.

diff --git a/rel/vars/perf_vars.config.src b/rel/vars/perf_vars.config.src
@@ -49,7 +49,7 @@
 %%
 %% bin/riak
 %%
-{runner_script_dir,  "\`cd \\`dirname $0\\` && /bin/pwd\`"}.
+{runner_script_dir,  "\`! cd \\`dirname $0\\` || /bin/pwd\`"}.
 {runner_base_dir,    "{{runner_script_dir}}/.."}.
 {runner_etc_dir,     "$RUNNER_BASE_DIR/etc"}.
 {runner_log_dir,     "$RUNNER_BASE_DIR/log"}.