From 038f4d63e12176d2cf27c51cd9f46085acaec793 Mon Sep 17 00:00:00 2001 From: Timofey Turenko Date: Mon, 31 Dec 2018 17:27:04 +0200 Subject: [PATCH 1/5] Mxs 2226 long test (#186) * add possibility to run named test * remove sysbench_dir * remove unsupported in 1.0 sysbench options * exculed ReadConnRouter sysbench test * fix sysbench table name --- maxscale-system-test/long_sysbench.cpp | 23 ++-- maxscale-system-test/mdbci/run_test.sh | 5 + maxscale-system-test/mdbci/set_env.sh | 4 +- maxscale-system-test/mxs657_restart.cpp | 1 - maxscale-system-test/sysbench_commands.h | 106 ++++++++++--------- maxscale-system-test/sysbench_example.cpp | 10 +- maxscale-system-test/sysbench_kill_slave.cpp | 28 ++--- maxscale-system-test/testconnections.cpp | 6 -- maxscale-system-test/testconnections.h | 6 -- 9 files changed, 85 insertions(+), 104 deletions(-) diff --git a/maxscale-system-test/long_sysbench.cpp b/maxscale-system-test/long_sysbench.cpp index 760c947e0..6422e0658 100644 --- a/maxscale-system-test/long_sysbench.cpp +++ b/maxscale-system-test/long_sysbench.cpp @@ -25,33 +25,20 @@ int main(int argc, char *argv[]) Test->tprintf("Connecting to RWSplit %s\n", Test->maxscales->IP[0]); - sprintf(&sys1[0], sysbench_prepare, Test->sysbench_dir, Test->sysbench_dir, Test->maxscales->IP[0]); + sprintf(&sys1[0], SYSBENCH_PREPARE, Test->maxscales->IP[0]); Test->tprintf("Preparing sysbench tables\n%s\n", sys1); Test->set_timeout(10000); Test->add_result(system(sys1), "Error executing sysbench prepare\n"); - char *readonly; - char *ro_on = (char *) "on"; - char *ro_off = (char *) "off"; - Test->stop_timeout(); current_port = port[0]; Test->tprintf("Trying test with port %d\n", current_port); - if (current_port == Test->maxscales->readconn_slave_port[0] ) - { - readonly = ro_on; - } - else - { - readonly = ro_off; - } - - sprintf(&sys1[0], sysbench_command_long, Test->sysbench_dir, Test->sysbench_dir, Test->maxscales->IP[0], - current_port, readonly); + sprintf(&sys1[0], SYSBENCH_COMMAND_LONG, Test->maxscales->IP[0], + current_port); Test->set_log_copy_interval(300); Test->tprintf("Executing sysbench \n%s\n", sys1); if (system(sys1) != 0) @@ -64,6 +51,7 @@ int main(int argc, char *argv[]) printf("Dropping sysbanch tables!\n"); fflush(stdout); + /* Test->try_query(Test->maxscales->conn_rwsplit[0], (char *) "DROP TABLE sbtest1"); if (!Test->smoke) { @@ -71,8 +59,9 @@ int main(int argc, char *argv[]) Test->try_query(Test->maxscales->conn_rwsplit[0], (char *) "DROP TABLE sbtest3"); Test->try_query(Test->maxscales->conn_rwsplit[0], (char *) "DROP TABLE sbtest4"); } + */ - //global_result += execute_query(Test->maxscales->conn_rwsplit[0], (char *) "DROP TABLE sbtest"); + Test->global_result += execute_query(Test->maxscales->conn_rwsplit[0], (char *) "DROP TABLE sbtest1"); printf("closing connections to MaxScale!\n"); fflush(stdout); diff --git a/maxscale-system-test/mdbci/run_test.sh b/maxscale-system-test/mdbci/run_test.sh index db081eb8b..dfb35d523 100755 --- a/maxscale-system-test/mdbci/run_test.sh +++ b/maxscale-system-test/mdbci/run_test.sh @@ -68,6 +68,11 @@ if [ $res == 0 ] ; then mkdir build && cd build cmake .. -DBUILDNAME=$name -DCMAKE_BUILD_TYPE=Debug make +set -x + echo ${test_set} | grep "NAME#" + if [ $? == 0 ] ; then + named_test=`echo ${test_set} | sed "s/NAME#//" | sed "s/ //g"` + fi if [ ! -z "${named_test}" ] ; then ./${named_test} diff --git a/maxscale-system-test/mdbci/set_env.sh b/maxscale-system-test/mdbci/set_env.sh index bfae2a772..7f1f14fa5 100644 --- a/maxscale-system-test/mdbci/set_env.sh +++ b/maxscale-system-test/mdbci/set_env.sh @@ -74,7 +74,9 @@ export maxscale_IP=$maxscale_network export maxscale_access_user=$maxscale_whoami # Sysbench directory (should be sysbench >= 0.5) -export sysbench_dir=${sysbench_dir:-"$HOME/sysbench_deb7/sysbench/"} +sb=`which sysbench` +export sysbench_dir=$(dirname ${sb}) +#export sysbench_dir=${sysbench_dir:-""} export ssl=true diff --git a/maxscale-system-test/mxs657_restart.cpp b/maxscale-system-test/mxs657_restart.cpp index 1d8da91d4..c6edd36f4 100644 --- a/maxscale-system-test/mxs657_restart.cpp +++ b/maxscale-system-test/mxs657_restart.cpp @@ -5,7 +5,6 @@ #include "testconnections.h" -#include "sysbench_commands.h" #include "sql_t1.h" #include "get_com_select_insert.h" diff --git a/maxscale-system-test/sysbench_commands.h b/maxscale-system-test/sysbench_commands.h index 692d0ff7b..fb02e310a 100644 --- a/maxscale-system-test/sysbench_commands.h +++ b/maxscale-system-test/sysbench_commands.h @@ -1,71 +1,77 @@ #ifndef SYSBENCH_COMMANDS_H #define SYSBENCH_COMMANDS_H -/*const char * sysbench_prepare = - "sysbench --test=oltp \ - --oltp-table-size=1000000 --mysql-db=test --mysql-user=skysql --mysql-password=skysql \ +/*const char * SYSBENCH_PREPARE = + "sysbench oltp_read_write \ + --mysql-db=test --mysql-user=skysql --mysql-password=skysql \ --mysql-port=4006 --mysql-host=%s prepare"; -const char * sysbench_command = - "sysbench --test=oltp \ +const char * SYSBENCH_COMMAND = + "sysbench oltp_read_write \ --mysql-host=%s --mysql-port=%d --mysql-user=skysql --mysql-password=skysql \ - --mysql-db=test --mysql-table-engine=innodb \ - --num-threads=32 --oltp-table-size=1000000 --oltp-read-only=off \ + --mysql-db=test \ + --num-threads=32 \ --oltp-dist-type=uniform --oltp-skip-trx=off --init-rng=on --oltp-test-mode=complex \ - --max-requests=0 --max-time=600 run";*/ + --max-requests=0 --time=600 run";*/ -const char * sysbench_prepare = - "%s/sysbench --test=%s/tests/db/oltp.lua \ - --oltp-table-size=1000000 --mysql-db=test --mysql-user=skysql --mysql-password=skysql \ - --mysql-port=4006 --mysql-host=%s --oltp-tables-count=4 prepare"; +const char * SYSBENCH_PREPARE = + "sysbench oltp_read_write \ + --mysql-db=test --mysql-user=skysql --mysql-password=skysql \ + --mysql-port=4006 --mysql-host=%s prepare"; -const char * sysbench_command = - "%s/sysbench --test=%s/tests/db/oltp.lua \ +const char * SYSBENCH_COMMAND = + "sysbench oltp_read_write \ --mysql-host=%s --mysql-port=%d --mysql-user=skysql --mysql-password=skysql \ - --mysql-db=test --mysql-table-engine=innodb --mysql-ignore-duplicates=on \ - --num-threads=32 --oltp-table-size=1000000 --oltp-tables-count=2 --oltp-read-only=%s \ - --oltp-dist-type=uniform --oltp-skip-trx=off --init-rng=on --oltp-test-mode=complex \ - --max-requests=0 --report-interval=5 --max-time=100 run"; + --mysql-db=test \ + --threads=32 \ + --max-requests=0 --report-interval=5 --time=100 run"; +const char * SYSBENCH_PREPARE_RO = + "sysbench oltp_read_only \ + --mysql-db=test --mysql-user=skysql --mysql-password=skysql \ + --mysql-port=4006 --mysql-host=%s prepare"; -const char * sysbench_prepare1 = - "%s/sysbench --test=%s/tests/db/oltp.lua \ - --oltp-table-size=1000 --mysql-db=test --mysql-user=skysql --mysql-password=skysql \ - --mysql-port=4006 --mysql-host=%s --oltp-tables-count=1 prepare"; - -const char * sysbench_command1 = - "%s/sysbench --test=%s/tests/db/oltp.lua \ - --mysql-host=%s --mysql-port=%d --mysql-user=skysql --mysql-password=skysql \ - --mysql-db=test --mysql-table-engine=innodb --mysql-ignore-duplicates=on \ - --num-threads=32 --oltp-table-size=1000 --oltp-tables-count=1 --oltp-read-only=%s \ - --oltp-dist-type=uniform --oltp-skip-trx=off --init-rng=on --oltp-test-mode=complex \ - --max-requests=0 --report-interval=5 --max-time=100 run"; - - -const char * sysbench_command_long = - "%s/sysbench --test=%s/tests/db/oltp.lua \ +const char * SYSBENCH_COMMAND_RO = + "sysbench oltp_read_only \ --mysql-host=%s --mysql-port=%d --mysql-user=skysql --mysql-password=skysql \ - --mysql-db=test --mysql-table-engine=innodb --mysql-ignore-duplicates=on \ - --num-threads=32 --oltp-table-size=1000000 --oltp-tables-count=2 --oltp-read-only=%s \ - --oltp-dist-type=uniform --oltp-skip-trx=off --init-rng=on --oltp-test-mode=complex \ - --max-requests=0 --report-interval=5 --max-time=2592000 run"; + --mysql-db=test \ + --threads=32 \ + --max-requests=0 --report-interval=5 --time=100 run"; -const char * sysbench_prepare_short = - "%s/sysbench --test=%s/tests/db/oltp.lua \ - --oltp-table-size=10000 --mysql-db=test --mysql-user=skysql --mysql-password=skysql \ - --mysql-port=4006 --mysql-host=%s --oltp-tables-count=4 prepare"; +const char * SYSBENCH_PREPARE1 = + "sysbench oltp_read_write \ + --mysql-db=test --mysql-user=skysql --mysql-password=skysql \ + --mysql-port=4006 --mysql-host=%s prepare"; -const char * sysbench_command_short = - "%s/sysbench --test=%s/tests/db/oltp.lua \ +const char * SYSBENCH_COMMAND1 = + "sysbench oltp_read_write \ + --mysql-host=%s --mysql-port=%d --mysql-user=skysql --mysql-password=skysql \ + --mysql-db=test \ + --threads=32 \ + --max-requests=0 --report-interval=5 --time=100 run"; + + +const char * SYSBENCH_COMMAND_LONG = + "sysbench oltp_read_write \ + --mysql-host=%s --mysql-port=%d --mysql-user=skysql --mysql-password=skysql \ + --mysql-db=test \ + --threads=32 \ + --max-requests=0 --report-interval=5 --time=2592000 run"; + + +const char * SYSBENCH_PREPARE_SHORT = + "sysbench oltp_read_write \ + --mysql-db=test --mysql-user=skysql --mysql-password=skysql \ + --mysql-port=4006 --mysql-host=%s prepare"; + +const char * SYSBENCH_COMMAND_SHORT = + "sysbench oltp_read_write \ --mysql-host=%s --mysql-port=%d --mysql-user=skysql --mysql-password=skysql \ - --mysql-db=test --mysql-table-engine=innodb --mysql-ignore-duplicates=on \ - --num-threads=32 --oltp-table-size=10000 --oltp-tables-count=2 --oltp-read-only=%s \ - --oltp-dist-type=uniform --oltp-skip-trx=off --init-rng=on --oltp-test-mode=complex \ - --max-requests=0 --report-interval=5 --max-time=300 run"; - - + --mysql-db=test \ + --threads=32 \ + --max-requests=0 --report-interval=5 --time=300 run"; #endif // SYSBENCH_COMMANDS_H diff --git a/maxscale-system-test/sysbench_example.cpp b/maxscale-system-test/sysbench_example.cpp index 7bbdb45f0..047806026 100644 --- a/maxscale-system-test/sysbench_example.cpp +++ b/maxscale-system-test/sysbench_example.cpp @@ -21,7 +21,7 @@ int main(int argc, char *argv[]) fflush(stdout); Test->tprintf("Connecting to RWSplit %s\n", Test->maxscales->IP[0]); - sprintf(&sys1[0], sysbench_prepare_short, Test->sysbench_dir, Test->sysbench_dir, Test->maxscales->IP[0]); + sprintf(&sys1[0], SYSBENCH_PREPARE_SHORT, Test->maxscales->IP[0]); Test->tprintf("Preparing sysbench tables\n%s\n", sys1); Test->set_timeout(10000); @@ -29,8 +29,8 @@ int main(int argc, char *argv[]) Test->stop_timeout(); - sprintf(&sys1[0], sysbench_command_short, Test->sysbench_dir, Test->sysbench_dir, Test->maxscales->IP[0], - Test->maxscales->rwsplit_port[0], "off"); + sprintf(&sys1[0], SYSBENCH_COMMAND_SHORT, Test->maxscales->IP[0], + Test->maxscales->rwsplit_port[0]); Test->set_log_copy_interval(300); Test->tprintf("Executing sysbench \n%s\n", sys1); if (system(sys1) != 0) @@ -43,6 +43,7 @@ int main(int argc, char *argv[]) printf("Dropping sysbanch tables!\n"); fflush(stdout); + /* Test->try_query(Test->maxscales->conn_rwsplit[0], (char *) "DROP TABLE sbtest1"); if (!Test->smoke) { @@ -50,8 +51,9 @@ int main(int argc, char *argv[]) Test->try_query(Test->maxscales->conn_rwsplit[0], (char *) "DROP TABLE sbtest3"); Test->try_query(Test->maxscales->conn_rwsplit[0], (char *) "DROP TABLE sbtest4"); } + */ - //global_result += execute_query(Test->maxscales->conn_rwsplit[0], (char *) "DROP TABLE sbtest"); + Test->global_result += execute_query(Test->maxscales->conn_rwsplit[0], (char *) "DROP TABLE sbtest1"); printf("closing connections to MaxScale!\n"); fflush(stdout); diff --git a/maxscale-system-test/sysbench_kill_slave.cpp b/maxscale-system-test/sysbench_kill_slave.cpp index d7b44cff1..95b583de1 100644 --- a/maxscale-system-test/sysbench_kill_slave.cpp +++ b/maxscale-system-test/sysbench_kill_slave.cpp @@ -28,49 +28,36 @@ int main(int argc, char *argv[]) port[0] = Test->maxscales->rwsplit_port[0]; port[1] = Test->maxscales->readconn_master_port[0]; - port[2] = Test->maxscales->readconn_slave_port[0]; + //port[2] = Test->maxscales->readconn_slave_port[0]; Test->tprintf("Connecting to RWSplit %s\n", Test->maxscales->IP[0]); if (Test->smoke) { - sprintf(&sys1[0], sysbench_prepare1, Test->sysbench_dir, Test->sysbench_dir, Test->maxscales->IP[0]); + sprintf(&sys1[0], SYSBENCH_PREPARE1, Test->maxscales->IP[0]); } else { - sprintf(&sys1[0], sysbench_prepare, Test->sysbench_dir, Test->sysbench_dir, Test->maxscales->IP[0]); + sprintf(&sys1[0], SYSBENCH_PREPARE, Test->maxscales->IP[0]); } Test->tprintf("Preparing sysbench tables\n%s\n", sys1); Test->set_timeout(5000); Test->add_result(system(sys1), "Error executing sysbench prepare\n"); - char *readonly; - char *ro_on = (char *) "on"; - char *ro_off = (char *) "off"; Test->set_timeout(2000); - for (int k = 0; k < 3; k++) + for (int k = 0; k < 2; k++) { Test->tprintf("Trying test with port %d\n", port[k]); pthread_create( &kill_vm_thread1, NULL, kill_vm_thread, NULL); - if (port[k] == Test->maxscales->readconn_slave_port[0] ) - { - readonly = ro_on; - } - else - { - readonly = ro_off; - } if (Test->smoke) { - sprintf(&sys1[0], sysbench_command1, Test->sysbench_dir, Test->sysbench_dir, Test->maxscales->IP[0], port[k], - readonly); + sprintf(&sys1[0], SYSBENCH_COMMAND1, Test->maxscales->IP[0], port[k]); } else { - sprintf(&sys1[0], sysbench_command, Test->sysbench_dir, Test->sysbench_dir, Test->maxscales->IP[0], port[k], - readonly); + sprintf(&sys1[0], SYSBENCH_COMMAND, Test->maxscales->IP[0], port[k]); } Test->tprintf("Executing sysbench tables\n%s\n", sys1); if (system(sys1) != 0) @@ -94,6 +81,7 @@ int main(int argc, char *argv[]) printf("Dropping sysbanch tables!\n"); fflush(stdout); + /* Test->try_query(Test->maxscales->conn_rwsplit[0], (char *) "DROP TABLE sbtest1"); if (!Test->smoke) { @@ -101,6 +89,8 @@ int main(int argc, char *argv[]) Test->try_query(Test->maxscales->conn_rwsplit[0], (char *) "DROP TABLE sbtest3"); Test->try_query(Test->maxscales->conn_rwsplit[0], (char *) "DROP TABLE sbtest4"); } + */ + Test->global_result += execute_query(Test->maxscales->conn_rwsplit[0], (char *) "DROP TABLE sbtest1"); printf("closing connections to MaxScale!\n"); fflush(stdout); diff --git a/maxscale-system-test/testconnections.cpp b/maxscale-system-test/testconnections.cpp index d172832f2..0891af940 100644 --- a/maxscale-system-test/testconnections.cpp +++ b/maxscale-system-test/testconnections.cpp @@ -431,12 +431,6 @@ void TestConnections::read_env() //env = getenv("get_logs_command"); if (env != NULL) {sprintf(get_logs_command, "%s", env);} - env = getenv("sysbench_dir"); - if (env != NULL) - { - sprintf(sysbench_dir, "%s", env); - } - //env = getenv("test_dir"); if (env != NULL) {sprintf(test_dir, "%s", env);} ssl = false; diff --git a/maxscale-system-test/testconnections.h b/maxscale-system-test/testconnections.h index 7d66c5aa6..312607c1f 100644 --- a/maxscale-system-test/testconnections.h +++ b/maxscale-system-test/testconnections.h @@ -27,7 +27,6 @@ typedef std::set StringSet; * - KillVMCommand - Command to kill a node (should handle one parameter: IP address of virtual machine to kill) * - StartVMCommand - Command to restart virtual machine (should handle one parameter: IP address of virtual machine to kill) * - GetLogsCommand - Command to copy log files from node virtual machines (should handle one parameter: IP address of virtual machine to kill) - * - SysbenchDir - path to SysBench directory (sysbanch should be >= 0.5) * - node_N - Number of Master/Slave setup nodes * - node_NNN - IP address of node NNN (NNN - 3 digits node index starting from 000) * - node_port_NNN - MariaDB port for node NNN @@ -117,11 +116,6 @@ public: */ bool use_snapshots; - /** - * @brief SysbenchDir path to SysBench directory (sysbanch should be >= 0.5) - */ - char sysbench_dir[4096]; - /** * @brief copy_mariadb_logs copies MariaDB logs from backend * @param repl Mariadb_nodes object From edd03e950f0e43d0c6a9a7271e3a3cd3a79051b9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20M=C3=A4kel=C3=A4?= Date: Sat, 22 Dec 2018 12:26:03 +0200 Subject: [PATCH 2/5] MXS-2209: Use compound roles only with 10.2.15+ Due to MDEV-15556 and MDEV-15840 recursive CTEs can't be reliably used with older 10.2 versions. To prevent problems, only use the query that extracts composite roles with newer versions. --- server/modules/authenticator/MySQLAuth/dbusers.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/server/modules/authenticator/MySQLAuth/dbusers.c b/server/modules/authenticator/MySQLAuth/dbusers.c index d31bfa016..bda31ba8c 100644 --- a/server/modules/authenticator/MySQLAuth/dbusers.c +++ b/server/modules/authenticator/MySQLAuth/dbusers.c @@ -160,7 +160,8 @@ static char* get_users_query(const char *server_version, int version, bool inclu { if (is_mariadb) // 10.1.1 or newer, supports default roles { - return version >= 100202 ? + // Require 10.2.15 due to MDEV-15840 and MDEV-15556 + return version >= 100215 ? get_mariadb_102_users_query(include_root) : get_mariadb_users_query(include_root); } From d48c17fd089ae1f115df42cbc66dbc931e3beef6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20M=C3=A4kel=C3=A4?= Date: Fri, 28 Dec 2018 15:25:52 +0200 Subject: [PATCH 3/5] MXS-2231: Add Kerberos+SSL test case Added a test case that uses Kerberos services with SSL enabled listeners. --- maxscale-system-test/CMakeLists.txt | 1 + .../cnf/maxscale.cnf.template.kerberos_ssl | 112 ++++++++++++++++++ 2 files changed, 113 insertions(+) create mode 100644 maxscale-system-test/cnf/maxscale.cnf.template.kerberos_ssl diff --git a/maxscale-system-test/CMakeLists.txt b/maxscale-system-test/CMakeLists.txt index ab33a74cb..89d4c0805 100644 --- a/maxscale-system-test/CMakeLists.txt +++ b/maxscale-system-test/CMakeLists.txt @@ -893,6 +893,7 @@ add_test_executable(setup_binlog_gtid.cpp setup_binlog_gtid setup_binlog_gtid LA # works only with yum-based distributions # TODO: make it working with zypper and apt, move part of KDC setup to MDBCI add_test_executable(kerberos_setup.cpp kerberos_setup kerberos LABELS HEAVY gssapi REPL_BACKEND) +add_test_derived(kerberos_setup_ssl kerberos_setup kerberos_ssl LABELS HEAVY gssapi REPL_BACKEND) # Configures 'keepalived' on two Maxscale machines and tried failover add_test_executable(keepalived.cpp keepalived keepalived LABELS REPL_BACKEND TWO_MAXSCALES) diff --git a/maxscale-system-test/cnf/maxscale.cnf.template.kerberos_ssl b/maxscale-system-test/cnf/maxscale.cnf.template.kerberos_ssl new file mode 100644 index 000000000..fea09d0c5 --- /dev/null +++ b/maxscale-system-test/cnf/maxscale.cnf.template.kerberos_ssl @@ -0,0 +1,112 @@ +[maxscale] +threads=###threads### + +[server1] +type=server +address=###node_server_IP_1### +port=###node_server_port_1### +protocol=MySQLBackend +authenticator=GSSAPIBackendAuth + +[server2] +type=server +address=###node_server_IP_2### +port=###node_server_port_2### +protocol=MySQLBackend +authenticator=GSSAPIBackendAuth + +[server3] +type=server +address=###node_server_IP_3### +port=###node_server_port_3### +protocol=MySQLBackend +authenticator=GSSAPIBackendAuth + +[server4] +type=server +address=###node_server_IP_4### +port=###node_server_port_4### +protocol=MySQLBackend +authenticator=GSSAPIBackendAuth + + +[MySQL-Monitor] +type=monitor +module=mysqlmon +servers=server1,server2,server3,server4 +user=maxskysql +password=skysql +monitor_interval=1000 +detect_stale_master=false + +[RW-Split-Router] +type=service +router=readwritesplit +servers=server1,server2,server3,server4 +user=maxskysql +password=skysql +slave_selection_criteria=LEAST_GLOBAL_CONNECTIONS +max_slave_connections=1 + +[Read-Connection-Router-Slave] +type=service +router=readconnroute +router_options=slave +servers=server1,server2,server3,server4 +user=maxskysql +password=skysql + +[Read-Connection-Router-Master] +type=service +router=readconnroute +router_options=master +servers=server1,server2,server3,server4 +user=maxskysql +password=skysql + +[CLI] +type=service +router=cli + +[RW-Split-Listener] +type=listener +service=RW-Split-Router +protocol=MySQLClient +port=4006 +authenticator=GSSAPIAuth +authenticator_options=principal_name=mariadb/maxscale.test@MAXSCALE.TEST +ssl=required +ssl_cert=/###access_homedir###/certs/server-cert.pem +ssl_key=/###access_homedir###/certs/server-key.pem +ssl_ca_cert=/###access_homedir###/certs/ca.pem + + +[Read-Connection-Listener-Slave] +type=listener +service=Read-Connection-Router-Slave +protocol=MySQLClient +port=4009 +authenticator=GSSAPIAuth +authenticator_options=principal_name=mariadb/maxscale.test@MAXSCALE.TEST +ssl=required +ssl_cert=/###access_homedir###/certs/server-cert.pem +ssl_key=/###access_homedir###/certs/server-key.pem +ssl_ca_cert=/###access_homedir###/certs/ca.pem + +[Read-Connection-Listener-Master] +type=listener +service=Read-Connection-Router-Master +protocol=MySQLClient +port=4008 +authenticator=GSSAPIAuth +authenticator_options=principal_name=mariadb/maxscale.test@MAXSCALE.TEST +ssl=required +ssl_cert=/###access_homedir###/certs/server-cert.pem +ssl_key=/###access_homedir###/certs/server-key.pem +ssl_ca_cert=/###access_homedir###/certs/ca.pem + +[CLI-Listener] +type=listener +service=CLI +protocol=maxscaled +socket=default From 04dd05b262e4d7ad9cb5e9b7f38332781081cd4b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20M=C3=A4kel=C3=A4?= Date: Fri, 28 Dec 2018 17:22:44 +0200 Subject: [PATCH 4/5] MXS-2231: Move TLS handshake code into MariaDBClient The code is now in the correct place and TLS connections with all authenticators should now work. --- maxscale-system-test/kerberos_setup.cpp | 10 +++++++--- server/modules/authenticator/MySQLAuth/mysql_auth.c | 5 +++-- .../authenticator/PAM/PAMAuth/pam_client_session.cc | 4 ++-- .../protocol/MySQL/mariadbclient/mysql_client.cc | 8 +++++++- 4 files changed, 19 insertions(+), 8 deletions(-) diff --git a/maxscale-system-test/kerberos_setup.cpp b/maxscale-system-test/kerberos_setup.cpp index 3143cc133..3c05d07ae 100644 --- a/maxscale-system-test/kerberos_setup.cpp +++ b/maxscale-system-test/kerberos_setup.cpp @@ -135,17 +135,17 @@ int main(int argc, char *argv[]) Test->tprintf("Trying use usr1 to execute query: RW Split\n"); Test->add_result( Test->repl->ssh_node(1, - "echo select User,Host from mysql.user | mysql -uusr1 -h maxscale.maxscale.test -P 4006", false), + "echo select User,Host from mysql.user | mysql --ssl -uusr1 -h maxscale.maxscale.test -P 4006", false), "Error executing query against RW Split\n"); Test->tprintf("Trying use usr1 to execute query: Read Connection Master\n"); Test->add_result( Test->repl->ssh_node(1, - "echo select User,Host from mysql.user | mysql -uusr1 -h maxscale.maxscale.test -P 4008", false), + "echo select User,Host from mysql.user | mysql --ssl -uusr1 -h maxscale.maxscale.test -P 4008", false), "Error executing query against Read Connection Master\n"); Test->tprintf("Trying use usr1 to execute query: Read Connection Slave\n"); Test->add_result( Test->repl->ssh_node(1, - "echo select User,Host from mysql.user | mysql -uusr1 -h maxscale.maxscale.test -P 4009", false), + "echo select User,Host from mysql.user | mysql --ssl -uusr1 -h maxscale.maxscale.test -P 4009", false), "Error executing query against Read Connection Slave\n"); for (int i = 0; i < Test->repl->N; i++) @@ -153,6 +153,10 @@ int main(int argc, char *argv[]) Test->repl->ssh_node(i, "sudo rm -f /etc/my.cnf.d/kerb.cnf", true); } + Test->repl->connect(); + Test->try_query(Test->repl->nodes[0], "DROP USER usr1"); + Test->repl->disconnect(); + int rval = Test->global_result; delete Test; return rval; diff --git a/server/modules/authenticator/MySQLAuth/mysql_auth.c b/server/modules/authenticator/MySQLAuth/mysql_auth.c index cb4696a46..0dd30787d 100644 --- a/server/modules/authenticator/MySQLAuth/mysql_auth.c +++ b/server/modules/authenticator/MySQLAuth/mysql_auth.c @@ -276,9 +276,10 @@ static bool is_localhost_address(struct sockaddr_storage *addr) static int mysql_auth_authenticate(DCB *dcb) { - int auth_ret = ssl_authenticate_check_status(dcb); + int auth_ret = MXS_AUTH_SSL_COMPLETE; MYSQL_session *client_data = (MYSQL_session *)dcb->data; - if (auth_ret == MXS_AUTH_SSL_COMPLETE && *client_data->user) + + if (*client_data->user) { MXS_DEBUG("Receiving connection from '%s' to database '%s'.", client_data->user, client_data->db); diff --git a/server/modules/authenticator/PAM/PAMAuth/pam_client_session.cc b/server/modules/authenticator/PAM/PAMAuth/pam_client_session.cc index 229f0bb65..04cb7afec 100644 --- a/server/modules/authenticator/PAM/PAMAuth/pam_client_session.cc +++ b/server/modules/authenticator/PAM/PAMAuth/pam_client_session.cc @@ -288,9 +288,9 @@ Buffer PamClientSession::create_auth_change_packet() const int PamClientSession::authenticate(DCB* dcb) { - int rval = ssl_authenticate_check_status(dcb); + int rval = MXS_AUTH_SSL_COMPLETE; MYSQL_session *ses = static_cast(dcb->data); - if (rval == MXS_AUTH_SSL_COMPLETE && *ses->user) + if (*ses->user) { rval = MXS_AUTH_FAILED; if (m_state == PAM_AUTH_INIT) diff --git a/server/modules/protocol/MySQL/mariadbclient/mysql_client.cc b/server/modules/protocol/MySQL/mariadbclient/mysql_client.cc index 763e8e79a..54fc54824 100644 --- a/server/modules/protocol/MySQL/mariadbclient/mysql_client.cc +++ b/server/modules/protocol/MySQL/mariadbclient/mysql_client.cc @@ -726,7 +726,13 @@ gw_read_do_authentication(DCB *dcb, GWBUF *read_buffer, int nbytes_read) int auth_val = MXS_AUTH_FAILED; if (dcb->authfunc.extract(dcb, read_buffer)) { - auth_val = dcb->authfunc.authenticate(dcb); + auth_val = ssl_authenticate_check_status(dcb); + + if (auth_val == MXS_AUTH_SSL_COMPLETE) + { + // TLS connection phase complete + auth_val = dcb->authfunc.authenticate(dcb); + } } else { From 8f0e4a3034b0594fe3a5a949dd5dc85b6a93392b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20M=C3=A4kel=C3=A4?= Date: Mon, 31 Dec 2018 14:35:55 +0200 Subject: [PATCH 5/5] MXS-2232: Fix version string prefix check The prefix was always added even when the original version would've been acceptable. For example, a version string of 5.5.40 would get converted to 5.5.5-5.5.40 which is quite confusing for older client applications. --- server/modules/protocol/MySQL/mariadbclient/mysql_client.cc | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/server/modules/protocol/MySQL/mariadbclient/mysql_client.cc b/server/modules/protocol/MySQL/mariadbclient/mysql_client.cc index 54fc54824..b13280491 100644 --- a/server/modules/protocol/MySQL/mariadbclient/mysql_client.cc +++ b/server/modules/protocol/MySQL/mariadbclient/mysql_client.cc @@ -220,10 +220,9 @@ std::string get_version_string(SERVICE* service) } // Older applications don't understand versions other than 5 and cause strange problems - const char prefix[] = "5.5.5-"; - - if (strncmp(rval.c_str(), prefix, sizeof(prefix) - 1) != 0) + if (rval[0] != '5') { + const char prefix[] = "5.5.5-"; rval = prefix + rval; }