From 3bd3b3c3c2bbd11fb869bcb1c92e884d292cffa7 Mon Sep 17 00:00:00 2001 From: Timofey Turenko Date: Thu, 29 Aug 2019 17:21:49 +0300 Subject: [PATCH] Fix backend SSL tests Due to incorrect SSL certs copying to backend and wrong setting in maxscale.cnf it was not possible to active backend SSL. Additionally, one more maxscale restart added to 'sql_queries' test to reproduce SSL bug in 2.4.1. Also ssl.cnf tuned in order to reproduce SSL bug --- maxscale-system-test/cnf/maxscale.cnf.template.ssl | 2 +- maxscale-system-test/cnf/maxscale.cnf.template.ssl_load | 2 +- .../cnf/maxscale.cnf.template.ssl_load_galera | 2 +- maxscale-system-test/create_user.sh | 2 -- maxscale-system-test/create_user_ssl.sh | 3 +++ maxscale-system-test/mariadb_nodes.cpp | 7 +++++-- maxscale-system-test/sql_queries.cpp | 3 +++ maxscale-system-test/testconnections.cpp | 2 +- 8 files changed, 15 insertions(+), 8 deletions(-) diff --git a/maxscale-system-test/cnf/maxscale.cnf.template.ssl b/maxscale-system-test/cnf/maxscale.cnf.template.ssl index bcb28a863..907337c6f 100755 --- a/maxscale-system-test/cnf/maxscale.cnf.template.ssl +++ b/maxscale-system-test/cnf/maxscale.cnf.template.ssl @@ -6,7 +6,7 @@ log_warning=1 type=monitor module=mysqlmon servers= server1, server2,server3 ,server4 -user=maxskysql +user=skysql password= skysql [RW-Split-Router] diff --git a/maxscale-system-test/cnf/maxscale.cnf.template.ssl_load b/maxscale-system-test/cnf/maxscale.cnf.template.ssl_load index 722e3316d..c73d71153 100755 --- a/maxscale-system-test/cnf/maxscale.cnf.template.ssl_load +++ b/maxscale-system-test/cnf/maxscale.cnf.template.ssl_load @@ -6,7 +6,7 @@ log_warning=1 type=monitor module=mysqlmon servers= server1, server2,server3 ,server4 -user=maxskysql +user=skysql password= skysql [RW-Split-Router] diff --git a/maxscale-system-test/cnf/maxscale.cnf.template.ssl_load_galera b/maxscale-system-test/cnf/maxscale.cnf.template.ssl_load_galera index 06cb00c5b..88993e28c 100755 --- a/maxscale-system-test/cnf/maxscale.cnf.template.ssl_load_galera +++ b/maxscale-system-test/cnf/maxscale.cnf.template.ssl_load_galera @@ -6,7 +6,7 @@ log_warning=1 type=monitor module=galeramon servers=server1,server2,server3,server4 -user=maxskysql +user=skysql password=skysql root_node_as_master=false diff --git a/maxscale-system-test/create_user.sh b/maxscale-system-test/create_user.sh index b8b6064b7..2ff10c209 100755 --- a/maxscale-system-test/create_user.sh +++ b/maxscale-system-test/create_user.sh @@ -19,8 +19,6 @@ CREATE USER 'skysql'@'%' IDENTIFIED BY 'skysql'; GRANT ALL ON *.* TO 'skysql'@'%' WITH GRANT OPTION; DROP USER IF EXISTS 'skysql'@'localhost'; -CREATE USER 'skysql'@'localhost' IDENTIFIED BY 'skysql'; -GRANT ALL ON *.* TO 'skysql'@'localhost' WITH GRANT OPTION; DROP USER IF EXISTS 'maxskysql'@'%'; CREATE USER 'maxskysql'@'%' IDENTIFIED BY 'skysql'; diff --git a/maxscale-system-test/create_user_ssl.sh b/maxscale-system-test/create_user_ssl.sh index 879c57fd1..463da6b1e 100755 --- a/maxscale-system-test/create_user_ssl.sh +++ b/maxscale-system-test/create_user_ssl.sh @@ -3,6 +3,9 @@ echo "DROP USER '$node_user'@'%'" | sudo mysql $1 echo "grant all privileges on *.* to '$node_user'@'%' identified by '$node_password' require ssl WITH GRANT OPTION" echo "grant all privileges on *.* to '$node_user'@'%' identified by '$node_password' require ssl WITH GRANT OPTION" | sudo mysql $1 +echo "drop user '$node_user'@'localhost'" | sudo mysql $1 echo "grant all privileges on *.* to 'maxskysql'@'%' identified by 'skysql' require ssl WITH GRANT OPTION" | sudo mysql $1 echo "grant all privileges on *.* to 'maxuser'@'%' identified by 'maxpwd' require ssl WITH GRANT OPTION" | sudo mysql $1 +echo "grant all privileges on *.* to 'maxskysql'@'localhost' identified by 'skysql' require ssl WITH GRANT OPTION" | sudo mysql $1 +echo "grant all privileges on *.* to 'maxuser'@'localhost' identified by 'maxpwd' require ssl WITH GRANT OPTION" | sudo mysql $1 diff --git a/maxscale-system-test/mariadb_nodes.cpp b/maxscale-system-test/mariadb_nodes.cpp index 4dcb2c7ac..e43696709 100644 --- a/maxscale-system-test/mariadb_nodes.cpp +++ b/maxscale-system-test/mariadb_nodes.cpp @@ -1182,8 +1182,11 @@ int Mariadb_nodes::configure_ssl(bool require) local_result += copy_to_node_legacy(str, (char*) "~/", i); sprintf(str, "%s/ssl.cnf", test_dir); local_result += copy_to_node_legacy(str, (char*) "~/", i); - local_result += ssh_node(i, (char*) "cp ~/ssl.cnf /etc/my.cnf.d/", true); - local_result += ssh_node(i, (char*) "cp -r ~/ssl-cert /etc/", true); + sprintf(str, "cp %s/ssl.cnf /etc/my.cnf.d/", access_homedir[i]); + local_result += ssh_node(i, str, true); + + sprintf(str, "cp -r %s/ssl-cert /etc/", access_homedir[i]); + local_result += ssh_node(i, str, true); local_result += ssh_node(i, (char*) "chown mysql:mysql -R /etc/ssl-cert", true); start_node(i, (char*) ""); } diff --git a/maxscale-system-test/sql_queries.cpp b/maxscale-system-test/sql_queries.cpp index 39738ae05..4bdb465c3 100644 --- a/maxscale-system-test/sql_queries.cpp +++ b/maxscale-system-test/sql_queries.cpp @@ -111,6 +111,9 @@ int main(int argc, char* argv[]) Test->check_maxscale_alive(0); + Test->maxscales->restart_maxscale(0); + Test->check_maxscale_alive(0); + int rval = Test->global_result; delete Test; return rval; diff --git a/maxscale-system-test/testconnections.cpp b/maxscale-system-test/testconnections.cpp index 913760723..caf5e3f64 100644 --- a/maxscale-system-test/testconnections.cpp +++ b/maxscale-system-test/testconnections.cpp @@ -800,7 +800,7 @@ void TestConnections::process_template(int m, const char* template_name, const c if (backend_ssl) { tprintf("Adding ssl settings\n"); - system("sed -i \"s|type=server|type=server\\nssl=required\\nssl_cert=/###access_homedir###/certs/client-cert.pem\\nssl_key=/###access_homedir###/certs/client-key.pem\\nssl_ca_cert=/###access_homedir###/certs/ca.pem|g\" maxscale.cnf"); + system("sed -i \"s|type=server|type=server\\nssl=required\\nssl_cert=/###access_homedir###/certs/client-cert.pem\\nssl_key=/###access_homedir###/certs/client-key.pem\\nssl_ca_cert=/###access_homedir###/certs/ca.pem\\nssl_cert_verify_depth=9\\nssl_version=MAX|g\" maxscale.cnf"); } sprintf(str, "sed -i \"s/###threads###/%d/\" maxscale.cnf", threads);