From d48c17fd089ae1f115df42cbc66dbc931e3beef6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20M=C3=A4kel=C3=A4?= Date: Fri, 28 Dec 2018 15:25:52 +0200 Subject: [PATCH] MXS-2231: Add Kerberos+SSL test case Added a test case that uses Kerberos services with SSL enabled listeners. --- maxscale-system-test/CMakeLists.txt | 1 + .../cnf/maxscale.cnf.template.kerberos_ssl | 112 ++++++++++++++++++ 2 files changed, 113 insertions(+) create mode 100644 maxscale-system-test/cnf/maxscale.cnf.template.kerberos_ssl diff --git a/maxscale-system-test/CMakeLists.txt b/maxscale-system-test/CMakeLists.txt index ab33a74cb..89d4c0805 100644 --- a/maxscale-system-test/CMakeLists.txt +++ b/maxscale-system-test/CMakeLists.txt @@ -893,6 +893,7 @@ add_test_executable(setup_binlog_gtid.cpp setup_binlog_gtid setup_binlog_gtid LA # works only with yum-based distributions # TODO: make it working with zypper and apt, move part of KDC setup to MDBCI add_test_executable(kerberos_setup.cpp kerberos_setup kerberos LABELS HEAVY gssapi REPL_BACKEND) +add_test_derived(kerberos_setup_ssl kerberos_setup kerberos_ssl LABELS HEAVY gssapi REPL_BACKEND) # Configures 'keepalived' on two Maxscale machines and tried failover add_test_executable(keepalived.cpp keepalived keepalived LABELS REPL_BACKEND TWO_MAXSCALES) diff --git a/maxscale-system-test/cnf/maxscale.cnf.template.kerberos_ssl b/maxscale-system-test/cnf/maxscale.cnf.template.kerberos_ssl new file mode 100644 index 000000000..fea09d0c5 --- /dev/null +++ b/maxscale-system-test/cnf/maxscale.cnf.template.kerberos_ssl @@ -0,0 +1,112 @@ +[maxscale] +threads=###threads### + +[server1] +type=server +address=###node_server_IP_1### +port=###node_server_port_1### +protocol=MySQLBackend +authenticator=GSSAPIBackendAuth + +[server2] +type=server +address=###node_server_IP_2### +port=###node_server_port_2### +protocol=MySQLBackend +authenticator=GSSAPIBackendAuth + +[server3] +type=server +address=###node_server_IP_3### +port=###node_server_port_3### +protocol=MySQLBackend +authenticator=GSSAPIBackendAuth + +[server4] +type=server +address=###node_server_IP_4### +port=###node_server_port_4### +protocol=MySQLBackend +authenticator=GSSAPIBackendAuth + + +[MySQL-Monitor] +type=monitor +module=mysqlmon +servers=server1,server2,server3,server4 +user=maxskysql +password=skysql +monitor_interval=1000 +detect_stale_master=false + +[RW-Split-Router] +type=service +router=readwritesplit +servers=server1,server2,server3,server4 +user=maxskysql +password=skysql +slave_selection_criteria=LEAST_GLOBAL_CONNECTIONS +max_slave_connections=1 + +[Read-Connection-Router-Slave] +type=service +router=readconnroute +router_options=slave +servers=server1,server2,server3,server4 +user=maxskysql +password=skysql + +[Read-Connection-Router-Master] +type=service +router=readconnroute +router_options=master +servers=server1,server2,server3,server4 +user=maxskysql +password=skysql + +[CLI] +type=service +router=cli + +[RW-Split-Listener] +type=listener +service=RW-Split-Router +protocol=MySQLClient +port=4006 +authenticator=GSSAPIAuth +authenticator_options=principal_name=mariadb/maxscale.test@MAXSCALE.TEST +ssl=required +ssl_cert=/###access_homedir###/certs/server-cert.pem +ssl_key=/###access_homedir###/certs/server-key.pem +ssl_ca_cert=/###access_homedir###/certs/ca.pem + + +[Read-Connection-Listener-Slave] +type=listener +service=Read-Connection-Router-Slave +protocol=MySQLClient +port=4009 +authenticator=GSSAPIAuth +authenticator_options=principal_name=mariadb/maxscale.test@MAXSCALE.TEST +ssl=required +ssl_cert=/###access_homedir###/certs/server-cert.pem +ssl_key=/###access_homedir###/certs/server-key.pem +ssl_ca_cert=/###access_homedir###/certs/ca.pem + +[Read-Connection-Listener-Master] +type=listener +service=Read-Connection-Router-Master +protocol=MySQLClient +port=4008 +authenticator=GSSAPIAuth +authenticator_options=principal_name=mariadb/maxscale.test@MAXSCALE.TEST +ssl=required +ssl_cert=/###access_homedir###/certs/server-cert.pem +ssl_key=/###access_homedir###/certs/server-key.pem +ssl_ca_cert=/###access_homedir###/certs/ca.pem + +[CLI-Listener] +type=listener +service=CLI +protocol=maxscaled +socket=default