hcq/MaxScale
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

MXS-2231: Add Kerberos+SSL test case

Browse Source 
Added a test case that uses Kerberos services with SSL enabled listeners.
This commit is contained in:
Markus Mäkelä
2018-12-28 15:25:52 +02:00
parent edd03e950f
commit d48c17fd08
2 changed files with 113 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
maxscale-system-test/CMakeLists.txt
View File

@ -893,6 +893,7 @@ add_test_executable(setup_binlog_gtid.cpp setup_binlog_gtid setup_binlog_gtid LA
# works only with yum-based distributions # works only with yum-based distributions
# TODO: make it working with zypper and apt, move part of KDC setup to MDBCI # TODO: make it working with zypper and apt, move part of KDC setup to MDBCI
add_test_executable(kerberos_setup.cpp kerberos_setup kerberos LABELS HEAVY gssapi REPL_BACKEND) add_test_executable(kerberos_setup.cpp kerberos_setup kerberos LABELS HEAVY gssapi REPL_BACKEND)
add_test_derived(kerberos_setup_ssl kerberos_setup kerberos_ssl LABELS HEAVY gssapi REPL_BACKEND)
# Configures 'keepalived' on two Maxscale machines and tried failover # Configures 'keepalived' on two Maxscale machines and tried failover
add_test_executable(keepalived.cpp keepalived keepalived LABELS REPL_BACKEND TWO_MAXSCALES) add_test_executable(keepalived.cpp keepalived keepalived LABELS REPL_BACKEND TWO_MAXSCALES)

112
maxscale-system-test/cnf/maxscale.cnf.template.kerberos_ssl Normal file
View File

@ -0,0 +1,112 @@
[maxscale]
threads=###threads###
[server1]
type=server
address=###node_server_IP_1###
port=###node_server_port_1###
protocol=MySQLBackend
authenticator=GSSAPIBackendAuth
[server2]
type=server
address=###node_server_IP_2###
port=###node_server_port_2###
protocol=MySQLBackend
authenticator=GSSAPIBackendAuth
[server3]
type=server
address=###node_server_IP_3###
port=###node_server_port_3###
protocol=MySQLBackend
authenticator=GSSAPIBackendAuth
[server4]
type=server
address=###node_server_IP_4###
port=###node_server_port_4###
protocol=MySQLBackend
authenticator=GSSAPIBackendAuth
[MySQL-Monitor]
type=monitor
module=mysqlmon
servers=server1,server2,server3,server4
user=maxskysql
password=skysql
monitor_interval=1000
detect_stale_master=false
[RW-Split-Router]
type=service
router=readwritesplit
servers=server1,server2,server3,server4
user=maxskysql
password=skysql
slave_selection_criteria=LEAST_GLOBAL_CONNECTIONS
max_slave_connections=1
[Read-Connection-Router-Slave]
type=service
router=readconnroute
router_options=slave
servers=server1,server2,server3,server4
user=maxskysql
password=skysql
[Read-Connection-Router-Master]
type=service
router=readconnroute
router_options=master
servers=server1,server2,server3,server4
user=maxskysql
password=skysql
[CLI]
type=service
router=cli
[RW-Split-Listener]
type=listener
service=RW-Split-Router
protocol=MySQLClient
port=4006
authenticator=GSSAPIAuth
authenticator_options=principal_name=mariadb/maxscale.test@MAXSCALE.TEST
ssl=required
ssl_cert=/###access_homedir###/certs/server-cert.pem
ssl_key=/###access_homedir###/certs/server-key.pem
ssl_ca_cert=/###access_homedir###/certs/ca.pem
[Read-Connection-Listener-Slave]
type=listener
service=Read-Connection-Router-Slave
protocol=MySQLClient
port=4009
authenticator=GSSAPIAuth
authenticator_options=principal_name=mariadb/maxscale.test@MAXSCALE.TEST
ssl=required
ssl_cert=/###access_homedir###/certs/server-cert.pem
ssl_key=/###access_homedir###/certs/server-key.pem
ssl_ca_cert=/###access_homedir###/certs/ca.pem
[Read-Connection-Listener-Master]
type=listener
service=Read-Connection-Router-Master
protocol=MySQLClient
port=4008
authenticator=GSSAPIAuth
authenticator_options=principal_name=mariadb/maxscale.test@MAXSCALE.TEST
ssl=required
ssl_cert=/###access_homedir###/certs/server-cert.pem
ssl_key=/###access_homedir###/certs/server-key.pem
ssl_ca_cert=/###access_homedir###/certs/ca.pem
[CLI-Listener]
type=listener
service=CLI
protocol=maxscaled
socket=default