hcq/MaxScale
hcq/MaxScale
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
MaxScale/maxscale-system-test/kerberos_setup.cpp
Markus Mäkelä af08647fa2 Add variadic ssh function to mariadb_nodes 
The ssh_node function now supports printf style arguments. This is used to
simplify command execution on the nodes.

Curreltny, in addition to its old usage, it is used to drop extra
databases when replication is started.
2017-10-01 10:49:11 +03:00

139 lines
6.1 KiB
C++
Raw Blame History

/**
* @file kerberos_setup.cpp Attempt to configure KDC and try to use passwordless authentification
* - configure KDC on Maxscale machine and Kerberos workstation on all other nodes
* - create MariaDB user which is authentificated via GSSAPI
* - try to login to Maxscale as this GSSAPI user and execute simple query
*/
#include <iostream>
#include "testconnections.h"
int main(int argc, char *argv[])
{
TestConnections * Test = new TestConnections(argc, argv);
Test->set_timeout(1000);
char str[1024];
int i;
// To be moved to MDBCI
Test->tprintf("Creating 'hosts' file\n");
FILE * f;
f = fopen("hosts", "wt");
for (i = 0; i < Test->repl->N; i++)
{
fprintf(f, "%s node_%03d.maxscale.test\n", Test->repl->IP[i], i);
}
fprintf(f, "%s maxscale.maxscale.test\n", Test->maxscale_IP);
fclose(f);
Test->tprintf("Copying 'hosts' and krb5.conf files to all nodes, installing kerberos client and MariaDB plugins\n");
sprintf(str, "%s/krb5.conf", test_dir);
for (i = 0; i < Test->repl->N; i++)
{
Test->repl->ssh_node(i, true, "yum install -y MariaDB-gssapi-server MariaDB-gssapi-client krb5-workstation pam_krb5");
Test->repl->copy_to_node(str, (char *) "~/", i);
Test->repl->ssh_node(i, true, "cp ~/krb5.conf /etc/");
Test->repl->copy_to_node((char *) "hosts", (char *) "~/", i);
Test->repl->ssh_node(i, true, "cp ~/hosts /etc/");
}
Test->tprintf("Copying 'hosts' and krb5.conf files to Maxscale node\n");
Test->copy_to_maxscale((char *) "hosts", (char *) "~/");
Test->ssh_maxscale(true, (char *) "cp ~/hosts /etc/");
Test->copy_to_maxscale(str, (char *) "~/");
Test->ssh_maxscale(true, (char *) "cp ~/krb5.conf /etc/");
Test->tprintf("Instaling Kerberos server packages to Maxscale node\n");
Test->ssh_maxscale(true, (char *) "yum install rng-tools -y");
Test->ssh_maxscale(true, (char *) "rngd -r /dev/urandom -o /dev/random");
Test->ssh_maxscale(true, (char *)
"yum install -y MariaDB-gssapi-server MariaDB-gssapi-client krb5-server krb5-workstation pam_krb5");
Test->tprintf("Configuring Kerberos server\n");
Test->ssh_maxscale(true, (char *) "sed -i \"s/EXAMPLE.COM/MAXSCALE.TEST/\" /var/kerberos/krb5kdc/kdc.conf");
Test->ssh_maxscale(true, (char *) "sed -i \"s/EXAMPLE.COM/MAXSCALE.TEST/\" /var/kerberos/krb5kdc/kadm5.acl");
Test->tprintf("Creating Kerberos DB and admin principal\n");
Test->ssh_maxscale(true, (char *) "kdb5_util create -P skysql -r MAXSCALE.TEST -s");
Test->ssh_maxscale(true, (char *) "kadmin.local -q \"addprinc -pw skysql admin/admin@MAXSCALE.TEST\"");
Test->tprintf("Opening ports 749 and 88\n");
Test->ssh_maxscale(true, (char *) "iptables -I INPUT -p tcp --dport 749 -j ACCEPT");
Test->ssh_maxscale(true, (char *) "iptables -I INPUT -p tcp --dport 88 -j ACCEPT");
Test->tprintf("Starting Kerberos\n");
Test->ssh_maxscale(true, (char *) "service krb5kdc start");
Test->ssh_maxscale(true, (char *) "service kadmin start");
Test->tprintf("Creating principal\n");
Test->ssh_maxscale(true, (char *)
"echo \"skysql\" | sudo kadmin -p admin/admin -q \"addprinc -randkey mariadb/maxscale.test\"");
Test->tprintf("Creating keytab file\n");
Test->ssh_maxscale(true, (char *)
"echo \"skysql\" | sudo kadmin -p admin/admin -q \"ktadd mariadb/maxscale.test\"");
Test->tprintf("Making keytab file readable for all\n");
Test->ssh_maxscale(true, (char *) "chmod a+r /etc/krb5.keytab;");
Test->ssh_maxscale(false, (char *) "kinit mariadb/maxscale.test@MAXSCALE.TEST -k -t /etc/krb5.keytab");
Test->ssh_maxscale(true, (char *)
"su maxscale --login -s /bin/sh -c \"kinit mariadb/maxscale.test@MAXSCALE.TEST -k -t /etc/krb5.keytab\"");
Test->tprintf("Coping keytab file from Maxscale node\n");
Test->copy_from_maxscale((char *) "/etc/krb5.keytab", (char *) ".");
Test->tprintf("Coping keytab and .cnf files to all nodes and executing knit for all nodes\n");
for (i = 0; i < Test->repl->N; i++)
{
sprintf(str, "%s/kerb.cnf", test_dir);
Test->repl->copy_to_node(str, (char *) "~/", i);
Test->repl->ssh_node(i, true, "cp ~/kerb.cnf /etc/my.cnf.d/");
Test->repl->copy_to_node((char *) "krb5.keytab", (char *) "~/", i);
Test->repl->ssh_node(i, true, "cp ~/krb5.keytab /etc/");
Test->repl->ssh_node(i, false, "kinit mariadb/maxscale.test@MAXSCALE.TEST -k -t /etc/krb5.keytab");
}
Test->tprintf("Installing gssapi plugin to all nodes\n");
Test->repl->connect();
Test->repl->execute_query_all_nodes((char *) "INSTALL SONAME 'auth_gssapi'");
Test->repl->close_connections();
Test->tprintf("Creating usr1 user\n");
Test->repl->connect();
Test->try_query(Test->repl->nodes[0],
(char *) "CREATE USER usr1 IDENTIFIED VIA gssapi AS 'mariadb/maxscale.test@MAXSCALE.TEST'");
Test->try_query(Test->repl->nodes[0], (char *) "grant all privileges on *.* to 'usr1'");
Test->repl->close_connections();
Test->tprintf("Trying use usr1 to execute query: RW Split\n");
Test->add_result(
Test->repl->ssh_node(1, false,
"echo select User,Host from mysql.user | mysql -uusr1 -h maxscale.maxscale.test -P 4006"),
"Error executing query against RW Split\n");
Test->tprintf("Trying use usr1 to execute query: Read Connection Master\n");
Test->add_result(
Test->repl->ssh_node(1, false,
"echo select User,Host from mysql.user | mysql -uusr1 -h maxscale.maxscale.test -P 4008"),
"Error executing query against Read Connection Master\n");
Test->tprintf("Trying use usr1 to execute query: Read Connection Slave\n");
Test->add_result(
Test->repl->ssh_node(1, false,
"echo select User,Host from mysql.user | mysql -uusr1 -h maxscale.maxscale.test -P 4009"),
"Error executing query against Read Connection Slave\n");
int rval = Test->global_result;
delete Test;
return rval;
}
Reference in New Issue View Git Blame Copy Permalink