158 lines
		
	
	
		
			7.5 KiB
		
	
	
	
		
			C++
		
	
	
	
	
	
			
		
		
	
	
			158 lines
		
	
	
		
			7.5 KiB
		
	
	
	
		
			C++
		
	
	
	
	
	
| /**
 | |
|  * @file kerberos_setup.cpp Attempt to configure KDC and try to use passwordless authentification
 | |
|  * - configure KDC on Maxscale machine and Kerberos workstation on all other nodes
 | |
|  * - create MariaDB user which is authentificated via GSSAPI
 | |
|  * - try to login to Maxscale as this GSSAPI user and execute simple query
 | |
|  */
 | |
| 
 | |
| 
 | |
| #include <iostream>
 | |
| #include "testconnections.h"
 | |
| 
 | |
| int main(int argc, char *argv[])
 | |
| {
 | |
|     TestConnections * Test = new TestConnections(argc, argv);
 | |
|     Test->set_timeout(1000);
 | |
|     char str[1024];
 | |
|     char str1[1024];
 | |
| 
 | |
|     int i;
 | |
| 
 | |
|     // To be moved to MDBCI
 | |
|     Test->tprintf("Creating 'hosts' file\n");
 | |
|     FILE * f;
 | |
|     f = fopen("hosts", "wt");
 | |
|     for (i = 0; i < Test->repl->N; i++)
 | |
|     {
 | |
|         fprintf(f, "%s node_%03d.maxscale.test\n", Test->repl->IP[i], i);
 | |
|         fprintf(f, "%s node_%03d\n", Test->repl->IP[i], i);
 | |
|     }
 | |
|     fprintf(f, "%s maxscale.maxscale.test\n", Test->maxscales->IP[0]);
 | |
|     fprintf(f, "%s maxscale\n", Test->maxscales->IP[0]);
 | |
|     fclose(f);
 | |
| 
 | |
|     Test->tprintf("Copying 'hosts' and krb5.conf files to all nodes, installing kerberos client and MariaDB plugins\n");
 | |
|     sprintf(str, "%s/krb5.conf", test_dir);
 | |
|     for (i = 0; i < Test->repl->N; i++)
 | |
|     {
 | |
|         Test->repl->ssh_node(i, (char *)
 | |
|                              "yum clean all", true);
 | |
|         Test->repl->ssh_node(i, (char *)
 | |
|                              "yum install -y MariaDB-gssapi-server MariaDB-gssapi-client krb5-workstation pam_krb5", true);
 | |
|         Test->repl->copy_to_node_legacy(str, Test->repl->access_homedir[i], i);
 | |
|         sprintf(str1, "cp %s/krb5.conf /etc/", Test->repl->access_homedir[i]);
 | |
|         Test->repl->ssh_node(i, str1, true);
 | |
| 
 | |
|         Test->repl->copy_to_node_legacy((char *) "hosts", Test->repl->access_homedir[i], i);
 | |
|         sprintf(str1, "cp %s/hosts /etc/", Test->repl->access_homedir[i]);
 | |
|         Test->repl->ssh_node(i, str1, true);
 | |
|     }
 | |
| 
 | |
|     Test->tprintf("Copying 'hosts' and krb5.conf files to Maxscale node\n");
 | |
| 
 | |
|     Test->maxscales->copy_to_node_legacy((char *) "hosts", Test->maxscales->access_homedir[0], 0);
 | |
|     Test->maxscales->ssh_node_f(0, true,  (char *) "cp %s/hosts /etc/", Test->maxscales->access_homedir[0]);
 | |
| 
 | |
|     Test->maxscales->copy_to_node_legacy(str, Test->maxscales->access_homedir[0], 0);
 | |
|     Test->maxscales->ssh_node_f(0, true,  (char *) "cp %s/krb5.conf /etc/", Test->maxscales->access_homedir[0]);
 | |
| 
 | |
|     Test->tprintf("Instaling Kerberos server packages to Maxscale node\n");
 | |
|     Test->maxscales->ssh_node(0, (char *) "yum clean all", true);
 | |
|     Test->maxscales->ssh_node(0, (char *) "yum install rng-tools -y", true);
 | |
|     Test->maxscales->ssh_node(0, (char *) "rngd -r /dev/urandom -o /dev/random", true);
 | |
| 
 | |
|     Test->maxscales->ssh_node_f(0, true, (char *)
 | |
|                                 "yum install -y MariaDB-gssapi-server MariaDB-gssapi-client krb5-server krb5-workstation pam_krb5", true);
 | |
| 
 | |
|     Test->tprintf("Configuring Kerberos server\n");
 | |
|     Test->maxscales->ssh_node(0, (char *)
 | |
|                               "sed -i \"s/EXAMPLE.COM/MAXSCALE.TEST/\" /var/kerberos/krb5kdc/kdc.conf", true);
 | |
|     Test->maxscales->ssh_node(0, (char *)
 | |
|                               "sed -i \"s/EXAMPLE.COM/MAXSCALE.TEST/\" /var/kerberos/krb5kdc/kadm5.acl", true);
 | |
|     Test->tprintf("Creating Kerberos DB and admin principal\n");
 | |
|     Test->maxscales->ssh_node(0, (char *) "kdb5_util create -P skysql -r MAXSCALE.TEST -s", true);
 | |
|     Test->maxscales->ssh_node(0, (char *) "kadmin.local -q \"addprinc -pw skysql admin/admin@MAXSCALE.TEST\"",
 | |
|                               true);
 | |
| 
 | |
|     Test->tprintf("Opening ports 749 and 88\n");
 | |
|     Test->maxscales->ssh_node(0, (char *) "iptables -I INPUT -p tcp --dport 749 -j ACCEPT", true);
 | |
|     Test->maxscales->ssh_node(0, (char *) "iptables -I INPUT -p tcp --dport 88 -j ACCEPT", true);
 | |
| 
 | |
|     Test->tprintf("Starting Kerberos\n");
 | |
|     Test->maxscales->ssh_node(0, (char *) "service krb5kdc start", true);
 | |
|     Test->maxscales->ssh_node(0, (char *) "service kadmin start", true);
 | |
| 
 | |
|     Test->tprintf("Creating principal\n");
 | |
|     Test->maxscales->ssh_node(0, (char *)
 | |
|                               "echo \"skysql\" | sudo kadmin -p admin/admin -q \"addprinc -randkey mariadb/maxscale.test\"", true);
 | |
| 
 | |
|     Test->tprintf("Creating keytab file\n");
 | |
|     Test->maxscales->ssh_node(0, (char *)
 | |
|                               "echo \"skysql\" | sudo kadmin -p admin/admin -q \"ktadd mariadb/maxscale.test\"", true);
 | |
| 
 | |
|     Test->tprintf("Making keytab file readable for all\n");
 | |
|     Test->maxscales->ssh_node(0, (char *) "chmod a+r /etc/krb5.keytab;", true);
 | |
| 
 | |
|     Test->maxscales->ssh_node(0, (char *) "kinit mariadb/maxscale.test@MAXSCALE.TEST -k -t /etc/krb5.keytab",
 | |
|                               false);
 | |
|     Test->maxscales->ssh_node(0, (char *)
 | |
|                               "mkdir -p /home/maxscale", true);
 | |
|     Test->maxscales->ssh_node(0, (char *)
 | |
|                               "su maxscale --login -s /bin/sh -c \"kinit mariadb/maxscale.test@MAXSCALE.TEST -k -t /etc/krb5.keytab\"",
 | |
|                               true);
 | |
| 
 | |
|     Test->tprintf("Coping keytab file from Maxscale node\n");
 | |
|     Test->maxscales->copy_from_node_legacy((char *) "/etc/krb5.keytab", (char *) ".", 0);
 | |
| 
 | |
|     Test->tprintf("Coping keytab and .cnf files to all nodes and executing knit for all nodes\n");
 | |
|     for (i = 0; i < Test->repl->N; i++)
 | |
|     {
 | |
|         sprintf(str, "%s/kerb.cnf", test_dir);
 | |
|         Test->repl->copy_to_node_legacy(str,  Test->repl->access_homedir[i], i);
 | |
|         Test->repl->ssh_node_f(i, true, "cp %s/kerb.cnf /etc/my.cnf.d/", Test->repl->access_homedir[i]);
 | |
| 
 | |
|         Test->repl->copy_to_node_legacy((char *) "krb5.keytab",  Test->repl->access_homedir[i], i);
 | |
|         Test->repl->ssh_node(i, (char *) "cp ~/krb5.keytab /etc/", true);
 | |
|         Test->repl->ssh_node_f(i, true, "cp %s/krb5.keytab /etc/", Test->repl->access_homedir[i]);
 | |
| 
 | |
|         Test->repl->ssh_node(i, (char *) "kinit mariadb/maxscale.test@MAXSCALE.TEST -k -t /etc/krb5.keytab", false);
 | |
|     }
 | |
| 
 | |
|     Test->tprintf("Installing gssapi plugin to all nodes\n");
 | |
|     Test->repl->connect();
 | |
|     Test->repl->execute_query_all_nodes((char *) "INSTALL SONAME 'auth_gssapi'");
 | |
|     Test->repl->close_connections();
 | |
| 
 | |
|     Test->tprintf("Creating usr1 user\n");
 | |
|     Test->repl->connect();
 | |
|     Test->try_query(Test->repl->nodes[0],
 | |
|                     (char *) "CREATE USER usr1 IDENTIFIED VIA gssapi AS 'mariadb/maxscale.test@MAXSCALE.TEST'");
 | |
|     Test->try_query(Test->repl->nodes[0], (char *) "grant all privileges on  *.* to 'usr1'");
 | |
|     Test->repl->close_connections();
 | |
| 
 | |
|     Test->tprintf("Trying use usr1 to execute query: RW Split\n");
 | |
|     Test->add_result(
 | |
|         Test->repl->ssh_node(1,
 | |
|                              "echo select User,Host from mysql.user | mysql -uusr1 -h maxscale.maxscale.test -P 4006", false),
 | |
|         "Error executing query against RW Split\n");
 | |
|     Test->tprintf("Trying use usr1 to execute query: Read Connection Master\n");
 | |
|     Test->add_result(
 | |
|         Test->repl->ssh_node(1,
 | |
|                              "echo select User,Host from mysql.user | mysql -uusr1 -h maxscale.maxscale.test -P 4008", false),
 | |
|         "Error executing query against Read Connection Master\n");
 | |
|     Test->tprintf("Trying use usr1 to execute query: Read Connection Slave\n");
 | |
|     Test->add_result(
 | |
|         Test->repl->ssh_node(1,
 | |
|                              "echo select User,Host from mysql.user | mysql -uusr1 -h maxscale.maxscale.test -P 4009", false),
 | |
|         "Error executing query against Read Connection Slave\n");
 | |
| 
 | |
|     for (int i = 0; i < Test->repl->N; i++)
 | |
|     {
 | |
|         Test->repl->ssh_node(i, "sudo rm -f /etc/my.cnf.d/kerb.cnf", true);
 | |
|     }
 | |
| 
 | |
|     int rval = Test->global_result;
 | |
|     delete Test;
 | |
|     return rval;
 | |
| }
 | 
