diff options
author | Marko Mäkelä <marko.makela@mariadb.com> | 2021-05-10 09:09:50 +0300 |
---|---|---|
committer | Marko Mäkelä <marko.makela@mariadb.com> | 2021-05-10 09:09:50 +0300 |
commit | 98e6159892ae36d4ab82ce8f43b7e7bc0ab6bfa2 (patch) | |
tree | a9cd2b7610de5500583fe726a97fb8705bc6ccec /mysql-test/suite/galera/t | |
parent | 72753d2b65fe375d23954b877a48350adadeb4e4 (diff) | |
parent | d0785f773188b5f0eebb3135b320b2bac628f2f2 (diff) | |
download | mariadb-git-98e6159892ae36d4ab82ce8f43b7e7bc0ab6bfa2.tar.gz |
Merge 10.2 into 10.3
Diffstat (limited to 'mysql-test/suite/galera/t')
8 files changed, 153 insertions, 9 deletions
diff --git a/mysql-test/suite/galera/t/galera_ssl_upgrade.test b/mysql-test/suite/galera/t/galera_ssl_upgrade.test index 33c5a43df9d..4d6b9159c78 100644 --- a/mysql-test/suite/galera/t/galera_ssl_upgrade.test +++ b/mysql-test/suite/galera/t/galera_ssl_upgrade.test @@ -8,16 +8,16 @@ --source include/have_innodb.inc --source include/have_ssl_communication.inc -call mtr.add_suppression("WSREP: write_handler(): protocol is shutdown"); - -SELECT VARIABLE_VALUE = 'Synced' FROM INFORMATION_SCHEMA.GLOBAL_STATUS WHERE VARIABLE_NAME = 'wsrep_local_state_comment'; -SELECT VARIABLE_VALUE = 2 FROM INFORMATION_SCHEMA.GLOBAL_STATUS WHERE VARIABLE_NAME = 'wsrep_cluster_size'; - --connection node_1 call mtr.add_suppression("WSREP: write_handler(): protocol is shutdown.*"); --connection node_2 call mtr.add_suppression("WSREP: write_handler(): protocol is shutdown.*"); +# Save original auto_increment_offset values. +--let $node_1=node_1 +--let $node_2=node_2 +--source include/auto_increment_offset_save.inc + # Setup galera ports --connection node_1 --source suite/galera/include/galera_base_port.inc @@ -27,6 +27,9 @@ call mtr.add_suppression("WSREP: write_handler(): protocol is shutdown.*"); --source suite/galera/include/galera_base_port.inc --let $NODE_GALERAPORT_2 = $_NODE_GALERAPORT +SELECT VARIABLE_VALUE = 'Synced' FROM INFORMATION_SCHEMA.GLOBAL_STATUS WHERE VARIABLE_NAME = 'wsrep_local_state_comment'; +SELECT VARIABLE_VALUE = 2 FROM INFORMATION_SCHEMA.GLOBAL_STATUS WHERE VARIABLE_NAME = 'wsrep_cluster_size'; + # 2. Restart node #1 with a socket.ssl_ca that includes both the new and the old certificate --connection node_1 @@ -40,7 +43,7 @@ call mtr.add_suppression("WSREP: write_handler(): protocol is shutdown.*"); --source include/wait_condition.inc SELECT VARIABLE_VALUE = 2 FROM INFORMATION_SCHEMA.GLOBAL_STATUS WHERE VARIABLE_NAME = 'wsrep_cluster_size'; -# 3. Restart node #2 with the new socket.ssl_ca , socket.ssl_cert and socket.ssl_key +# 3. Restart node #2 with the new socket.ssl_ca , socket.ssl_cert and socket.ssl_key --connection node_2 --source include/shutdown_mysqld.inc @@ -52,7 +55,7 @@ SELECT VARIABLE_VALUE = 2 FROM INFORMATION_SCHEMA.GLOBAL_STATUS WHERE VARIABLE_N --source include/wait_condition.inc SELECT VARIABLE_VALUE = 2 FROM INFORMATION_SCHEMA.GLOBAL_STATUS WHERE VARIABLE_NAME = 'wsrep_cluster_size'; -# 4. Restart node #1 with the new socket.ssl_ca , socket.ssl_cert and socket.ssl_key +# 4. Restart node #1 with the new socket.ssl_ca , socket.ssl_cert and socket.ssl_key --connection node_1 --source include/shutdown_mysqld.inc @@ -65,3 +68,8 @@ SELECT VARIABLE_VALUE = 2 FROM INFORMATION_SCHEMA.GLOBAL_STATUS WHERE VARIABLE_N SELECT VARIABLE_VALUE = 2 FROM INFORMATION_SCHEMA.GLOBAL_STATUS WHERE VARIABLE_NAME = 'wsrep_cluster_size'; # Upgrade complete. Both nodes now use the new key and certificate + +# Restore original auto_increment_offset values. +--source include/auto_increment_offset_restore.inc + +--source include/galera_end.inc diff --git a/mysql-test/suite/galera/t/galera_sst_mariabackup_encrypt_with_key.test b/mysql-test/suite/galera/t/galera_sst_mariabackup_encrypt_with_key.test index 4449ea43c43..523d44102dd 100644 --- a/mysql-test/suite/galera/t/galera_sst_mariabackup_encrypt_with_key.test +++ b/mysql-test/suite/galera/t/galera_sst_mariabackup_encrypt_with_key.test @@ -1,6 +1,8 @@ # -# This test checks that key and cert encryption options can be passed to mariabackup via the my.cnf file -# Initial SST happens via mariabackup, so there is not much to do in the body of the test +# This test checks that key and cert encryption options can be passed to +# mariabackup via the my.cnf file +# Initial SST happens via mariabackup, so there is not much to do in the body +# of the test # --source include/big_test.inc @@ -12,3 +14,11 @@ SELECT 1; --let $wait_condition = SELECT VARIABLE_VALUE = 2 FROM INFORMATION_SCHEMA.GLOBAL_STATUS WHERE VARIABLE_NAME = 'wsrep_cluster_size'; --source include/wait_condition.inc + +# Confirm that transfer was SSL-encrypted +--let $assert_text = Using openssl based encryption with socat +--let $assert_select = Using openssl based encryption with socat: with key and crt +--let $assert_count = 1 +--let $assert_file = $MYSQLTEST_VARDIR/log/mysqld.1.err +--let $assert_only_after = CURRENT_TEST +--source include/assert_grep.inc diff --git a/mysql-test/suite/galera/t/galera_sst_mariabackup_encrypt_with_key_server.cnf b/mysql-test/suite/galera/t/galera_sst_mariabackup_encrypt_with_key_server.cnf new file mode 100644 index 00000000000..12fca48e065 --- /dev/null +++ b/mysql-test/suite/galera/t/galera_sst_mariabackup_encrypt_with_key_server.cnf @@ -0,0 +1,13 @@ +!include ../galera_2nodes.cnf + +[mysqld] +wsrep_sst_method=mariabackup +wsrep_sst_auth="root:" +wsrep_debug=ON + +ssl-cert=@ENV.MYSQL_TEST_DIR/std_data/client-cert.pem +ssl-key=@ENV.MYSQL_TEST_DIR/std_data/client-key.pem +ssl-ca=@ENV.MYSQL_TEST_DIR/std_data/cacert.pem + +[sst] +ssl-mode=VERIFY_CA
\ No newline at end of file diff --git a/mysql-test/suite/galera/t/galera_sst_mariabackup_encrypt_with_key_server.test b/mysql-test/suite/galera/t/galera_sst_mariabackup_encrypt_with_key_server.test new file mode 100644 index 00000000000..19ebd0cf51e --- /dev/null +++ b/mysql-test/suite/galera/t/galera_sst_mariabackup_encrypt_with_key_server.test @@ -0,0 +1,25 @@ +# +# This test checks that if SST SSL is not explicitly donfigured mariabackup SST +# uses server SSL configuration if present. +# Initial SST happens via mariabackup, so there is not much to do in the body +# of the test +# + +--source include/big_test.inc +--source include/galera_cluster.inc +--source include/have_innodb.inc +--source include/have_mariabackup.inc +--source include/have_ssl_communication.inc + +SELECT 1; + +--let $wait_condition = SELECT VARIABLE_VALUE = 2 FROM INFORMATION_SCHEMA.GLOBAL_STATUS WHERE VARIABLE_NAME = 'wsrep_cluster_size'; +--source include/wait_condition.inc + +# Confirm that transfer was SSL-encrypted +--let $assert_text = Using openssl based encryption with socat +--let $assert_select = Using openssl based encryption with socat: with key and c +--let $assert_count = 1 +--let $assert_file = $MYSQLTEST_VARDIR/log/mysqld.1.err +--let $assert_only_after = CURRENT_TEST +--source include/assert_grep.inc diff --git a/mysql-test/suite/galera/t/galera_sst_rsync_encrypt_with_key.cnf b/mysql-test/suite/galera/t/galera_sst_rsync_encrypt_with_key.cnf new file mode 100644 index 00000000000..f131088f582 --- /dev/null +++ b/mysql-test/suite/galera/t/galera_sst_rsync_encrypt_with_key.cnf @@ -0,0 +1,15 @@ +!include ../galera_2nodes.cnf + +[mysqld] +wsrep_sst_method=rsync + +[sst] +tkey=@ENV.MYSQL_TEST_DIR/std_data/server-key.pem +tcert=@ENV.MYSQL_TEST_DIR/std_data/server-cert.pem + +[mysqld.1] +wsrep_provider_options='base_port=@mysqld.1.#galera_port;gcache.size=1;pc.ignore_sb=true' + +[mysqld.2] +wsrep_provider_options='base_port=@mysqld.2.#galera_port;gcache.size=1;pc.ignore_sb=true' + diff --git a/mysql-test/suite/galera/t/galera_sst_rsync_encrypt_with_key.test b/mysql-test/suite/galera/t/galera_sst_rsync_encrypt_with_key.test new file mode 100644 index 00000000000..505f7e7626d --- /dev/null +++ b/mysql-test/suite/galera/t/galera_sst_rsync_encrypt_with_key.test @@ -0,0 +1,28 @@ +--source include/big_test.inc +--source include/galera_cluster.inc +--source include/have_debug.inc + +# Save original auto_increment_offset values. +--let $node_1=node_1 +--let $node_2=node_2 +--source include/auto_increment_offset_save.inc + +--connection node_2 +CALL mtr.add_suppression("\\[ERROR\\] .*ib_buffer_pool' for reading: No such file or directory"); + +--connection node_1 +--source suite/galera/include/galera_st_shutdown_slave.inc +--source suite/galera/include/galera_st_clean_slave.inc + +--source suite/galera/include/galera_st_kill_slave.inc +--source suite/galera/include/galera_st_kill_slave_ddl.inc + +# Confirm that transfer was SSL-encrypted +--let $assert_text = Using stunnel for SSL encryption +--let $assert_select = Using stunnel for SSL encryption +--let $assert_count = 5 +--let $assert_file = $MYSQLTEST_VARDIR/log/mysqld.1.err +--let $assert_only_after = CURRENT_TEST +--source include/assert_grep.inc + +--source include/auto_increment_offset_restore.inc diff --git a/mysql-test/suite/galera/t/galera_sst_rsync_encrypt_with_server.cnf b/mysql-test/suite/galera/t/galera_sst_rsync_encrypt_with_server.cnf new file mode 100644 index 00000000000..8e31e69a590 --- /dev/null +++ b/mysql-test/suite/galera/t/galera_sst_rsync_encrypt_with_server.cnf @@ -0,0 +1,17 @@ +!include ../galera_2nodes.cnf + +[mysqld] +wsrep_sst_method=rsync +ssl-cert=@ENV.MYSQL_TEST_DIR/std_data/client-cert.pem +ssl-key=@ENV.MYSQL_TEST_DIR/std_data/client-key.pem +ssl-ca=@ENV.MYSQL_TEST_DIR/std_data/cacert.pem + +[sst] +ssl-mode=VERIFY_CA + +[mysqld.1] +wsrep_provider_options='base_port=@mysqld.1.#galera_port;gcache.size=1;pc.ignore_sb=true' + +[mysqld.2] +wsrep_provider_options='base_port=@mysqld.2.#galera_port;gcache.size=1;pc.ignore_sb=true' + diff --git a/mysql-test/suite/galera/t/galera_sst_rsync_encrypt_with_server.test b/mysql-test/suite/galera/t/galera_sst_rsync_encrypt_with_server.test new file mode 100644 index 00000000000..505f7e7626d --- /dev/null +++ b/mysql-test/suite/galera/t/galera_sst_rsync_encrypt_with_server.test @@ -0,0 +1,28 @@ +--source include/big_test.inc +--source include/galera_cluster.inc +--source include/have_debug.inc + +# Save original auto_increment_offset values. +--let $node_1=node_1 +--let $node_2=node_2 +--source include/auto_increment_offset_save.inc + +--connection node_2 +CALL mtr.add_suppression("\\[ERROR\\] .*ib_buffer_pool' for reading: No such file or directory"); + +--connection node_1 +--source suite/galera/include/galera_st_shutdown_slave.inc +--source suite/galera/include/galera_st_clean_slave.inc + +--source suite/galera/include/galera_st_kill_slave.inc +--source suite/galera/include/galera_st_kill_slave_ddl.inc + +# Confirm that transfer was SSL-encrypted +--let $assert_text = Using stunnel for SSL encryption +--let $assert_select = Using stunnel for SSL encryption +--let $assert_count = 5 +--let $assert_file = $MYSQLTEST_VARDIR/log/mysqld.1.err +--let $assert_only_after = CURRENT_TEST +--source include/assert_grep.inc + +--source include/auto_increment_offset_restore.inc |