File: gr_ssl.inc

package info (click to toggle)
mysql-8.0 8.0.43-3
  • links: PTS, VCS
  • area: main
  • in suites: sid
  • size: 1,273,924 kB
  • sloc: cpp: 4,684,605; ansic: 412,450; pascal: 108,398; java: 83,641; perl: 30,221; cs: 27,067; sql: 26,594; sh: 24,181; python: 21,816; yacc: 17,169; php: 11,522; xml: 7,388; javascript: 7,076; makefile: 2,194; lex: 1,075; awk: 670; asm: 520; objc: 183; ruby: 97; lisp: 86
file content (118 lines) | stat: -rw-r--r-- 3,964 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
 
################################################################################
# Base test to verify the basic SSL support on Group replication recovery
#
# Test:
# 0. The test requires two servers: M1 and M2.
# 1. Setup the first member (M1) with a recovery user that requires SSL.
# 2. Add some data and bootstrap start a group on M1.
# 3. Configure joining member (M2) to use SSL options on recovery. Start GR on
#    M2. Check the data is there.
# 4. Clean up.
################################################################################

--source include/have_group_replication_plugin.inc
--let $rpl_skip_group_replication_start= 1
--source include/group_replication.inc

--echo #
--echo # Setup the first member with a recovery user that requires SSL
--echo #

--connection server1
--echo server1

# create a user for replication that requires ssl encryption
set session sql_log_bin=0;
CREATE USER 'rec_ssl_user'@'%' REQUIRE SSL;
GRANT replication slave ON *.* TO 'rec_ssl_user'@'%';
GRANT GROUP_REPLICATION_STREAM ON *.* TO 'rec_ssl_user'@'%';
set session sql_log_bin=1;

--let $conf_rec_ssl_mode_s1= `SELECT @@GLOBAL.group_replication_ssl_mode;`
--eval SET GLOBAL group_replication_ssl_mode= REQUIRED

--echo #
--echo # Add some data and start the member
--echo #

CREATE TABLE t1 (c1 INT NOT NULL PRIMARY KEY) ENGINE=InnoDB;
INSERT INTO t1 VALUES (1);

--source include/start_and_bootstrap_group_replication.inc

--echo #
--echo # Configure a joining member to use SSL options on recovery and start it
--echo #

--connection server2
--echo server2

set session sql_log_bin=0;
CREATE USER 'rec_ssl_user'@'%' REQUIRE SSL;
GRANT replication slave ON *.* TO 'rec_ssl_user'@'%';
GRANT GROUP_REPLICATION_STREAM ON *.* TO 'rec_ssl_user'@'%';
set session sql_log_bin=1;

--let $conf_rec_use_ssl= `SELECT @@GLOBAL.group_replication_recovery_use_ssl;`
--let $conf_rec_ssl_ca= `SELECT @@GLOBAL.group_replication_recovery_ssl_ca;`
--let $conf_rec_ssl_cert= `SELECT @@GLOBAL.group_replication_recovery_ssl_cert;`
--let $conf_rec_ssl_key= `SELECT @@GLOBAL.group_replication_recovery_ssl_key;`

--disable_warnings
CHANGE REPLICATION SOURCE TO SOURCE_USER="rec_ssl_user" FOR CHANNEL "group_replication_recovery";
--enable_warnings

--eval SET GLOBAL group_replication_recovery_use_ssl=1
--replace_result $MYSQL_TEST_DIR MYSQL_TEST_DIR
--eval SET GLOBAL group_replication_recovery_ssl_ca= '$MYSQL_TEST_DIR/std_data/cacert.pem'
--replace_result $MYSQL_TEST_DIR MYSQL_TEST_DIR
--eval SET GLOBAL group_replication_recovery_ssl_cert= '$MYSQL_TEST_DIR/std_data/client-cert.pem'
--replace_result $MYSQL_TEST_DIR MYSQL_TEST_DIR
--eval SET GLOBAL group_replication_recovery_ssl_key= '$MYSQL_TEST_DIR/std_data/client-key.pem'

--let $conf_rec_ssl_mode_s2= `SELECT @@GLOBAL.group_replication_ssl_mode;`
--eval SET GLOBAL group_replication_ssl_mode= REQUIRED

--source include/start_group_replication.inc

--echo #
--echo # Check the data is there
--echo #

--let $assert_text= On the recovered member, the table should exist and have 1 elements;
--let $assert_cond= [select count(*) from t1] = 1;
--source include/assert.inc

--echo #
--echo # Clean up
--echo #

--disable_query_log
--eval SET @@GLOBAL.group_replication_recovery_use_ssl= $conf_rec_use_ssl
--eval SET @@GLOBAL.group_replication_recovery_ssl_ca= "$conf_rec_ssl_ca"
--eval SET @@GLOBAL.group_replication_recovery_ssl_cert= "$conf_rec_ssl_cert"
--eval SET @@GLOBAL.group_replication_recovery_ssl_key= "$conf_rec_ssl_key"
--eval SET GLOBAL group_replication_ssl_mode= $conf_rec_ssl_mode_s2
--enable_query_log

--connection server1
--echo server1

set session sql_log_bin=0;
DROP USER 'rec_ssl_user';
set session sql_log_bin=1;

--disable_query_log
--eval SET GLOBAL group_replication_ssl_mode= $conf_rec_ssl_mode_s1
--enable_query_log

DROP TABLE t1;

--connection server2
--echo server2

set session sql_log_bin=0;
DROP USER 'rec_ssl_user';
set session sql_log_bin=1;

--source include/group_replication_end.inc