1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
|
################################################################################
# Base test to verify the basic TLS 1.3 support on Group Replication.
#
# Test:
# 0. The test requires two servers: M1 and M2.
# 1. Setup the first member (M1) with a recovery user that requires TLS 1.3.
# 2. Add some data and bootstrap start a group on M1.
# 3. Configure joining member (M2) to use SSL options on recovery. Start GR on
# M2. Check the data is there.
# 4. Clean up.
################################################################################
--source include/have_tlsv13.inc
--source include/have_group_replication_plugin.inc
--let $rpl_skip_group_replication_start= 1
--source include/group_replication.inc
--echo #
--echo # Setup the first member with a recovery user that requires TLS 1.3
--echo #
--let $rpl_connection_name= server1
--source include/rpl_connection.inc
# create a user for replication that requires ssl encryption
SET SESSION sql_log_bin=0;
CREATE USER 'rec_ssl_user'@'%' REQUIRE SSL;
GRANT replication slave ON *.* TO 'rec_ssl_user'@'%';
GRANT GROUP_REPLICATION_STREAM ON *.* TO 'rec_ssl_user'@'%';
FLUSH PRIVILEGES;
SET SESSION sql_log_bin=1;
SET @tls_version_saved= @@GLOBAL.tls_version;
SET GLOBAL tls_version='TLSv1.3';
SET @conf_rec_ssl_mode= @@GLOBAL.group_replication_ssl_mode;
SET GLOBAL group_replication_ssl_mode= REQUIRED;
ALTER INSTANCE RELOAD TLS;
--echo #
--echo # Add some data and start the member
--echo #
CREATE TABLE t1 (c1 INT NOT NULL PRIMARY KEY) ENGINE=InnoDB;
INSERT INTO t1 VALUES (1);
--source include/start_and_bootstrap_group_replication.inc
--echo #
--echo # Configure a joining member to use SSL options on recovery and start it
--echo #
--let $rpl_connection_name= server2
--source include/rpl_connection.inc
SET SESSION sql_log_bin=0;
CREATE USER 'rec_ssl_user'@'%' REQUIRE SSL;
GRANT replication slave ON *.* TO 'rec_ssl_user'@'%';
GRANT GROUP_REPLICATION_STREAM ON *.* TO 'rec_ssl_user'@'%';
FLUSH PRIVILEGES;
SET SESSION sql_log_bin=1;
--disable_warnings
CHANGE REPLICATION SOURCE TO SOURCE_USER="rec_ssl_user" FOR CHANNEL "group_replication_recovery";
--enable_warnings
SET @group_replication_recovery_use_ssl_saved= @@GLOBAL.group_replication_recovery_use_ssl;
SET GLOBAL group_replication_recovery_use_ssl=1;
SET @conf_rec_ssl_mode= @@GLOBAL.group_replication_ssl_mode;
SET GLOBAL group_replication_ssl_mode= REQUIRED;
--source include/start_group_replication.inc
--echo #
--echo # Check the data is there
--echo #
--let $assert_text= On the recovered member, the table should exist and have 1 elements;
--let $assert_cond= [select count(*) from t1] = 1;
--source include/assert.inc
--echo #
--echo # Clean up
--echo #
SET @@GLOBAL.group_replication_recovery_use_ssl= @group_replication_recovery_use_ssl_saved;
--let $rpl_connection_name= server1
--source include/rpl_connection.inc
SET @@GLOBAL.tls_version= @tls_version_saved;
SET @@GLOBAL.group_replication_ssl_mode= @conf_rec_ssl_mode;
ALTER INSTANCE RELOAD TLS;
SET SESSION sql_log_bin=0;
DROP USER 'rec_ssl_user';
SET SESSION sql_log_bin=1;
DROP TABLE t1;
--let $rpl_connection_name= server2
--source include/rpl_connection.inc
SET SESSION sql_log_bin=0;
DROP USER 'rec_ssl_user';
SET SESSION sql_log_bin=1;
SET @@GLOBAL.group_replication_ssl_mode= @conf_rec_ssl_mode;
ALTER INSTANCE RELOAD TLS;
--source include/group_replication_end.inc
|
