yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

chore(CI): add ssl user for mysql

This commit is contained in:
zhanghongtong 2021-03-31 17:54:01 +08:00 committed by Rory Z
parent d19eb05234
commit 9be1d94f44
13 changed files with 45 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.ci/docker-compose-file/docker-compose-ldap-tcp.yaml
View File

@ -13,6 +13,4 @@ services:
- 389:389 - 389:389
restart: always restart: always
networks: networks:
emqx_bridge: - emqx_bridge
ipv4_address: 172.100.239.10
ipv6_address: 2001:3200:3200::10

4
.ci/docker-compose-file/docker-compose-mongo-tcp.yaml
View File

@ -8,9 +8,7 @@ services:
environment: environment:
MONGO_INITDB_DATABASE: mqtt MONGO_INITDB_DATABASE: mqtt
networks: networks:
emqx_bridge: - emqx_bridge
ipv4_address: 172.100.239.11
ipv6_address: 2001:3200:3200::11
command: command:
--ipv6 --ipv6
--bind_ip_all --bind_ip_all

4
.ci/docker-compose-file/docker-compose-mongo-tls.yaml
View File

@ -10,9 +10,7 @@ services:
volumes: volumes:
- ../../apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/mongodb.pem/:/etc/certs/mongodb.pem - ../../apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/mongodb.pem/:/etc/certs/mongodb.pem
networks: networks:
emqx_bridge: - emqx_bridge
ipv4_address: 172.100.239.11
ipv6_address: 2001:3200:3200::11
command: command:
--ipv6 --ipv6
--bind_ip_all --bind_ip_all

4
.ci/docker-compose-file/docker-compose-mysql-tcp.yaml
View File

@ -9,9 +9,7 @@ services:
MYSQL_ROOT_PASSWORD: public MYSQL_ROOT_PASSWORD: public
MYSQL_DATABASE: mqtt MYSQL_DATABASE: mqtt
networks: networks:
emqx_bridge: - emqx_bridge
ipv4_address: 172.100.239.12
ipv6_address: 2001:3200:3200::12
command: command:
--bind-address "::" --bind-address "::"
--character-set-server=utf8mb4 --character-set-server=utf8mb4

22
.ci/docker-compose-file/docker-compose-mysql-tls.yaml
View File

@ -8,14 +8,14 @@ services:
environment: environment:
MYSQL_ROOT_PASSWORD: public MYSQL_ROOT_PASSWORD: public
MYSQL_DATABASE: mqtt MYSQL_DATABASE: mqtt
MYSQL_USER: ssluser
MYSQL_PASSWORD: public
volumes: volumes:
- ../../apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/ca.pem:/etc/certs/ca-cert.pem - ../../apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/ca.pem:/etc/certs/ca-cert.pem
- ../../apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/server-cert.pem:/etc/certs/server-cert.pem - ../../apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/server-cert.pem:/etc/certs/server-cert.pem
- ../../apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/server-key.pem:/etc/certs/server-key.pem - ../../apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/server-key.pem:/etc/certs/server-key.pem
networks: networks:
emqx_bridge: - emqx_bridge
ipv4_address: 172.100.239.12
ipv6_address: 2001:3200:3200::12
command: command:
--bind-address "::" --bind-address "::"
--character-set-server=utf8mb4 --character-set-server=utf8mb4
@ -27,3 +27,19 @@ services:
--ssl-ca=/etc/certs/ca-cert.pem --ssl-ca=/etc/certs/ca-cert.pem
--ssl-cert=/etc/certs/server-cert.pem --ssl-cert=/etc/certs/server-cert.pem
--ssl-key=/etc/certs/server-key.pem --ssl-key=/etc/certs/server-key.pem
mysql_client:
container_name: mysql_client
image: mysql:${MYSQL_TAG}
networks:
- emqx_bridge
depends_on:
- mysql_server
command:
- /bin/bash
- -c
- |
service mysql start
echo "show tables;" | mysql -h mysql_server -u root -ppublic mqtt mqtt
while [[ $$? -ne 0 ]];do echo "show tables;" | mysql -h mysql_server -u root -ppublic mqtt; done
echo "ALTER USER 'ssluser'@'%' REQUIRE X509;" | mysql -h mysql_server -u root -ppublic mqtt

4
.ci/docker-compose-file/docker-compose-pgsql-tcp.yaml
View File

@ -12,6 +12,4 @@ services:
ports: ports:
- "5432:5432" - "5432:5432"
networks: networks:
emqx_bridge: - emqx_bridge
ipv4_address: 172.100.239.13
ipv6_address: 2001:3200:3200::13

4
.ci/docker-compose-file/docker-compose-pgsql-tls.yaml
View File

@ -29,6 +29,4 @@ services:
- -c - -c
- hba_file=/var/lib/postgresql/pg_hba.conf - hba_file=/var/lib/postgresql/pg_hba.conf
networks: networks:
emqx_bridge: - emqx_bridge
ipv4_address: 172.100.239.13
ipv6_address: 2001:3200:3200::13

5
.ci/docker-compose-file/docker-compose-redis-cluster-tcp.yaml
View File

@ -8,7 +8,4 @@ services:
- ./redis/:/data/conf - ./redis/:/data/conf
command: bash -c "/bin/bash /data/conf/redis.sh --node cluster && tail -f /var/log/redis-server.log" command: bash -c "/bin/bash /data/conf/redis.sh --node cluster && tail -f /var/log/redis-server.log"
networks: networks:
emqx_bridge: - emqx_bridge
# Assign a public address. Erlang container cannot find cluster nodes by network-scoped alias (redis_cluster).
ipv4_address: 172.100.239.14
ipv6_address: 2001:3200:3200::14

5
.ci/docker-compose-file/docker-compose-redis-cluster-tls.yaml
View File

@ -9,7 +9,4 @@ services:
- ./redis/:/data/conf - ./redis/:/data/conf
command: bash -c "/bin/bash /data/conf/redis.sh --node cluster --tls-enabled && tail -f /var/log/redis-server.log" command: bash -c "/bin/bash /data/conf/redis.sh --node cluster --tls-enabled && tail -f /var/log/redis-server.log"
networks: networks:
emqx_bridge: - emqx_bridge
# Assign a public address. Erlang container cannot find cluster nodes by network-scoped alias (redis_cluster).
ipv4_address: 172.100.239.14
ipv6_address: 2001:3200:3200::14

5
.ci/docker-compose-file/docker-compose-redis-sentinel-tcp.yaml
View File

@ -8,7 +8,4 @@ services:
- ./redis/:/data/conf - ./redis/:/data/conf
command: bash -c "/bin/bash /data/conf/redis.sh --node sentinel && tail -f /var/log/redis-server.log" command: bash -c "/bin/bash /data/conf/redis.sh --node sentinel && tail -f /var/log/redis-server.log"
networks: networks:
emqx_bridge: - emqx_bridge
# Assign a public address. Erlang container cannot find cluster nodes by network-scoped alias (redis_cluster).
ipv4_address: 172.100.239.14
ipv6_address: 2001:3200:3200::14

5
.ci/docker-compose-file/docker-compose-redis-single-tcp.yaml
View File

@ -9,7 +9,4 @@ services:
- "--bind 0.0.0.0 ::" - "--bind 0.0.0.0 ::"
restart: always restart: always
networks: networks:
emqx_bridge: - emqx_bridge
# Assign a public address. Erlang container cannot find cluster nodes by network-scoped alias (redis_cluster).
ipv4_address: 172.100.239.14
ipv6_address: 2001:3200:3200::14

5
.ci/docker-compose-file/docker-compose-redis-single-tls.yaml
View File

@ -15,7 +15,4 @@ services:
- --tls-ca-cert-file /tls/ca.crt - --tls-ca-cert-file /tls/ca.crt
restart: always restart: always
networks: networks:
emqx_bridge: - emqx_bridge
# Assign a public address. Erlang container cannot find cluster nodes by network-scoped alias (redis_cluster).
ipv4_address: 172.100.239.14
ipv6_address: 2001:3200:3200::14

20
.github/workflows/run_cts_tests.yaml vendored
View File

@ -146,17 +146,25 @@ jobs:
steps: steps:
- uses: actions/checkout@v1 - uses: actions/checkout@v1
- name: docker-compose up - name: docker-compose up
timeout-minutes: 5
run: | run: |
docker-compose \ docker-compose \
-f .ci/docker-compose-file/docker-compose-mysql-${{ matrix.connect_type }}.yaml \ -f .ci/docker-compose-file/docker-compose-mysql-${{ matrix.connect_type }}.yaml \
-f .ci/docker-compose-file/docker-compose.yaml \ -f .ci/docker-compose-file/docker-compose.yaml \
up -d --build up -d --build
while [ $(docker ps -a --filter name=client --filter exited=0 | wc -l) \
!= $(docker ps -a --filter name=client | wc -l) ]; do
sleep 5
done
- name: setup - name: setup
env: env:
MYSQL_TAG: ${{ matrix.mysql_tag }} MYSQL_TAG: ${{ matrix.mysql_tag }}
if: matrix.connect_type == 'tls' if: matrix.connect_type == 'tls'
run: | run: |
cat <<-EOF >> "$GITHUB_ENV" cat <<-EOF >> "$GITHUB_ENV"
EMQX_AUTH__MYSQL__USERNAME=ssluser
EMQX_AUTH__MYSQL__PASSWORD=public
EMQX_AUTH__MYSQL__DATABASE=mqtt
EMQX_AUTH__MYSQL__SSL=on EMQX_AUTH__MYSQL__SSL=on
EMQX_AUTH__MYSQL__SSL__CACERTFILE=/emqx/apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/ca.pem EMQX_AUTH__MYSQL__SSL__CACERTFILE=/emqx/apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/ca.pem
EMQX_AUTH__MYSQL__SSL__CERTFILE=/emqx/apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/client-cert.pem EMQX_AUTH__MYSQL__SSL__CERTFILE=/emqx/apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/client-cert.pem
@ -169,7 +177,12 @@ jobs:
MYSQL_TAG: ${{ matrix.mysql_tag }} MYSQL_TAG: ${{ matrix.mysql_tag }}
if: matrix.connect_type == 'tcp' if: matrix.connect_type == 'tcp'
run: | run: |
echo EMQX_AUTH__MYSQL__SSL=off >> "$GITHUB_ENV" cat <<-EOF >> "$GITHUB_ENV"
EMQX_AUTH__MYSQL__USERNAME=root
EMQX_AUTH__MYSQL__PASSWORD=public
EMQX_AUTH__MYSQL__DATABASE=mqtt
EMQX_AUTH__MYSQL__SSL=off
EOF
- name: setup - name: setup
if: matrix.network_type == 'ipv4' if: matrix.network_type == 'ipv4'
run: | run: |
@ -185,10 +198,7 @@ jobs:
fi fi
- name: run test cases - name: run test cases
run: | run: |
export EMQX_AUTH__MYSQL__USERNAME=root \ export CUTTLEFISH_ENV_OVERRIDE_PREFIX=EMQX_
EMQX_AUTH__MYSQL__PASSWORD=public \
EMQX_AUTH__MYSQL__DATABASE=mqtt \
CUTTLEFISH_ENV_OVERRIDE_PREFIX=EMQX_
printenv > .env printenv > .env
docker exec -i erlang sh -c "make ensure-rebar3" docker exec -i erlang sh -c "make ensure-rebar3"
docker exec -i erlang sh -c "./rebar3 eunit --dir apps/emqx_auth_mysql" docker exec -i erlang sh -c "./rebar3 eunit --dir apps/emqx_auth_mysql"