-
Notifications
You must be signed in to change notification settings - Fork 54
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
11 changed files
with
489 additions
and
0 deletions.
There are no files selected for viewing
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
sudo: true | ||
language: c | ||
services: docker | ||
addons: | ||
hosts: | ||
- mariadb.example.com | ||
|
||
before_install: | ||
- chmod +x .travis/script.sh | ||
- chmod +x .travis/gen-ssl.sh | ||
- export PROJ_PATH=`pwd` | ||
- export ENTRYPOINT=$PROJ_PATH/.travis/sql | ||
- mkdir tmp | ||
- .travis/gen-ssl.sh mariadb.example.com tmp | ||
- export SSLCERT=$PROJ_PATH/tmp | ||
- export CONNECTOR_C_VERSION=v_2.3.3 | ||
|
||
env: | ||
# - DB=mysql:5.5 | ||
#- DB=mysql:5.6 | ||
#- DB=mysql:5.7 | ||
#- DB=mariadb:5.5 | ||
#- DB=mariadb:10.0 | ||
#- DB=mariadb:10.1 | ||
- DB=mariadb:10.2 | ||
#- DB=mariadb:10.3 | ||
|
||
script: .travis/script.sh |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
version: '2' | ||
services: | ||
db: | ||
image: $DB | ||
command: --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci --ssl-ca=/etc/sslcert/ca.crt --ssl-cert=/etc/sslcert/server.crt --ssl-key=/etc/sslcert/server.key --bind-address=0.0.0.0 | ||
ports: | ||
- 3305:3306 | ||
volumes: | ||
- $SSLCERT:/etc/sslcert | ||
- $ENTRYPOINT:/docker-entrypoint-initdb.d | ||
environment: | ||
MYSQL_DATABASE: odbc_test | ||
MYSQL_ALLOW_EMPTY_PASSWORD: 1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,134 @@ | ||
#!/bin/bash | ||
set -e | ||
|
||
log () { | ||
echo "$@" 1>&2 | ||
} | ||
|
||
print_error () { | ||
echo "$@" 1>&2 | ||
exit 1 | ||
} | ||
|
||
print_usage () { | ||
print_error "Usage: gen-ssl-cert-key <fqdn> <output-dir>" | ||
} | ||
|
||
gen_cert_subject () { | ||
local fqdn="$1" | ||
[[ "${fqdn}" != "" ]] || print_error "FQDN cannot be blank" | ||
echo "/C=/ST=/O=/localityName=/CN=${fqdn}/organizationalUnitName=/emailAddress=/" | ||
} | ||
|
||
main () { | ||
local fqdn="$1" | ||
local sslDir="$2" | ||
[[ "${fqdn}" != "" ]] || print_usage | ||
[[ -d "${sslDir}" ]] || print_error "Directory does not exist: ${sslDir}" | ||
|
||
local caCertFile="${sslDir}/ca.crt" | ||
local caKeyFile="${sslDir}/ca.key" | ||
local certFile="${sslDir}/server.crt" | ||
local keyFile="${sslDir}/server.key" | ||
local csrFile=$(mktemp) | ||
local clientCertFile="${sslDir}/client.crt" | ||
local clientKeyFile="${sslDir}/client.key" | ||
local clientKeystoreFile="${sslDir}/client-keystore.jks" | ||
local fullClientKeystoreFile="${sslDir}/fullclient-keystore.jks" | ||
local tmpKeystoreFile=$(mktemp) | ||
local pcks12FullKeystoreFile="${sslDir}/fullclient-keystore.p12" | ||
local clientReqFile=$(mktemp) | ||
|
||
log "Generating CA key" | ||
openssl genrsa -out "${caKeyFile}" 2048 | ||
|
||
log "Generating CA certificate" | ||
openssl req \ | ||
-sha1 \ | ||
-new \ | ||
-x509 \ | ||
-nodes \ | ||
-days 3650 \ | ||
-subj "$(gen_cert_subject ca.example.com)" \ | ||
-key "${caKeyFile}" \ | ||
-out "${caCertFile}" | ||
|
||
log "Generating private key" | ||
openssl genrsa -out "${keyFile}" 2048 | ||
|
||
log "Generating certificate signing request" | ||
openssl req \ | ||
-new \ | ||
-batch \ | ||
-sha1 \ | ||
-subj "$(gen_cert_subject "$fqdn")" \ | ||
-set_serial 01 \ | ||
-key "${keyFile}" \ | ||
-out "${csrFile}" \ | ||
-nodes | ||
|
||
log "Generating X509 certificate" | ||
openssl x509 \ | ||
-req \ | ||
-sha1 \ | ||
-set_serial 01 \ | ||
-CA "${caCertFile}" \ | ||
-CAkey "${caKeyFile}" \ | ||
-days 3650 \ | ||
-in "${csrFile}" \ | ||
-signkey "${keyFile}" \ | ||
-out "${certFile}" | ||
|
||
log "Generating client certificate" | ||
openssl req \ | ||
-batch \ | ||
-newkey rsa:2048 \ | ||
-days 3600 \ | ||
-subj "$(gen_cert_subject "$fqdn")" \ | ||
-nodes \ | ||
-keyout "${clientKeyFile}" \ | ||
-out "${clientReqFile}" | ||
|
||
openssl x509 \ | ||
-req \ | ||
-in "${clientReqFile}" \ | ||
-days 3600 \ | ||
-CA "${caCertFile}" \ | ||
-CAkey "${caKeyFile}" \ | ||
-set_serial 01 \ | ||
-out "${clientCertFile}" | ||
|
||
# Now generate a keystore with the client cert & key | ||
log "Generating client keystore" | ||
openssl pkcs12 \ | ||
-export \ | ||
-in "${clientCertFile}" \ | ||
-inkey "${clientKeyFile}" \ | ||
-out "${tmpKeystoreFile}" \ | ||
-name "mysqlAlias" \ | ||
-passout pass:kspass | ||
|
||
|
||
# Now generate a full keystore with the client cert & key + trust certificates | ||
log "Generating full client keystore" | ||
openssl pkcs12 \ | ||
-export \ | ||
-in "${clientCertFile}" \ | ||
-inkey "${clientKeyFile}" \ | ||
-out "${pcks12FullKeystoreFile}" \ | ||
-name "mysqlAlias" \ | ||
-passout pass:kspass | ||
|
||
|
||
|
||
# Clean up CSR file: | ||
rm "$csrFile" | ||
rm "$clientReqFile" | ||
rm "$tmpKeystoreFile" | ||
|
||
log "Generated key file and certificate in: ${sslDir}" | ||
ls -l "${sslDir}" | ||
} | ||
|
||
main "$@" | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
version: '2' | ||
services: | ||
maxscale: | ||
depends_on: | ||
- db | ||
ports: | ||
- 4006:4006 | ||
- 4007:4007 | ||
- 4008:4008 | ||
build: | ||
context: . | ||
dockerfile: maxscale/Dockerfile | ||
args: | ||
MAXSCALE_VERSION: $MAXSCALE_VERSION | ||
db: | ||
image: $DB | ||
command: --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci --ssl-ca=/etc/sslcert/ca.crt --ssl-cert=/etc/sslcert/server.crt --ssl-key=/etc/sslcert/server.key --bind-address=0.0.0.0 | ||
ports: | ||
- 3305:3306 | ||
volumes: | ||
- $SSLCERT:/etc/sslcert | ||
- $ENTRYPOINT:/docker-entrypoint-initdb.d | ||
environment: | ||
MYSQL_DATABASE: odbc_test | ||
MYSQL_ALLOW_EMPTY_PASSWORD: 1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
FROM centos:7 | ||
|
||
ARG MAXSCALE_VERSION | ||
ENV MAXSCALE_VERSION ${MAXSCALE_VERSION:-2.1.4} | ||
|
||
COPY maxscale/mariadb.repo /etc/yum.repos.d/ | ||
|
||
RUN rpm --import https://yum.mariadb.org/RPM-GPG-KEY-MariaDB \ | ||
&& yum -y install https://downloads.mariadb.com/MaxScale/${MAXSCALE_VERSION}/centos/7/x86_64/maxscale-${MAXSCALE_VERSION}-1.centos.7.x86_64.rpm \ | ||
&& yum -y update | ||
|
||
RUN yum -y install maxscale-${MAXSCALE_VERSION} MariaDB-client \ | ||
&& yum clean all \ | ||
&& rm -rf /tmp/* | ||
|
||
COPY maxscale/docker-entrypoint.sh / | ||
RUN chmod 777 /etc/maxscale.cnf | ||
COPY maxscale/maxscale.cnf /etc/ | ||
RUN chmod 777 /docker-entrypoint.sh | ||
|
||
|
||
EXPOSE 4006 4007 4008 | ||
|
||
ENTRYPOINT ["/docker-entrypoint.sh"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
#!/usr/bin/env bash | ||
|
||
set -e | ||
|
||
echo 'creating configuration done' | ||
|
||
sleep 15 | ||
|
||
################################################################################################# | ||
# wait for db availability for 60s | ||
################################################################################################# | ||
mysql=( mysql --protocol=tcp -ubob -hdb --port=3306 ) | ||
for i in {60..0}; do | ||
if echo 'use test2' | "${mysql[@]}" &> /dev/null; then | ||
break | ||
fi | ||
echo 'DB init process in progress...' | ||
sleep 1 | ||
done | ||
|
||
echo 'use test2' | "${mysql[@]}" | ||
if [ "$i" = 0 ]; then | ||
echo 'DB init process failed.' | ||
exit 1 | ||
fi | ||
|
||
echo 'maxscale launching ...' | ||
|
||
tail -n 500 /etc/maxscale.cnf | ||
|
||
/usr/bin/maxscale --nodaemon | ||
|
||
cd /var/log/maxscale | ||
ls -lrt | ||
tail -n 500 /var/log/maxscale/maxscale.log |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
# MariaDB 10.2 CentOS repository list - created 2017-06-05 08:06 UTC | ||
# http://downloads.mariadb.org/mariadb/repositories/ | ||
[mariadb] | ||
name = MariaDB | ||
baseurl = http://yum.mariadb.org/10.2/centos7-amd64 | ||
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB | ||
gpgcheck=1 |
Oops, something went wrong.