diff --git a/pmm_qa/pmm-framework.py b/pmm_qa/pmm-framework.py index 44ae16d..f05a7fa 100755 --- a/pmm_qa/pmm-framework.py +++ b/pmm_qa/pmm-framework.py @@ -202,6 +202,36 @@ def setup_mysql(db_type, db_version=None, db_config=None, args=None): # Call the function to run the Ansible playbook run_ansible_playbook(playbook_filename, env_vars, args) +def setup_ssl_mysql(db_type, db_version=None, db_config=None, args=None): + # Check if PMM server is running + container_name = get_running_container_name() + if container_name is None and args.pmm_server_ip is None: + print(f"Check if PMM Server is Up and Running..Exiting") + exit() + + # Check Setup Types + setup_type = None + no_of_nodes = 1 + setup_type_value = get_value('SETUP_TYPE', db_type, args, db_config).lower() + + # Gather Version details + ms_version = os.getenv('MS_VERSION') or db_version or database_configs[db_type]["versions"][-1] + # Define environment variables for playbook + env_vars = { + 'MYSQL_VERSION': ms_version, + 'PMM_SERVER_IP': args.pmm_server_ip or container_name or '127.0.0.1', + 'MYSQL_SSL_CONTAINER': 'mysql_ssl_' + str(ms_version), + 'CLIENT_VERSION': get_value('CLIENT_VERSION', db_type, args, db_config), + 'ADMIN_PASSWORD': os.getenv('ADMIN_PASSWORD') or args.pmm_server_password or 'admin', + 'PMM_QA_GIT_BRANCH': os.getenv('PMM_QA_GIT_BRANCH') or 'v3' + } + + # Ansible playbook filename + playbook_filename = 'tls-ssl-setup/mysql_tls_setup.yml' + + # Call the function to run the Ansible playbook + run_ansible_playbook(playbook_filename, env_vars, args) + def setup_pdpgsql(db_type, db_version=None, db_config=None, args=None): # Check if PMM server is running @@ -312,7 +342,6 @@ def setup_external(db_type, db_version=None, db_config=None, args=None): # Call the function to run the Ansible playbook run_ansible_playbook(playbook_filename, env_vars, args) - def execute_shell_scripts(shell_scripts, env_vars, args): # Get script directory script_path = os.path.abspath(sys.argv[0]) @@ -513,6 +542,8 @@ def setup_database(db_type, db_version=None, db_config=None, args=None): setup_haproxy(db_type, db_version, db_config, args) elif db_type == 'EXTERNAL': setup_external(db_type, db_version, db_config, args) + elif db_type == 'SSL_MYSQL': + setup_ssl_mysql(db_type, db_version, db_config, args) else: print(f"Database type {db_type} is not recognised, Exiting...") exit(1) diff --git a/pmm_qa/tls-ssl-setup/create_certs.sh b/pmm_qa/tls-ssl-setup/create_certs.sh new file mode 100644 index 0000000..dcb6d94 --- /dev/null +++ b/pmm_qa/tls-ssl-setup/create_certs.sh @@ -0,0 +1,22 @@ +#!/bin/sh + +export PWD=$(pwd) +export HOST=localhost +mkdir -p certificates +pushd certificates +echo -e "\n=== Generating SSL certificates in ${PWD} ===" +# Generate self signed root CA cert +openssl req -nodes -x509 -newkey rsa:4096 -keyout ca.key -out ca.crt -subj "/C=US/ST=California/L=San Francisco/O=Percona/OU=root/CN=${HOST}/emailAddress=test@percona.com" +# Generate server cert to be signed +openssl req -nodes -newkey rsa:4096 -keyout server.key -out server.csr -subj "/C=US/ST=California/L=San Francisco/O=Percona/OU=server/CN=${HOST}/emailAddress=test@percona.com" +# Sign server sert +openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt +# Create server PEM file +cat server.key server.crt > server.pem +# Generate client cert to be signed +openssl req -nodes -newkey rsa:4096 -keyout client.key -out client.csr -subj "/C=US/ST=California/L=San Francisco/O=Percona/OU=client/CN=${HOST}/emailAddress=test@percona.com" +# Sign the client cert +openssl x509 -req -in client.csr -CA ca.crt -CAkey ca.key -set_serial 02 -out client.crt +# Create client PEM file +cat client.key client.crt > client.pem +popd diff --git a/pmm_qa/tls-ssl-setup/mongodb/mongodb_ssl_setup.sh b/pmm_qa/tls-ssl-setup/mongodb/mongodb_ssl_setup.sh new file mode 100644 index 0000000..5aef8fa --- /dev/null +++ b/pmm_qa/tls-ssl-setup/mongodb/mongodb_ssl_setup.sh @@ -0,0 +1,73 @@ +#!/bin/sh + + +while [ $# -gt 0 ]; do + + if [[ $1 == *"--"* ]]; then + param="${1/--/}" + declare $param="$2" + fi + + shift +done + +if [ -z "$mongodb_version" ] +then + export mongodb_version=4.4 +fi + +apt-get update +apt-get -y install wget curl git +wget https://repo.percona.com/apt/percona-release_latest.generic_all.deb +dpkg -i percona-release_latest.generic_all.deb +wget https://raw.githubusercontent.com/Percona-QA/percona-qa/master/mongo_startup.sh +chmod +x mongo_startup.sh +wget https://raw.githubusercontent.com/percona/pmm-qa/main/pmm-tests/mongodb_user_setup.js +if [ "$mongodb_version" == "4.4" ]; then + wget -O percona_server_mongodb.tar.gz https://downloads.percona.com/downloads/percona-server-mongodb-4.4/percona-server-mongodb-4.4.13-13/binary/tarball/percona-server-mongodb-4.4.13-13-x86_64.glibc2.17-minimal.tar.gz +fi + +if [ "$mongodb_version" == "4.2" ]; then + wget -O percona_server_mongodb.tar.gz https://downloads.percona.com/downloads/percona-server-mongodb-4.2/percona-server-mongodb-4.2.19-19/binary/tarball/percona-server-mongodb-4.2.19-19-x86_64.glibc2.17-minimal.tar.gz +fi + +if [ "$mongodb_version" == "4.0" ]; then + wget -O percona_server_mongodb.tar.gz https://downloads.percona.com/downloads/percona-server-mongodb-4.0/percona-server-mongodb-4.0.28-23/binary/tarball/percona-server-mongodb-4.0.28-23-x86_64.glibc2.17-minimal.tar.gz +fi + +if [ "$mongodb_version" == "5.0" ]; then + wget -O percona_server_mongodb.tar.gz https://downloads.percona.com/downloads/percona-server-mongodb-5.0/percona-server-mongodb-5.0.7-6/binary/tarball/percona-server-mongodb-5.0.7-6-x86_64.glibc2.17-minimal.tar.gz +fi + +tar -xvf percona_server_mongodb.tar.gz +rm percona_server_mongodb.tar.gz* +mv percona-server-mongodb-${mongodb_version}.* psmdb_${mongodb_version} + +bash ./mongo_startup.sh -m --ssl -x -e wiredTiger --mongodExtra="--profile 2 --slowms 1 --bind_ip_all" --b=/psmdb_${mongodb_version}/bin +sleep 20 +/nodes/cl.sh mongodb_user_setup.js +cat > add_new_ssl_user.js < + docker ps -a --filter "name={{ mongodb_ssl_container }}" | grep -q . && docker stop {{ mongodb_ssl_container }} && docker rm -fv {{ mongodb_ssl_container }} + ignore_errors: true + tags: + - cleanup + - name: delete network if exist + shell: docker network rm "{{ mongodb_ssl_container }}_network" + ignore_errors: true + tags: + - cleanup + + - name: Create a network + shell: docker network create "{{ mongodb_ssl_container }}_network" + + - name: Create pmm-qa network if not exist + shell: docker network create pmm-qa + ignore_errors: true + + - name: Prepare Container for mongodb ssl container + shell: > + docker run -d --name={{ mongodb_ssl_container }} + --network "{{ mongodb_ssl_container }}_network" + phusion/baseimage:focal-1.1.0 + + - name: Copy all required Artifacts to the docker mongodb_ssl_container + shell: "{{ item }}" + with_items: + - docker exec {{ mongodb_ssl_container }} mkdir -p artifacts + - docker cp ./mongodb/mongodb_ssl_setup.sh {{ mongodb_ssl_container }}:/ + + - name: Execute Setup script inside the mongodb mongodb_ssl_container + shell: "{{ item }}" + with_items: + - docker exec {{ mongodb_ssl_container }} bash -xe ./mongodb_ssl_setup.sh --mongodb_version {{ mongodb_version }} > mongodb/setup_mongodb_ssl_{{ mongodb_version }}.log + + - name: Install pmm2-client on the mongodb_ssl_container + shell: "{{ item }}" + with_items: + - docker exec {{ mongodb_ssl_container }} wget https://raw.githubusercontent.com/percona/pmm-qa/{{ pmm_qa_branch }}/pmm-tests/pmm2-client-setup.sh + - docker network connect pmm-qa {{ mongodb_ssl_container }} + - docker exec {{ mongodb_ssl_container }} bash -x ./pmm2-client-setup.sh --pmm_server_ip {{ pmm_server_ip }} --client_version {{ client_version }} --admin_password {{ admin_password }} --use_metrics_mode no + + - name: Add pmm-admin binary to path when tar ball installation + shell: docker exec {{ mongodb_ssl_container }} echo "export PATH=$PATH:/pmm2-client/bin" > setup_path.sh + when: '"http" in client_version' + + - name: Remove mongodb service if already added previously + shell: "{{ item }}" + with_items: + - docker exec {{ mongodb_ssl_container }} bash -c 'source ~/.bash_profile || true; pmm-admin remove mongodb {{ mongodb_ssl_container }}_service' + ignore_errors: true + + - name: Add mongodb_ssl for monitoring + shell: "{{ item }}" + with_items: + - docker exec {{ mongodb_ssl_container }} bash -c 'source ~/.bash_profile || true; pmm-admin list' + - docker exec {{ mongodb_ssl_container }} bash -c 'source ~/.bash_profile || true; pmm-admin add mongodb --tls --tls-skip-verify --authentication-mechanism=MONGODB-X509 --authentication-database=$external --tls-certificate-key-file=/nodes/certificates/client.pem --tls-certificate-key-file-password=/nodes/certificates/client.key --tls-ca-file=/nodes/certificates/ca.crt {{ mongodb_ssl_container }}_ssl_service' + + - name: Get client cert Files on host + shell: "{{ item }}" + with_items: + - mkdir -p mongodb/{{ mongodb_version }} || true + - docker exec {{ mongodb_ssl_container }} cat /nodes/certificates/ca.crt > mongodb/{{ mongodb_version }}/ca.crt + - docker exec {{ mongodb_ssl_container }} cat /nodes/certificates/client.key > mongodb/{{ mongodb_version }}/client.key + - docker exec {{ mongodb_ssl_container }} cat /nodes/certificates/client.pem > mongodb/{{ mongodb_version }}/client.pem diff --git a/pmm_qa/tls-ssl-setup/mysql/mysql_ssl_setup.sh b/pmm_qa/tls-ssl-setup/mysql/mysql_ssl_setup.sh new file mode 100644 index 0000000..69db1dc --- /dev/null +++ b/pmm_qa/tls-ssl-setup/mysql/mysql_ssl_setup.sh @@ -0,0 +1,92 @@ +#!/bin/sh + + +while [ $# -gt 0 ]; do + + if [[ $1 == *"--"* ]]; then + param="${1/--/}" + declare $param="$2" + fi + + shift +done + +if [ -z "$mysql_version" ] +then + export mysql_version=8.0 +fi + +apt-get update +apt-get -y install wget curl git +wget https://repo.percona.com/apt/percona-release_latest.generic_all.deb +dpkg -i percona-release_latest.generic_all.deb +sleep 10 +if [ "$mysql_version" == "8.0" ]; then + percona-release setup ps80 + sleep 10 + DEBIAN_FRONTEND=noninteractive apt-get -y install percona-server-server sysbench sysbench-tpcc bc screen +cat > /etc/mysql/my.cnf << EOF +[mysqld] +innodb_buffer_pool_size=256M +innodb_buffer_pool_instances=1 +innodb_log_file_size=1G +innodb_flush_method=O_DIRECT +innodb_numa_interleave=1 +innodb_flush_neighbors=0 +log_bin +server_id=1 +binlog_expire_logs_seconds=600 +log_output=file +slow_query_log=ON +long_query_time=0 +log_slow_rate_limit=1 +log_slow_rate_type=query +log_slow_verbosity=full +log_slow_admin_statements=ON +log_slow_slave_statements=ON +slow_query_log_always_write_time=1 +slow_query_log_use_global_control=all +innodb_monitor_enable=all +userstat=1 +bind-address=0.0.0.0 +require_secure_transport=ON +EOF + +fi + +if [ "$mysql_version" == "5.7" ]; then + percona-release setup ps57 + sleep 10 + DEBIAN_FRONTEND=noninteractive apt-get -y install percona-server-server-5.7 +cat > /etc/mysql/my.cnf << EOF +[mysqld] +innodb_buffer_pool_size=256M +innodb_buffer_pool_instances=1 +innodb_log_file_size=1G +innodb_flush_method=O_DIRECT +innodb_numa_interleave=1 +innodb_flush_neighbors=0 +log_bin +server_id=1 +expire_logs_days=1 +log_output=file +slow_query_log=ON +long_query_time=0 +log_slow_rate_limit=1 +log_slow_rate_type=query +log_slow_verbosity=full +log_slow_admin_statements=ON +log_slow_slave_statements=ON +slow_query_log_always_write_time=1 +slow_query_log_use_global_control=all +innodb_monitor_enable=all +userstat=1 +bind-address=0.0.0.0 +require_secure_transport=ON +EOF + +fi +service mysql restart +mysql -e "create user pmm@'%' identified by \"pmm\"" +mysql -e "grant all on *.* to pmm@'%'" +service mysql restart diff --git a/pmm_qa/tls-ssl-setup/postgres/init.sql b/pmm_qa/tls-ssl-setup/postgres/init.sql new file mode 100644 index 0000000..e11a91a --- /dev/null +++ b/pmm_qa/tls-ssl-setup/postgres/init.sql @@ -0,0 +1,8 @@ +CREATE DATABASE sbtest1; +CREATE DATABASE sbtest2; +CREATE USER pmm WITH PASSWORD 'pmm'; +GRANT pg_monitor TO pmm; +CREATE EXTENSION pg_stat_statements; +ALTER SYSTEM SET shared_preload_libraries TO 'pg_stat_statements'; +ALTER SYSTEM SET track_activity_query_size=2048; +ALTER SYSTEM SET track_io_timing=ON; diff --git a/pmm_qa/tls-ssl-setup/postgres/setup_pgsql.sh b/pmm_qa/tls-ssl-setup/postgres/setup_pgsql.sh new file mode 100644 index 0000000..3bd841e --- /dev/null +++ b/pmm_qa/tls-ssl-setup/postgres/setup_pgsql.sh @@ -0,0 +1,53 @@ +#!/bin/sh + + +while [ $# -gt 0 ]; do + + if [[ $1 == *"--"* ]]; then + param="${1/--/}" + declare $param="$2" + fi + + shift +done + +if [ -z "$pgsql_version" ] +then + export pgsql_version=13 +fi + +apt-get update +apt-get -y install wget curl git +wget https://repo.percona.com/apt/percona-release_latest.generic_all.deb +dpkg -i percona-release_latest.generic_all.deb +percona-release setup ppg${pgsql_version} +sleep 10 +pushd artifacts +bash -x create_certs.sh +popd +sleep 10 +pwd +apt -y install percona-postgresql-${pgsql_version} +apt -y install percona-postgresql-contrib +sleep 10 +sed -i 's/\(host\s*all\s*all\s*127.0.0.1.*\) md5/\1 trust/g' /etc/postgresql/${pgsql_version}/main/pg_hba.conf +sed -i 's/\(host\s*all\s*all\s*::1.*\) md5/\1 trust/g' /etc/postgresql/${pgsql_version}/main/pg_hba.conf +sed -i 's/\(local\s*all\s*postgres.*\) peer/\1 trust/g' /etc/postgresql/${pgsql_version}/main/pg_hba.conf +sed -i 's/\(local\s*all\s*all.*\) peer/\1 trust/g' /etc/postgresql/${pgsql_version}/main/pg_hba.conf +service postgresql restart +sleep 10 +cp -a ./artifacts/certificates/. /var/lib/postgresql/${pgsql_version}/main/ +ls -la ./artifacts/certificates/ +chown -R postgres:postgres /var/lib/postgresql/${pgsql_version}/main +chmod 0700 -R /var/lib/postgresql/${pgsql_version}/main +sed -i "s/ssl_cert_file.*/ssl_cert_file = 'server.crt'/g" /etc/postgresql/${pgsql_version}/main/postgresql.conf +sed -i "s/#listen_addresses.*/listen_addresses = '*'/g" /etc/postgresql/${pgsql_version}/main/postgresql.conf +sed -i "s/ssl_key_file.*/ssl_key_file = 'server.key'/g" /etc/postgresql/${pgsql_version}/main/postgresql.conf +sed -i "s/ssl_ca_file.*/ssl_ca_file = 'ca.crt'/g" /etc/postgresql/${pgsql_version}/main/postgresql.conf +sed -i "s/#ssl_prefer_server_ciphers.*/ssl_prefer_server_ciphers = on/g" /etc/postgresql/${pgsql_version}/main/postgresql.conf +echo "hostssl all all 0.0.0.0/0 md5" >> /etc/postgresql/${pgsql_version}/main/pg_hba.conf +echo "host all all 0.0.0.0/0 md5" >> /etc/postgresql/${pgsql_version}/main/pg_hba.conf +sleep 10 +service postgresql restart +su postgres bash -c 'psql -f init.sql' +service postgresql restart diff --git a/pmm_qa/tls-ssl-setup/postgresql_tls_setup.yml b/pmm_qa/tls-ssl-setup/postgresql_tls_setup.yml new file mode 100644 index 0000000..712496e --- /dev/null +++ b/pmm_qa/tls-ssl-setup/postgresql_tls_setup.yml @@ -0,0 +1,83 @@ +--- +# This playbook does following: +# enables Percona testing repository +# Install Percona Server at Version 8.0.25 +# Install all required tools for backups in compatible version + +- hosts: all + become: true + become_method: sudo + vars: + pgsql_version: "{{ lookup('vars', 'extra_pgsql_version', default=lookup('env','PGSQL_VERSION') | default('13', true) ) }}" + pgsql_ssl_container: "{{ lookup('vars', 'extra_pgsql_ssl_container', default=lookup('env','PGSQL_SSL_CONTAINER') | default('pgsql_ssl', true) ) }}" + pmm_server_ip: "{{ lookup('vars', 'extra_pmm_server_ip', default=lookup('env','PMM_SERVER_IP') | default('127.0.0.1', true) ) }}" + client_version: "{{ lookup('vars', 'extra_client_version', default=lookup('env','CLIENT_VERSION') | default('dev-latest', true) ) }}" + admin_password: "{{ lookup('vars', 'extra_admin_password', default=lookup('env','ADMIN_PASSWORD') | default('admin', true) ) }}" + pmm_qa_branch: "{{ lookup('vars', 'extra_pmm_qa_branch', default=lookup('env','PMM_QA_GIT_BRANCH') | default('main', true) ) }}" + + tasks: + - name: cleanup container for client and DB setup + shell: > + docker ps -a --filter "name={{ pgsql_ssl_container }}" | grep -q . && docker stop {{ pgsql_ssl_container }} && docker rm -fv {{ pgsql_ssl_container }} + ignore_errors: true + tags: + - cleanup + - name: delete network if exist + shell: docker network rm "{{ pgsql_ssl_container }}_network" + ignore_errors: true + tags: + - cleanup + + - name: Create a network + shell: docker network create "{{ pgsql_ssl_container }}_network" + + - name: Create pmm-qa network if not exist + shell: docker network create pmm-qa + ignore_errors: true + + - name: Prepare Container for PostgreSQL + shell: > + docker run -d --name={{ pgsql_ssl_container }} + --network "{{ pgsql_ssl_container }}_network" + phusion/baseimage:focal-1.1.0 + + - name: Copy all required Artifacts to the docker pgsql_ssl_container + shell: "{{ item }}" + with_items: + - docker exec {{ pgsql_ssl_container }} mkdir -p artifacts + - docker cp ./create_certs.sh {{ pgsql_ssl_container }}:/artifacts/ + - docker cp ./postgres/setup_pgsql.sh {{ pgsql_ssl_container }}:/ + - docker cp ./postgres/init.sql {{ pgsql_ssl_container }}:/ + + - name: Execute Setup script inside the pgsql pgsql_ssl_container + shell: "{{ item }}" + with_items: + - docker exec {{ pgsql_ssl_container }} bash -xe ./setup_pgsql.sh --pgsql_version {{ pgsql_version }} > postgres/setup_pgsql_{{ pgsql_version }}.log + + - name: Install pmm2-client on the pgsql_ssl_container + shell: "{{ item }}" + with_items: + - docker exec {{ pgsql_ssl_container }} wget https://raw.githubusercontent.com/percona/pmm-qa/{{ pmm_qa_branch }}/pmm-tests/pmm2-client-setup.sh + - docker network connect pmm-qa {{ pgsql_ssl_container }} + - docker exec {{ pgsql_ssl_container }} bash -x ./pmm2-client-setup.sh --pmm_server_ip {{ pmm_server_ip }} --client_version {{ client_version }} --admin_password {{ admin_password }} --use_metrics_mode no + + - name: Remove pgsql service if already added previously + shell: "{{ item }}" + with_items: + - docker exec {{ pgsql_ssl_container }} bash -c 'source ~/.bash_profile || true; pmm-admin remove postgresql {{ pgsql_ssl_container }}_ssl_service' + ignore_errors: true + + - name: Add pgsql_ssl for monitoring + shell: "{{ item }}" + with_items: + - docker exec {{ pgsql_ssl_container }} bash -c 'source ~/.bash_profile || true; pmm-admin list' + - docker exec {{ pgsql_ssl_container }} bash -c 'source ~/.bash_profile || true; pmm-admin add postgresql --username=pmm --password=pmm --query-source="pgstatements" --tls --tls-ca-file=./certificates/ca.crt --tls-cert-file=./certificates/client.crt --tls-key-file=./certificates/client.pem {{ pgsql_ssl_container }}_ssl_service' + # - docker exec {{ pgsql_ssl_container }} bash -c 'source ~/.bash_profile; pmm-admin add postgresql --socket=/var/run/postgresql postgresql_socket' + + - name: Get client cert Files on host + shell: "{{ item }}" + with_items: + - mkdir -p postgres/{{ pgsql_version }} + - docker exec {{ pgsql_ssl_container }} cat ./certificates/ca.crt > postgres/{{ pgsql_version }}/ca.crt + - docker exec {{ pgsql_ssl_container }} cat ./certificates/client.crt > postgres/{{ pgsql_version }}/client.crt + - docker exec {{ pgsql_ssl_container }} cat ./certificates/client.pem > postgres/{{ pgsql_version }}/client.pem diff --git a/pmm_qa/tls-ssl-setup/setup_mysql b/pmm_qa/tls-ssl-setup/setup_mysql new file mode 100644 index 0000000..66ce332 --- /dev/null +++ b/pmm_qa/tls-ssl-setup/setup_mysql @@ -0,0 +1,84 @@ +--- +# This playbook does following: +# enables Percona testing repository +# Install Percona Server at Version 8.0.25 +# Install all required tools for backups in compatible version + +- hosts: all + become: true + become_method: sudo + vars: + mysql_version: "{{ lookup('vars', 'extra_mysql_version', default=lookup('env','MYSQL_VERSION') | default('8.0', true) ) }}" + mysql_ssl_container: "{{ lookup('vars', 'extra_mysql_ssl_container', default=lookup('env','MYSQL_SSL_CONTAINER') | default('mysql_ssl', true) ) }}" + pmm_server_ip: "{{ lookup('vars', 'extra_pmm_server_ip', default=lookup('env','PMM_SERVER_IP') | default('127.0.0.1', true) ) }}" + client_version: "{{ lookup('vars', 'extra_client_version', default=lookup('env','CLIENT_VERSION') | default('dev-latest', true) ) }}" + admin_password: "{{ lookup('vars', 'extra_admin_password', default=lookup('env','ADMIN_PASSWORD') | default('admin', true) ) }}" + pmm_qa_branch: "{{ lookup('vars', 'extra_pmm_qa_branch', default=lookup('env','PMM_QA_GIT_BRANCH') | default('main', true) ) }}" + + tasks: + - name: Cleanup Docker container for client and DB setup + shell: > + docker ps -a --filter "name={{ mysql_ssl_container }}" | grep -q . && docker stop {{ mysql_ssl_container }} && docker rm -fv {{ mysql_ssl_container }} + ignore_errors: true + tags: + - cleanup + - name: delete network if exist + shell: docker network rm "{{ mysql_ssl_container }}_network" + ignore_errors: true + tags: + - cleanup + + - name: Create a network + shell: docker network create "{{ mysql_ssl_container }}_network" + + - name: Create pmm-qa network if not exist + shell: docker network create pmm-qa + ignore_errors: true + + - name: Prepare Container for mysql ssl container + shell: > + docker run -d --name={{ mysql_ssl_container }} + --network "{{ mysql_ssl_container }}_network" + phusion/baseimage:focal-1.1.0 + + - name: Copy all required Artifacts to the docker mysql_ssl_container + shell: "{{ item }}" + with_items: + - docker exec {{ mysql_ssl_container }} mkdir -p artifacts + - docker cp ./mysql/mysql_ssl_setup.sh {{ mysql_ssl_container }}:/ + + - name: Execute Setup script inside the mysql mysql_ssl_container + shell: "{{ item }}" + with_items: + - docker exec {{ mysql_ssl_container }} bash -xe ./mysql_ssl_setup.sh --mysql_version {{ mysql_version }} > mysql/setup_mysql_ssl_{{ mysql_version }}.log + + - name: Install pmm2-client on the mysql_ssl_container + shell: "{{ item }}" + with_items: + - docker exec {{ mysql_ssl_container }} wget https://raw.githubusercontent.com/percona/pmm-qa/{{ pmm_qa_branch }}/pmm-tests/pmm2-client-setup.sh + - docker network connect pmm-qa {{ mysql_ssl_container }} + - docker exec {{ mysql_ssl_container }} bash -x ./pmm2-client-setup.sh --pmm_server_ip {{ pmm_server_ip }} --client_version {{ client_version }} --admin_password {{ admin_password }} --use_metrics_mode no + + - name: Add pmm-admin binary to path when tar ball installation + shell: docker exec {{ mysql_ssl_container }} echo "export PATH=$PATH:/pmm2-client/bin" > setup_path.sh + when: '"http" in client_version' + + - name: Remove mysql service if already added previously + shell: "{{ item }}" + with_items: + - docker exec {{ mysql_ssl_container }} bash -c 'source ~/.bash_profile || true; pmm-admin remove mysql {{ mysql_ssl_container }}_service' + ignore_errors: true + + - name: Add mysql_ssl for monitoring + shell: "{{ item }}" + with_items: + - docker exec {{ mysql_ssl_container }} bash -c 'source ~/.bash_profile || true; pmm-admin list' + - docker exec {{ mysql_ssl_container }} bash -c 'source ~/.bash_profile || true; pmm-admin add mysql --username=pmm --password=pmm --query-source=perfschema --tls --tls-skip-verify --tls-ca=/var/lib/mysql/ca.pem --tls-cert=/var/lib/mysql/client-cert.pem --tls-key=/var/lib/mysql/client-key.pem {{ mysql_ssl_container }}_ssl_service' + + - name: Get client cert Files on host + shell: "{{ item }}" + with_items: + - mkdir -p mysql/{{ mysql_version }} || true + - docker exec {{ mysql_ssl_container }} cat /var/lib/mysql/ca.pem > mysql/{{ mysql_version }}/ca.pem + - docker exec {{ mysql_ssl_container }} cat /var/lib/mysql/client-key.pem > mysql/{{ mysql_version }}/client-key.pem + - docker exec {{ mysql_ssl_container }} cat /var/lib/mysql/client-cert.pem > mysql/{{ mysql_version }}/client-cert.pem