23413d4e0f
This commit adds TLS connection between ProxySQL and MariaDB. Frontend TLS ( between services and ProxySQL) will be added in another commit. Parialy Implements: mariadb-ssl-support Change-Id: I154cbb096469c5515c9d8156c2c1c5dd07b95849 Signed-off-by: Matus Jenca <matus.jenca@dnation.cloud>
54 lines
1.5 KiB
Bash
Executable File
54 lines
1.5 KiB
Bash
Executable File
#!/bin/bash
|
|
set -o xtrace
|
|
set -o pipefail
|
|
|
|
|
|
function test_proxysql_connection_logged {
|
|
mariadb -h $VIP -P$DATABASE_PORT -u$DATABASE_USER -p$DATABASE_PASSWORD -e 'SHOW TABLES'
|
|
}
|
|
|
|
function test_proxysql {
|
|
test_proxysql_connection_logged > /tmp/logs/ansible/test-proxysql 2>&1
|
|
result=$?
|
|
echo $result
|
|
if [[ $result != 0 ]]; then
|
|
echo "Testing ProxySQL failed. See ansible/test-proxysql for details"
|
|
else
|
|
echo "Successfully tested ProxySQL. See ansible/test-proxysql for details"
|
|
fi
|
|
return $result
|
|
}
|
|
function test_proxysql_ssl_connection {
|
|
query="SELECT SUBSTRING_INDEX(variable_value, ',', -1) AS '' FROM information_schema.session_status WHERE variable_name = 'Ssl_cipher' LIMIT 1;"
|
|
result=$(mariadb -h $VIP -P$DATABASE_PORT -u$DATABASE_USER -p$DATABASE_PASSWORD -e "$query" --silent)
|
|
echo $result
|
|
if [[ "$result" =~ ^[[:space:]]*$ || -z "${result}" ]]; then
|
|
echo "ERROR: SSL is not utilized in ProxySQL"
|
|
return 1
|
|
else
|
|
echo "SSL connection is working properly in proxysql"
|
|
return 0
|
|
fi
|
|
|
|
}
|
|
|
|
DATABASE_PORT="${DATABASE_PORT:-3306}"
|
|
DATABASE_USER="${DATABASE_USER:-root_shard_0}"
|
|
TLS_ENABLED="${TLS_ENABLED:-false}"
|
|
if [[ -z "${VIP}" ]]; then
|
|
echo "VIP not set"
|
|
exit 1
|
|
fi
|
|
|
|
if [[ -z "${DATABASE_PASSWORD}" ]]; then
|
|
DATABASE_PASSWORD=$(grep ^database_password /etc/kolla/passwords.yml | cut -d" " -f2)
|
|
fi
|
|
|
|
test_proxysql
|
|
if [ "$TLS_ENABLED" = true ]; then
|
|
test_proxysql_ssl_connection
|
|
fi
|
|
|
|
|
|
|