From da35016c1633eaa293b0897e05b6233e49d8e049 Mon Sep 17 00:00:00 2001 From: Razvan-Liviu Varzaru Date: Fri, 20 Dec 2024 16:20:09 +0200 Subject: [PATCH] MDBF-815 - HashiCorp Vault server The scope of this PR is to create a separate Debian 12/i386 container image with HashiCorp Vault installed. Vault tests are part of the MBDF-815 requirements, and the new fulltest-debug builder will use this image. Changes to the BuildBot configuration will be done in a separate PR. Built the image locally and tested on: Server version: 10.11.11 Revision: c391fb1ff122adbfb9a7f98d3239aa08311918d6 # Create Debug build cmake . -DCMAKE_BUILD_TYPE=Debug -DWITH_EMBEDDED_SERVER=1 \ -DHAVE_EMBEDDED_PRIVILEGE_CONTROL=1 -DWITH_DBUG_TRACE=OFF && make -j 24 # Start Vault server vault server -dev > /dev/null 2>&1 & # Run MTR with --suite=vault cd mysql-test && perl mysql-test-run.pl --suite=vault \ --parallel=1 --verbose-restart --force --big ============================================================================== TEST RESULT TIME (ms) or COMMENT -------------------------------------------------------------------------- worker[01] Using MTR_BUILD_THREAD 300, with reserved ports 19000..19029 vault.hashicorp_mariabackup [ pass ] 3013 vault.hashicorp_cache_after_recreate [ pass ] 3232 vault.hashicorp_key_rotation_age [ pass ] 15220 vault.hashicorp_check_kv_version [ pass ] 4679 vault.hashicorp_encode [ pass ] 451 vault.hashicorp_key_migration [ pass ] 5881 vault.hashicorp_url_prefix [ pass ] 4735 vault.hashicorp_cache_timeout_update [ pass ] 402 -------------------------------------------------------------------------- The servers were restarted 4 times Spent 37.613 of 43 seconds executing testcases Completed: All 8 tests were successful. --- .github/workflows/build-debian-based.yml | 11 ++++++++++- ci_build_images/hashicorp.Dockerfile | 17 +++++++++++++++++ 2 files changed, 27 insertions(+), 1 deletion(-) create mode 100644 ci_build_images/hashicorp.Dockerfile diff --git a/.github/workflows/build-debian-based.yml b/.github/workflows/build-debian-based.yml index c0f14e03..c019dea1 100644 --- a/.github/workflows/build-debian-based.yml +++ b/.github/workflows/build-debian-based.yml @@ -4,6 +4,7 @@ on: push: paths: - 'ci_build_images/debian.Dockerfile' + - 'ci_build_images/hashicorp.Dockerfile' - 'ci_build_images/qpress.Dockerfile' - 'ci_build_images/buildbot-worker.Dockerfile' - .github/workflows/build-debian-based.yml @@ -11,6 +12,7 @@ on: pull_request: paths: - 'ci_build_images/debian.Dockerfile' + - 'ci_build_images/hashicorp.Dockerfile' - 'ci_build_images/qpress.Dockerfile' - 'ci_build_images/buildbot-worker.Dockerfile' - .github/workflows/build-debian-based.yml @@ -41,6 +43,13 @@ jobs: tag: debian12-386 nogalera: false + - image: debian:12 + platforms: linux/386 + branch: 10.11 + tag: debian12-386-hashicorp + nogalera: false + dockerfile: 'debian.Dockerfile hashicorp.Dockerfile' + - image: debian:sid platforms: linux/amd64, linux/arm64/v8, linux/ppc64le branch: 11.4 @@ -75,7 +84,7 @@ jobs: uses: ./.github/workflows/bbw_build_container_template.yml with: - dockerfile: debian.Dockerfile + dockerfile: ${{ matrix.dockerfile || 'debian.Dockerfile' }} image: ${{ matrix.image }} platforms: ${{ matrix.platforms }} tag: ${{ matrix.tag }} diff --git a/ci_build_images/hashicorp.Dockerfile b/ci_build_images/hashicorp.Dockerfile new file mode 100644 index 00000000..91b4e53f --- /dev/null +++ b/ci_build_images/hashicorp.Dockerfile @@ -0,0 +1,17 @@ + +# INSTALL HASHICORP VAULT +# USAGE: vault server -dev > /dev/null 2>&1 & + +RUN curl -fsSL https://apt.releases.hashicorp.com/gpg | gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg \ +&& echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] \ +https://apt.releases.hashicorp.com $(lsb_release -cs) main" | tee /etc/apt/sources.list.d/hashicorp.list \ +&& apt-get update \ +&& apt-get install -y vault \ +&& setcap cap_ipc_lock=-ep "$(readlink -f "$(which vault)")" \ +&& apt-get clean + +# VAULT CONFIGURATION +ENV VAULT_DEV_ROOT_TOKEN_ID='MTR' +# MTR CONFIGURATION +ENV VAULT_TOKEN='MTR' +ENV VAULT_ADDR='http://127.0.0.1:8200'