From a72f79450c4ec5069c1bf27b6da1a08b8c472223 Mon Sep 17 00:00:00 2001 From: Razvan-Liviu Varzaru Date: Fri, 20 Dec 2024 16:22:22 +0200 Subject: [PATCH 1/2] MDBF-815 - HashiCorp Vault server The scope of this PR is to create a separate Debian 12/i386 container image with HashiCorp Vault installed. Vault tests are part of the MBDF-815 requirements, and the new fulltest-debug builder will use this image. Changes to the BuildBot configuration will be done in a separate PR. Built the image locally and tested on: Server version: 10.11.11 Revision: c391fb1ff122adbfb9a7f98d3239aa08311918d6 # Create Debug build cmake . -DCMAKE_BUILD_TYPE=Debug -DWITH_EMBEDDED_SERVER=1 \ -DHAVE_EMBEDDED_PRIVILEGE_CONTROL=1 -DWITH_DBUG_TRACE=OFF && make -j 24 # Start Vault server vault server -dev > /dev/null 2>&1 & # Run MTR with --suite=vault cd mysql-test && perl mysql-test-run.pl --suite=vault \ --parallel=1 --verbose-restart --force --big ============================================================================== TEST RESULT TIME (ms) or COMMENT -------------------------------------------------------------------------- worker[01] Using MTR_BUILD_THREAD 300, with reserved ports 19000..19029 vault.hashicorp_mariabackup [ pass ] 3013 vault.hashicorp_cache_after_recreate [ pass ] 3232 vault.hashicorp_key_rotation_age [ pass ] 15220 vault.hashicorp_check_kv_version [ pass ] 4679 vault.hashicorp_encode [ pass ] 451 vault.hashicorp_key_migration [ pass ] 5881 vault.hashicorp_url_prefix [ pass ] 4735 vault.hashicorp_cache_timeout_update [ pass ] 402 -------------------------------------------------------------------------- The servers were restarted 4 times Spent 37.613 of 43 seconds executing testcases Completed: All 8 tests were successful. --- .github/workflows/build-debian-based.yml | 11 ++++++++++- ci_build_images/hashicorp.Dockerfile | 17 +++++++++++++++++ 2 files changed, 27 insertions(+), 1 deletion(-) create mode 100644 ci_build_images/hashicorp.Dockerfile diff --git a/.github/workflows/build-debian-based.yml b/.github/workflows/build-debian-based.yml index cea29413..adb4ebf4 100644 --- a/.github/workflows/build-debian-based.yml +++ b/.github/workflows/build-debian-based.yml @@ -7,6 +7,7 @@ on: - 'dev' paths: - 'ci_build_images/debian.Dockerfile' + - 'ci_build_images/hashicorp.Dockerfile' - 'ci_build_images/qpress.Dockerfile' - 'ci_build_images/buildbot-worker.Dockerfile' - .github/workflows/build-debian-based.yml @@ -14,6 +15,7 @@ on: pull_request: paths: - 'ci_build_images/debian.Dockerfile' + - 'ci_build_images/hashicorp.Dockerfile' - 'ci_build_images/qpress.Dockerfile' - 'ci_build_images/buildbot-worker.Dockerfile' - .github/workflows/build-debian-based.yml @@ -44,6 +46,13 @@ jobs: tag: debian12-386 nogalera: false + - image: debian:12 + platforms: linux/386 + branch: 10.11 + tag: debian12-386-hashicorp + nogalera: false + dockerfile: 'debian.Dockerfile hashicorp.Dockerfile' + - image: debian:sid platforms: linux/amd64, linux/arm64/v8, linux/ppc64le branch: 11.4 @@ -78,7 +87,7 @@ jobs: uses: ./.github/workflows/bbw_build_container_template.yml with: - dockerfile: debian.Dockerfile + dockerfile: ${{ matrix.dockerfile || 'debian.Dockerfile' }} image: ${{ matrix.image }} platforms: ${{ matrix.platforms }} tag: ${{ matrix.tag }} diff --git a/ci_build_images/hashicorp.Dockerfile b/ci_build_images/hashicorp.Dockerfile new file mode 100644 index 00000000..f8a56ae4 --- /dev/null +++ b/ci_build_images/hashicorp.Dockerfile @@ -0,0 +1,17 @@ + +# INSTALL HASHICORP VAULT +# USAGE: vault server -dev > /dev/null 2>&1 & + +RUN curl -fsSL https://apt.releases.hashicorp.com/gpg | gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg \ +&& echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] \ +https://apt.releases.hashicorp.com $(lsb_release -cs) main" | tee /etc/apt/sources.list.d/hashicorp.list \ +&& apt-get update \ +&& apt-get -y install --no-install-recommends vault \ +&& setcap cap_ipc_lock=-ep "$(readlink -f "$(which vault)")" \ +&& apt-get clean + +# VAULT CONFIGURATION +ENV VAULT_DEV_ROOT_TOKEN_ID='MTR' +# MTR CONFIGURATION +ENV VAULT_TOKEN='MTR' +ENV VAULT_ADDR='http://127.0.0.1:8200' From 8d0be500d7140bf8c8bde8de7a0644a5c742cedf Mon Sep 17 00:00:00 2001 From: Razvan-Liviu Varzaru Date: Tue, 7 Jan 2025 14:31:41 +0200 Subject: [PATCH 2/2] Fix dockerfile indentation --- ci_build_images/hashicorp.Dockerfile | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/ci_build_images/hashicorp.Dockerfile b/ci_build_images/hashicorp.Dockerfile index f8a56ae4..5c48d7f1 100644 --- a/ci_build_images/hashicorp.Dockerfile +++ b/ci_build_images/hashicorp.Dockerfile @@ -2,13 +2,14 @@ # INSTALL HASHICORP VAULT # USAGE: vault server -dev > /dev/null 2>&1 & -RUN curl -fsSL https://apt.releases.hashicorp.com/gpg | gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg \ -&& echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] \ -https://apt.releases.hashicorp.com $(lsb_release -cs) main" | tee /etc/apt/sources.list.d/hashicorp.list \ -&& apt-get update \ -&& apt-get -y install --no-install-recommends vault \ -&& setcap cap_ipc_lock=-ep "$(readlink -f "$(which vault)")" \ -&& apt-get clean +RUN . /etc/os-release \ + && curl -fsSL https://apt.releases.hashicorp.com/gpg | gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg \ + && echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] \ + https://apt.releases.hashicorp.com $(lsb_release -cs) main" | tee /etc/apt/sources.list.d/hashicorp.list \ + && apt-get update \ + && apt-get -y install --no-install-recommends vault \ + && setcap cap_ipc_lock=-ep "$(readlink -f "$(which vault)")" \ + && apt-get clean # VAULT CONFIGURATION ENV VAULT_DEV_ROOT_TOKEN_ID='MTR'