Skip to content

Commit 1d847dc

Browse files
liubao68liubao68
authored
Merge pull request #18 from pangpang20/master
Enhance SSL Testing Support for OpenGauss in Python GaussDB Driver
2 parents b58580a + 386a84f commit 1d847dc

File tree

18 files changed

+810
-3
lines changed

18 files changed

+810
-3
lines changed

.github/workflows/tests-ssl.yml

Lines changed: 240 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,240 @@
1+
name: Tests with SSL
2+
3+
on:
4+
push:
5+
branches:
6+
- "*"
7+
pull_request:
8+
workflow_dispatch:
9+
10+
concurrency:
11+
group: ${{ github.workflow }}-${{ github.ref_name }}
12+
cancel-in-progress: true
13+
14+
jobs:
15+
test:
16+
runs-on: ubuntu-22.04
17+
18+
services:
19+
opengauss:
20+
image: opengauss/opengauss-server:latest
21+
ports:
22+
- 5432:5432
23+
env:
24+
GS_USERNAME: root
25+
GS_USER_PASSWORD: Passwd@123
26+
GS_PASSWORD: Passwd@123
27+
options: >-
28+
--privileged=true
29+
--name opengauss-custom
30+
31+
steps:
32+
- name: Reset permissions for checkout
33+
run: |
34+
sudo chmod -R u+rwX certs || true
35+
if: always()
36+
37+
- name: Checkout code
38+
uses: actions/checkout@v4
39+
with:
40+
fetch-depth: 1
41+
42+
- name: Set up Python 3.9
43+
uses: actions/setup-python@v5
44+
with:
45+
python-version: "3.9"
46+
cache: pip
47+
48+
- name: Create and activate virtual environment
49+
run: |
50+
python -m venv venv
51+
echo "VENV_PATH=$GITHUB_WORKSPACE/venv/bin" >> $GITHUB_ENV
52+
source venv/bin/activate
53+
54+
- name: Create omm user
55+
run: |
56+
sudo useradd -m -s /bin/bash omm || true
57+
sudo usermod -aG docker omm || true
58+
59+
- name: Create configuration directories
60+
run: |
61+
mkdir -p ${{ github.workspace }}/opengauss/conf
62+
sudo chown omm:omm ${{ github.workspace }}/opengauss/conf ${{ github.workspace }}/certs || true
63+
sudo chmod 755 ${{ github.workspace }}/opengauss/conf ${{ github.workspace }}/certs || true
64+
65+
- name: Set certificate permissions
66+
run: |
67+
sudo chown -R omm:omm ${{ github.workspace }}/certs
68+
sudo chmod 644 ${{ github.workspace }}/certs/*key || true
69+
sudo chmod 644 ${{ github.workspace }}/certs/*.crt || true
70+
71+
- name: Create postgresql.conf with SSL
72+
run: |
73+
sudo -u omm bash -c 'cat > ${{ github.workspace }}/opengauss/conf/postgresql.conf <<EOF
74+
max_connections = 200
75+
session_timeout = 10min
76+
bulk_write_ring_size = 2GB
77+
max_prepared_transactions = 200
78+
cstore_buffers = 512MB
79+
enable_incremental_checkpoint = on
80+
incremental_checkpoint_timeout = 60s
81+
enable_double_write = on
82+
wal_keep_segments = 16
83+
enable_slot_log = off
84+
synchronous_standby_names = '"'"'*'"'"'
85+
walsender_max_send_size = 8MB
86+
hot_standby = on
87+
enable_kill_query = off
88+
logging_collector = on
89+
log_filename = '"'"'postgresql-%Y-%m-%d_%H%M%S.log'"'"'
90+
log_file_mode = 0600
91+
log_rotation_size = 20MB
92+
log_min_duration_statement = 1800000
93+
log_connections = off
94+
log_disconnections = off
95+
log_duration = off
96+
log_hostname = off
97+
log_line_prefix = '"'"'%m %u %d %h %p %S '"'"'
98+
log_timezone = '"'"'UTC'"'"'
99+
enable_alarm = on
100+
connection_alarm_rate = 0.9
101+
alarm_report_interval = 10
102+
alarm_component = '"'"'/opt/snas/bin/snas_cm_cmd'"'"'
103+
use_workload_manager = on
104+
datestyle = '"'"'iso, mdy'"'"'
105+
timezone = '"'"'UTC'"'"'
106+
lc_messages = '"'"'en_US.utf8'"'"'
107+
lc_monetary = '"'"'en_US.utf8'"'"'
108+
lc_numeric = '"'"'en_US.utf8'"'"'
109+
lc_time = '"'"'en_US.utf8'"'"'
110+
default_text_search_config = '"'"'pg_catalog.english'"'"'
111+
lockwait_timeout = 1200s
112+
pgxc_node_name = '"'"'gaussdb'"'"'
113+
audit_enabled = on
114+
job_queue_processes = 10
115+
dolphin.nulls_minimal_policy = on
116+
password_encryption_type = 0
117+
wal_level = logical
118+
application_name = '"'"''"'"'
119+
listen_addresses = '"'"'*'"'"'
120+
max_replication_slots = 10
121+
max_wal_senders = 10
122+
shared_buffers = 512MB
123+
ssl = on
124+
ssl_cert_file = '"'"'/var/lib/opengauss/certs/server.crt'"'"'
125+
ssl_key_file = '"'"'/var/lib/opengauss/certs/server.key'"'"'
126+
ssl_ca_file = '"'"'/var/lib/opengauss/certs/ca.crt'"'"'
127+
EOF'
128+
sudo chmod 644 ${{ github.workspace }}/opengauss/conf/postgresql.conf
129+
130+
- name: Create pg_hba.conf with SSL
131+
run: |
132+
sudo -u omm bash -c 'cat > ${{ github.workspace }}/opengauss/conf/pg_hba.conf <<EOF
133+
local all all trust
134+
host all all 127.0.0.1/32 trust
135+
host all all ::1/128 trust
136+
hostssl all all 0.0.0.0/0 cert
137+
host all all 0.0.0.0/0 md5
138+
host replication gaussdb 0.0.0.0/0 md5
139+
EOF'
140+
sudo chmod 644 ${{ github.workspace }}/opengauss/conf/pg_hba.conf
141+
142+
- name: Debug file permissions
143+
run: |
144+
ls -l ${{ github.workspace }}/opengauss/conf/
145+
whoami
146+
docker info --format '{{.ServerVersion}}'
147+
docker ps -a
148+
149+
- name: Copy configuration files to container data directory
150+
run: |
151+
docker exec opengauss-custom mkdir -p /var/lib/opengauss/data
152+
docker cp ${{ github.workspace }}/opengauss/conf/postgresql.conf opengauss-custom:/var/lib/opengauss/data/postgresql.conf
153+
docker cp ${{ github.workspace }}/opengauss/conf/pg_hba.conf opengauss-custom:/var/lib/opengauss/data/pg_hba.conf
154+
155+
docker exec opengauss-custom mkdir -p /var/lib/opengauss/certs
156+
docker cp ${{ github.workspace }}/certs/server.crt opengauss-custom:/var/lib/opengauss/certs/
157+
docker cp ${{ github.workspace }}/certs/server.key opengauss-custom:/var/lib/opengauss/certs/
158+
docker cp ${{ github.workspace }}/certs/ca.crt opengauss-custom:/var/lib/opengauss/certs/
159+
160+
- name: Fix SSL cert permissions
161+
run: |
162+
sudo chown -R $(whoami):$(whoami) ${{ github.workspace }}/certs
163+
sudo chmod 600 ${{ github.workspace }}/certs/*
164+
165+
- name: Set permissions inside container
166+
run: |
167+
docker exec opengauss-custom chown omm:omm /var/lib/opengauss/data/postgresql.conf /var/lib/opengauss/data/pg_hba.conf /var/lib/opengauss/certs/server.crt /var/lib/opengauss/certs/server.key /var/lib/opengauss/certs/ca.crt
168+
docker exec opengauss-custom chmod 600 /var/lib/opengauss/data/postgresql.conf /var/lib/opengauss/data/pg_hba.conf /var/lib/opengauss/certs/server.crt /var/lib/opengauss/certs/server.key /var/lib/opengauss/certs/ca.crt
169+
170+
- name: Restart openGauss to apply configuration
171+
run: |
172+
docker restart opengauss-custom
173+
174+
- name: Install GaussDB libpq driver
175+
run: |
176+
sudo apt update
177+
sudo apt install -y wget unzip
178+
wget -O /tmp/GaussDB_driver.zip https://dbs-download.obs.cn-north-1.myhuaweicloud.com/GaussDB/1730887196055/GaussDB_driver.zip
179+
unzip /tmp/GaussDB_driver.zip -d /tmp/ && rm -rf /tmp/GaussDB_driver.zip
180+
\cp /tmp/GaussDB_driver/Centralized/Hce2_X86_64/GaussDB-Kernel*64bit_Python.tar.gz /tmp/
181+
tar -zxvf /tmp/GaussDB-Kernel*64bit_Python.tar.gz -C /tmp/ && rm -rf /tmp/GaussDB-Kernel*64bit_Python.tar.gz && rm -rf /tmp/_GaussDB && rm -rf /tmp/GaussDB_driver
182+
echo /tmp/lib | sudo tee /etc/ld.so.conf.d/gauss-libpq.conf
183+
sudo sed -i '1s|^|/tmp/lib\n|' /etc/ld.so.conf
184+
sudo ldconfig
185+
ldconfig -p | grep pq
186+
187+
- name: Install dependencies
188+
run: |
189+
source venv/bin/activate
190+
python -m pip install --upgrade pip
191+
pip install -r requirements.txt
192+
pip install ./tools/isort-gaussdb/
193+
pip install "./gaussdb[dev,test]"
194+
pip install ./gaussdb_pool
195+
196+
- name: Wait for openGauss to be ready
197+
env:
198+
GSQL_PASSWORD: Passwd@123
199+
run: |
200+
source venv/bin/activate
201+
for i in {1..30}; do
202+
pg_isready -h localhost -p 5432 -U root && break
203+
sleep 10
204+
done
205+
if ! pg_isready -h localhost -p 5432 -U root; then
206+
echo "openGauss is not ready"
207+
exit 1
208+
fi
209+
210+
- name: Verify SSL configuration
211+
run: |
212+
docker exec opengauss-custom bash -c "su - omm -c 'gsql -d postgres -c \"SHOW ssl;\"'" | grep -q "on" || { echo "ERROR: ssl is not set to 'on'"; exit 1; }
213+
docker exec opengauss-custom bash -c "su - omm -c 'gsql -d postgres -c \"SHOW ssl_cert_file;\"'" | grep -q "/var/lib/opengauss/certs/server.crt" || { echo "ERROR: ssl_cert_file is not set to '/var/lib/opengauss/certs/server.crt'"; exit 1; }
214+
docker exec opengauss-custom bash -c "su - omm -c 'gsql -d postgres -c \"SHOW ssl_key_file;\"'" | grep -q "/var/lib/opengauss/certs/server.key" || { echo "ERROR: ssl_key_file is not set to '/var/lib/opengauss/certs/server.key'"; exit 1; }
215+
docker exec opengauss-custom bash -c "su - omm -c 'gsql -d postgres -c \"SHOW ssl_ca_file;\"'" | grep -q "/var/lib/opengauss/certs/ca.crt" || { echo "ERROR: ssl_ca_file is not set to '/var/lib/opengauss/certs/ca.crt'"; exit 1; }
216+
echo "SSL configuration verified successfully"
217+
218+
- name: Create test database
219+
run: |
220+
docker exec opengauss-custom bash -c "su - omm -c 'gsql -d postgres -c \"CREATE DATABASE test ;\"'"
221+
222+
- name: Create report directory
223+
run: |
224+
mkdir -p reports
225+
226+
- name: Run tests
227+
env:
228+
PYTHONPATH: ./gaussdb:./gaussdb_pool
229+
GAUSSDB_IMPL: python
230+
GAUSSDB_TEST_DSN: "host=127.0.0.1 port=5432 dbname=test user=root password=Passwd@123 sslmode=verify-ca sslrootcert=${{ github.workspace }}/certs/ca.crt sslcert=${{ github.workspace }}/certs/client.crt sslkey=${{ github.workspace }}/certs/client.key"
231+
run: |
232+
export PGSSLDEBUG=1
233+
source venv/bin/activate
234+
pytest -s -v
235+
236+
- name: Cleanup
237+
if: always()
238+
run: |
239+
docker stop opengauss-custom
240+
docker rm opengauss-custom

.github/workflows/tests.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
name: Tests
1+
name: Tests without SSL
22

33
on:
44
push:

0 commit comments

Comments
 (0)