MDBF-815 - HashiCorp Vault server

The scope of this PR is to create a separate Debian 12/i386 container image with HashiCorp Vault installed. Vault tests are part of the MBDF-815 requirements, and the new fulltest-debug builder will use this image. Changes to the BuildBot configuration will be done in a separate PR. Built the image locally and tested on: Server version: 10.11.11 Revision: c391fb1ff122adbfb9a7f98d3239aa08311918d6 # Create Debug build cmake . -DCMAKE_BUILD_TYPE=Debug -DWITH_EMBEDDED_SERVER=1 \ -DHAVE_EMBEDDED_PRIVILEGE_CONTROL=1 -DWITH_DBUG_TRACE=OFF && make -j 24 # Start Vault server vault server -dev > /dev/null 2>&1 & # Run MTR with --suite=vault cd mysql-test && perl mysql-test-run.pl --suite=vault \ --parallel=1 --verbose-restart --force --big ============================================================================== TEST RESULT TIME (ms) or COMMENT -------------------------------------------------------------------------- worker[01] Using MTR_BUILD_THREAD 300, with reserved ports 19000..19029 vault.hashicorp_mariabackup [ pass ] 3013 vault.hashicorp_cache_after_recreate [ pass ] 3232 vault.hashicorp_key_rotation_age [ pass ] 15220 vault.hashicorp_check_kv_version [ pass ] 4679 vault.hashicorp_encode [ pass ] 451 vault.hashicorp_key_migration [ pass ] 5881 vault.hashicorp_url_prefix [ pass ] 4735 vault.hashicorp_cache_timeout_update [ pass ] 402 -------------------------------------------------------------------------- The servers were restarted 4 times Spent 37.613 of 43 seconds executing testcases Completed: All 8 tests were successful.
MariaDB · Dec 20, 2024 · e80dad8 · e80dad8
1 parent 71010f2
commit e80dad8
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 1 deletion.
diff --git a/.github/workflows/build-debian-based.yml b/.github/workflows/build-debian-based.yml
@@ -4,13 +4,15 @@ on:
   push:
     paths:
       - 'ci_build_images/debian.Dockerfile'
+      - 'ci_build_images/hashicorp.Dockerfile'
       - 'ci_build_images/qpress.Dockerfile'
       - 'ci_build_images/buildbot-worker.Dockerfile'
       - .github/workflows/build-debian-based.yml
       - .github/workflows/bbw_build_container_template.yml
   pull_request:
     paths:
       - 'ci_build_images/debian.Dockerfile'
+      - 'ci_build_images/hashicorp.Dockerfile'
       - 'ci_build_images/qpress.Dockerfile'
       - 'ci_build_images/buildbot-worker.Dockerfile'
       - .github/workflows/build-debian-based.yml
@@ -41,6 +43,13 @@ jobs:
             tag: debian12-386
             nogalera: false
 
+          - image: debian:12
+            platforms: linux/386
+            branch: 10.11
+            tag: debian12-386-hashicorp
+            nogalera: false
+            dockerfile: 'debian.Dockerfile hashicorp.Dockerfile'
+
           - image: debian:sid
             platforms: linux/amd64, linux/arm64/v8, linux/ppc64le
             branch: 11.4
@@ -75,7 +84,7 @@ jobs:
 
     uses: ./.github/workflows/bbw_build_container_template.yml
     with:
-      dockerfile: debian.Dockerfile
+      dockerfile: ${{ matrix.dockerfile || 'debian.Dockerfile' }}
       image: ${{ matrix.image }}
       platforms: ${{ matrix.platforms }}
       tag: ${{ matrix.tag }}

diff --git a/ci_build_images/hashicorp.Dockerfile b/ci_build_images/hashicorp.Dockerfile
@@ -0,0 +1,17 @@
+
+# INSTALL HASHICORP VAULT
+# USAGE: vault server -dev > /dev/null 2>&1 &
+
+RUN curl -fsSL https://apt.releases.hashicorp.com/gpg | gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg \
+&& echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] \
+https://apt.releases.hashicorp.com $(lsb_release -cs) main" | tee /etc/apt/sources.list.d/hashicorp.list \
+&& apt-get update \
+&& apt-get -y install --no-install-recommends vault \
+&& setcap cap_ipc_lock=-ep "$(readlink -f "$(which vault)")" \
+&& apt-get clean
+
+# VAULT CONFIGURATION
+ENV VAULT_DEV_ROOT_TOKEN_ID='MTR'
+# MTR CONFIGURATION
+ENV VAULT_TOKEN='MTR'
+ENV VAULT_ADDR='http://127.0.0.1:8200'