[ceph.git] / ceph / qa / workunits / mon / caps.sh

#!/usr/bin/env bash

set -x

tmp=/tmp/cephtest-mon-caps-madness

exit_on_error=1

[[ ! -z $TEST_EXIT_ON_ERROR ]] && exit_on_error=$TEST_EXIT_ON_ERROR

if [ `uname` = FreeBSD ]; then
    ETIMEDOUT=60
else
    ETIMEDOUT=110
fi

expect()
{
  cmd=$1
  expected_ret=$2

  echo $cmd
  eval $cmd >&/dev/null
  ret=$?

  if [[ $ret -ne $expected_ret ]]; then
    echo "Error: Expected return $expected_ret, got $ret"
    [[ $exit_on_error -eq 1 ]] && exit 1
    return 1
  fi

  return 0
}

expect "ceph auth get-or-create client.bazar > $tmp.bazar.keyring" 0
expect "ceph -k $tmp.bazar.keyring --user bazar quorum_status" 13
ceph auth del client.bazar

c="'allow command \"auth ls\", allow command quorum_status'"
expect "ceph auth get-or-create client.foo mon $c > $tmp.foo.keyring" 0
expect "ceph -k $tmp.foo.keyring --user foo quorum_status" 0
expect "ceph -k $tmp.foo.keyring --user foo auth ls" 0
expect "ceph -k $tmp.foo.keyring --user foo auth export" 13
expect "ceph -k $tmp.foo.keyring --user foo auth del client.bazar" 13
expect "ceph -k $tmp.foo.keyring --user foo osd dump" 13

# monitor drops the subscribe message from client if it does not have enough caps
# for read from mon. in that case, the client will be waiting for mgrmap in vain,
# if it is instructed to send a command to mgr. "pg dump" is served by mgr. so,
# we need to set a timeout for testing this scenario.
#
# leave plenty of time here because the mons might be thrashing.
export CEPH_ARGS='--rados-mon-op-timeout=300'
expect "ceph -k $tmp.foo.keyring --user foo pg dump" $ETIMEDOUT
export CEPH_ARGS=''

ceph auth del client.foo
expect "ceph -k $tmp.foo.keyring --user foo quorum_status" 13

c="'allow command service with prefix=list, allow command quorum_status'"
expect "ceph auth get-or-create client.bar mon $c > $tmp.bar.keyring" 0
expect "ceph -k $tmp.bar.keyring --user bar quorum_status" 0
expect "ceph -k $tmp.bar.keyring --user bar auth ls" 13
expect "ceph -k $tmp.bar.keyring --user bar auth export" 13
expect "ceph -k $tmp.bar.keyring --user bar auth del client.foo" 13
expect "ceph -k $tmp.bar.keyring --user bar osd dump" 13

# again, we'll need to timeout.
export CEPH_ARGS='--rados-mon-op-timeout=300'
expect "ceph -k $tmp.bar.keyring --user bar pg dump" $ETIMEDOUT
export CEPH_ARGS=''

ceph auth del client.bar
expect "ceph -k $tmp.bar.keyring --user bar quorum_status" 13

rm $tmp.bazar.keyring $tmp.foo.keyring $tmp.bar.keyring

# invalid caps health warning
cat <<EOF | ceph auth import -i -
[client.bad]
  caps mon = this is wrong
  caps osd = does not parse
  caps mds = also does not parse
EOF
ceph health | grep AUTH_BAD_CAP
ceph health detail | grep client.bad
ceph auth rm client.bad
expect "ceph auth health | grep AUTH_BAD_CAP" 1

echo OK
Commit	Line	Data
11fdf7f2 TL	1	#!/usr/bin/env bash
	2
	3	set -x
7c673cae FG	4
	5	tmp=/tmp/cephtest-mon-caps-madness
	6
	7	exit_on_error=1
	8
	9	[[ ! -z $TEST_EXIT_ON_ERROR ]] && exit_on_error=$TEST_EXIT_ON_ERROR
	10
11fdf7f2 TL	11	if [ `uname` = FreeBSD ]; then
	12	ETIMEDOUT=60
	13	else
	14	ETIMEDOUT=110
	15	fi
	16
7c673cae FG	17	expect()
	18	{
	19	cmd=$1
	20	expected_ret=$2
	21
	22	echo $cmd
	23	eval $cmd >&/dev/null
	24	ret=$?
	25
	26	if [[ $ret -ne $expected_ret ]]; then
	27	echo "Error: Expected return $expected_ret, got $ret"
	28	[[ $exit_on_error -eq 1 ]] && exit 1
	29	return 1
	30	fi
	31
	32	return 0
	33	}
	34
	35	expect "ceph auth get-or-create client.bazar > $tmp.bazar.keyring" 0
9f95a23c	36	expect "ceph -k $tmp.bazar.keyring --user bazar quorum_status" 13
7c673cae FG	37	ceph auth del client.bazar
7c673cae FG	38
9f95a23c	39	c="'allow command \"auth ls\", allow command quorum_status'"
7c673cae	40	expect "ceph auth get-or-create client.foo mon $c > $tmp.foo.keyring" 0
9f95a23c	41	expect "ceph -k $tmp.foo.keyring --user foo quorum_status" 0
c07f9fc5	42	expect "ceph -k $tmp.foo.keyring --user foo auth ls" 0
7c673cae FG	43	expect "ceph -k $tmp.foo.keyring --user foo auth export" 13
	44	expect "ceph -k $tmp.foo.keyring --user foo auth del client.bazar" 13
	45	expect "ceph -k $tmp.foo.keyring --user foo osd dump" 13
11fdf7f2 TL	46
	47	# monitor drops the subscribe message from client if it does not have enough caps
	48	# for read from mon. in that case, the client will be waiting for mgrmap in vain,
	49	# if it is instructed to send a command to mgr. "pg dump" is served by mgr. so,
	50	# we need to set a timeout for testing this scenario.
	51	#
	52	# leave plenty of time here because the mons might be thrashing.
	53	export CEPH_ARGS='--rados-mon-op-timeout=300'
	54	expect "ceph -k $tmp.foo.keyring --user foo pg dump" $ETIMEDOUT
	55	export CEPH_ARGS=''
	56
7c673cae	57	ceph auth del client.foo
9f95a23c	58	expect "ceph -k $tmp.foo.keyring --user foo quorum_status" 13
7c673cae	59
9f95a23c	60	c="'allow command service with prefix=list, allow command quorum_status'"
7c673cae	61	expect "ceph auth get-or-create client.bar mon $c > $tmp.bar.keyring" 0
9f95a23c	62	expect "ceph -k $tmp.bar.keyring --user bar quorum_status" 0
c07f9fc5	63	expect "ceph -k $tmp.bar.keyring --user bar auth ls" 13
7c673cae FG	64	expect "ceph -k $tmp.bar.keyring --user bar auth export" 13
	65	expect "ceph -k $tmp.bar.keyring --user bar auth del client.foo" 13
	66	expect "ceph -k $tmp.bar.keyring --user bar osd dump" 13
11fdf7f2 TL	67
	68	# again, we'll need to timeout.
	69	export CEPH_ARGS='--rados-mon-op-timeout=300'
	70	expect "ceph -k $tmp.bar.keyring --user bar pg dump" $ETIMEDOUT
	71	export CEPH_ARGS=''
	72
7c673cae	73	ceph auth del client.bar
9f95a23c	74	expect "ceph -k $tmp.bar.keyring --user bar quorum_status" 13
7c673cae FG	75
	76	rm $tmp.bazar.keyring $tmp.foo.keyring $tmp.bar.keyring
	77
11fdf7f2 TL	78	# invalid caps health warning
	79	cat <<EOF \| ceph auth import -i -
	80	[client.bad]
	81	caps mon = this is wrong
	82	caps osd = does not parse
	83	caps mds = also does not parse
	84	EOF
	85	ceph health \| grep AUTH_BAD_CAP
	86	ceph health detail \| grep client.bad
	87	ceph auth rm client.bad
	88	expect "ceph auth health \| grep AUTH_BAD_CAP" 1
	89
c07f9fc5	90	echo OK