]>
Commit | Line | Data |
---|---|---|
11fdf7f2 TL |
1 | #!/usr/bin/env bash |
2 | set -ex | |
7c673cae FG |
3 | |
4 | IMAGE_FEATURES="layering,exclusive-lock,object-map,fast-diff" | |
5 | ||
11fdf7f2 TL |
6 | clone_v2_enabled() { |
7 | image_spec=$1 | |
8 | rbd info $image_spec | grep "clone-parent" | |
9 | } | |
10 | ||
7c673cae | 11 | create_pools() { |
11fdf7f2 | 12 | ceph osd pool create images 32 |
c07f9fc5 | 13 | rbd pool init images |
11fdf7f2 | 14 | ceph osd pool create volumes 32 |
c07f9fc5 | 15 | rbd pool init volumes |
7c673cae FG |
16 | } |
17 | ||
18 | delete_pools() { | |
19 | (ceph osd pool delete images images --yes-i-really-really-mean-it || true) >/dev/null 2>&1 | |
20 | (ceph osd pool delete volumes volumes --yes-i-really-really-mean-it || true) >/dev/null 2>&1 | |
21 | ||
22 | } | |
23 | ||
24 | recreate_pools() { | |
25 | delete_pools | |
26 | create_pools | |
27 | } | |
28 | ||
29 | delete_users() { | |
30 | (ceph auth del client.volumes || true) >/dev/null 2>&1 | |
31 | (ceph auth del client.images || true) >/dev/null 2>&1 | |
28e407b8 AA |
32 | |
33 | (ceph auth del client.snap_none || true) >/dev/null 2>&1 | |
34 | (ceph auth del client.snap_all || true) >/dev/null 2>&1 | |
35 | (ceph auth del client.snap_pool || true) >/dev/null 2>&1 | |
36 | (ceph auth del client.snap_profile_all || true) >/dev/null 2>&1 | |
37 | (ceph auth del client.snap_profile_pool || true) >/dev/null 2>&1 | |
38 | ||
39 | (ceph auth del client.mon_write || true) >/dev/null 2>&1 | |
7c673cae FG |
40 | } |
41 | ||
42 | create_users() { | |
92f5a8d4 TL |
43 | ceph auth get-or-create client.volumes \ |
44 | mon 'profile rbd' \ | |
45 | osd 'profile rbd pool=volumes, profile rbd-read-only pool=images' \ | |
46 | mgr 'profile rbd pool=volumes, profile rbd-read-only pool=images' >> $KEYRING | |
11fdf7f2 | 47 | ceph auth get-or-create client.images mon 'profile rbd' osd 'profile rbd pool=images' >> $KEYRING |
28e407b8 AA |
48 | |
49 | ceph auth get-or-create client.snap_none mon 'allow r' >> $KEYRING | |
50 | ceph auth get-or-create client.snap_all mon 'allow r' osd 'allow w' >> $KEYRING | |
51 | ceph auth get-or-create client.snap_pool mon 'allow r' osd 'allow w pool=images' >> $KEYRING | |
52 | ceph auth get-or-create client.snap_profile_all mon 'allow r' osd 'profile rbd' >> $KEYRING | |
53 | ceph auth get-or-create client.snap_profile_pool mon 'allow r' osd 'profile rbd pool=images' >> $KEYRING | |
54 | ||
55 | ceph auth get-or-create client.mon_write mon 'allow *' >> $KEYRING | |
7c673cae FG |
56 | } |
57 | ||
58 | expect() { | |
59 | ||
60 | set +e | |
61 | ||
62 | local expected_ret=$1 | |
63 | local ret | |
64 | ||
65 | shift | |
66 | cmd=$@ | |
67 | ||
68 | eval $cmd | |
69 | ret=$? | |
70 | ||
71 | set -e | |
72 | ||
73 | if [[ $ret -ne $expected_ret ]]; then | |
74 | echo "ERROR: running \'$cmd\': expected $expected_ret got $ret" | |
75 | return 1 | |
76 | fi | |
77 | ||
78 | return 0 | |
79 | } | |
80 | ||
81 | test_images_access() { | |
82 | rbd -k $KEYRING --id images create --image-format 2 --image-feature $IMAGE_FEATURES -s 1 images/foo | |
83 | rbd -k $KEYRING --id images snap create images/foo@snap | |
84 | rbd -k $KEYRING --id images snap protect images/foo@snap | |
85 | rbd -k $KEYRING --id images snap unprotect images/foo@snap | |
86 | rbd -k $KEYRING --id images snap protect images/foo@snap | |
87 | rbd -k $KEYRING --id images export images/foo@snap - >/dev/null | |
88 | expect 16 rbd -k $KEYRING --id images snap rm images/foo@snap | |
89 | ||
90 | rbd -k $KEYRING --id volumes clone --image-feature $IMAGE_FEATURES images/foo@snap volumes/child | |
11fdf7f2 TL |
91 | |
92 | if ! clone_v2_enabled images/foo; then | |
93 | expect 16 rbd -k $KEYRING --id images snap unprotect images/foo@snap | |
94 | fi | |
95 | ||
7c673cae FG |
96 | expect 1 rbd -k $KEYRING --id volumes snap unprotect images/foo@snap |
97 | expect 1 rbd -k $KEYRING --id images flatten volumes/child | |
98 | rbd -k $KEYRING --id volumes flatten volumes/child | |
99 | expect 1 rbd -k $KEYRING --id volumes snap unprotect images/foo@snap | |
100 | rbd -k $KEYRING --id images snap unprotect images/foo@snap | |
101 | ||
102 | expect 39 rbd -k $KEYRING --id images rm images/foo | |
103 | rbd -k $KEYRING --id images snap rm images/foo@snap | |
104 | rbd -k $KEYRING --id images rm images/foo | |
105 | rbd -k $KEYRING --id volumes rm volumes/child | |
106 | } | |
107 | ||
108 | test_volumes_access() { | |
109 | rbd -k $KEYRING --id images create --image-format 2 --image-feature $IMAGE_FEATURES -s 1 images/foo | |
110 | rbd -k $KEYRING --id images snap create images/foo@snap | |
111 | rbd -k $KEYRING --id images snap protect images/foo@snap | |
112 | ||
113 | # commands that work with read-only access | |
114 | rbd -k $KEYRING --id volumes info images/foo@snap | |
115 | rbd -k $KEYRING --id volumes snap ls images/foo | |
116 | rbd -k $KEYRING --id volumes export images/foo - >/dev/null | |
117 | rbd -k $KEYRING --id volumes cp images/foo volumes/foo_copy | |
118 | rbd -k $KEYRING --id volumes rm volumes/foo_copy | |
119 | rbd -k $KEYRING --id volumes children images/foo@snap | |
120 | rbd -k $KEYRING --id volumes lock list images/foo | |
121 | ||
122 | # commands that fail with read-only access | |
123 | expect 1 rbd -k $KEYRING --id volumes resize -s 2 images/foo --allow-shrink | |
124 | expect 1 rbd -k $KEYRING --id volumes snap create images/foo@2 | |
125 | expect 1 rbd -k $KEYRING --id volumes snap rollback images/foo@snap | |
126 | expect 1 rbd -k $KEYRING --id volumes snap remove images/foo@snap | |
127 | expect 1 rbd -k $KEYRING --id volumes snap purge images/foo | |
128 | expect 1 rbd -k $KEYRING --id volumes snap unprotect images/foo@snap | |
129 | expect 1 rbd -k $KEYRING --id volumes flatten images/foo | |
130 | expect 1 rbd -k $KEYRING --id volumes lock add images/foo test | |
131 | expect 1 rbd -k $KEYRING --id volumes lock remove images/foo test locker | |
132 | expect 1 rbd -k $KEYRING --id volumes ls rbd | |
133 | ||
134 | # create clone and snapshot | |
135 | rbd -k $KEYRING --id volumes clone --image-feature $IMAGE_FEATURES images/foo@snap volumes/child | |
136 | rbd -k $KEYRING --id volumes snap create volumes/child@snap1 | |
137 | rbd -k $KEYRING --id volumes snap protect volumes/child@snap1 | |
138 | rbd -k $KEYRING --id volumes snap create volumes/child@snap2 | |
139 | ||
140 | # make sure original snapshot stays protected | |
11fdf7f2 TL |
141 | if clone_v2_enabled images/foo; then |
142 | rbd -k $KEYRING --id volumes flatten volumes/child | |
143 | rbd -k $KEYRING --id volumes snap rm volumes/child@snap2 | |
144 | rbd -k $KEYRING --id volumes snap unprotect volumes/child@snap1 | |
145 | else | |
146 | expect 16 rbd -k $KEYRING --id images snap unprotect images/foo@snap | |
147 | rbd -k $KEYRING --id volumes flatten volumes/child | |
148 | expect 16 rbd -k $KEYRING --id images snap unprotect images/foo@snap | |
149 | rbd -k $KEYRING --id volumes snap rm volumes/child@snap2 | |
150 | expect 16 rbd -k $KEYRING --id images snap unprotect images/foo@snap | |
151 | expect 2 rbd -k $KEYRING --id volumes snap rm volumes/child@snap2 | |
152 | rbd -k $KEYRING --id volumes snap unprotect volumes/child@snap1 | |
153 | expect 16 rbd -k $KEYRING --id images snap unprotect images/foo@snap | |
154 | fi | |
7c673cae FG |
155 | |
156 | # clean up | |
157 | rbd -k $KEYRING --id volumes snap rm volumes/child@snap1 | |
158 | rbd -k $KEYRING --id images snap unprotect images/foo@snap | |
159 | rbd -k $KEYRING --id images snap rm images/foo@snap | |
160 | rbd -k $KEYRING --id images rm images/foo | |
161 | rbd -k $KEYRING --id volumes rm volumes/child | |
162 | } | |
163 | ||
28e407b8 AA |
164 | create_self_managed_snapshot() { |
165 | ID=$1 | |
166 | POOL=$2 | |
167 | ||
9f95a23c | 168 | cat << EOF | CEPH_ARGS="-k $KEYRING" python3 |
28e407b8 AA |
169 | import rados |
170 | ||
9f95a23c TL |
171 | with rados.Rados(conffile="", rados_id="${ID}") as cluster: |
172 | ioctx = cluster.open_ioctx("${POOL}") | |
28e407b8 | 173 | |
9f95a23c TL |
174 | snap_id = ioctx.create_self_managed_snap() |
175 | print ("Created snap id {}".format(snap_id)) | |
28e407b8 AA |
176 | EOF |
177 | } | |
178 | ||
179 | remove_self_managed_snapshot() { | |
180 | ID=$1 | |
181 | POOL=$2 | |
182 | ||
9f95a23c | 183 | cat << EOF | CEPH_ARGS="-k $KEYRING" python3 |
28e407b8 AA |
184 | import rados |
185 | ||
9f95a23c TL |
186 | with rados.Rados(conffile="", rados_id="mon_write") as cluster1, \ |
187 | rados.Rados(conffile="", rados_id="${ID}") as cluster2: | |
188 | ioctx1 = cluster1.open_ioctx("${POOL}") | |
28e407b8 | 189 | |
9f95a23c TL |
190 | snap_id = ioctx1.create_self_managed_snap() |
191 | print ("Created snap id {}".format(snap_id)) | |
28e407b8 | 192 | |
9f95a23c | 193 | ioctx2 = cluster2.open_ioctx("${POOL}") |
28e407b8 | 194 | |
9f95a23c TL |
195 | ioctx2.remove_self_managed_snap(snap_id) |
196 | print ("Removed snap id {}".format(snap_id)) | |
28e407b8 AA |
197 | EOF |
198 | } | |
199 | ||
200 | test_remove_self_managed_snapshots() { | |
201 | # Ensure users cannot create self-managed snapshots w/o permissions | |
202 | expect 1 create_self_managed_snapshot snap_none images | |
203 | expect 1 create_self_managed_snapshot snap_none volumes | |
204 | ||
205 | create_self_managed_snapshot snap_all images | |
206 | create_self_managed_snapshot snap_all volumes | |
207 | ||
208 | create_self_managed_snapshot snap_pool images | |
209 | expect 1 create_self_managed_snapshot snap_pool volumes | |
210 | ||
211 | create_self_managed_snapshot snap_profile_all images | |
212 | create_self_managed_snapshot snap_profile_all volumes | |
213 | ||
214 | create_self_managed_snapshot snap_profile_pool images | |
215 | expect 1 create_self_managed_snapshot snap_profile_pool volumes | |
216 | ||
217 | # Ensure users cannot delete self-managed snapshots w/o permissions | |
218 | expect 1 remove_self_managed_snapshot snap_none images | |
219 | expect 1 remove_self_managed_snapshot snap_none volumes | |
220 | ||
221 | remove_self_managed_snapshot snap_all images | |
222 | remove_self_managed_snapshot snap_all volumes | |
223 | ||
224 | remove_self_managed_snapshot snap_pool images | |
225 | expect 1 remove_self_managed_snapshot snap_pool volumes | |
226 | ||
227 | remove_self_managed_snapshot snap_profile_all images | |
228 | remove_self_managed_snapshot snap_profile_all volumes | |
229 | ||
230 | remove_self_managed_snapshot snap_profile_pool images | |
231 | expect 1 remove_self_managed_snapshot snap_profile_pool volumes | |
232 | } | |
233 | ||
92f5a8d4 TL |
234 | test_rbd_support() { |
235 | # read-only commands should work on both pools | |
236 | ceph -k $KEYRING --id volumes rbd perf image stats volumes | |
237 | ceph -k $KEYRING --id volumes rbd perf image stats images | |
238 | ||
239 | # read/write commands should only work on 'volumes' | |
240 | rbd -k $KEYRING --id volumes create --image-format 2 --image-feature $IMAGE_FEATURES -s 1 volumes/foo | |
241 | ceph -k $KEYRING --id volumes rbd task add remove volumes/foo | |
242 | expect 13 ceph -k $KEYRING --id volumes rbd task add remove images/foo | |
243 | } | |
244 | ||
7c673cae FG |
245 | cleanup() { |
246 | rm -f $KEYRING | |
247 | } | |
28e407b8 | 248 | |
7c673cae FG |
249 | KEYRING=$(mktemp) |
250 | trap cleanup EXIT ERR HUP INT QUIT | |
251 | ||
252 | delete_users | |
253 | create_users | |
254 | ||
255 | recreate_pools | |
256 | test_images_access | |
257 | ||
258 | recreate_pools | |
259 | test_volumes_access | |
260 | ||
28e407b8 AA |
261 | test_remove_self_managed_snapshots |
262 | ||
92f5a8d4 TL |
263 | test_rbd_support |
264 | ||
7c673cae FG |
265 | delete_pools |
266 | delete_users | |
267 | ||
268 | echo OK | |
269 | exit 0 |