]>
Commit | Line | Data |
---|---|---|
11fdf7f2 TL |
1 | #!/usr/bin/env bash |
2 | set -ex | |
7c673cae FG |
3 | |
4 | IMAGE_FEATURES="layering,exclusive-lock,object-map,fast-diff" | |
5 | ||
11fdf7f2 TL |
6 | clone_v2_enabled() { |
7 | image_spec=$1 | |
8 | rbd info $image_spec | grep "clone-parent" | |
9 | } | |
10 | ||
7c673cae | 11 | create_pools() { |
11fdf7f2 | 12 | ceph osd pool create images 32 |
c07f9fc5 | 13 | rbd pool init images |
11fdf7f2 | 14 | ceph osd pool create volumes 32 |
c07f9fc5 | 15 | rbd pool init volumes |
7c673cae FG |
16 | } |
17 | ||
18 | delete_pools() { | |
19 | (ceph osd pool delete images images --yes-i-really-really-mean-it || true) >/dev/null 2>&1 | |
20 | (ceph osd pool delete volumes volumes --yes-i-really-really-mean-it || true) >/dev/null 2>&1 | |
21 | ||
22 | } | |
23 | ||
24 | recreate_pools() { | |
25 | delete_pools | |
26 | create_pools | |
27 | } | |
28 | ||
29 | delete_users() { | |
30 | (ceph auth del client.volumes || true) >/dev/null 2>&1 | |
31 | (ceph auth del client.images || true) >/dev/null 2>&1 | |
28e407b8 AA |
32 | |
33 | (ceph auth del client.snap_none || true) >/dev/null 2>&1 | |
34 | (ceph auth del client.snap_all || true) >/dev/null 2>&1 | |
35 | (ceph auth del client.snap_pool || true) >/dev/null 2>&1 | |
36 | (ceph auth del client.snap_profile_all || true) >/dev/null 2>&1 | |
37 | (ceph auth del client.snap_profile_pool || true) >/dev/null 2>&1 | |
38 | ||
39 | (ceph auth del client.mon_write || true) >/dev/null 2>&1 | |
7c673cae FG |
40 | } |
41 | ||
42 | create_users() { | |
11fdf7f2 TL |
43 | ceph auth get-or-create client.volumes mon 'profile rbd' osd 'profile rbd pool=volumes, profile rbd-read-only pool=images' >> $KEYRING |
44 | ceph auth get-or-create client.images mon 'profile rbd' osd 'profile rbd pool=images' >> $KEYRING | |
28e407b8 AA |
45 | |
46 | ceph auth get-or-create client.snap_none mon 'allow r' >> $KEYRING | |
47 | ceph auth get-or-create client.snap_all mon 'allow r' osd 'allow w' >> $KEYRING | |
48 | ceph auth get-or-create client.snap_pool mon 'allow r' osd 'allow w pool=images' >> $KEYRING | |
49 | ceph auth get-or-create client.snap_profile_all mon 'allow r' osd 'profile rbd' >> $KEYRING | |
50 | ceph auth get-or-create client.snap_profile_pool mon 'allow r' osd 'profile rbd pool=images' >> $KEYRING | |
51 | ||
52 | ceph auth get-or-create client.mon_write mon 'allow *' >> $KEYRING | |
7c673cae FG |
53 | } |
54 | ||
55 | expect() { | |
56 | ||
57 | set +e | |
58 | ||
59 | local expected_ret=$1 | |
60 | local ret | |
61 | ||
62 | shift | |
63 | cmd=$@ | |
64 | ||
65 | eval $cmd | |
66 | ret=$? | |
67 | ||
68 | set -e | |
69 | ||
70 | if [[ $ret -ne $expected_ret ]]; then | |
71 | echo "ERROR: running \'$cmd\': expected $expected_ret got $ret" | |
72 | return 1 | |
73 | fi | |
74 | ||
75 | return 0 | |
76 | } | |
77 | ||
78 | test_images_access() { | |
79 | rbd -k $KEYRING --id images create --image-format 2 --image-feature $IMAGE_FEATURES -s 1 images/foo | |
80 | rbd -k $KEYRING --id images snap create images/foo@snap | |
81 | rbd -k $KEYRING --id images snap protect images/foo@snap | |
82 | rbd -k $KEYRING --id images snap unprotect images/foo@snap | |
83 | rbd -k $KEYRING --id images snap protect images/foo@snap | |
84 | rbd -k $KEYRING --id images export images/foo@snap - >/dev/null | |
85 | expect 16 rbd -k $KEYRING --id images snap rm images/foo@snap | |
86 | ||
87 | rbd -k $KEYRING --id volumes clone --image-feature $IMAGE_FEATURES images/foo@snap volumes/child | |
11fdf7f2 TL |
88 | |
89 | if ! clone_v2_enabled images/foo; then | |
90 | expect 16 rbd -k $KEYRING --id images snap unprotect images/foo@snap | |
91 | fi | |
92 | ||
7c673cae FG |
93 | expect 1 rbd -k $KEYRING --id volumes snap unprotect images/foo@snap |
94 | expect 1 rbd -k $KEYRING --id images flatten volumes/child | |
95 | rbd -k $KEYRING --id volumes flatten volumes/child | |
96 | expect 1 rbd -k $KEYRING --id volumes snap unprotect images/foo@snap | |
97 | rbd -k $KEYRING --id images snap unprotect images/foo@snap | |
98 | ||
99 | expect 39 rbd -k $KEYRING --id images rm images/foo | |
100 | rbd -k $KEYRING --id images snap rm images/foo@snap | |
101 | rbd -k $KEYRING --id images rm images/foo | |
102 | rbd -k $KEYRING --id volumes rm volumes/child | |
103 | } | |
104 | ||
105 | test_volumes_access() { | |
106 | rbd -k $KEYRING --id images create --image-format 2 --image-feature $IMAGE_FEATURES -s 1 images/foo | |
107 | rbd -k $KEYRING --id images snap create images/foo@snap | |
108 | rbd -k $KEYRING --id images snap protect images/foo@snap | |
109 | ||
110 | # commands that work with read-only access | |
111 | rbd -k $KEYRING --id volumes info images/foo@snap | |
112 | rbd -k $KEYRING --id volumes snap ls images/foo | |
113 | rbd -k $KEYRING --id volumes export images/foo - >/dev/null | |
114 | rbd -k $KEYRING --id volumes cp images/foo volumes/foo_copy | |
115 | rbd -k $KEYRING --id volumes rm volumes/foo_copy | |
116 | rbd -k $KEYRING --id volumes children images/foo@snap | |
117 | rbd -k $KEYRING --id volumes lock list images/foo | |
118 | ||
119 | # commands that fail with read-only access | |
120 | expect 1 rbd -k $KEYRING --id volumes resize -s 2 images/foo --allow-shrink | |
121 | expect 1 rbd -k $KEYRING --id volumes snap create images/foo@2 | |
122 | expect 1 rbd -k $KEYRING --id volumes snap rollback images/foo@snap | |
123 | expect 1 rbd -k $KEYRING --id volumes snap remove images/foo@snap | |
124 | expect 1 rbd -k $KEYRING --id volumes snap purge images/foo | |
125 | expect 1 rbd -k $KEYRING --id volumes snap unprotect images/foo@snap | |
126 | expect 1 rbd -k $KEYRING --id volumes flatten images/foo | |
127 | expect 1 rbd -k $KEYRING --id volumes lock add images/foo test | |
128 | expect 1 rbd -k $KEYRING --id volumes lock remove images/foo test locker | |
129 | expect 1 rbd -k $KEYRING --id volumes ls rbd | |
130 | ||
131 | # create clone and snapshot | |
132 | rbd -k $KEYRING --id volumes clone --image-feature $IMAGE_FEATURES images/foo@snap volumes/child | |
133 | rbd -k $KEYRING --id volumes snap create volumes/child@snap1 | |
134 | rbd -k $KEYRING --id volumes snap protect volumes/child@snap1 | |
135 | rbd -k $KEYRING --id volumes snap create volumes/child@snap2 | |
136 | ||
137 | # make sure original snapshot stays protected | |
11fdf7f2 TL |
138 | if clone_v2_enabled images/foo; then |
139 | rbd -k $KEYRING --id volumes flatten volumes/child | |
140 | rbd -k $KEYRING --id volumes snap rm volumes/child@snap2 | |
141 | rbd -k $KEYRING --id volumes snap unprotect volumes/child@snap1 | |
142 | else | |
143 | expect 16 rbd -k $KEYRING --id images snap unprotect images/foo@snap | |
144 | rbd -k $KEYRING --id volumes flatten volumes/child | |
145 | expect 16 rbd -k $KEYRING --id images snap unprotect images/foo@snap | |
146 | rbd -k $KEYRING --id volumes snap rm volumes/child@snap2 | |
147 | expect 16 rbd -k $KEYRING --id images snap unprotect images/foo@snap | |
148 | expect 2 rbd -k $KEYRING --id volumes snap rm volumes/child@snap2 | |
149 | rbd -k $KEYRING --id volumes snap unprotect volumes/child@snap1 | |
150 | expect 16 rbd -k $KEYRING --id images snap unprotect images/foo@snap | |
151 | fi | |
7c673cae FG |
152 | |
153 | # clean up | |
154 | rbd -k $KEYRING --id volumes snap rm volumes/child@snap1 | |
155 | rbd -k $KEYRING --id images snap unprotect images/foo@snap | |
156 | rbd -k $KEYRING --id images snap rm images/foo@snap | |
157 | rbd -k $KEYRING --id images rm images/foo | |
158 | rbd -k $KEYRING --id volumes rm volumes/child | |
159 | } | |
160 | ||
28e407b8 AA |
161 | create_self_managed_snapshot() { |
162 | ID=$1 | |
163 | POOL=$2 | |
164 | ||
11fdf7f2 | 165 | cat << EOF | CEPH_ARGS="-k $KEYRING" python |
28e407b8 AA |
166 | import rados |
167 | ||
168 | cluster = rados.Rados(conffile="", rados_id="${ID}") | |
169 | cluster.connect() | |
170 | ioctx = cluster.open_ioctx("${POOL}") | |
171 | ||
172 | snap_id = ioctx.create_self_managed_snap() | |
173 | print ("Created snap id {}".format(snap_id)) | |
174 | EOF | |
175 | } | |
176 | ||
177 | remove_self_managed_snapshot() { | |
178 | ID=$1 | |
179 | POOL=$2 | |
180 | ||
11fdf7f2 | 181 | cat << EOF | CEPH_ARGS="-k $KEYRING" python |
28e407b8 AA |
182 | import rados |
183 | ||
184 | cluster1 = rados.Rados(conffile="", rados_id="mon_write") | |
185 | cluster1.connect() | |
186 | ioctx1 = cluster1.open_ioctx("${POOL}") | |
187 | ||
188 | snap_id = ioctx1.create_self_managed_snap() | |
189 | print ("Created snap id {}".format(snap_id)) | |
190 | ||
191 | cluster2 = rados.Rados(conffile="", rados_id="${ID}") | |
192 | cluster2.connect() | |
193 | ioctx2 = cluster2.open_ioctx("${POOL}") | |
194 | ||
195 | ioctx2.remove_self_managed_snap(snap_id) | |
196 | print ("Removed snap id {}".format(snap_id)) | |
197 | EOF | |
198 | } | |
199 | ||
200 | test_remove_self_managed_snapshots() { | |
201 | # Ensure users cannot create self-managed snapshots w/o permissions | |
202 | expect 1 create_self_managed_snapshot snap_none images | |
203 | expect 1 create_self_managed_snapshot snap_none volumes | |
204 | ||
205 | create_self_managed_snapshot snap_all images | |
206 | create_self_managed_snapshot snap_all volumes | |
207 | ||
208 | create_self_managed_snapshot snap_pool images | |
209 | expect 1 create_self_managed_snapshot snap_pool volumes | |
210 | ||
211 | create_self_managed_snapshot snap_profile_all images | |
212 | create_self_managed_snapshot snap_profile_all volumes | |
213 | ||
214 | create_self_managed_snapshot snap_profile_pool images | |
215 | expect 1 create_self_managed_snapshot snap_profile_pool volumes | |
216 | ||
217 | # Ensure users cannot delete self-managed snapshots w/o permissions | |
218 | expect 1 remove_self_managed_snapshot snap_none images | |
219 | expect 1 remove_self_managed_snapshot snap_none volumes | |
220 | ||
221 | remove_self_managed_snapshot snap_all images | |
222 | remove_self_managed_snapshot snap_all volumes | |
223 | ||
224 | remove_self_managed_snapshot snap_pool images | |
225 | expect 1 remove_self_managed_snapshot snap_pool volumes | |
226 | ||
227 | remove_self_managed_snapshot snap_profile_all images | |
228 | remove_self_managed_snapshot snap_profile_all volumes | |
229 | ||
230 | remove_self_managed_snapshot snap_profile_pool images | |
231 | expect 1 remove_self_managed_snapshot snap_profile_pool volumes | |
232 | } | |
233 | ||
7c673cae FG |
234 | cleanup() { |
235 | rm -f $KEYRING | |
236 | } | |
28e407b8 | 237 | |
7c673cae FG |
238 | KEYRING=$(mktemp) |
239 | trap cleanup EXIT ERR HUP INT QUIT | |
240 | ||
241 | delete_users | |
242 | create_users | |
243 | ||
244 | recreate_pools | |
245 | test_images_access | |
246 | ||
247 | recreate_pools | |
248 | test_volumes_access | |
249 | ||
28e407b8 AA |
250 | test_remove_self_managed_snapshots |
251 | ||
7c673cae FG |
252 | delete_pools |
253 | delete_users | |
254 | ||
255 | echo OK | |
256 | exit 0 |