]>
Commit | Line | Data |
---|---|---|
7c673cae FG |
1 | #!/bin/bash -ex |
2 | ||
3 | IMAGE_FEATURES="layering,exclusive-lock,object-map,fast-diff" | |
4 | ||
5 | create_pools() { | |
6 | ceph osd pool create images 100 | |
c07f9fc5 | 7 | rbd pool init images |
7c673cae | 8 | ceph osd pool create volumes 100 |
c07f9fc5 | 9 | rbd pool init volumes |
7c673cae FG |
10 | } |
11 | ||
12 | delete_pools() { | |
13 | (ceph osd pool delete images images --yes-i-really-really-mean-it || true) >/dev/null 2>&1 | |
14 | (ceph osd pool delete volumes volumes --yes-i-really-really-mean-it || true) >/dev/null 2>&1 | |
15 | ||
16 | } | |
17 | ||
18 | recreate_pools() { | |
19 | delete_pools | |
20 | create_pools | |
21 | } | |
22 | ||
23 | delete_users() { | |
24 | (ceph auth del client.volumes || true) >/dev/null 2>&1 | |
25 | (ceph auth del client.images || true) >/dev/null 2>&1 | |
28e407b8 AA |
26 | |
27 | (ceph auth del client.snap_none || true) >/dev/null 2>&1 | |
28 | (ceph auth del client.snap_all || true) >/dev/null 2>&1 | |
29 | (ceph auth del client.snap_pool || true) >/dev/null 2>&1 | |
30 | (ceph auth del client.snap_profile_all || true) >/dev/null 2>&1 | |
31 | (ceph auth del client.snap_profile_pool || true) >/dev/null 2>&1 | |
32 | ||
33 | (ceph auth del client.mon_write || true) >/dev/null 2>&1 | |
7c673cae FG |
34 | } |
35 | ||
36 | create_users() { | |
37 | ceph auth get-or-create client.volumes mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow r class-read pool images, allow rwx pool volumes' >> $KEYRING | |
38 | ceph auth get-or-create client.images mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool images' >> $KEYRING | |
28e407b8 AA |
39 | |
40 | ceph auth get-or-create client.snap_none mon 'allow r' >> $KEYRING | |
41 | ceph auth get-or-create client.snap_all mon 'allow r' osd 'allow w' >> $KEYRING | |
42 | ceph auth get-or-create client.snap_pool mon 'allow r' osd 'allow w pool=images' >> $KEYRING | |
43 | ceph auth get-or-create client.snap_profile_all mon 'allow r' osd 'profile rbd' >> $KEYRING | |
44 | ceph auth get-or-create client.snap_profile_pool mon 'allow r' osd 'profile rbd pool=images' >> $KEYRING | |
45 | ||
46 | ceph auth get-or-create client.mon_write mon 'allow *' >> $KEYRING | |
7c673cae FG |
47 | } |
48 | ||
49 | expect() { | |
50 | ||
51 | set +e | |
52 | ||
53 | local expected_ret=$1 | |
54 | local ret | |
55 | ||
56 | shift | |
57 | cmd=$@ | |
58 | ||
59 | eval $cmd | |
60 | ret=$? | |
61 | ||
62 | set -e | |
63 | ||
64 | if [[ $ret -ne $expected_ret ]]; then | |
65 | echo "ERROR: running \'$cmd\': expected $expected_ret got $ret" | |
66 | return 1 | |
67 | fi | |
68 | ||
69 | return 0 | |
70 | } | |
71 | ||
72 | test_images_access() { | |
73 | rbd -k $KEYRING --id images create --image-format 2 --image-feature $IMAGE_FEATURES -s 1 images/foo | |
74 | rbd -k $KEYRING --id images snap create images/foo@snap | |
75 | rbd -k $KEYRING --id images snap protect images/foo@snap | |
76 | rbd -k $KEYRING --id images snap unprotect images/foo@snap | |
77 | rbd -k $KEYRING --id images snap protect images/foo@snap | |
78 | rbd -k $KEYRING --id images export images/foo@snap - >/dev/null | |
79 | expect 16 rbd -k $KEYRING --id images snap rm images/foo@snap | |
80 | ||
81 | rbd -k $KEYRING --id volumes clone --image-feature $IMAGE_FEATURES images/foo@snap volumes/child | |
82 | expect 16 rbd -k $KEYRING --id images snap unprotect images/foo@snap | |
83 | expect 1 rbd -k $KEYRING --id volumes snap unprotect images/foo@snap | |
84 | expect 1 rbd -k $KEYRING --id images flatten volumes/child | |
85 | rbd -k $KEYRING --id volumes flatten volumes/child | |
86 | expect 1 rbd -k $KEYRING --id volumes snap unprotect images/foo@snap | |
87 | rbd -k $KEYRING --id images snap unprotect images/foo@snap | |
88 | ||
89 | expect 39 rbd -k $KEYRING --id images rm images/foo | |
90 | rbd -k $KEYRING --id images snap rm images/foo@snap | |
91 | rbd -k $KEYRING --id images rm images/foo | |
92 | rbd -k $KEYRING --id volumes rm volumes/child | |
93 | } | |
94 | ||
95 | test_volumes_access() { | |
96 | rbd -k $KEYRING --id images create --image-format 2 --image-feature $IMAGE_FEATURES -s 1 images/foo | |
97 | rbd -k $KEYRING --id images snap create images/foo@snap | |
98 | rbd -k $KEYRING --id images snap protect images/foo@snap | |
99 | ||
100 | # commands that work with read-only access | |
101 | rbd -k $KEYRING --id volumes info images/foo@snap | |
102 | rbd -k $KEYRING --id volumes snap ls images/foo | |
103 | rbd -k $KEYRING --id volumes export images/foo - >/dev/null | |
104 | rbd -k $KEYRING --id volumes cp images/foo volumes/foo_copy | |
105 | rbd -k $KEYRING --id volumes rm volumes/foo_copy | |
106 | rbd -k $KEYRING --id volumes children images/foo@snap | |
107 | rbd -k $KEYRING --id volumes lock list images/foo | |
108 | ||
109 | # commands that fail with read-only access | |
110 | expect 1 rbd -k $KEYRING --id volumes resize -s 2 images/foo --allow-shrink | |
111 | expect 1 rbd -k $KEYRING --id volumes snap create images/foo@2 | |
112 | expect 1 rbd -k $KEYRING --id volumes snap rollback images/foo@snap | |
113 | expect 1 rbd -k $KEYRING --id volumes snap remove images/foo@snap | |
114 | expect 1 rbd -k $KEYRING --id volumes snap purge images/foo | |
115 | expect 1 rbd -k $KEYRING --id volumes snap unprotect images/foo@snap | |
116 | expect 1 rbd -k $KEYRING --id volumes flatten images/foo | |
117 | expect 1 rbd -k $KEYRING --id volumes lock add images/foo test | |
118 | expect 1 rbd -k $KEYRING --id volumes lock remove images/foo test locker | |
119 | expect 1 rbd -k $KEYRING --id volumes ls rbd | |
120 | ||
121 | # create clone and snapshot | |
122 | rbd -k $KEYRING --id volumes clone --image-feature $IMAGE_FEATURES images/foo@snap volumes/child | |
123 | rbd -k $KEYRING --id volumes snap create volumes/child@snap1 | |
124 | rbd -k $KEYRING --id volumes snap protect volumes/child@snap1 | |
125 | rbd -k $KEYRING --id volumes snap create volumes/child@snap2 | |
126 | ||
127 | # make sure original snapshot stays protected | |
128 | expect 16 rbd -k $KEYRING --id images snap unprotect images/foo@snap | |
129 | rbd -k $KEYRING --id volumes flatten volumes/child | |
130 | expect 16 rbd -k $KEYRING --id images snap unprotect images/foo@snap | |
131 | rbd -k $KEYRING --id volumes snap rm volumes/child@snap2 | |
132 | expect 16 rbd -k $KEYRING --id images snap unprotect images/foo@snap | |
133 | expect 2 rbd -k $KEYRING --id volumes snap rm volumes/child@snap2 | |
134 | rbd -k $KEYRING --id volumes snap unprotect volumes/child@snap1 | |
135 | expect 16 rbd -k $KEYRING --id images snap unprotect images/foo@snap | |
136 | ||
137 | # clean up | |
138 | rbd -k $KEYRING --id volumes snap rm volumes/child@snap1 | |
139 | rbd -k $KEYRING --id images snap unprotect images/foo@snap | |
140 | rbd -k $KEYRING --id images snap rm images/foo@snap | |
141 | rbd -k $KEYRING --id images rm images/foo | |
142 | rbd -k $KEYRING --id volumes rm volumes/child | |
143 | } | |
144 | ||
28e407b8 AA |
145 | create_self_managed_snapshot() { |
146 | ID=$1 | |
147 | POOL=$2 | |
148 | ||
149 | cat << EOF | CEPH_KEYRING="$KEYRING" python | |
150 | import rados | |
151 | ||
152 | cluster = rados.Rados(conffile="", rados_id="${ID}") | |
153 | cluster.connect() | |
154 | ioctx = cluster.open_ioctx("${POOL}") | |
155 | ||
156 | snap_id = ioctx.create_self_managed_snap() | |
157 | print ("Created snap id {}".format(snap_id)) | |
158 | EOF | |
159 | } | |
160 | ||
161 | remove_self_managed_snapshot() { | |
162 | ID=$1 | |
163 | POOL=$2 | |
164 | ||
165 | cat << EOF | CEPH_KEYRING="$KEYRING" python | |
166 | import rados | |
167 | ||
168 | cluster1 = rados.Rados(conffile="", rados_id="mon_write") | |
169 | cluster1.connect() | |
170 | ioctx1 = cluster1.open_ioctx("${POOL}") | |
171 | ||
172 | snap_id = ioctx1.create_self_managed_snap() | |
173 | print ("Created snap id {}".format(snap_id)) | |
174 | ||
175 | cluster2 = rados.Rados(conffile="", rados_id="${ID}") | |
176 | cluster2.connect() | |
177 | ioctx2 = cluster2.open_ioctx("${POOL}") | |
178 | ||
179 | ioctx2.remove_self_managed_snap(snap_id) | |
180 | print ("Removed snap id {}".format(snap_id)) | |
181 | EOF | |
182 | } | |
183 | ||
184 | test_remove_self_managed_snapshots() { | |
185 | # Ensure users cannot create self-managed snapshots w/o permissions | |
186 | expect 1 create_self_managed_snapshot snap_none images | |
187 | expect 1 create_self_managed_snapshot snap_none volumes | |
188 | ||
189 | create_self_managed_snapshot snap_all images | |
190 | create_self_managed_snapshot snap_all volumes | |
191 | ||
192 | create_self_managed_snapshot snap_pool images | |
193 | expect 1 create_self_managed_snapshot snap_pool volumes | |
194 | ||
195 | create_self_managed_snapshot snap_profile_all images | |
196 | create_self_managed_snapshot snap_profile_all volumes | |
197 | ||
198 | create_self_managed_snapshot snap_profile_pool images | |
199 | expect 1 create_self_managed_snapshot snap_profile_pool volumes | |
200 | ||
201 | # Ensure users cannot delete self-managed snapshots w/o permissions | |
202 | expect 1 remove_self_managed_snapshot snap_none images | |
203 | expect 1 remove_self_managed_snapshot snap_none volumes | |
204 | ||
205 | remove_self_managed_snapshot snap_all images | |
206 | remove_self_managed_snapshot snap_all volumes | |
207 | ||
208 | remove_self_managed_snapshot snap_pool images | |
209 | expect 1 remove_self_managed_snapshot snap_pool volumes | |
210 | ||
211 | remove_self_managed_snapshot snap_profile_all images | |
212 | remove_self_managed_snapshot snap_profile_all volumes | |
213 | ||
214 | remove_self_managed_snapshot snap_profile_pool images | |
215 | expect 1 remove_self_managed_snapshot snap_profile_pool volumes | |
216 | } | |
217 | ||
7c673cae FG |
218 | cleanup() { |
219 | rm -f $KEYRING | |
220 | } | |
28e407b8 | 221 | |
7c673cae FG |
222 | KEYRING=$(mktemp) |
223 | trap cleanup EXIT ERR HUP INT QUIT | |
224 | ||
225 | delete_users | |
226 | create_users | |
227 | ||
228 | recreate_pools | |
229 | test_images_access | |
230 | ||
231 | recreate_pools | |
232 | test_volumes_access | |
233 | ||
28e407b8 AA |
234 | test_remove_self_managed_snapshots |
235 | ||
7c673cae FG |
236 | delete_pools |
237 | delete_users | |
238 | ||
239 | echo OK | |
240 | exit 0 |