4 IMAGE_FEATURES
="layering,exclusive-lock,object-map,fast-diff"
8 rbd info
$image_spec |
grep "clone-parent"
12 ceph osd pool create images
32
14 ceph osd pool create volumes
32
19 (ceph osd pool delete images images
--yes-i-really-really-mean-it || true
) >/dev
/null
2>&1
20 (ceph osd pool delete volumes volumes
--yes-i-really-really-mean-it || true
) >/dev
/null
2>&1
30 (ceph auth del client.volumes || true
) >/dev
/null
2>&1
31 (ceph auth del client.images || true
) >/dev
/null
2>&1
33 (ceph auth del client.snap_none || true
) >/dev
/null
2>&1
34 (ceph auth del client.snap_all || true
) >/dev
/null
2>&1
35 (ceph auth del client.snap_pool || true
) >/dev
/null
2>&1
36 (ceph auth del client.snap_profile_all || true
) >/dev
/null
2>&1
37 (ceph auth del client.snap_profile_pool || true
) >/dev
/null
2>&1
39 (ceph auth del client.mon_write || true
) >/dev
/null
2>&1
43 ceph auth get-or-create client.volumes \
45 osd
'profile rbd pool=volumes, profile rbd-read-only pool=images' \
46 mgr
'profile rbd pool=volumes, profile rbd-read-only pool=images' >> $KEYRING
47 ceph auth get-or-create client.images mon
'profile rbd' osd
'profile rbd pool=images' >> $KEYRING
49 ceph auth get-or-create client.snap_none mon
'allow r' >> $KEYRING
50 ceph auth get-or-create client.snap_all mon
'allow r' osd
'allow w' >> $KEYRING
51 ceph auth get-or-create client.snap_pool mon
'allow r' osd
'allow w pool=images' >> $KEYRING
52 ceph auth get-or-create client.snap_profile_all mon
'allow r' osd
'profile rbd' >> $KEYRING
53 ceph auth get-or-create client.snap_profile_pool mon
'allow r' osd
'profile rbd pool=images' >> $KEYRING
55 ceph auth get-or-create client.mon_write mon
'allow *' >> $KEYRING
73 if [[ $ret -ne $expected_ret ]]; then
74 echo "ERROR: running \'$cmd\': expected $expected_ret got $ret"
81 test_images_access
() {
82 rbd
-k $KEYRING --id images create
--image-format 2 --image-feature $IMAGE_FEATURES -s 1 images
/foo
83 rbd
-k $KEYRING --id images snap create images
/foo@snap
84 rbd
-k $KEYRING --id images snap protect images
/foo@snap
85 rbd
-k $KEYRING --id images snap unprotect images
/foo@snap
86 rbd
-k $KEYRING --id images snap protect images
/foo@snap
87 rbd
-k $KEYRING --id images
export images
/foo@snap
- >/dev
/null
88 expect
16 rbd
-k $KEYRING --id images snap
rm images
/foo@snap
90 rbd
-k $KEYRING --id volumes clone
--image-feature $IMAGE_FEATURES images
/foo@snap volumes
/child
92 if ! clone_v2_enabled images
/foo
; then
93 expect
16 rbd
-k $KEYRING --id images snap unprotect images
/foo@snap
96 expect
1 rbd
-k $KEYRING --id volumes snap unprotect images
/foo@snap
97 expect
1 rbd
-k $KEYRING --id images flatten volumes
/child
98 rbd
-k $KEYRING --id volumes flatten volumes
/child
99 expect
1 rbd
-k $KEYRING --id volumes snap unprotect images
/foo@snap
100 rbd
-k $KEYRING --id images snap unprotect images
/foo@snap
102 expect
39 rbd
-k $KEYRING --id images
rm images
/foo
103 rbd
-k $KEYRING --id images snap
rm images
/foo@snap
104 rbd
-k $KEYRING --id images
rm images
/foo
105 rbd
-k $KEYRING --id volumes
rm volumes
/child
108 test_volumes_access
() {
109 rbd
-k $KEYRING --id images create
--image-format 2 --image-feature $IMAGE_FEATURES -s 1 images
/foo
110 rbd
-k $KEYRING --id images snap create images
/foo@snap
111 rbd
-k $KEYRING --id images snap protect images
/foo@snap
113 # commands that work with read-only access
114 rbd
-k $KEYRING --id volumes info images
/foo@snap
115 rbd
-k $KEYRING --id volumes snap
ls images
/foo
116 rbd
-k $KEYRING --id volumes
export images
/foo
- >/dev
/null
117 rbd
-k $KEYRING --id volumes
cp images
/foo volumes
/foo_copy
118 rbd
-k $KEYRING --id volumes
rm volumes
/foo_copy
119 rbd
-k $KEYRING --id volumes children images
/foo@snap
120 rbd
-k $KEYRING --id volumes lock list images
/foo
122 # commands that fail with read-only access
123 expect
1 rbd
-k $KEYRING --id volumes resize
-s 2 images
/foo
--allow-shrink
124 expect
1 rbd
-k $KEYRING --id volumes snap create images
/foo@
2
125 expect
1 rbd
-k $KEYRING --id volumes snap rollback images
/foo@snap
126 expect
1 rbd
-k $KEYRING --id volumes snap remove images
/foo@snap
127 expect
1 rbd
-k $KEYRING --id volumes snap purge images
/foo
128 expect
1 rbd
-k $KEYRING --id volumes snap unprotect images
/foo@snap
129 expect
1 rbd
-k $KEYRING --id volumes flatten images
/foo
130 expect
1 rbd
-k $KEYRING --id volumes lock add images
/foo
test
131 expect
1 rbd
-k $KEYRING --id volumes lock remove images
/foo
test locker
132 expect
1 rbd
-k $KEYRING --id volumes
ls rbd
134 # create clone and snapshot
135 rbd
-k $KEYRING --id volumes clone
--image-feature $IMAGE_FEATURES images
/foo@snap volumes
/child
136 rbd
-k $KEYRING --id volumes snap create volumes
/child@snap1
137 rbd
-k $KEYRING --id volumes snap protect volumes
/child@snap1
138 rbd
-k $KEYRING --id volumes snap create volumes
/child@snap2
140 # make sure original snapshot stays protected
141 if clone_v2_enabled images
/foo
; then
142 rbd
-k $KEYRING --id volumes flatten volumes
/child
143 rbd
-k $KEYRING --id volumes snap
rm volumes
/child@snap2
144 rbd
-k $KEYRING --id volumes snap unprotect volumes
/child@snap1
146 expect
16 rbd
-k $KEYRING --id images snap unprotect images
/foo@snap
147 rbd
-k $KEYRING --id volumes flatten volumes
/child
148 expect
16 rbd
-k $KEYRING --id images snap unprotect images
/foo@snap
149 rbd
-k $KEYRING --id volumes snap
rm volumes
/child@snap2
150 expect
16 rbd
-k $KEYRING --id images snap unprotect images
/foo@snap
151 expect
2 rbd
-k $KEYRING --id volumes snap
rm volumes
/child@snap2
152 rbd
-k $KEYRING --id volumes snap unprotect volumes
/child@snap1
153 expect
16 rbd
-k $KEYRING --id images snap unprotect images
/foo@snap
157 rbd
-k $KEYRING --id volumes snap
rm volumes
/child@snap1
158 rbd
-k $KEYRING --id images snap unprotect images
/foo@snap
159 rbd
-k $KEYRING --id images snap
rm images
/foo@snap
160 rbd
-k $KEYRING --id images
rm images
/foo
161 rbd
-k $KEYRING --id volumes
rm volumes
/child
164 create_self_managed_snapshot
() {
168 cat << EOF | CEPH_ARGS="-k $KEYRING" python3
171 with rados.Rados(conffile="", rados_id="${ID}") as cluster:
172 ioctx = cluster.open_ioctx("${POOL}")
174 snap_id = ioctx.create_self_managed_snap()
175 print ("Created snap id {}".format(snap_id))
179 remove_self_managed_snapshot
() {
183 cat << EOF | CEPH_ARGS="-k $KEYRING" python3
186 with rados.Rados(conffile="", rados_id="mon_write") as cluster1, \
187 rados.Rados(conffile="", rados_id="${ID}") as cluster2:
188 ioctx1 = cluster1.open_ioctx("${POOL}")
190 snap_id = ioctx1.create_self_managed_snap()
191 print ("Created snap id {}".format(snap_id))
193 ioctx2 = cluster2.open_ioctx("${POOL}")
195 ioctx2.remove_self_managed_snap(snap_id)
196 print ("Removed snap id {}".format(snap_id))
200 test_remove_self_managed_snapshots
() {
201 # Ensure users cannot create self-managed snapshots w/o permissions
202 expect
1 create_self_managed_snapshot snap_none images
203 expect
1 create_self_managed_snapshot snap_none volumes
205 create_self_managed_snapshot snap_all images
206 create_self_managed_snapshot snap_all volumes
208 create_self_managed_snapshot snap_pool images
209 expect
1 create_self_managed_snapshot snap_pool volumes
211 create_self_managed_snapshot snap_profile_all images
212 create_self_managed_snapshot snap_profile_all volumes
214 create_self_managed_snapshot snap_profile_pool images
215 expect
1 create_self_managed_snapshot snap_profile_pool volumes
217 # Ensure users cannot delete self-managed snapshots w/o permissions
218 expect
1 remove_self_managed_snapshot snap_none images
219 expect
1 remove_self_managed_snapshot snap_none volumes
221 remove_self_managed_snapshot snap_all images
222 remove_self_managed_snapshot snap_all volumes
224 remove_self_managed_snapshot snap_pool images
225 expect
1 remove_self_managed_snapshot snap_pool volumes
227 remove_self_managed_snapshot snap_profile_all images
228 remove_self_managed_snapshot snap_profile_all volumes
230 remove_self_managed_snapshot snap_profile_pool images
231 expect
1 remove_self_managed_snapshot snap_profile_pool volumes
235 # read-only commands should work on both pools
236 ceph
-k $KEYRING --id volumes rbd perf image stats volumes
237 ceph
-k $KEYRING --id volumes rbd perf image stats images
239 # read/write commands should only work on 'volumes'
240 rbd
-k $KEYRING --id volumes create
--image-format 2 --image-feature $IMAGE_FEATURES -s 1 volumes
/foo
241 ceph
-k $KEYRING --id volumes rbd task add remove volumes
/foo
242 expect
13 ceph
-k $KEYRING --id volumes rbd task add remove images
/foo
250 trap cleanup EXIT ERR HUP INT QUIT
261 test_remove_self_managed_snapshots