2017-07-20 22:26:42 +00:00
|
|
|
#!/usr/bin/env bash
|
2013-07-20 03:30:59 +00:00
|
|
|
|
2018-02-01 15:18:04 +00:00
|
|
|
set -x
|
|
|
|
|
2013-07-20 03:30:59 +00:00
|
|
|
tmp=/tmp/cephtest-mon-caps-madness
|
|
|
|
|
|
|
|
exit_on_error=1
|
|
|
|
|
|
|
|
[[ ! -z $TEST_EXIT_ON_ERROR ]] && exit_on_error=$TEST_EXIT_ON_ERROR
|
|
|
|
|
2018-05-04 08:11:53 +00:00
|
|
|
if [ `uname` = FreeBSD ]; then
|
|
|
|
ETIMEDOUT=60
|
|
|
|
else
|
|
|
|
ETIMEDOUT=110
|
|
|
|
fi
|
|
|
|
|
2013-07-20 03:30:59 +00:00
|
|
|
expect()
|
|
|
|
{
|
|
|
|
cmd=$1
|
|
|
|
expected_ret=$2
|
|
|
|
|
|
|
|
echo $cmd
|
|
|
|
eval $cmd >&/dev/null
|
|
|
|
ret=$?
|
|
|
|
|
|
|
|
if [[ $ret -ne $expected_ret ]]; then
|
|
|
|
echo "Error: Expected return $expected_ret, got $ret"
|
|
|
|
[[ $exit_on_error -eq 1 ]] && exit 1
|
|
|
|
return 1
|
|
|
|
fi
|
|
|
|
|
|
|
|
return 0
|
|
|
|
}
|
|
|
|
|
|
|
|
expect "ceph auth get-or-create client.bazar > $tmp.bazar.keyring" 0
|
2019-10-11 14:28:01 +00:00
|
|
|
expect "ceph -k $tmp.bazar.keyring --user bazar quorum_status" 13
|
2013-07-20 04:50:06 +00:00
|
|
|
ceph auth del client.bazar
|
2013-07-20 03:30:59 +00:00
|
|
|
|
2019-10-11 14:28:01 +00:00
|
|
|
c="'allow command \"auth ls\", allow command quorum_status'"
|
2013-07-20 03:30:59 +00:00
|
|
|
expect "ceph auth get-or-create client.foo mon $c > $tmp.foo.keyring" 0
|
2019-10-11 14:28:01 +00:00
|
|
|
expect "ceph -k $tmp.foo.keyring --user foo quorum_status" 0
|
2017-07-19 16:33:14 +00:00
|
|
|
expect "ceph -k $tmp.foo.keyring --user foo auth ls" 0
|
2013-07-20 03:30:59 +00:00
|
|
|
expect "ceph -k $tmp.foo.keyring --user foo auth export" 13
|
|
|
|
expect "ceph -k $tmp.foo.keyring --user foo auth del client.bazar" 13
|
|
|
|
expect "ceph -k $tmp.foo.keyring --user foo osd dump" 13
|
2018-09-18 13:57:25 +00:00
|
|
|
|
|
|
|
# monitor drops the subscribe message from client if it does not have enough caps
|
|
|
|
# for read from mon. in that case, the client will be waiting for mgrmap in vain,
|
|
|
|
# if it is instructed to send a command to mgr. "pg dump" is served by mgr. so,
|
|
|
|
# we need to set a timeout for testing this scenario.
|
|
|
|
#
|
|
|
|
# leave plenty of time here because the mons might be thrashing.
|
|
|
|
export CEPH_ARGS='--rados-mon-op-timeout=300'
|
2018-05-04 08:11:53 +00:00
|
|
|
expect "ceph -k $tmp.foo.keyring --user foo pg dump" $ETIMEDOUT
|
2018-09-18 13:57:25 +00:00
|
|
|
export CEPH_ARGS=''
|
|
|
|
|
2013-07-20 03:30:59 +00:00
|
|
|
expect "ceph -k $tmp.foo.keyring --user foo quorum_status" 13
|
2013-07-20 04:50:06 +00:00
|
|
|
ceph auth del client.foo
|
2013-07-20 03:30:59 +00:00
|
|
|
|
2019-10-11 14:28:01 +00:00
|
|
|
c="'allow command service with prefix=list, allow command quorum_status'"
|
2013-07-20 03:30:59 +00:00
|
|
|
expect "ceph auth get-or-create client.bar mon $c > $tmp.bar.keyring" 0
|
2019-10-11 14:28:01 +00:00
|
|
|
expect "ceph -k $tmp.bar.keyring --user bar quorum_status" 0
|
2017-07-19 16:33:14 +00:00
|
|
|
expect "ceph -k $tmp.bar.keyring --user bar auth ls" 13
|
2013-07-20 03:30:59 +00:00
|
|
|
expect "ceph -k $tmp.bar.keyring --user bar auth export" 13
|
|
|
|
expect "ceph -k $tmp.bar.keyring --user bar auth del client.foo" 13
|
|
|
|
expect "ceph -k $tmp.bar.keyring --user bar osd dump" 13
|
2018-09-18 13:57:25 +00:00
|
|
|
|
|
|
|
# again, we'll need to timeout.
|
|
|
|
export CEPH_ARGS='--rados-mon-op-timeout=300'
|
2018-05-04 08:11:53 +00:00
|
|
|
expect "ceph -k $tmp.bar.keyring --user bar pg dump" $ETIMEDOUT
|
2018-09-18 13:57:25 +00:00
|
|
|
export CEPH_ARGS=''
|
|
|
|
|
2013-07-20 03:30:59 +00:00
|
|
|
expect "ceph -k $tmp.bar.keyring --user bar quorum_status" 13
|
2013-07-20 04:50:06 +00:00
|
|
|
ceph auth del client.bar
|
2013-07-20 03:30:59 +00:00
|
|
|
|
|
|
|
rm $tmp.bazar.keyring $tmp.foo.keyring $tmp.bar.keyring
|
2013-07-20 04:50:06 +00:00
|
|
|
|
2018-08-12 18:18:09 +00:00
|
|
|
# invalid caps health warning
|
|
|
|
cat <<EOF | ceph auth import -i -
|
|
|
|
[client.bad]
|
|
|
|
caps mon = this is wrong
|
|
|
|
caps osd = does not parse
|
|
|
|
caps mds = also does not parse
|
|
|
|
EOF
|
|
|
|
ceph health | grep AUTH_BAD_CAP
|
|
|
|
ceph health detail | grep client.bad
|
|
|
|
ceph auth rm client.bad
|
|
|
|
expect "ceph auth health | grep AUTH_BAD_CAP" 1
|
|
|
|
|
2017-07-19 16:33:14 +00:00
|
|
|
echo OK
|