RepoMirrors/ceph
1
0
Fork 0
mirror of https://github.com/ceph/ceph synced 2024-12-11 14:09:09 +00:00
Code Issues Packages Projects Releases Wiki Activity
516935bc23
ceph/qa/workunits/rbd/permissions.sh
Sage Weil bbb86ec794 mon: safety interlock for pool deletion 
Require that the pool name be passed twice along with an force option
before we irreversibly delete an entire pool of objects.

Signed-off-by: Sage Weil <sage@inktank.com>
2013-01-26 13:45:12 -08:00

122 lines
4.5 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash -ex
create_pools() {
ceph osd pool create images 100
ceph osd pool create volumes 100
}
delete_pools() {
(ceph osd pool delete images images --yes-i-really-really-mean-it || true) >/dev/null 2>&1
(ceph osd pool delete volumes volumes --yes-i-really-really-mean-it || true) >/dev/null 2>&1
}
recreate_pools() {
create_pools
delete_pools
}
delete_uers() {
(ceph auth del client.volumes || true) >/dev/null 2>&1
(ceph auth del client.images || true) >/dev/null 2>&1
}
create_users() {
ceph auth get-or-create client.volumes mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow r class-read pool images, allow rwx pool volumes' >> $KEYRING
ceph auth get-or-create client.images mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool images' >> $KEYRING
}
test_images_access() {
rbd -k $KEYRING --id images create --format 2 -s 1 images/foo
rbd -k $KEYRING --id images snap create images/foo@snap
rbd -k $KEYRING --id images snap protect images/foo@snap
rbd -k $KEYRING --id images snap unprotect images/foo@snap
rbd -k $KEYRING --id images snap protect images/foo@snap
rbd -k $KEYRING --id images export images/foo@snap - >/dev/null
! rbd -k $KEYRING --id images snap rm images/foo@snap
rbd -k $KEYRING --id volumes clone images/foo@snap volumes/child
! rbd -k $KEYRING --id images snap unprotect images/foo@snap
! rbd -k $KEYRING --id volumes snap unprotect images/foo@snap
! rbd -k $KEYRING --id images flatten volumes/child
rbd -k $KEYRING --id volumes flatten volumes/child
! rbd -k $KEYRING --id volumes snap unprotect images/foo@snap
rbd -k $KEYRING --id images snap unprotect images/foo@snap
! rbd -k $KEYRING --id images rm images/foo
rbd -k $KEYRING --id images snap rm images/foo@snap
rbd -k $KEYRING --id images rm images/foo
rbd -k $KEYRING --id volumes rm volumes/child
}
test_volumes_access() {
rbd -k $KEYRING --id images create --format 2 -s 1 images/foo
rbd -k $KEYRING --id images snap create images/foo@snap
rbd -k $KEYRING --id images snap protect images/foo@snap
# commands that work with read-only access
rbd -k $KEYRING --id volumes info images/foo@snap
rbd -k $KEYRING --id volumes snap ls images/foo
rbd -k $KEYRING --id volumes export images/foo - >/dev/null
rbd -k $KEYRING --id volumes cp images/foo volumes/foo_copy
rbd -k $KEYRING --id volumes rm volumes/foo_copy
rbd -k $KEYRING --id volumes children images/foo@snap
rbd -k $KEYRING --id volumes lock list images/foo
# commands that fail with read-only access
! rbd -k $KEYRING --id volumes resize -s 2 images/foo
! rbd -k $KEYRING --id volumes snap create images/foo@2
! rbd -k $KEYRING --id volumes snap rollback images/foo@snap
! rbd -k $KEYRING --id volumes snap remove images/foo@snap
! rbd -k $KEYRING --id volumes snap purge images/foo
! rbd -k $KEYRING --id volumes snap unprotect images/foo@snap
! rbd -k $KEYRING --id volumes flatten images/foo
! rbd -k $KEYRING --id volumes lock add images/foo test
! rbd -k $KEYRING --id volumes lock remove images/foo test locker
! rbd -k $KEYRING --id volumes ls rbd
# create clone and snapshot
rbd -k $KEYRING --id volumes clone images/foo@snap volumes/child
rbd -k $KEYRING --id volumes snap create volumes/child@snap1
rbd -k $KEYRING --id volumes snap protect volumes/child@snap1
rbd -k $KEYRING --id volumes snap create volumes/child@snap2
# make sure original snapshot stays protected
! rbd -k $KEYRING --id images snap unprotect images/foo@snap
rbd -k $KEYRING --id volumes flatten volumes/child
! rbd -k $KEYRING --id images snap unprotect images/foo@snap
rbd -k $KEYRING --id volumes snap rm volumes/child@snap2
! rbd -k $KEYRING --id images snap unprotect images/foo@snap
! rbd -k $KEYRING --id volumes snap rm volumes/child@snap2
rbd -k $KEYRING --id volumes snap unprotect volumes/child@snap1
! rbd -k $KEYRING --id images snap unprotect images/foo@snap
# clean up
rbd -k $KEYRING --id volumes snap rm volumes/child@snap1
rbd -k $KEYRING --id images snap unprotect images/foo@snap
rbd -k $KEYRING --id images snap rm images/foo@snap
rbd -k $KEYRING --id images rm images/foo
rbd -k $KEYRING --id volumes rm volumes/child
}
cleanup() {
rm -f $KEYRING
}
KEYRING=$(mktemp)
trap cleanup EXIT ERR HUP INT QUIT
delete_users
create_users
recreate_pools
test_images_access
recreate_pools
test_volumes_access
delete_pools
delete_users
echo OK
exit 0
Reference in New Issue View Git Blame Copy Permalink