Verifying Client Permissions #25
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,208 @@ | ||
| #!/bin/sh | ||
| # | ||
| # Environment variables used: | ||
| # - SERVER: hostname or IP-address of the NFS-server | ||
| # - EXPORT: NFS-export to test (should start with "/") | ||
|
|
||
| # enable some more output | ||
| set -x | ||
|
|
||
| [ -n "${SERVER}" ] | ||
| [ -n "${EXPORT}" ] | ||
|
|
||
| if [ "$1" = "client_initialization" ] | ||
| then | ||
| # install build and runtime dependencies | ||
| yum -y install nfs-utils time | ||
|
|
||
| mkdir -p /mnt/ganesha | ||
|
|
||
| mount -t nfs -o vers=3 ${SERVER}:${EXPORT} /mnt/ganesha | ||
|
|
||
| echo "Client Initial Stage --- With All Rights To All Clients ( RO & RW ) " | ||
|
|
||
| cd /mnt/ganesha | ||
|
|
||
| echo "Trying To Write A File" | ||
| echo "Hello World" > testFile.txt | ||
| ret=$? | ||
| if [ $ret -eq 0 ] | ||
| then | ||
| echo "SUCCESS" | ||
| else | ||
| echo "FAILED ON WRITING RIGHTS" | ||
| #exit ret | ||
| fi | ||
|
|
||
| echo "Trying To Read A File" | ||
| cat testFile.txt | ||
| ret=$? | ||
| if [ $ret -eq 0 ] | ||
| then | ||
| echo "SUCCESS" | ||
| else | ||
| echo "FAILED ON READING RIGHTS" | ||
| #exit ret | ||
| fi | ||
|
|
||
| cd / && umount /mnt/ganesha | ||
| fi | ||
|
|
||
| if [ "$1" = "client_stage1" ] | ||
| then | ||
| echo "Client Stage 1 --- With Only RO Rights To This Client " | ||
|
|
||
| mount -t nfs -o vers=3 ${SERVER}:${EXPORT} /mnt/ganesha | ||
|
|
||
| cd /mnt/ganesha | ||
|
|
||
| echo "Trying To Write A File" | ||
| sed -i '1s/$/ From RedHat/' testFile.txt | ||
| ret=$? | ||
| if [ $ret -eq 0 ] | ||
| then | ||
| echo "FAILURE Since Write Permissions Were Not Blocked To The Client" | ||
| #exit ret | ||
| else | ||
| echo "SUCCESS ON WRITE PERMISSIONS FAILURE" | ||
|
There was a problem hiding this comment. If output is parsed, this says FAILURE, and so will probably trigger a failure. Either way, this message can probably be cleaned up. There was a problem hiding this comment. The output is not parsed instead the return code is checked .... |
||
| fi | ||
|
|
||
| echo "Trying To Read A File" | ||
| cat testFile.txt | ||
| ret=$? | ||
| if [ $ret -eq 0 ] | ||
| then | ||
| echo "SUCCESS" | ||
| else | ||
| echo "FAILED ON READING RIGHTS" | ||
| #exit ret | ||
| fi | ||
|
|
||
| cd / && umount /mnt/ganesha | ||
| fi | ||
|
|
||
|
|
||
| if [ "$1" = "client_stage2" ] | ||
| then | ||
| echo "Client Stage 2 --- With Only Rights For v3 Mount To This Client " | ||
|
|
||
| echo "Trying To Mount By vers=3" | ||
| mount -t nfs -o vers=3 ${SERVER}:${EXPORT} /mnt/ganesha | ||
| ret=$? | ||
| if [ $ret -eq 0 ] | ||
| then | ||
| echo "SUCCESS ON v3 MOUNT BY CLIENT" | ||
| else | ||
| echo "FAILURE ON v3 MOUNT BY CLIENT" | ||
| #exit ret | ||
| fi | ||
|
|
||
| cd / && umount /mnt/ganesha | ||
|
|
||
| echo "Trying To Mount By vers=4.0" | ||
| mount -t nfs -o vers=4.0 ${SERVER}:${EXPORT} /mnt/ganesha | ||
| ret=$? | ||
| if [ $ret -eq 0 ] | ||
| then | ||
| echo "FAILURE Since v4.0 Permissions Were Not Given To The Client" | ||
| #exit ret | ||
| else | ||
| echo "SUCCESS ON v4.0 MOUNT FAILURE" | ||
|
There was a problem hiding this comment. Same, here, this message should probably not say FAILURE in is. Maybe "SUCCESS - v4.0 mount correctly rejected" or something? There was a problem hiding this comment. @dang |
||
| fi | ||
|
|
||
| cd / && umount /mnt/ganesha | ||
|
|
||
| echo "Trying To Mount By vers=4.1" | ||
| mount -t nfs -o vers=4.1 ${SERVER}:${EXPORT} /mnt/ganesha | ||
| ret=$? | ||
| if [ $ret -eq 0 ] | ||
| then | ||
| echo "FAILURE Since v4.1 Permissions Were Not Given To The Client" | ||
| #exit ret | ||
| else | ||
| echo "SUCCESS ON v4.1 MOUNT FAILURE" | ||
|
|
||
| fi | ||
|
|
||
| cd / && umount /mnt/ganesha | ||
|
|
||
| fi | ||
|
|
||
| if [ "$1" = "client_stage3" ] | ||
| then | ||
| echo "Client Stage 3 --- With Only Rights For v4.0 & v4.1 Mount To This Client " | ||
|
|
||
| echo "Trying To Mount By vers=3" | ||
| mount -t nfs -o vers=3 ${SERVER}:${EXPORT} /mnt/ganesha | ||
| ret=$? | ||
| if [ $ret -eq 0 ] | ||
| then | ||
| echo "FAILURE Since v3 Permissions Were Not Given To The Client" | ||
| #exit ret | ||
| else | ||
| echo "SUCCESS ON v3 MOUNT FAILURE" | ||
|
|
||
| fi | ||
|
|
||
| cd / && umount /mnt/ganesha | ||
|
|
||
| echo "Trying To Mount By vers=4.0" | ||
| mount -t nfs -o vers=4.0 ${SERVER}:${EXPORT} /mnt/ganesha | ||
| ret=$? | ||
| if [ $ret -eq 0 ] | ||
| then | ||
| echo "SUCCESS ON v4.0 MOUNT BY CLIENT" | ||
| else | ||
| echo "FAILURE ON v4.0 MOUNT BY CLIENT" | ||
| #exit ret | ||
| fi | ||
|
|
||
| cd / && umount /mnt/ganesha | ||
|
|
||
| echo "Trying To Mount By vers=4.1" | ||
| mount -t nfs -o vers=4.1 ${SERVER}:${EXPORT} /mnt/ganesha | ||
| ret=$? | ||
| if [ $ret -eq 0 ] | ||
| then | ||
| echo "SUCCESS ON v4.1 MOUNT BY CLIENT" | ||
| else | ||
| echo "FAILURE ON v4.1 MOUNT BY CLIENT" | ||
| #exit ret | ||
| fi | ||
|
|
||
| cd / && umount /mnt/ganesha | ||
|
|
||
| fi | ||
|
|
||
|
|
||
| if [ "$1" = "client_stage4" ] | ||
| then | ||
| echo "Client Stage 4 --- With Squashed Root Mount To This Client " | ||
|
|
||
| mount -t nfs ${SERVER}:${EXPORT} /mnt/ganesha | ||
|
|
||
| echo "Creating New User : test-user" | ||
| adduser test-user | ||
| echo asd123 | passwd test-user --stdin | ||
|
|
||
| echo "Adding test-user to sudoers file" | ||
| echo -e 'test-user \t ALL=(ALL) \t NOPASSWD:ALL' >> /etc/sudoers | ||
|
|
||
| echo "Trying To Change Ownership Of The File testFile.txt in the mount" | ||
| sudo chown test-user /mnt/ganesha/testFile.txt | ||
|
|
||
| ret=$? | ||
| if [ $ret -eq 0 ] | ||
| then | ||
| echo "FAILURE Since ROOT PERMISSIONS Were Not Given To This Client" | ||
| #exit ret | ||
| else | ||
| echo "SUCCESS ON chown Permission Denied" | ||
| fi | ||
|
|
||
| cd / && umount /mnt/ganesha | ||
|
|
||
| fi | ||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,148 @@ | ||
| # | ||
| # from: https://raw.githubusercontent.com/kbsingh/centos-ci-scripts/master/build_python_script.py | ||
| # | ||
| # This script uses the Duffy node management api to get fresh machines to run | ||
| # your CI tests on. Once allocated you will be able to ssh into that machine | ||
| # as the root user and setup the environ | ||
| # | ||
| # XXX: You need to add your own api key below, and also set the right cmd= line | ||
| # needed to run the tests | ||
| # | ||
| # Please note, this is a basic script, there is no error handling and there are | ||
| # no real tests for any exceptions. Patches welcome! | ||
|
|
||
| import json, urllib, subprocess, sys, os, time | ||
|
|
||
| url_base="http://admin.ci.centos.org:8080" | ||
| ver=os.getenv("CENTOS_VERSION") | ||
| arch=os.getenv("CENTOS_ARCH") | ||
| count=2 | ||
| server_script=os.getenv("SERVER_TEST_SCRIPT") | ||
| client_script=os.getenv("CLIENT_TEST_SCRIPT") | ||
|
|
||
| # delay for 5 minutes (duffy timeout for rate limiting) | ||
| retry_delay=300 | ||
| # retry maximum 3 hours, that is 3 x 60 x 60 seconds | ||
| max_retries=((3 * 60 * 60) / retry_delay) | ||
|
|
||
| # read the API key for Duffy from the ~/duffy.key file | ||
| fo=open("/home/nfs-ganesha/duffy.key") | ||
| api=fo.read().strip() | ||
| fo.close() | ||
|
|
||
| # build the URL to request the system(s) | ||
| get_nodes_url="%s/Node/get?key=%s&ver=%s&arch=%s&count=%s" % (url_base,api,ver,arch,count) | ||
|
|
||
| # request the system(s) | ||
| retries=0 | ||
| while retries < max_retries: | ||
| try: | ||
| dat=urllib.urlopen(get_nodes_url).read() | ||
| b=json.loads(dat) | ||
| # all is fine, break out of the loop | ||
| break | ||
| except ValueError, ve: | ||
| print("Failed to parse Duffy response: %s" % (dat)) | ||
| except Error, e: | ||
| print("An unexpected error occured: %s" % (e)) | ||
|
|
||
| retries+=1 | ||
| print("Waiting %d seconds before retrying #%d..." % (retry_delay, retries)) | ||
| time.sleep(retry_delay) | ||
|
|
||
|
|
||
| # NFS-Ganesha Server (parameters need double escape, passed on ssh commandline) | ||
| server_env="export GERRIT_HOST='%s'" % os.getenv("GERRIT_HOST") | ||
| server_env+=" GERRIT_PROJECT='%s'" % os.getenv("GERRIT_PROJECT") | ||
| server_env+=" GERRIT_REFSPEC='%s'" % os.getenv("GERRIT_REFSPEC") | ||
| server_env+=" YUM_REPO='%s'" % os.getenv("YUM_REPO", "") | ||
| server_env+=" GLUSTER_VOLUME='%s'" % os.getenv("EXPORT") | ||
| server_env+=" ENABLE_ACL='%s'" % os.getenv("ENABLE_ACL", "") | ||
| server_env+=" CLIENT='%s'" % b['hosts'][1] | ||
|
|
||
| # add the export with environment to ~/.bashrc | ||
| cmd="""ssh -t -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no root@%s ' | ||
| tee -a ~/.bashrc' <<< "%s" | ||
| """ % (b['hosts'][0], server_env) | ||
| subprocess.call(cmd, shell=True) | ||
|
|
||
| cmd="""ssh -t -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no root@%s ' | ||
| yum -y install curl && | ||
| curl -o server_script.sh %s && | ||
| bash server_script.sh server_initialization | ||
| '""" % (b['hosts'][0], server_script) | ||
| rtn_code=subprocess.call(cmd, shell=True) | ||
|
|
||
| # check rtn_code and skip client part after failure | ||
| if rtn_code == 0: | ||
| # NFS-Client (parameters need double escape, passed on ssh commandline) | ||
| client_env="export SERVER='%s'" % b['hosts'][0] | ||
| client_env+=" EXPORT='/%s'" % os.getenv("EXPORT") | ||
| client_env+=" TEST_PARAMETERS='%s'" % os.getenv("TEST_PARAMETERS", "") | ||
|
|
||
| # add the export with environment to ~/.bashrc | ||
| cmd="""ssh -t -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no root@%s ' | ||
| tee -a ~/.bashrc' <<< "%s" | ||
| """ % (b['hosts'][1], client_env) | ||
| subprocess.call(cmd, shell=True) | ||
|
|
||
| client_script = client_script.strip(" ") | ||
| if client_script.endswith(".py"): | ||
| interpreter_to_run = "python" | ||
| elif client_script.endswith(".sh"): | ||
| interpreter_to_run = "bash" | ||
|
|
||
| cmd="""ssh -t -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no root@%s ' | ||
| curl -o client_script %s && | ||
| %s client_script client_initialization | ||
| '""" % (b['hosts'][1], client_script, interpreter_to_run) | ||
| rtn_code=subprocess.call(cmd, shell=True) | ||
|
|
||
|
|
||
| cmd="""ssh -t -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no root@%s ' | ||
| bash server_script.sh server_stage1 | ||
| '""" % (b['hosts'][0]) | ||
| rtn_code=subprocess.call(cmd, shell=True) | ||
|
|
||
|
|
||
| cmd="""ssh -t -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no root@%s ' | ||
| %s client_script client_stage1 | ||
| '""" % (b['hosts'][1], interpreter_to_run) | ||
| rtn_code=subprocess.call(cmd, shell=True) | ||
|
|
||
| cmd="""ssh -t -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no root@%s ' | ||
| bash server_script.sh server_stage2 | ||
| '""" % (b['hosts'][0]) | ||
| rtn_code=subprocess.call(cmd, shell=True) | ||
|
|
||
| cmd="""ssh -t -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no root@%s ' | ||
| %s client_script client_stage2 | ||
| '""" % (b['hosts'][1], interpreter_to_run) | ||
| rtn_code=subprocess.call(cmd, shell=True) | ||
|
|
||
| cmd="""ssh -t -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no root@%s ' | ||
| bash server_script.sh server_stage3 | ||
| '""" % (b['hosts'][0]) | ||
| rtn_code=subprocess.call(cmd, shell=True) | ||
|
|
||
| cmd="""ssh -t -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no root@%s ' | ||
| %s client_script client_stage3 | ||
| '""" % (b['hosts'][1], interpreter_to_run) | ||
| rtn_code=subprocess.call(cmd, shell=True) | ||
|
|
||
| cmd="""ssh -t -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no root@%s ' | ||
| bash server_script.sh server_stage4 | ||
| '""" % (b['hosts'][0]) | ||
| rtn_code=subprocess.call(cmd, shell=True) | ||
|
|
||
| cmd="""ssh -t -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no root@%s ' | ||
| %s client_script client_stage4 | ||
| '""" % (b['hosts'][1], interpreter_to_run) | ||
| rtn_code=subprocess.call(cmd, shell=True) | ||
|
|
||
|
|
||
| # return the system(s) to duffy | ||
| done_nodes_url="%s/Node/done?key=%s&ssid=%s" % (url_base, api, b['ssid']) | ||
| das=urllib.urlopen(done_nodes_url).read() | ||
|
|
||
| sys.exit(rtn_code) |
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How do these indicate failure to the test runner? Is the output parsed?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@dang
Sorry, The comment line
#exit retshould be uncommentd ... :(