3 # Test pmlogger access control stuff and pmlc
5 # Copyright (c) 1995-2002 Silicon Graphics, Inc. All Rights Reserved.
9 echo "QA output created by $seq"
11 # get standard environment, filters and checks
16 trap "rm -rf $tmp $tmp.*; exit" 0 1 2 3 15
18 # real QA test starts here
20 echo "this tests access control for pmlogger and exercises pmlc"
22 # Remember that we cd into $tmp
25 signal
=$PCP_BINADM_DIR/pmsignal
27 config
=$tmp/pmlogger.conf
31 errors
=$tmp/errors.pmlc
33 echo "me=$me" >$here/$seq.full
34 echo "shortme=$shortme" >>$here/$seq.full
38 # for Linux sometimes see "Connection reset by peer" ... this is believed
39 # to be a timing issue, and the results are semantically equivalent for
40 # the purposes of this test, so ...
41 # and the "receiving response from pmlogger" part of the no permission
42 # error message may not be there for older pmlc versions, so ...
44 tee -a $here/$seq.full \
45 |
sed -e "s/$me/ME/" \
48 -e "s/$other1/OTHER1/" \
49 -e "s/$other2/OTHER2/" \
50 -e 's/Connection reset by peer/Address already in use/' \
51 -e '/No permission to perform/s/ receiving response from pmlogger//'
54 # Wait for appearance ($1 is true) or disappearance ($1 is false) of primary
61 if $PCP_PS_PROG $PCP_PS_ALL_FLAGS |
grep '[p]mlogger.*-P' |
grep -v sudo
>/dev
/null
63 # if it's there and we're waiting for it, break
66 # if it's not there and we're waiting for it to disappear, break
71 logger_pid
=`$PCP_PS_PROG $PCP_PS_ALL_FLAGS | grep '[p]mlogger.*-P' | grep -v sudo | $PCP_AWK_PROG '{ print $2 }'`
72 if [ ! -z "$logger_pid" ]
77 echo "primary pmlogger alive"
81 echo "primary pmlogger won't die, can't do QA test, ...giving up!"
82 $PCP_PS_PROG $PCP_PS_ALL_FLAGS |
egrep '[p]m|[P]PID'
91 echo "primary pmlogger won't start, can't do QA test, ...giving up!"
92 echo "pmlogger log file:"
94 echo "pmlogger sh log:"
96 $PCP_PS_PROG $PCP_PS_ALL_FLAGS |
egrep '[p]m|[P]PID'
99 echo "primary pmlogger terminated"
114 # kill off any surviving pmloggers
116 $sudo $signal -a -s TERM pmlogger
118 echo "Restarting pmcd and friends..."
119 $sudo $PCP_RC_DIR/pcp restart | _filter_pcp_start
124 trap interrupt
1 2 3 15
127 # real QA test starts here
130 echo "Running the access tests"
132 # ideally want a host with only 1 network interface ... getpmcdhosts
133 # cannot express this, so we used to go for 1 CPU as a likely co-condition,
134 # but even that has been dropped now that single CPU systems are so
137 eval `./getpmcdhosts -L -n2 -v 'pcp>=2' | sed -e 's/^/other1=/' -e 's/ / other2=/'`
140 echo "Cannot find first remote host running pmcd v2.x" >$seq.notrun
146 echo "Cannot find second remote host running pmcd v2.x" >$seq.notrun
150 echo "other1=$other1" >>$here/$seq.full
151 echo "other2=$other2" >>$here/$seq.full
153 # kill off any existing primary pmlogger
155 $sudo $signal -a -s TERM pmlogger
161 # since we now run pmlogger as user/group pcp/pcp when -P is
162 # specified, need to make this directory writeable
166 echo "Unable to create working directory $tmp, ...giving up!"
170 cat >$config <<End-Of-File
171 # test various "all" commands
172 log mandatory on 1 hour {
173 kernel.all.load [ "1 minute" ]
176 log mandatory maybe sample.bin["bin-100","bin-200","bin-300","bin-400"]
177 log mandatory off sample.bin["bin-600","bin-700","bin-800","bin-900"]
180 allow $other1 : all except mandatory;
181 disallow $other2 : all;
183 allow localhost : all;
186 echo >>$here/$seq.full
187 cat $config >>$here/$seq.full
189 echo "starting test pmlogger..."
191 # extra parentheses and I/O redirection so that shell doesn't print pid
193 ( sh
-c "$sudo $PCP_BINADM_DIR/pmlogger -P -c $config -l $log TEST" >$tmp/sh.log
2>&1 & ) >/dev
/null
2>&1
195 _wait_for_pmlogger
$logger_pid $log
197 # Check connect and enquire access
199 echo |
tee -a $here/$seq.full
200 echo "================" |
tee -a $here/$seq.full
201 echo "checking enquire access for this host..." |
tee -a $here/$seq.full
202 pmlc
-P <<End-Of-File 2>$errors \
204 query kernel.all.load[1,5,15]
209 echo Errors
: |
tee -a $here/$seq.full
211 $PCP_PS_PROG $PCP_PS_ALL_FLAGS |
egrep '[p]m|[P]PID'
216 echo |
tee -a $here/$seq.full
217 echo "================" |
tee -a $here/$seq.full
218 echo "checking enquire access for other1..." |
tee -a $here/$seq.full
219 ssh -q pcpqa@
$other1 "sh -c 'PMCD_CONNECT_TIMEOUT=60 PMCD_REQUEST_TIMEOUT=60 pmlc -h $me -P'" <<End-Of-File 2>$errors \
221 query kernel.all.load[1,5,15]
226 echo Errors
: |
tee -a $here/$seq.full
228 echo FAILED ... sleeping
232 echo |
tee -a $here/$seq.full
233 echo "================" |
tee -a $here/$seq.full
234 echo "checking enquire access for other2 (should fail)..." |
tee -a $here/$seq.full
235 ssh -q pcpqa@
$other2 "sh -c 'PMCD_CONNECT_TIMEOUT=60 PMCD_REQUEST_TIMEOUT=60 pmlc -h $me -P'" <<End-Of-File 2>$errors \
237 query kernel.all.load[1,5,15]
242 echo Errors
: |
tee -a $here/$seq.full
246 echo |
tee -a $here/$seq.full
247 echo "================" |
tee -a $here/$seq.full
248 echo "re-checking enquire access for this host..." |
tee -a $here/$seq.full
249 pmlc
-P <<End-Of-File 2>$errors \
251 query kernel.all.load[1,5,15]
256 echo Errors
: |
tee -a $here/$seq.full
261 # Now check advisory access using sample.bin
263 cat >$config <<End-Of-File
264 # test various explicit access commands
266 log mandatory maybe sample.bin["bin-100","bin-200","bin-300"]
267 log mandatory off sample.bin["bin-700","bin-800","bin-900"]
270 allow $me : enquire, advisory, mandatory;
271 allow localhost : enquire, advisory, mandatory;
272 allow $other1 : enquire, advisory;
273 allow $other2 : enquire;
277 echo >>$here/$seq.full
278 cat $config >>$here/$seq.full
280 echo "killing pmlogger used for enquire tests..."
281 $sudo $signal -a -s TERM pmlogger
285 echo "starting new pmlogger for advisory & mandatory tests..."
287 # extra parentheses and I/O redirection so that shell doesn't print pid
289 ( sh
-c "$sudo $PCP_BINADM_DIR/pmlogger -P -c $config -l $log TEST2" >$tmp/sh.log
2>&1 & ) >/dev
/null
2>&1
291 _wait_for_pmlogger
$logger_pid $log
293 echo |
tee -a $seq.full
294 echo "================" |
tee -a $seq.full
295 echo "checking advisory access for this host..." |
tee -a $seq.full
296 echo "(100,400 will change, 700 will not)" |
tee -a $seq.full
297 pmlc
-P <<End-Of-File 2>$errors \
299 query sample.bin[100,200,300,400,500,600,700,800,900]
300 advisory on 1 hour sample.bin[100]
301 advisory on 2 hour sample.bin[400]
302 advisory on 3 hour sample.bin[700]
306 pmlc
-P <<End-Of-File 2>>$errors \
308 query sample.bin[100,200,300,400,500,600,700,800,900]
313 $PCP_PS_PROG $PCP_PS_ALL_FLAGS |
grep pmlc
315 echo Errors
: |
tee -a $seq.full
317 echo "pmlogger sh log:"
322 echo |
tee -a $seq.full
323 echo "================" |
tee -a $seq.full
324 echo "checking advisory access for other1..." |
tee -a $seq.full
325 echo "(200,500 will change, 800 will not)" |
tee -a $seq.full
326 ssh -q pcpqa@
$other1 "sh -c 'PMCD_CONNECT_TIMEOUT=60 PMCD_REQUEST_TIMEOUT=60 pmlc -h $me -P'" <<End-Of-File 2>$errors \
328 query sample.bin[100,200,300,400,500,600,700,800,900]
329 advisory on 1 hour sample.bin[200]
330 advisory on 2 hour sample.bin[500]
331 advisory on 3 hour sample.bin[800]
335 pmlc
-P <<End-Of-File 2>>$errors \
337 query sample.bin[100,200,300,400,500,600,700,800,900]
342 echo Errors
: |
tee -a $seq.full
346 echo |
tee -a $seq.full
347 echo "================" |
tee -a $seq.full
348 echo "checking advisory access for other2..." |
tee -a $seq.full
349 echo "(expect 3 permission errors)" |
tee -a $seq.full
350 ssh -q pcpqa@
$other2 "sh -c 'PMCD_CONNECT_TIMEOUT=60 PMCD_REQUEST_TIMEOUT=60 pmlc -h $me -P'" <<End-Of-File 2>$errors \
352 query sample.bin[100,200,300,400,500,600,700,800,900]
353 advisory on 1 hour sample.bin[300]
354 advisory on 2 hour sample.bin[600]
355 advisory on 3 hour sample.bin[900]
359 pmlc
-P <<End-Of-File 2>>$errors \
361 query sample.bin[100,200,300,400,500,600,700,800,900]
366 echo Errors
: |
tee -a $seq.full
370 # Now check mandatory access using sample.bin (same config file as for advisory
373 echo "killing pmlogger used for advisory tests..."
374 $sudo $signal -a -s TERM pmlogger
378 echo "starting new pmlogger for mandatory tests..."
380 # extra parentheses and I/O redirection so that shell doesn't print pid
382 ( sh
-c "$sudo $PCP_BINADM_DIR/pmlogger -P -c $config -l $log TEST3" >$tmp/sh.log
2>&1 & ) >/dev
/null
2>&1
384 _wait_for_pmlogger
$logger_pid $log
386 echo |
tee -a $seq.full
387 echo "================" |
tee -a $seq.full
388 echo "checking mandatory access for this host..." |
tee -a $seq.full
389 echo "(100,400,700 will change)" |
tee -a $seq.full
390 pmlc
-P <<End-Of-File 2>$errors \
392 query sample.bin[100,200,300,400,500,600,700,800,900]
393 mandatory on 3 hour sample.bin[100]
394 mandatory on 4 hour sample.bin[400]
395 mandatory on 5 hour sample.bin[700]
399 pmlc
-P <<End-Of-File 2>>$errors \
401 query sample.bin[100,200,300,400,500,600,700,800,900]
406 echo Errors
: |
tee -a $seq.full
410 echo |
tee -a $seq.full
411 echo "================" |
tee -a $seq.full
412 echo "checking mandatory access for other1..." |
tee -a $seq.full
413 echo "Expect 3 permission errors" |
tee -a $seq.full
414 ssh -q pcpqa@
$other1 "sh -c 'PMCD_CONNECT_TIMEOUT=60 PMCD_REQUEST_TIMEOUT=60 pmlc -h $me -P'" <<End-Of-File 2>$errors \
416 query sample.bin[100,200,300,400,500,600,700,800,900]
417 mandatory on 3 hour sample.bin[200]
418 mandatory on 4 hour sample.bin[500]
419 mandatory on 5 hour sample.bin[800]
423 pmlc
-P <<End-Of-File 2>>$errors \
425 query sample.bin[100,200,300,400,500,600,700,800,900]
430 echo Errors
: |
tee -a $seq.full
434 echo |
tee -a $seq.full
435 echo "================" |
tee -a $seq.full
436 echo "checking mandatory access for other2..." |
tee -a $seq.full
437 echo "Expect 3 permission errors" |
tee -a $seq.full
438 ssh -q pcpqa@
$other2 "sh -c 'PMCD_CONNECT_TIMEOUT=60 PMCD_REQUEST_TIMEOUT=60 pmlc -h $me -P'" <<End-Of-File 2>$errors \
440 query sample.bin[100,200,300,400,500,600,700,800,900]
441 mandatory on 3 hour sample.bin[300]
442 mandatory on 4 hour sample.bin[600]
443 mandatory on 5 hour sample.bin[900]
447 pmlc
-P <<End-Of-File 2>>$errors \
449 query sample.bin[100,200,300,400,500,600,700,800,900]
454 echo Errors
: |
tee -a $seq.full
458 # Check that each pmlogger only accepts one pmlc connection at a time
460 echo |
tee -a $seq.full
461 echo "================" |
tee -a $seq.full
462 echo "checking 2nd pmlc for pmlogger (should fail)..." |
tee -a $seq.full
463 ( ( sleep 5 | pmlc
-P ) & ) >/dev
/null
2>&1
465 pmlc
-P <<End-Of-File 2>$errors \
471 echo Errors
: |
tee -a $seq.full