3 # pmcd access control tests (used to be the second half of 051)
5 # Copyright (c) 1995-2002 Silicon Graphics, Inc. All Rights Reserved.
9 echo "QA output created by $seq"
13 .
/getpmcdhosts
-n 2 -L -a sample
-v 'pcp>=2' -s IRIX64
2>$seq.notrun
>/dev
/null
15 echo "$seq: [not run] `cat $seq.notrun`"
20 # get standard filters
26 status
=1 # failure is the default!
28 # pmcd may be quite some distance away
30 PMCD_CONNECT_TIMEOUT
=30
31 PMCD_REQUEST_TIMEOUT
=30
35 export PMCD_CONNECT_TIMEOUT PMCD_REQUEST_TIMEOUT NETSTAT
37 # real QA test starts here
39 config
=$PCP_PMCDCONF_PATH
45 me
=`_host_to_fqdn $host`
48 echo "Cannot get fully qualified domain name for $host"
54 # _wait_for_pmcd_from_remote remote-host [max-wait]
56 _wait_for_pmcd_from_remote
()
58 # 20 seconds default seems like a reasonble max time to get going
62 while [ $i -lt $can_wait ]
64 clients
=`ssh $1 -q -n -l pcpqa "sh -c 'PMCD_PORT=$port pmprobe -h $me pmcd.numclients'" 2>/dev/null | sed -e 's/.* //'`
68 echo "+ ssh $1 -q -n -l pcpqa \"sh -c 'PMCD_PORT=$port pmprobe -h $me pmcd.numclients'\"" >>$seq.full
69 ssh $1 -q -n -l pcpqa
"sh -c 'PMCD_PORT=$port pmprobe -h $me pmcd.numclients'" >>$seq.full
2>&1
70 echo "clients=\"$clients\"" >>$seq.full
72 if [ ! -z "$clients" ]
74 if [ "$clients" -gt 0 ]
85 echo "Arrgghhh ... pmcd failed to start after $can_wait seconds"
86 ssh $1 -q -n -l pcpqa
cat $PCP_PMCDLOG_PATH
98 [ -f $oconfig ] && $sudo cp $oconfig $config
99 # _change_config pmlogger on
100 $sudo $PCP_RC_DIR/pcp restart | _filter_pcp_start
108 trap "cleanup; exit \$status" 0 1 2 3 15
113 # real QA test starts here
114 port
=`_get_port tcp 6060 6070`
117 echo "Arrggh ... no free TCP port in the range 6060 ... 6070"
121 echo "port=$port" >>$seq.full
123 # _change_config pmlogger off
124 $sudo $PCP_RC_DIR/pcp stop | _filter_pcp_stop
126 $sudo cp $config $oconfig
131 eval `./getpmcdhosts -n 2 -L -a sample -v 'pcp>=2' -s IRIX64 2>/dev/null \
132 | $PCP_AWK_PROG '{ if (NF >= 2) printf("other1=%s other2=%s\n",$1,$2); }'`
134 if [ "X$other1" = Xbogus
-o "X$other2" = Xbogus
]
136 echo "Error: Unable to find two hosts configured with the sample PMDA"
137 echo "+ ./getpmcdhosts -D -n 2 -L -a sample -v 'pcp>=2' -s IRIX64 "
138 .
/getpmcdhosts
-D -n 2 -L -a sample
-v 'pcp>=2' -s IRIX64
139 echo "Desperate: check all hosts in qa_hosts ..."
144 pminfo
-b 1 -f -h $host pmcd.numagents pmcd.agent.status sample.seconds
149 list1
=`_all_hostnames $other1`
152 echo "Arrgh ... failed to expand other1=\"$other1\" to all hostnames"
153 echo "netstat reports ..."
154 ssh -q </dev
/null
$other1 -n -l pcpqa
$NETSTAT -in
157 list2
=`_all_hostnames $other2`
160 echo "Arrgh ... failed to expand other2=\"$other2\" to all hostnames"
161 echo "netstat reports ..."
162 ssh -q </dev
/null
$other2 -n -l pcpqa
$NETSTAT -in
165 echo "other1=$other1 list1=$list1" >>$seq.full
166 echo "other2=$other2 list2=$list2" >>$seq.full
168 cat >$tmp.access
<<End-Of-File
172 disallow $list2 : all except fetch;
173 allow $list2 : maximum 1 connections;
176 $sudo "sed -e '/\[access]/q' $oconfig | sed -e '/\[access]/d' >$config"
177 $sudo "cat $tmp.access >>$config"
180 echo "=== First pmcd.conf ===" >>$seq.full
181 cat $config >>$seq.full
183 # don'use the regular port ...
188 $sudo $PCP_RC_DIR/pcp restart | _filter_pcp_start
191 #DEBUG# pmstore pmcd.control.traceconn 1
192 #DEBUG# pmstore pmcd.control.tracepdu 1
193 #DEBUG# pmstore pmcd.control.tracenobuf 1
194 #DEBUG# pmstore pmcd.control.debug 1
196 echo " checking default access for this host ..."
197 pminfo
-f sample.long.million
198 pmstore sample.write_me
111
201 echo " checking access for OTHERHOST1 (both should succeed)"
202 ssh -q $other1 -n -l pcpqa
"sh -c 'PMCD_PORT=$port pminfo -h $me -f sample.long.million'"
203 ssh -q $other1 -n -l pcpqa
"sh -c 'PMCD_PORT=$port pmstore -h $me sample.write_me 222'"
206 echo " checking access for OTHERHOST2 (store should fail)"
207 ssh -q $other2 -n -l pcpqa
"sh -c 'PMCD_PORT=$port pminfo -h $me -f sample.long.hundred'"
208 ssh -q $other2 -n -l pcpqa
"sh -c 'PMCD_PORT=$port pmstore -h $me sample.write_me 333'"
211 echo " checking connection limit for OTHERHOST2 (will exceed connection limit)"
212 ssh -q $other2 -n -l pcpqa
"sh -c 'PMCD_PORT=$port pmval -h $me -t 666 sample.long.ten'" >/dev
/null
2>&1 &
215 sleep `expr $PMCD_CONNECT_TIMEOUT / 2`
216 # note on sed ... some systems appear to be able to deliver the socket
217 # reset by peer state ahead of completing the read() on the receiver side,
218 # so we never get the PCP error PDU ... there has been extensive analysis
219 # of this for pmcd on a Linux host and $other2 being an IRIX host, and it
220 # is _not_ a PCP protocol failure.
222 ssh -q $other2 -n -l pcpqa
"sh -c 'PMCD_PORT=$port pminfo -h $me -f sample.long.one'" 2>&1 \
224 -e 's/".*"/"OTHERHOST2"/' \
225 -e 's/IPC protocol failure/PMCD connection limit for this host exceeded/'
226 #DEBUG# echo "Trying connection limit pminfo again ..." >>$seq.full
227 #DEBUG# ssh -q $other2 -n -l pcpqa "sh -c 'PMCD_PORT=$port par -s -SS pminfo -Dall -h $me -f sample.long.one'" >>$seq.full 2>&1
228 ssh -q $other2 -n -l pcpqa
$rsignal -a pmval
> /dev
/null
2>&1
230 echo "pmcd.log:======="
231 sed -n <$PCP_PMCDLOG_PATH -e '/endclient/{
233 s/(fd [0-9]*)/(fd N)/
236 echo "================"
238 echo "pmcd.log ..." >>$seq.full
239 cat $PCP_PMCDLOG_PATH >>$seq.full
241 iplist1
=`_all_ipaddrs $other1`
244 echo "QA Error: cannot generate all ip addrs from \"$other1\""
248 iplist2
=`_all_ipaddrs $other2`
251 echo "QA Error: cannot generate all ip addrs from \"$other2\""
255 iplist3
=`_all_ipaddrs localhost`
258 echo "QA Error: cannot generate all ip addrs from localhost"
262 echo "other1=$other1 iplist1=$iplist1" >>$seq.full
263 echo "other2=$other2 iplist2=$iplist2" >>$seq.full
264 echo "localhost iplist3=$iplist3" >>$seq.full
266 netlist2
=`echo $iplist2,$iplist3 | sed -e 's/$/,/' -e 's/[0-9][0-9]*\.[0-9][0-9]*,/*,/g' -e 's/,$//'`
268 cat >$tmp.access
<<End-Of-File
271 allow $iplist1 : all;
272 disallow $netlist2 : all except fetch;
276 $sudo "sed -e '/\[access]/q' $oconfig | sed -e '/\[access]/d' >$config"
277 $sudo "cat $tmp.access >>$config"
280 echo "=== Second pmcd.conf ===" >>$seq.full
281 cat $config >>$seq.full
283 $sudo $PCP_RC_DIR/pcp restart | _filter_pcp_start
284 _wait_for_pmcd_from_remote
$other1
285 ssh -q $other1 -n -l pcpqa
"sh -c 'PMCD_PORT=$port pmstore -h $me pmcd.control.debug 4096'"
287 echo " checking default access for this host (store should fail) ..."
289 pminfo
-f sample.long.million
290 pmstore sample.write_me
444
293 echo " checking access for OTHERHOST1 (both should succeed)"
294 ssh -q $other1 -n -l pcpqa
"sh -c 'PMCD_PORT=$port pminfo -h $me -f sample.long.million'"
295 ssh -q $other1 -n -l pcpqa
"sh -c 'PMCD_PORT=$port pmstore -h $me sample.write_me 555'"
298 echo " checking access for OTHERHOST2 (store should fail)"
299 ssh -q $other2 -n -l pcpqa
"sh -c 'PMCD_PORT=$port pminfo -h $me -f sample.long.hundred'"
300 ssh -q $other2 -n -l pcpqa
"sh -c 'PMCD_PORT=$port pmstore -h $me sample.write_me 666'"
303 echo " checking default access for explicit/localhost (both should fail)"
304 pmstore
-h localhost sample.write_me
21
305 pmstore
-h $me sample.write_me
42
307 echo "pmcd.log:======="
308 sed -n <$PCP_PMCDLOG_PATH -e '/endclient/{
310 s/(fd [0-9]*)/(fd N)/
313 echo "================"
315 echo "pmcd.log ..." >>$seq.full
316 cat $PCP_PMCDLOG_PATH >>$seq.full