2014-01-10 01:46:33 +00:00
|
|
|
package consul
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"os"
|
2018-07-11 20:10:58 +00:00
|
|
|
"reflect"
|
2014-01-10 01:46:33 +00:00
|
|
|
"testing"
|
2014-05-09 01:24:13 +00:00
|
|
|
"time"
|
2014-10-14 05:14:43 +00:00
|
|
|
|
2018-06-21 22:42:28 +00:00
|
|
|
"github.com/hashicorp/consul/agent/connect"
|
2017-07-06 10:34:00 +00:00
|
|
|
"github.com/hashicorp/consul/agent/structs"
|
2017-04-19 23:00:11 +00:00
|
|
|
"github.com/hashicorp/consul/api"
|
2019-03-27 12:54:56 +00:00
|
|
|
"github.com/hashicorp/consul/sdk/testutil/retry"
|
2019-04-25 16:26:33 +00:00
|
|
|
"github.com/hashicorp/consul/testrpc"
|
2015-10-13 23:43:52 +00:00
|
|
|
"github.com/hashicorp/net-rpc-msgpackrpc"
|
2014-10-14 05:14:43 +00:00
|
|
|
"github.com/hashicorp/serf/serf"
|
2018-06-21 22:42:28 +00:00
|
|
|
"github.com/stretchr/testify/require"
|
2014-01-10 01:46:33 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
func TestLeader_RegisterMember(t *testing.T) {
|
2017-06-27 13:22:18 +00:00
|
|
|
t.Parallel()
|
2017-03-23 20:34:30 +00:00
|
|
|
dir1, s1 := testServerWithConfig(t, func(c *Config) {
|
|
|
|
|
c.ACLDatacenter = "dc1"
|
2018-10-19 16:04:07 +00:00
|
|
|
c.ACLsEnabled = true
|
2017-03-23 20:34:30 +00:00
|
|
|
c.ACLMasterToken = "root"
|
|
|
|
|
c.ACLDefaultPolicy = "deny"
|
|
|
|
|
c.ACLEnforceVersion8 = true
|
|
|
|
|
})
|
2014-01-10 01:46:33 +00:00
|
|
|
defer os.RemoveAll(dir1)
|
|
|
|
|
defer s1.Shutdown()
|
|
|
|
|
|
|
|
|
|
dir2, c1 := testClient(t)
|
|
|
|
|
defer os.RemoveAll(dir2)
|
|
|
|
|
defer c1.Shutdown()
|
|
|
|
|
|
|
|
|
|
// Try to join
|
2017-05-05 10:29:49 +00:00
|
|
|
joinLAN(t, c1, s1)
|
2014-01-10 01:46:33 +00:00
|
|
|
|
2017-04-19 23:00:11 +00:00
|
|
|
testrpc.WaitForLeader(t, s1.RPC, "dc1")
|
2014-01-10 01:46:33 +00:00
|
|
|
|
2014-01-10 02:02:44 +00:00
|
|
|
// Client should be registered
|
2015-10-13 05:21:39 +00:00
|
|
|
state := s1.fsm.State()
|
2017-05-05 11:58:13 +00:00
|
|
|
retry.Run(t, func(r *retry.R) {
|
2015-10-14 02:18:43 +00:00
|
|
|
_, node, err := state.GetNode(c1.config.NodeName)
|
2015-10-12 07:42:09 +00:00
|
|
|
if err != nil {
|
2017-05-05 11:58:13 +00:00
|
|
|
r.Fatalf("err: %v", err)
|
2015-10-12 07:42:09 +00:00
|
|
|
}
|
2017-05-05 11:58:13 +00:00
|
|
|
if node == nil {
|
|
|
|
|
r.Fatal("client not registered")
|
|
|
|
|
}
|
|
|
|
|
})
|
2014-01-10 01:46:33 +00:00
|
|
|
|
|
|
|
|
// Should have a check
|
2017-01-24 07:37:21 +00:00
|
|
|
_, checks, err := state.NodeChecks(nil, c1.config.NodeName)
|
2015-10-12 07:42:09 +00:00
|
|
|
if err != nil {
|
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
|
}
|
2014-01-10 01:46:33 +00:00
|
|
|
if len(checks) != 1 {
|
|
|
|
|
t.Fatalf("client missing check")
|
|
|
|
|
}
|
2017-07-14 05:33:47 +00:00
|
|
|
if checks[0].CheckID != structs.SerfCheckID {
|
2014-01-10 01:46:33 +00:00
|
|
|
t.Fatalf("bad check: %v", checks[0])
|
|
|
|
|
}
|
2017-07-14 05:33:47 +00:00
|
|
|
if checks[0].Name != structs.SerfCheckName {
|
2014-01-10 01:46:33 +00:00
|
|
|
t.Fatalf("bad check: %v", checks[0])
|
|
|
|
|
}
|
2017-04-19 23:00:11 +00:00
|
|
|
if checks[0].Status != api.HealthPassing {
|
2014-01-10 01:46:33 +00:00
|
|
|
t.Fatalf("bad check: %v", checks[0])
|
|
|
|
|
}
|
2014-01-10 02:02:44 +00:00
|
|
|
|
|
|
|
|
// Server should be registered
|
2015-10-14 02:18:43 +00:00
|
|
|
_, node, err := state.GetNode(s1.config.NodeName)
|
2015-10-12 07:42:09 +00:00
|
|
|
if err != nil {
|
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
|
}
|
|
|
|
|
if node == nil {
|
2014-01-10 02:02:44 +00:00
|
|
|
t.Fatalf("server not registered")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Service should be registered
|
2017-01-20 07:36:50 +00:00
|
|
|
_, services, err := state.NodeServices(nil, s1.config.NodeName)
|
2015-10-12 07:42:09 +00:00
|
|
|
if err != nil {
|
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
|
}
|
2014-01-10 02:02:44 +00:00
|
|
|
if _, ok := services.Services["consul"]; !ok {
|
|
|
|
|
t.Fatalf("consul service not registered: %v", services)
|
|
|
|
|
}
|
2014-01-10 01:46:33 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func TestLeader_FailedMember(t *testing.T) {
|
2017-06-27 13:22:18 +00:00
|
|
|
t.Parallel()
|
2017-03-23 20:34:30 +00:00
|
|
|
dir1, s1 := testServerWithConfig(t, func(c *Config) {
|
|
|
|
|
c.ACLDatacenter = "dc1"
|
2018-10-19 16:04:07 +00:00
|
|
|
c.ACLsEnabled = true
|
2017-03-23 20:34:30 +00:00
|
|
|
c.ACLMasterToken = "root"
|
|
|
|
|
c.ACLDefaultPolicy = "deny"
|
|
|
|
|
c.ACLEnforceVersion8 = true
|
|
|
|
|
})
|
2014-01-10 01:46:33 +00:00
|
|
|
defer os.RemoveAll(dir1)
|
|
|
|
|
defer s1.Shutdown()
|
|
|
|
|
|
|
|
|
|
dir2, c1 := testClient(t)
|
|
|
|
|
defer os.RemoveAll(dir2)
|
|
|
|
|
defer c1.Shutdown()
|
|
|
|
|
|
2017-04-19 23:00:11 +00:00
|
|
|
testrpc.WaitForLeader(t, s1.RPC, "dc1")
|
2014-01-10 01:46:33 +00:00
|
|
|
|
|
|
|
|
// Try to join
|
2017-05-05 10:29:49 +00:00
|
|
|
joinLAN(t, c1, s1)
|
2014-01-10 01:46:33 +00:00
|
|
|
|
|
|
|
|
// Fail the member
|
|
|
|
|
c1.Shutdown()
|
|
|
|
|
|
|
|
|
|
// Should be registered
|
2015-10-13 05:21:39 +00:00
|
|
|
state := s1.fsm.State()
|
2017-05-05 11:58:13 +00:00
|
|
|
retry.Run(t, func(r *retry.R) {
|
2015-10-14 02:18:43 +00:00
|
|
|
_, node, err := state.GetNode(c1.config.NodeName)
|
2015-10-12 07:42:09 +00:00
|
|
|
if err != nil {
|
2017-05-05 11:58:13 +00:00
|
|
|
r.Fatalf("err: %v", err)
|
2015-10-12 07:42:09 +00:00
|
|
|
}
|
2017-05-05 11:58:13 +00:00
|
|
|
if node == nil {
|
|
|
|
|
r.Fatal("client not registered")
|
|
|
|
|
}
|
|
|
|
|
})
|
2014-01-10 01:46:33 +00:00
|
|
|
|
|
|
|
|
// Should have a check
|
2017-01-24 07:37:21 +00:00
|
|
|
_, checks, err := state.NodeChecks(nil, c1.config.NodeName)
|
2015-10-12 07:42:09 +00:00
|
|
|
if err != nil {
|
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
|
}
|
2014-01-10 01:46:33 +00:00
|
|
|
if len(checks) != 1 {
|
|
|
|
|
t.Fatalf("client missing check")
|
|
|
|
|
}
|
2017-07-14 05:33:47 +00:00
|
|
|
if checks[0].CheckID != structs.SerfCheckID {
|
2014-01-10 01:46:33 +00:00
|
|
|
t.Fatalf("bad check: %v", checks[0])
|
|
|
|
|
}
|
2017-07-14 05:33:47 +00:00
|
|
|
if checks[0].Name != structs.SerfCheckName {
|
2014-01-10 01:46:33 +00:00
|
|
|
t.Fatalf("bad check: %v", checks[0])
|
|
|
|
|
}
|
2014-05-09 00:04:52 +00:00
|
|
|
|
2017-05-05 11:58:13 +00:00
|
|
|
retry.Run(t, func(r *retry.R) {
|
2017-01-24 07:37:21 +00:00
|
|
|
_, checks, err = state.NodeChecks(nil, c1.config.NodeName)
|
2015-10-12 07:42:09 +00:00
|
|
|
if err != nil {
|
2017-05-05 11:58:13 +00:00
|
|
|
r.Fatalf("err: %v", err)
|
2015-10-12 07:42:09 +00:00
|
|
|
}
|
2017-05-05 11:58:13 +00:00
|
|
|
if got, want := checks[0].Status, api.HealthCritical; got != want {
|
|
|
|
|
r.Fatalf("got status %q want %q", got, want)
|
|
|
|
|
}
|
|
|
|
|
})
|
2014-01-10 01:46:33 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func TestLeader_LeftMember(t *testing.T) {
|
2017-06-27 13:22:18 +00:00
|
|
|
t.Parallel()
|
2017-03-23 20:34:30 +00:00
|
|
|
dir1, s1 := testServerWithConfig(t, func(c *Config) {
|
|
|
|
|
c.ACLDatacenter = "dc1"
|
2018-10-19 16:04:07 +00:00
|
|
|
c.ACLsEnabled = true
|
2017-03-23 20:34:30 +00:00
|
|
|
c.ACLMasterToken = "root"
|
|
|
|
|
c.ACLDefaultPolicy = "deny"
|
|
|
|
|
c.ACLEnforceVersion8 = true
|
|
|
|
|
})
|
2014-01-10 01:46:33 +00:00
|
|
|
defer os.RemoveAll(dir1)
|
|
|
|
|
defer s1.Shutdown()
|
|
|
|
|
|
|
|
|
|
dir2, c1 := testClient(t)
|
|
|
|
|
defer os.RemoveAll(dir2)
|
|
|
|
|
defer c1.Shutdown()
|
|
|
|
|
|
|
|
|
|
// Try to join
|
2017-05-05 10:29:49 +00:00
|
|
|
joinLAN(t, c1, s1)
|
2014-01-10 01:46:33 +00:00
|
|
|
|
2015-10-13 05:21:39 +00:00
|
|
|
state := s1.fsm.State()
|
2014-01-10 01:46:33 +00:00
|
|
|
|
|
|
|
|
// Should be registered
|
2017-05-05 11:58:13 +00:00
|
|
|
retry.Run(t, func(r *retry.R) {
|
2015-10-14 02:18:43 +00:00
|
|
|
_, node, err := state.GetNode(c1.config.NodeName)
|
2015-10-12 07:42:09 +00:00
|
|
|
if err != nil {
|
2017-05-05 11:58:13 +00:00
|
|
|
r.Fatalf("err: %v", err)
|
2015-10-12 07:42:09 +00:00
|
|
|
}
|
2017-05-05 11:58:13 +00:00
|
|
|
if node == nil {
|
|
|
|
|
r.Fatal("client not registered")
|
|
|
|
|
}
|
|
|
|
|
})
|
2014-01-10 01:46:33 +00:00
|
|
|
|
|
|
|
|
// Node should leave
|
|
|
|
|
c1.Leave()
|
|
|
|
|
c1.Shutdown()
|
|
|
|
|
|
|
|
|
|
// Should be deregistered
|
2017-05-05 11:58:13 +00:00
|
|
|
retry.Run(t, func(r *retry.R) {
|
2015-10-14 02:18:43 +00:00
|
|
|
_, node, err := state.GetNode(c1.config.NodeName)
|
2015-10-12 07:42:09 +00:00
|
|
|
if err != nil {
|
2017-05-05 11:58:13 +00:00
|
|
|
r.Fatalf("err: %v", err)
|
2015-10-12 07:42:09 +00:00
|
|
|
}
|
2017-05-05 11:58:13 +00:00
|
|
|
if node != nil {
|
|
|
|
|
r.Fatal("client still registered")
|
|
|
|
|
}
|
|
|
|
|
})
|
2014-01-10 01:46:33 +00:00
|
|
|
}
|
2014-03-20 19:51:49 +00:00
|
|
|
func TestLeader_ReapMember(t *testing.T) {
|
2017-06-27 13:22:18 +00:00
|
|
|
t.Parallel()
|
2017-03-23 20:34:30 +00:00
|
|
|
dir1, s1 := testServerWithConfig(t, func(c *Config) {
|
|
|
|
|
c.ACLDatacenter = "dc1"
|
2018-10-19 16:04:07 +00:00
|
|
|
c.ACLsEnabled = true
|
2017-03-23 20:34:30 +00:00
|
|
|
c.ACLMasterToken = "root"
|
|
|
|
|
c.ACLDefaultPolicy = "deny"
|
|
|
|
|
c.ACLEnforceVersion8 = true
|
|
|
|
|
})
|
2014-03-20 19:51:49 +00:00
|
|
|
defer os.RemoveAll(dir1)
|
|
|
|
|
defer s1.Shutdown()
|
|
|
|
|
|
|
|
|
|
dir2, c1 := testClient(t)
|
|
|
|
|
defer os.RemoveAll(dir2)
|
|
|
|
|
defer c1.Shutdown()
|
|
|
|
|
|
|
|
|
|
// Try to join
|
2017-05-05 10:29:49 +00:00
|
|
|
joinLAN(t, c1, s1)
|
2014-03-20 19:51:49 +00:00
|
|
|
|
2015-10-13 05:21:39 +00:00
|
|
|
state := s1.fsm.State()
|
2014-03-20 19:51:49 +00:00
|
|
|
|
|
|
|
|
// Should be registered
|
2017-05-05 11:58:13 +00:00
|
|
|
retry.Run(t, func(r *retry.R) {
|
2015-10-14 02:18:43 +00:00
|
|
|
_, node, err := state.GetNode(c1.config.NodeName)
|
2015-10-12 07:42:09 +00:00
|
|
|
if err != nil {
|
2017-05-05 11:58:13 +00:00
|
|
|
r.Fatalf("err: %v", err)
|
2015-10-12 07:42:09 +00:00
|
|
|
}
|
2017-05-05 11:58:13 +00:00
|
|
|
if node == nil {
|
|
|
|
|
r.Fatal("client not registered")
|
|
|
|
|
}
|
|
|
|
|
})
|
2014-03-20 19:51:49 +00:00
|
|
|
|
|
|
|
|
// Simulate a node reaping
|
|
|
|
|
mems := s1.LANMembers()
|
|
|
|
|
var c1mem serf.Member
|
|
|
|
|
for _, m := range mems {
|
|
|
|
|
if m.Name == c1.config.NodeName {
|
|
|
|
|
c1mem = m
|
|
|
|
|
c1mem.Status = StatusReap
|
|
|
|
|
break
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
s1.reconcileCh <- c1mem
|
|
|
|
|
|
2017-01-26 06:11:30 +00:00
|
|
|
// Should be deregistered; we have to poll quickly here because
|
|
|
|
|
// anti-entropy will put it back.
|
|
|
|
|
reaped := false
|
|
|
|
|
for start := time.Now(); time.Since(start) < 5*time.Second; {
|
2015-10-14 02:18:43 +00:00
|
|
|
_, node, err := state.GetNode(c1.config.NodeName)
|
2015-10-12 07:42:09 +00:00
|
|
|
if err != nil {
|
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
|
}
|
2017-01-26 06:11:30 +00:00
|
|
|
if node == nil {
|
|
|
|
|
reaped = true
|
|
|
|
|
break
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if !reaped {
|
2014-05-09 00:04:52 +00:00
|
|
|
t.Fatalf("client should not be registered")
|
2017-01-26 06:11:30 +00:00
|
|
|
}
|
2014-03-20 19:51:49 +00:00
|
|
|
}
|
|
|
|
|
|
2017-09-27 03:49:41 +00:00
|
|
|
func TestLeader_ReapServer(t *testing.T) {
|
|
|
|
|
t.Parallel()
|
|
|
|
|
dir1, s1 := testServerWithConfig(t, func(c *Config) {
|
|
|
|
|
c.ACLDatacenter = "dc1"
|
2018-10-19 16:04:07 +00:00
|
|
|
c.ACLsEnabled = true
|
2017-09-27 03:49:41 +00:00
|
|
|
c.ACLMasterToken = "root"
|
|
|
|
|
c.ACLDefaultPolicy = "allow"
|
|
|
|
|
c.ACLEnforceVersion8 = true
|
|
|
|
|
c.Bootstrap = true
|
|
|
|
|
})
|
|
|
|
|
defer os.RemoveAll(dir1)
|
|
|
|
|
defer s1.Shutdown()
|
|
|
|
|
|
|
|
|
|
dir2, s2 := testServerWithConfig(t, func(c *Config) {
|
|
|
|
|
c.ACLDatacenter = "dc1"
|
2018-10-19 16:04:07 +00:00
|
|
|
c.ACLsEnabled = true
|
2017-09-27 03:49:41 +00:00
|
|
|
c.ACLMasterToken = "root"
|
|
|
|
|
c.ACLDefaultPolicy = "allow"
|
|
|
|
|
c.ACLEnforceVersion8 = true
|
|
|
|
|
c.Bootstrap = false
|
|
|
|
|
})
|
|
|
|
|
defer os.RemoveAll(dir2)
|
|
|
|
|
defer s2.Shutdown()
|
|
|
|
|
|
|
|
|
|
dir3, s3 := testServerWithConfig(t, func(c *Config) {
|
|
|
|
|
c.ACLDatacenter = "dc1"
|
2018-10-19 16:04:07 +00:00
|
|
|
c.ACLsEnabled = true
|
2017-09-27 03:49:41 +00:00
|
|
|
c.ACLMasterToken = "root"
|
|
|
|
|
c.ACLDefaultPolicy = "allow"
|
|
|
|
|
c.ACLEnforceVersion8 = true
|
|
|
|
|
c.Bootstrap = false
|
|
|
|
|
})
|
|
|
|
|
defer os.RemoveAll(dir3)
|
|
|
|
|
defer s3.Shutdown()
|
|
|
|
|
|
|
|
|
|
// Try to join
|
|
|
|
|
joinLAN(t, s1, s2)
|
|
|
|
|
joinLAN(t, s1, s3)
|
|
|
|
|
|
|
|
|
|
testrpc.WaitForLeader(t, s1.RPC, "dc1")
|
2018-09-04 13:02:47 +00:00
|
|
|
testrpc.WaitForLeader(t, s2.RPC, "dc1")
|
|
|
|
|
testrpc.WaitForLeader(t, s3.RPC, "dc1")
|
2017-09-27 03:49:41 +00:00
|
|
|
state := s1.fsm.State()
|
|
|
|
|
|
|
|
|
|
// s3 should be registered
|
|
|
|
|
retry.Run(t, func(r *retry.R) {
|
|
|
|
|
_, node, err := state.GetNode(s3.config.NodeName)
|
|
|
|
|
if err != nil {
|
|
|
|
|
r.Fatalf("err: %v", err)
|
|
|
|
|
}
|
|
|
|
|
if node == nil {
|
|
|
|
|
r.Fatal("client not registered")
|
|
|
|
|
}
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
// call reconcileReaped with a map that does not contain s3
|
|
|
|
|
knownMembers := make(map[string]struct{})
|
|
|
|
|
knownMembers[s1.config.NodeName] = struct{}{}
|
|
|
|
|
knownMembers[s2.config.NodeName] = struct{}{}
|
|
|
|
|
|
|
|
|
|
err := s1.reconcileReaped(knownMembers)
|
|
|
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Fatalf("Unexpected error :%v", err)
|
|
|
|
|
}
|
|
|
|
|
// s3 should be deregistered
|
|
|
|
|
retry.Run(t, func(r *retry.R) {
|
|
|
|
|
_, node, err := state.GetNode(s3.config.NodeName)
|
|
|
|
|
if err != nil {
|
|
|
|
|
r.Fatalf("err: %v", err)
|
|
|
|
|
}
|
|
|
|
|
if node != nil {
|
|
|
|
|
r.Fatalf("server with id %v should not be registered", s3.config.NodeID)
|
|
|
|
|
}
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
2014-04-03 22:51:03 +00:00
|
|
|
func TestLeader_Reconcile_ReapMember(t *testing.T) {
|
2017-06-27 13:22:18 +00:00
|
|
|
t.Parallel()
|
2017-03-23 20:34:30 +00:00
|
|
|
dir1, s1 := testServerWithConfig(t, func(c *Config) {
|
|
|
|
|
c.ACLDatacenter = "dc1"
|
2018-10-19 16:04:07 +00:00
|
|
|
c.ACLsEnabled = true
|
2017-03-23 20:34:30 +00:00
|
|
|
c.ACLMasterToken = "root"
|
|
|
|
|
c.ACLDefaultPolicy = "deny"
|
|
|
|
|
c.ACLEnforceVersion8 = true
|
|
|
|
|
})
|
2014-04-03 22:51:03 +00:00
|
|
|
defer os.RemoveAll(dir1)
|
|
|
|
|
defer s1.Shutdown()
|
|
|
|
|
|
2017-04-19 23:00:11 +00:00
|
|
|
testrpc.WaitForLeader(t, s1.RPC, "dc1")
|
2014-04-03 22:51:03 +00:00
|
|
|
|
|
|
|
|
// Register a non-existing member
|
|
|
|
|
dead := structs.RegisterRequest{
|
|
|
|
|
Datacenter: s1.config.Datacenter,
|
|
|
|
|
Node: "no-longer-around",
|
|
|
|
|
Address: "127.1.1.1",
|
|
|
|
|
Check: &structs.HealthCheck{
|
|
|
|
|
Node: "no-longer-around",
|
2017-07-14 05:33:47 +00:00
|
|
|
CheckID: structs.SerfCheckID,
|
|
|
|
|
Name: structs.SerfCheckName,
|
2017-04-19 23:00:11 +00:00
|
|
|
Status: api.HealthCritical,
|
2014-04-03 22:51:03 +00:00
|
|
|
},
|
2017-03-23 20:34:30 +00:00
|
|
|
WriteRequest: structs.WriteRequest{
|
|
|
|
|
Token: "root",
|
|
|
|
|
},
|
2014-04-03 22:51:03 +00:00
|
|
|
}
|
|
|
|
|
var out struct{}
|
|
|
|
|
if err := s1.RPC("Catalog.Register", &dead, &out); err != nil {
|
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Force a reconciliation
|
|
|
|
|
if err := s1.reconcile(); err != nil {
|
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Node should be gone
|
2015-10-13 05:21:39 +00:00
|
|
|
state := s1.fsm.State()
|
2015-10-14 02:18:43 +00:00
|
|
|
_, node, err := state.GetNode("no-longer-around")
|
2015-10-12 07:42:09 +00:00
|
|
|
if err != nil {
|
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
|
}
|
|
|
|
|
if node != nil {
|
2014-04-03 22:51:03 +00:00
|
|
|
t.Fatalf("client registered")
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2014-01-10 01:46:33 +00:00
|
|
|
func TestLeader_Reconcile(t *testing.T) {
|
2017-06-27 13:22:18 +00:00
|
|
|
t.Parallel()
|
2017-03-23 20:34:30 +00:00
|
|
|
dir1, s1 := testServerWithConfig(t, func(c *Config) {
|
|
|
|
|
c.ACLDatacenter = "dc1"
|
2018-10-19 16:04:07 +00:00
|
|
|
c.ACLsEnabled = true
|
2017-03-23 20:34:30 +00:00
|
|
|
c.ACLMasterToken = "root"
|
|
|
|
|
c.ACLDefaultPolicy = "deny"
|
|
|
|
|
c.ACLEnforceVersion8 = true
|
|
|
|
|
})
|
2014-01-10 01:46:33 +00:00
|
|
|
defer os.RemoveAll(dir1)
|
|
|
|
|
defer s1.Shutdown()
|
|
|
|
|
|
|
|
|
|
dir2, c1 := testClient(t)
|
|
|
|
|
defer os.RemoveAll(dir2)
|
|
|
|
|
defer c1.Shutdown()
|
|
|
|
|
|
|
|
|
|
// Join before we have a leader, this should cause a reconcile!
|
2017-05-05 10:29:49 +00:00
|
|
|
joinLAN(t, c1, s1)
|
2014-01-10 01:46:33 +00:00
|
|
|
|
|
|
|
|
// Should not be registered
|
2015-10-13 05:21:39 +00:00
|
|
|
state := s1.fsm.State()
|
2015-10-14 02:18:43 +00:00
|
|
|
_, node, err := state.GetNode(c1.config.NodeName)
|
2015-10-12 07:42:09 +00:00
|
|
|
if err != nil {
|
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
|
}
|
|
|
|
|
if node != nil {
|
2014-01-10 01:46:33 +00:00
|
|
|
t.Fatalf("client registered")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Should be registered
|
2017-05-05 11:58:13 +00:00
|
|
|
retry.Run(t, func(r *retry.R) {
|
|
|
|
|
_, node, err := state.GetNode(c1.config.NodeName)
|
2015-10-12 07:42:09 +00:00
|
|
|
if err != nil {
|
2017-05-05 11:58:13 +00:00
|
|
|
r.Fatalf("err: %v", err)
|
2015-10-12 07:42:09 +00:00
|
|
|
}
|
2017-05-05 11:58:13 +00:00
|
|
|
if node == nil {
|
|
|
|
|
r.Fatal("client not registered")
|
|
|
|
|
}
|
|
|
|
|
})
|
2014-01-10 01:46:33 +00:00
|
|
|
}
|
2014-01-10 20:55:55 +00:00
|
|
|
|
2017-03-23 22:01:46 +00:00
|
|
|
func TestLeader_Reconcile_Races(t *testing.T) {
|
2017-06-27 13:22:18 +00:00
|
|
|
t.Parallel()
|
2017-03-23 22:01:46 +00:00
|
|
|
dir1, s1 := testServer(t)
|
|
|
|
|
defer os.RemoveAll(dir1)
|
|
|
|
|
defer s1.Shutdown()
|
|
|
|
|
|
2017-04-19 23:00:11 +00:00
|
|
|
testrpc.WaitForLeader(t, s1.RPC, "dc1")
|
2017-03-23 22:01:46 +00:00
|
|
|
|
|
|
|
|
dir2, c1 := testClient(t)
|
|
|
|
|
defer os.RemoveAll(dir2)
|
|
|
|
|
defer c1.Shutdown()
|
|
|
|
|
|
2017-05-05 10:29:49 +00:00
|
|
|
joinLAN(t, c1, s1)
|
2017-03-23 22:01:46 +00:00
|
|
|
|
|
|
|
|
// Wait for the server to reconcile the client and register it.
|
|
|
|
|
state := s1.fsm.State()
|
|
|
|
|
var nodeAddr string
|
2017-05-05 11:58:13 +00:00
|
|
|
retry.Run(t, func(r *retry.R) {
|
2017-03-23 22:01:46 +00:00
|
|
|
_, node, err := state.GetNode(c1.config.NodeName)
|
|
|
|
|
if err != nil {
|
2017-05-05 11:58:13 +00:00
|
|
|
r.Fatalf("err: %v", err)
|
2017-03-23 22:01:46 +00:00
|
|
|
}
|
2017-05-05 11:58:13 +00:00
|
|
|
if node == nil {
|
|
|
|
|
r.Fatal("client not registered")
|
2017-03-23 22:01:46 +00:00
|
|
|
}
|
2017-05-05 11:58:13 +00:00
|
|
|
nodeAddr = node.Address
|
|
|
|
|
})
|
2017-03-23 22:01:46 +00:00
|
|
|
|
|
|
|
|
// Add in some metadata via the catalog (as if the agent synced it
|
2018-03-19 16:56:00 +00:00
|
|
|
// there). We also set the serfHealth check to failing so the reconcile
|
2017-03-23 22:01:46 +00:00
|
|
|
// will attempt to flip it back
|
|
|
|
|
req := structs.RegisterRequest{
|
|
|
|
|
Datacenter: s1.config.Datacenter,
|
|
|
|
|
Node: c1.config.NodeName,
|
|
|
|
|
ID: c1.config.NodeID,
|
|
|
|
|
Address: nodeAddr,
|
|
|
|
|
NodeMeta: map[string]string{"hello": "world"},
|
|
|
|
|
Check: &structs.HealthCheck{
|
|
|
|
|
Node: c1.config.NodeName,
|
2017-07-14 05:33:47 +00:00
|
|
|
CheckID: structs.SerfCheckID,
|
|
|
|
|
Name: structs.SerfCheckName,
|
2017-04-19 23:00:11 +00:00
|
|
|
Status: api.HealthCritical,
|
2017-03-23 22:01:46 +00:00
|
|
|
Output: "",
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
var out struct{}
|
|
|
|
|
if err := s1.RPC("Catalog.Register", &req, &out); err != nil {
|
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Force a reconcile and make sure the metadata stuck around.
|
|
|
|
|
if err := s1.reconcile(); err != nil {
|
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
|
}
|
|
|
|
|
_, node, err := state.GetNode(c1.config.NodeName)
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
|
}
|
|
|
|
|
if node == nil {
|
|
|
|
|
t.Fatalf("bad")
|
|
|
|
|
}
|
|
|
|
|
if hello, ok := node.Meta["hello"]; !ok || hello != "world" {
|
|
|
|
|
t.Fatalf("bad")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Fail the member and wait for the health to go critical.
|
|
|
|
|
c1.Shutdown()
|
2017-05-05 11:58:13 +00:00
|
|
|
retry.Run(t, func(r *retry.R) {
|
2017-03-23 22:01:46 +00:00
|
|
|
_, checks, err := state.NodeChecks(nil, c1.config.NodeName)
|
|
|
|
|
if err != nil {
|
2017-05-05 11:58:13 +00:00
|
|
|
r.Fatalf("err: %v", err)
|
2017-03-23 22:01:46 +00:00
|
|
|
}
|
2017-05-05 11:58:13 +00:00
|
|
|
if got, want := checks[0].Status, api.HealthCritical; got != want {
|
|
|
|
|
r.Fatalf("got state %q want %q", got, want)
|
|
|
|
|
}
|
|
|
|
|
})
|
2017-03-23 22:01:46 +00:00
|
|
|
|
|
|
|
|
// Make sure the metadata didn't get clobbered.
|
|
|
|
|
_, node, err = state.GetNode(c1.config.NodeName)
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
|
}
|
|
|
|
|
if node == nil {
|
|
|
|
|
t.Fatalf("bad")
|
|
|
|
|
}
|
|
|
|
|
if hello, ok := node.Meta["hello"]; !ok || hello != "world" {
|
|
|
|
|
t.Fatalf("bad")
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2014-01-10 20:55:55 +00:00
|
|
|
func TestLeader_LeftServer(t *testing.T) {
|
2017-06-27 13:22:18 +00:00
|
|
|
t.Parallel()
|
2014-01-10 20:55:55 +00:00
|
|
|
dir1, s1 := testServer(t)
|
|
|
|
|
defer os.RemoveAll(dir1)
|
|
|
|
|
defer s1.Shutdown()
|
|
|
|
|
|
|
|
|
|
dir2, s2 := testServerDCBootstrap(t, "dc1", false)
|
|
|
|
|
defer os.RemoveAll(dir2)
|
|
|
|
|
defer s2.Shutdown()
|
|
|
|
|
|
|
|
|
|
dir3, s3 := testServerDCBootstrap(t, "dc1", false)
|
|
|
|
|
defer os.RemoveAll(dir3)
|
|
|
|
|
defer s3.Shutdown()
|
2017-05-09 04:57:06 +00:00
|
|
|
|
|
|
|
|
// Put s1 last so we don't trigger a leader election.
|
|
|
|
|
servers := []*Server{s2, s3, s1}
|
2014-01-10 20:55:55 +00:00
|
|
|
|
|
|
|
|
// Try to join
|
2017-05-05 10:29:49 +00:00
|
|
|
joinLAN(t, s2, s1)
|
|
|
|
|
joinLAN(t, s3, s1)
|
2014-01-10 20:55:55 +00:00
|
|
|
for _, s := range servers {
|
2017-05-05 07:23:28 +00:00
|
|
|
retry.Run(t, func(r *retry.R) { r.Check(wantPeers(s, 3)) })
|
2014-01-10 20:55:55 +00:00
|
|
|
}
|
|
|
|
|
|
2017-05-09 04:57:06 +00:00
|
|
|
// Kill any server
|
|
|
|
|
servers[0].Shutdown()
|
2014-01-10 20:55:55 +00:00
|
|
|
|
2017-05-09 04:57:06 +00:00
|
|
|
// Force remove the non-leader (transition to left state)
|
|
|
|
|
if err := servers[1].RemoveFailedNode(servers[0].config.NodeName); err != nil {
|
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
|
}
|
2014-01-10 20:55:55 +00:00
|
|
|
|
2017-05-09 04:57:06 +00:00
|
|
|
// Wait until the remaining servers show only 2 peers.
|
|
|
|
|
for _, s := range servers[1:] {
|
|
|
|
|
retry.Run(t, func(r *retry.R) { r.Check(wantPeers(s, 2)) })
|
|
|
|
|
}
|
2017-06-27 22:04:50 +00:00
|
|
|
s1.Shutdown()
|
2014-01-10 20:55:55 +00:00
|
|
|
}
|
2014-01-20 23:56:29 +00:00
|
|
|
|
2014-10-14 05:14:43 +00:00
|
|
|
func TestLeader_LeftLeader(t *testing.T) {
|
2017-06-27 13:22:18 +00:00
|
|
|
t.Parallel()
|
2014-10-14 05:14:43 +00:00
|
|
|
dir1, s1 := testServer(t)
|
|
|
|
|
defer os.RemoveAll(dir1)
|
|
|
|
|
defer s1.Shutdown()
|
|
|
|
|
|
|
|
|
|
dir2, s2 := testServerDCBootstrap(t, "dc1", false)
|
|
|
|
|
defer os.RemoveAll(dir2)
|
|
|
|
|
defer s2.Shutdown()
|
|
|
|
|
|
|
|
|
|
dir3, s3 := testServerDCBootstrap(t, "dc1", false)
|
|
|
|
|
defer os.RemoveAll(dir3)
|
|
|
|
|
defer s3.Shutdown()
|
|
|
|
|
servers := []*Server{s1, s2, s3}
|
|
|
|
|
|
|
|
|
|
// Try to join
|
2017-05-05 10:29:49 +00:00
|
|
|
joinLAN(t, s2, s1)
|
|
|
|
|
joinLAN(t, s3, s1)
|
2014-10-14 05:14:43 +00:00
|
|
|
|
|
|
|
|
for _, s := range servers {
|
2017-05-05 07:23:28 +00:00
|
|
|
retry.Run(t, func(r *retry.R) { r.Check(wantPeers(s, 3)) })
|
2014-10-14 05:14:43 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Kill the leader!
|
|
|
|
|
var leader *Server
|
|
|
|
|
for _, s := range servers {
|
|
|
|
|
if s.IsLeader() {
|
|
|
|
|
leader = s
|
|
|
|
|
break
|
|
|
|
|
}
|
|
|
|
|
}
|
2014-12-10 15:02:23 +00:00
|
|
|
if leader == nil {
|
|
|
|
|
t.Fatalf("Should have a leader")
|
|
|
|
|
}
|
2017-06-16 15:49:54 +00:00
|
|
|
if !leader.isReadyForConsistentReads() {
|
|
|
|
|
t.Fatalf("Expected leader to be ready for consistent reads ")
|
|
|
|
|
}
|
2014-10-14 05:14:43 +00:00
|
|
|
leader.Leave()
|
2017-06-16 03:41:30 +00:00
|
|
|
if leader.isReadyForConsistentReads() {
|
2017-06-16 15:49:54 +00:00
|
|
|
t.Fatalf("Expected consistent read state to be false ")
|
2017-06-16 03:41:30 +00:00
|
|
|
}
|
2014-10-14 05:14:43 +00:00
|
|
|
leader.Shutdown()
|
|
|
|
|
time.Sleep(100 * time.Millisecond)
|
|
|
|
|
|
|
|
|
|
var remain *Server
|
|
|
|
|
for _, s := range servers {
|
|
|
|
|
if s == leader {
|
|
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
remain = s
|
2017-05-05 07:23:28 +00:00
|
|
|
retry.Run(t, func(r *retry.R) { r.Check(wantPeers(s, 2)) })
|
2014-10-14 05:14:43 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Verify the old leader is deregistered
|
2015-10-13 05:21:39 +00:00
|
|
|
state := remain.fsm.State()
|
2017-05-05 11:58:13 +00:00
|
|
|
retry.Run(t, func(r *retry.R) {
|
2015-10-14 02:18:43 +00:00
|
|
|
_, node, err := state.GetNode(leader.config.NodeName)
|
2015-10-12 07:42:09 +00:00
|
|
|
if err != nil {
|
2017-05-05 11:58:13 +00:00
|
|
|
r.Fatalf("err: %v", err)
|
2015-10-12 07:42:09 +00:00
|
|
|
}
|
2017-05-05 11:58:13 +00:00
|
|
|
if node != nil {
|
|
|
|
|
r.Fatal("leader should be deregistered")
|
|
|
|
|
}
|
|
|
|
|
})
|
2014-10-14 05:14:43 +00:00
|
|
|
}
|
|
|
|
|
|
2014-01-20 23:56:29 +00:00
|
|
|
func TestLeader_MultiBootstrap(t *testing.T) {
|
2017-06-27 13:22:18 +00:00
|
|
|
t.Parallel()
|
2014-01-20 23:56:29 +00:00
|
|
|
dir1, s1 := testServer(t)
|
|
|
|
|
defer os.RemoveAll(dir1)
|
|
|
|
|
defer s1.Shutdown()
|
|
|
|
|
|
|
|
|
|
dir2, s2 := testServer(t)
|
|
|
|
|
defer os.RemoveAll(dir2)
|
|
|
|
|
defer s2.Shutdown()
|
|
|
|
|
|
|
|
|
|
servers := []*Server{s1, s2}
|
|
|
|
|
|
|
|
|
|
// Try to join
|
2017-05-05 10:29:49 +00:00
|
|
|
joinLAN(t, s2, s1)
|
2014-01-20 23:56:29 +00:00
|
|
|
|
|
|
|
|
for _, s := range servers {
|
2017-05-05 11:58:13 +00:00
|
|
|
retry.Run(t, func(r *retry.R) {
|
|
|
|
|
if got, want := len(s.serfLAN.Members()), 2; got != want {
|
|
|
|
|
r.Fatalf("got %d peers want %d", got, want)
|
|
|
|
|
}
|
|
|
|
|
})
|
2014-01-20 23:56:29 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Ensure we don't have multiple raft peers
|
|
|
|
|
for _, s := range servers {
|
2016-07-28 19:11:28 +00:00
|
|
|
peers, _ := s.numPeers()
|
|
|
|
|
if peers != 1 {
|
2014-01-20 23:56:29 +00:00
|
|
|
t.Fatalf("should only have 1 raft peer!")
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2014-12-15 22:37:49 +00:00
|
|
|
|
|
|
|
|
func TestLeader_TombstoneGC_Reset(t *testing.T) {
|
2017-06-27 13:22:18 +00:00
|
|
|
t.Parallel()
|
2014-12-15 22:37:49 +00:00
|
|
|
dir1, s1 := testServer(t)
|
|
|
|
|
defer os.RemoveAll(dir1)
|
|
|
|
|
defer s1.Shutdown()
|
|
|
|
|
|
|
|
|
|
dir2, s2 := testServerDCBootstrap(t, "dc1", false)
|
|
|
|
|
defer os.RemoveAll(dir2)
|
|
|
|
|
defer s2.Shutdown()
|
|
|
|
|
|
|
|
|
|
dir3, s3 := testServerDCBootstrap(t, "dc1", false)
|
|
|
|
|
defer os.RemoveAll(dir3)
|
|
|
|
|
defer s3.Shutdown()
|
|
|
|
|
servers := []*Server{s1, s2, s3}
|
|
|
|
|
|
|
|
|
|
// Try to join
|
2017-05-05 10:29:49 +00:00
|
|
|
joinLAN(t, s2, s1)
|
|
|
|
|
joinLAN(t, s3, s1)
|
2014-12-15 22:37:49 +00:00
|
|
|
|
|
|
|
|
for _, s := range servers {
|
2017-05-05 07:23:28 +00:00
|
|
|
retry.Run(t, func(r *retry.R) { r.Check(wantPeers(s, 3)) })
|
2014-12-15 22:37:49 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var leader *Server
|
|
|
|
|
for _, s := range servers {
|
|
|
|
|
if s.IsLeader() {
|
|
|
|
|
leader = s
|
|
|
|
|
break
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if leader == nil {
|
|
|
|
|
t.Fatalf("Should have a leader")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Check that the leader has a pending GC expiration
|
|
|
|
|
if !leader.tombstoneGC.PendingExpiration() {
|
|
|
|
|
t.Fatalf("should have pending expiration")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Kill the leader
|
|
|
|
|
leader.Shutdown()
|
|
|
|
|
time.Sleep(100 * time.Millisecond)
|
|
|
|
|
|
|
|
|
|
// Wait for a new leader
|
|
|
|
|
leader = nil
|
2017-05-05 11:58:13 +00:00
|
|
|
retry.Run(t, func(r *retry.R) {
|
2014-12-15 22:37:49 +00:00
|
|
|
for _, s := range servers {
|
|
|
|
|
if s.IsLeader() {
|
|
|
|
|
leader = s
|
2017-05-05 11:58:13 +00:00
|
|
|
return
|
2014-12-15 22:37:49 +00:00
|
|
|
}
|
|
|
|
|
}
|
2017-05-05 11:58:13 +00:00
|
|
|
r.Fatal("no leader")
|
|
|
|
|
})
|
2014-12-15 22:37:49 +00:00
|
|
|
|
2017-05-05 11:58:13 +00:00
|
|
|
retry.Run(t, func(r *retry.R) {
|
|
|
|
|
if !leader.tombstoneGC.PendingExpiration() {
|
|
|
|
|
r.Fatal("leader has no pending GC expiration")
|
|
|
|
|
}
|
|
|
|
|
})
|
2014-12-15 22:37:49 +00:00
|
|
|
}
|
2014-12-19 00:02:08 +00:00
|
|
|
|
|
|
|
|
func TestLeader_ReapTombstones(t *testing.T) {
|
2017-06-27 13:22:18 +00:00
|
|
|
t.Parallel()
|
2014-12-19 00:02:08 +00:00
|
|
|
dir1, s1 := testServerWithConfig(t, func(c *Config) {
|
2017-03-23 20:34:30 +00:00
|
|
|
c.ACLDatacenter = "dc1"
|
2018-10-19 16:04:07 +00:00
|
|
|
c.ACLsEnabled = true
|
2017-03-23 20:34:30 +00:00
|
|
|
c.ACLMasterToken = "root"
|
|
|
|
|
c.ACLDefaultPolicy = "deny"
|
2014-12-19 00:02:08 +00:00
|
|
|
c.TombstoneTTL = 50 * time.Millisecond
|
|
|
|
|
c.TombstoneTTLGranularity = 10 * time.Millisecond
|
|
|
|
|
})
|
|
|
|
|
defer os.RemoveAll(dir1)
|
|
|
|
|
defer s1.Shutdown()
|
2015-10-13 23:43:52 +00:00
|
|
|
codec := rpcClient(t, s1)
|
2014-12-19 00:02:08 +00:00
|
|
|
|
2017-04-19 23:00:11 +00:00
|
|
|
testrpc.WaitForLeader(t, s1.RPC, "dc1")
|
2014-12-19 00:02:08 +00:00
|
|
|
|
|
|
|
|
// Create a KV entry
|
|
|
|
|
arg := structs.KVSRequest{
|
|
|
|
|
Datacenter: "dc1",
|
2017-04-19 23:00:11 +00:00
|
|
|
Op: api.KVSet,
|
2014-12-19 00:02:08 +00:00
|
|
|
DirEnt: structs.DirEntry{
|
|
|
|
|
Key: "test",
|
|
|
|
|
Value: []byte("test"),
|
|
|
|
|
},
|
2017-03-23 20:34:30 +00:00
|
|
|
WriteRequest: structs.WriteRequest{
|
|
|
|
|
Token: "root",
|
|
|
|
|
},
|
2014-12-19 00:02:08 +00:00
|
|
|
}
|
|
|
|
|
var out bool
|
2015-10-13 23:43:52 +00:00
|
|
|
if err := msgpackrpc.CallWithCodec(codec, "KVS.Apply", &arg, &out); err != nil {
|
2014-12-19 00:02:08 +00:00
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
|
}
|
|
|
|
|
|
2015-10-12 07:42:09 +00:00
|
|
|
// Delete the KV entry (tombstoned).
|
2017-04-19 23:00:11 +00:00
|
|
|
arg.Op = api.KVDelete
|
2015-10-13 23:43:52 +00:00
|
|
|
if err := msgpackrpc.CallWithCodec(codec, "KVS.Apply", &arg, &out); err != nil {
|
2014-12-19 00:02:08 +00:00
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
|
}
|
|
|
|
|
|
2015-10-13 18:48:35 +00:00
|
|
|
// Make sure there's a tombstone.
|
|
|
|
|
state := s1.fsm.State()
|
|
|
|
|
func() {
|
|
|
|
|
snap := state.Snapshot()
|
|
|
|
|
defer snap.Close()
|
2015-10-19 22:51:11 +00:00
|
|
|
stones, err := snap.Tombstones()
|
2015-10-13 18:48:35 +00:00
|
|
|
if err != nil {
|
|
|
|
|
t.Fatalf("err: %s", err)
|
|
|
|
|
}
|
2015-10-19 22:51:11 +00:00
|
|
|
if stones.Next() == nil {
|
2015-10-19 21:56:22 +00:00
|
|
|
t.Fatalf("missing tombstones")
|
|
|
|
|
}
|
2015-10-19 22:51:11 +00:00
|
|
|
if stones.Next() != nil {
|
2015-10-19 21:56:22 +00:00
|
|
|
t.Fatalf("unexpected extra tombstones")
|
2015-10-13 18:48:35 +00:00
|
|
|
}
|
|
|
|
|
}()
|
2014-12-19 00:02:08 +00:00
|
|
|
|
2015-10-12 07:42:09 +00:00
|
|
|
// Check that the new leader has a pending GC expiration by
|
2015-10-13 18:48:35 +00:00
|
|
|
// watching for the tombstone to get removed.
|
2017-05-05 11:58:13 +00:00
|
|
|
retry.Run(t, func(r *retry.R) {
|
2015-10-13 18:48:35 +00:00
|
|
|
snap := state.Snapshot()
|
|
|
|
|
defer snap.Close()
|
2015-10-19 22:51:11 +00:00
|
|
|
stones, err := snap.Tombstones()
|
2015-10-12 07:42:09 +00:00
|
|
|
if err != nil {
|
2017-05-05 11:58:13 +00:00
|
|
|
r.Fatal(err)
|
2015-10-12 07:42:09 +00:00
|
|
|
}
|
2017-05-05 11:58:13 +00:00
|
|
|
if stones.Next() != nil {
|
|
|
|
|
r.Fatal("should have no tombstones")
|
|
|
|
|
}
|
|
|
|
|
})
|
2014-12-19 00:02:08 +00:00
|
|
|
}
|
2017-02-17 18:49:16 +00:00
|
|
|
|
2017-02-22 20:53:32 +00:00
|
|
|
func TestLeader_RollRaftServer(t *testing.T) {
|
2017-06-27 13:22:18 +00:00
|
|
|
t.Parallel()
|
2017-02-22 20:53:32 +00:00
|
|
|
dir1, s1 := testServerWithConfig(t, func(c *Config) {
|
|
|
|
|
c.Bootstrap = true
|
|
|
|
|
c.Datacenter = "dc1"
|
2017-09-25 22:27:04 +00:00
|
|
|
c.RaftConfig.ProtocolVersion = 2
|
2017-02-22 20:53:32 +00:00
|
|
|
})
|
|
|
|
|
defer os.RemoveAll(dir1)
|
|
|
|
|
defer s1.Shutdown()
|
|
|
|
|
|
|
|
|
|
dir2, s2 := testServerWithConfig(t, func(c *Config) {
|
|
|
|
|
c.Bootstrap = false
|
|
|
|
|
c.Datacenter = "dc1"
|
|
|
|
|
c.RaftConfig.ProtocolVersion = 1
|
|
|
|
|
})
|
|
|
|
|
defer os.RemoveAll(dir2)
|
|
|
|
|
defer s2.Shutdown()
|
|
|
|
|
|
2017-09-25 22:27:04 +00:00
|
|
|
dir3, s3 := testServerWithConfig(t, func(c *Config) {
|
|
|
|
|
c.Bootstrap = false
|
|
|
|
|
c.Datacenter = "dc1"
|
|
|
|
|
c.RaftConfig.ProtocolVersion = 2
|
|
|
|
|
})
|
2017-02-22 20:53:32 +00:00
|
|
|
defer os.RemoveAll(dir3)
|
|
|
|
|
defer s3.Shutdown()
|
|
|
|
|
|
|
|
|
|
servers := []*Server{s1, s2, s3}
|
|
|
|
|
|
|
|
|
|
// Try to join
|
2017-05-05 10:29:49 +00:00
|
|
|
joinLAN(t, s2, s1)
|
|
|
|
|
joinLAN(t, s3, s1)
|
2017-02-22 20:53:32 +00:00
|
|
|
|
|
|
|
|
for _, s := range servers {
|
2017-05-05 07:23:28 +00:00
|
|
|
retry.Run(t, func(r *retry.R) { r.Check(wantPeers(s, 3)) })
|
2017-02-22 20:53:32 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Kill the v1 server
|
|
|
|
|
s2.Shutdown()
|
|
|
|
|
|
|
|
|
|
for _, s := range []*Server{s1, s3} {
|
2017-05-05 11:58:13 +00:00
|
|
|
retry.Run(t, func(r *retry.R) {
|
2017-12-12 00:38:52 +00:00
|
|
|
minVer, err := s.autopilot.MinRaftProtocol()
|
2017-05-05 11:58:13 +00:00
|
|
|
if err != nil {
|
|
|
|
|
r.Fatal(err)
|
|
|
|
|
}
|
|
|
|
|
if got, want := minVer, 2; got != want {
|
|
|
|
|
r.Fatalf("got min raft version %d want %d", got, want)
|
|
|
|
|
}
|
|
|
|
|
})
|
2017-02-22 20:53:32 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Replace the dead server with one running raft protocol v3
|
|
|
|
|
dir4, s4 := testServerWithConfig(t, func(c *Config) {
|
|
|
|
|
c.Bootstrap = false
|
|
|
|
|
c.Datacenter = "dc1"
|
|
|
|
|
c.RaftConfig.ProtocolVersion = 3
|
|
|
|
|
})
|
|
|
|
|
defer os.RemoveAll(dir4)
|
|
|
|
|
defer s4.Shutdown()
|
2017-05-05 10:29:49 +00:00
|
|
|
joinLAN(t, s4, s1)
|
2017-02-22 20:53:32 +00:00
|
|
|
servers[1] = s4
|
|
|
|
|
|
|
|
|
|
// Make sure the dead server is removed and we're back to 3 total peers
|
|
|
|
|
for _, s := range servers {
|
2017-05-05 11:58:13 +00:00
|
|
|
retry.Run(t, func(r *retry.R) {
|
2017-02-22 20:53:32 +00:00
|
|
|
addrs := 0
|
|
|
|
|
ids := 0
|
|
|
|
|
future := s.raft.GetConfiguration()
|
|
|
|
|
if err := future.Error(); err != nil {
|
2017-05-05 11:58:13 +00:00
|
|
|
r.Fatal(err)
|
2017-02-22 20:53:32 +00:00
|
|
|
}
|
|
|
|
|
for _, server := range future.Configuration().Servers {
|
|
|
|
|
if string(server.ID) == string(server.Address) {
|
|
|
|
|
addrs++
|
|
|
|
|
} else {
|
|
|
|
|
ids++
|
|
|
|
|
}
|
|
|
|
|
}
|
2017-05-05 11:58:13 +00:00
|
|
|
if got, want := addrs, 2; got != want {
|
|
|
|
|
r.Fatalf("got %d server addresses want %d", got, want)
|
|
|
|
|
}
|
|
|
|
|
if got, want := ids, 1; got != want {
|
|
|
|
|
r.Fatalf("got %d server ids want %d", got, want)
|
|
|
|
|
}
|
|
|
|
|
})
|
2017-02-22 20:53:32 +00:00
|
|
|
}
|
2017-02-24 04:32:13 +00:00
|
|
|
}
|
2017-03-15 23:50:42 +00:00
|
|
|
|
|
|
|
|
func TestLeader_ChangeServerID(t *testing.T) {
|
2017-06-27 13:22:18 +00:00
|
|
|
t.Parallel()
|
2018-08-07 12:29:48 +00:00
|
|
|
conf := func(c *Config) {
|
|
|
|
|
c.Bootstrap = false
|
|
|
|
|
c.BootstrapExpect = 3
|
|
|
|
|
c.Datacenter = "dc1"
|
|
|
|
|
c.RaftConfig.ProtocolVersion = 3
|
|
|
|
|
}
|
|
|
|
|
dir1, s1 := testServerWithConfig(t, conf)
|
2017-03-15 23:50:42 +00:00
|
|
|
defer os.RemoveAll(dir1)
|
|
|
|
|
defer s1.Shutdown()
|
|
|
|
|
|
2018-08-07 12:29:48 +00:00
|
|
|
dir2, s2 := testServerWithConfig(t, conf)
|
2017-03-15 23:50:42 +00:00
|
|
|
defer os.RemoveAll(dir2)
|
|
|
|
|
defer s2.Shutdown()
|
|
|
|
|
|
2018-08-07 12:29:48 +00:00
|
|
|
dir3, s3 := testServerWithConfig(t, conf)
|
2017-03-15 23:50:42 +00:00
|
|
|
defer os.RemoveAll(dir3)
|
|
|
|
|
defer s3.Shutdown()
|
|
|
|
|
|
|
|
|
|
servers := []*Server{s1, s2, s3}
|
|
|
|
|
|
2017-09-25 22:27:04 +00:00
|
|
|
// Try to join and wait for all servers to get promoted
|
2017-05-05 10:29:49 +00:00
|
|
|
joinLAN(t, s2, s1)
|
|
|
|
|
joinLAN(t, s3, s1)
|
2017-03-15 23:50:42 +00:00
|
|
|
for _, s := range servers {
|
2018-09-04 13:02:47 +00:00
|
|
|
testrpc.WaitForTestAgent(t, s.RPC, "dc1")
|
2017-05-05 07:23:28 +00:00
|
|
|
retry.Run(t, func(r *retry.R) { r.Check(wantPeers(s, 3)) })
|
2017-03-15 23:50:42 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Shut down a server, freeing up its address/port
|
2018-08-07 12:29:48 +00:00
|
|
|
s3.Shutdown()
|
2017-03-15 23:50:42 +00:00
|
|
|
|
2017-05-05 11:58:13 +00:00
|
|
|
retry.Run(t, func(r *retry.R) {
|
2017-03-15 23:50:42 +00:00
|
|
|
alive := 0
|
|
|
|
|
for _, m := range s1.LANMembers() {
|
|
|
|
|
if m.Status == serf.StatusAlive {
|
|
|
|
|
alive++
|
|
|
|
|
}
|
|
|
|
|
}
|
2017-05-05 11:58:13 +00:00
|
|
|
if got, want := alive, 2; got != want {
|
|
|
|
|
r.Fatalf("got %d alive members want %d", got, want)
|
|
|
|
|
}
|
|
|
|
|
})
|
2017-03-15 23:50:42 +00:00
|
|
|
|
|
|
|
|
// Bring up a new server with s3's address that will get a different ID
|
|
|
|
|
dir4, s4 := testServerWithConfig(t, func(c *Config) {
|
|
|
|
|
c.Bootstrap = false
|
2018-08-07 12:29:48 +00:00
|
|
|
c.BootstrapExpect = 3
|
|
|
|
|
c.Datacenter = "dc1"
|
|
|
|
|
c.RaftConfig.ProtocolVersion = 3
|
2017-03-15 23:50:42 +00:00
|
|
|
c.SerfLANConfig.MemberlistConfig = s3.config.SerfLANConfig.MemberlistConfig
|
|
|
|
|
c.RPCAddr = s3.config.RPCAddr
|
|
|
|
|
c.RPCAdvertise = s3.config.RPCAdvertise
|
|
|
|
|
})
|
|
|
|
|
defer os.RemoveAll(dir4)
|
|
|
|
|
defer s4.Shutdown()
|
2017-05-05 10:29:49 +00:00
|
|
|
joinLAN(t, s4, s1)
|
2018-10-11 11:42:39 +00:00
|
|
|
testrpc.WaitForTestAgent(t, s1.RPC, "dc1")
|
|
|
|
|
testrpc.WaitForTestAgent(t, s4.RPC, "dc1")
|
2017-03-15 23:50:42 +00:00
|
|
|
servers[2] = s4
|
|
|
|
|
|
2017-09-25 22:27:04 +00:00
|
|
|
// While integrating #3327 it uncovered that this test was flaky. The
|
|
|
|
|
// connection pool would use the same TCP connection to the old server
|
|
|
|
|
// which would give EOF errors to the autopilot health check RPC call.
|
|
|
|
|
// To make this more reliable we changed the connection pool to throw
|
|
|
|
|
// away the connection if it sees an EOF error, since there's no way
|
|
|
|
|
// that connection is going to work again. This made this test reliable
|
|
|
|
|
// since it will make a new connection to s4.
|
|
|
|
|
|
2017-03-15 23:50:42 +00:00
|
|
|
// Make sure the dead server is removed and we're back to 3 total peers
|
2017-09-25 22:27:04 +00:00
|
|
|
retry.Run(t, func(r *retry.R) {
|
|
|
|
|
r.Check(wantRaft(servers))
|
|
|
|
|
for _, s := range servers {
|
|
|
|
|
r.Check(wantPeers(s, 3))
|
|
|
|
|
}
|
|
|
|
|
})
|
2017-03-16 01:27:17 +00:00
|
|
|
}
|
2017-08-03 00:05:18 +00:00
|
|
|
|
|
|
|
|
func TestLeader_ACL_Initialization(t *testing.T) {
|
|
|
|
|
t.Parallel()
|
|
|
|
|
|
|
|
|
|
tests := []struct {
|
|
|
|
|
name string
|
|
|
|
|
build string
|
|
|
|
|
master string
|
|
|
|
|
bootstrap bool
|
|
|
|
|
}{
|
2018-10-19 16:04:07 +00:00
|
|
|
{"old version, no master", "0.8.0", "", true},
|
|
|
|
|
{"old version, master", "0.8.0", "root", false},
|
|
|
|
|
{"new version, no master", "0.9.1", "", true},
|
|
|
|
|
{"new version, master", "0.9.1", "root", false},
|
2017-08-03 00:05:18 +00:00
|
|
|
}
|
|
|
|
|
for _, tt := range tests {
|
|
|
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
|
|
|
conf := func(c *Config) {
|
|
|
|
|
c.Build = tt.build
|
|
|
|
|
c.Bootstrap = true
|
|
|
|
|
c.Datacenter = "dc1"
|
|
|
|
|
c.ACLDatacenter = "dc1"
|
2018-10-19 16:04:07 +00:00
|
|
|
c.ACLsEnabled = true
|
2017-08-03 00:05:18 +00:00
|
|
|
c.ACLMasterToken = tt.master
|
|
|
|
|
}
|
|
|
|
|
dir1, s1 := testServerWithConfig(t, conf)
|
|
|
|
|
defer os.RemoveAll(dir1)
|
|
|
|
|
defer s1.Shutdown()
|
2019-01-07 21:53:54 +00:00
|
|
|
testrpc.WaitForTestAgent(t, s1.RPC, "dc1")
|
2017-08-03 00:05:18 +00:00
|
|
|
|
|
|
|
|
if tt.master != "" {
|
2018-10-19 16:04:07 +00:00
|
|
|
_, master, err := s1.fsm.State().ACLTokenGetBySecret(nil, tt.master)
|
2018-10-31 20:00:46 +00:00
|
|
|
require.NoError(t, err)
|
|
|
|
|
require.NotNil(t, master)
|
2017-08-03 00:05:18 +00:00
|
|
|
}
|
|
|
|
|
|
2018-10-19 16:04:07 +00:00
|
|
|
_, anon, err := s1.fsm.State().ACLTokenGetBySecret(nil, anonymousToken)
|
2018-10-31 20:00:46 +00:00
|
|
|
require.NoError(t, err)
|
|
|
|
|
require.NotNil(t, anon)
|
2017-08-03 00:05:18 +00:00
|
|
|
|
2018-10-19 16:04:07 +00:00
|
|
|
canBootstrap, _, err := s1.fsm.State().CanBootstrapACLToken()
|
2018-10-31 20:00:46 +00:00
|
|
|
require.NoError(t, err)
|
|
|
|
|
require.Equal(t, tt.bootstrap, canBootstrap)
|
|
|
|
|
|
|
|
|
|
_, policy, err := s1.fsm.State().ACLPolicyGetByID(nil, structs.ACLPolicyGlobalManagementID)
|
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
require.NotNil(t, policy)
|
2017-08-03 00:05:18 +00:00
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
}
|
2018-06-21 22:42:28 +00:00
|
|
|
|
|
|
|
|
func TestLeader_CARootPruning(t *testing.T) {
|
|
|
|
|
t.Parallel()
|
|
|
|
|
|
|
|
|
|
caRootPruneInterval = 200 * time.Millisecond
|
|
|
|
|
|
|
|
|
|
require := require.New(t)
|
|
|
|
|
dir1, s1 := testServer(t)
|
|
|
|
|
defer os.RemoveAll(dir1)
|
|
|
|
|
defer s1.Shutdown()
|
|
|
|
|
codec := rpcClient(t, s1)
|
|
|
|
|
defer codec.Close()
|
|
|
|
|
|
2018-09-12 13:49:27 +00:00
|
|
|
testrpc.WaitForTestAgent(t, s1.RPC, "dc1")
|
2018-06-21 22:42:28 +00:00
|
|
|
|
|
|
|
|
// Get the current root
|
|
|
|
|
rootReq := &structs.DCSpecificRequest{
|
|
|
|
|
Datacenter: "dc1",
|
|
|
|
|
}
|
|
|
|
|
var rootList structs.IndexedCARoots
|
|
|
|
|
require.Nil(msgpackrpc.CallWithCodec(codec, "ConnectCA.Roots", rootReq, &rootList))
|
|
|
|
|
require.Len(rootList.Roots, 1)
|
|
|
|
|
oldRoot := rootList.Roots[0]
|
|
|
|
|
|
|
|
|
|
// Update the provider config to use a new private key, which should
|
|
|
|
|
// cause a rotation.
|
|
|
|
|
_, newKey, err := connect.GeneratePrivateKey()
|
|
|
|
|
require.NoError(err)
|
|
|
|
|
newConfig := &structs.CAConfiguration{
|
|
|
|
|
Provider: "consul",
|
|
|
|
|
Config: map[string]interface{}{
|
2018-09-13 14:43:00 +00:00
|
|
|
"LeafCertTTL": "500ms",
|
2018-06-21 22:42:28 +00:00
|
|
|
"PrivateKey": newKey,
|
|
|
|
|
"RootCert": "",
|
2018-09-13 14:43:00 +00:00
|
|
|
"RotationPeriod": "2160h",
|
2018-07-20 23:04:04 +00:00
|
|
|
"SkipValidate": true,
|
2018-06-21 22:42:28 +00:00
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
{
|
|
|
|
|
args := &structs.CARequest{
|
|
|
|
|
Datacenter: "dc1",
|
|
|
|
|
Config: newConfig,
|
|
|
|
|
}
|
|
|
|
|
var reply interface{}
|
|
|
|
|
|
|
|
|
|
require.NoError(msgpackrpc.CallWithCodec(codec, "ConnectCA.ConfigurationSet", args, &reply))
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Should have 2 roots now.
|
|
|
|
|
_, roots, err := s1.fsm.State().CARoots(nil)
|
|
|
|
|
require.NoError(err)
|
|
|
|
|
require.Len(roots, 2)
|
|
|
|
|
|
2018-07-20 23:04:04 +00:00
|
|
|
time.Sleep(2 * time.Second)
|
2018-06-21 22:42:28 +00:00
|
|
|
|
|
|
|
|
// Now the old root should be pruned.
|
|
|
|
|
_, roots, err = s1.fsm.State().CARoots(nil)
|
|
|
|
|
require.NoError(err)
|
|
|
|
|
require.Len(roots, 1)
|
|
|
|
|
require.True(roots[0].Active)
|
|
|
|
|
require.NotEqual(roots[0].ID, oldRoot.ID)
|
|
|
|
|
}
|
2018-07-11 16:44:30 +00:00
|
|
|
|
|
|
|
|
func TestLeader_PersistIntermediateCAs(t *testing.T) {
|
|
|
|
|
t.Parallel()
|
|
|
|
|
|
|
|
|
|
require := require.New(t)
|
|
|
|
|
dir1, s1 := testServer(t)
|
|
|
|
|
defer os.RemoveAll(dir1)
|
|
|
|
|
defer s1.Shutdown()
|
|
|
|
|
codec := rpcClient(t, s1)
|
|
|
|
|
defer codec.Close()
|
|
|
|
|
|
|
|
|
|
dir2, s2 := testServerDCBootstrap(t, "dc1", false)
|
|
|
|
|
defer os.RemoveAll(dir2)
|
|
|
|
|
defer s2.Shutdown()
|
|
|
|
|
|
|
|
|
|
dir3, s3 := testServerDCBootstrap(t, "dc1", false)
|
|
|
|
|
defer os.RemoveAll(dir3)
|
|
|
|
|
defer s3.Shutdown()
|
|
|
|
|
|
|
|
|
|
joinLAN(t, s2, s1)
|
|
|
|
|
joinLAN(t, s3, s1)
|
|
|
|
|
|
|
|
|
|
testrpc.WaitForLeader(t, s1.RPC, "dc1")
|
|
|
|
|
|
|
|
|
|
// Get the current root
|
|
|
|
|
rootReq := &structs.DCSpecificRequest{
|
|
|
|
|
Datacenter: "dc1",
|
|
|
|
|
}
|
|
|
|
|
var rootList structs.IndexedCARoots
|
|
|
|
|
require.Nil(msgpackrpc.CallWithCodec(codec, "ConnectCA.Roots", rootReq, &rootList))
|
|
|
|
|
require.Len(rootList.Roots, 1)
|
|
|
|
|
|
|
|
|
|
// Update the provider config to use a new private key, which should
|
|
|
|
|
// cause a rotation.
|
|
|
|
|
_, newKey, err := connect.GeneratePrivateKey()
|
|
|
|
|
require.NoError(err)
|
|
|
|
|
newConfig := &structs.CAConfiguration{
|
|
|
|
|
Provider: "consul",
|
|
|
|
|
Config: map[string]interface{}{
|
|
|
|
|
"PrivateKey": newKey,
|
|
|
|
|
"RootCert": "",
|
|
|
|
|
"RotationPeriod": 90 * 24 * time.Hour,
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
{
|
|
|
|
|
args := &structs.CARequest{
|
|
|
|
|
Datacenter: "dc1",
|
|
|
|
|
Config: newConfig,
|
|
|
|
|
}
|
|
|
|
|
var reply interface{}
|
|
|
|
|
|
|
|
|
|
require.NoError(msgpackrpc.CallWithCodec(codec, "ConnectCA.ConfigurationSet", args, &reply))
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Get the active root before leader change.
|
|
|
|
|
_, root := s1.getCAProvider()
|
|
|
|
|
require.Len(root.IntermediateCerts, 1)
|
|
|
|
|
|
|
|
|
|
// Force a leader change and make sure the root CA values are preserved.
|
|
|
|
|
s1.Leave()
|
|
|
|
|
s1.Shutdown()
|
|
|
|
|
|
|
|
|
|
retry.Run(t, func(r *retry.R) {
|
|
|
|
|
var leader *Server
|
|
|
|
|
for _, s := range []*Server{s2, s3} {
|
|
|
|
|
if s.IsLeader() {
|
|
|
|
|
leader = s
|
|
|
|
|
break
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if leader == nil {
|
|
|
|
|
r.Fatal("no leader")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
_, newLeaderRoot := leader.getCAProvider()
|
2018-07-11 20:10:58 +00:00
|
|
|
if !reflect.DeepEqual(newLeaderRoot, root) {
|
|
|
|
|
r.Fatalf("got %v, want %v", newLeaderRoot, root)
|
|
|
|
|
}
|
2018-07-11 16:44:30 +00:00
|
|
|
})
|
|
|
|
|
}
|
2018-10-31 20:00:46 +00:00
|
|
|
|
|
|
|
|
func TestLeader_ACLUpgrade(t *testing.T) {
|
|
|
|
|
t.Parallel()
|
|
|
|
|
dir1, s1 := testServerWithConfig(t, func(c *Config) {
|
|
|
|
|
c.ACLsEnabled = true
|
|
|
|
|
c.ACLMasterToken = "root"
|
|
|
|
|
})
|
|
|
|
|
defer os.RemoveAll(dir1)
|
|
|
|
|
defer s1.Shutdown()
|
2019-01-07 21:53:54 +00:00
|
|
|
testrpc.WaitForTestAgent(t, s1.RPC, "dc1")
|
2018-10-31 20:00:46 +00:00
|
|
|
codec := rpcClient(t, s1)
|
|
|
|
|
defer codec.Close()
|
|
|
|
|
|
|
|
|
|
// create a legacy management ACL
|
|
|
|
|
mgmt := structs.ACLRequest{
|
|
|
|
|
Datacenter: "dc1",
|
|
|
|
|
Op: structs.ACLSet,
|
|
|
|
|
ACL: structs.ACL{
|
|
|
|
|
Name: "Management token",
|
|
|
|
|
Type: structs.ACLTokenTypeManagement,
|
|
|
|
|
},
|
|
|
|
|
WriteRequest: structs.WriteRequest{Token: "root"},
|
|
|
|
|
}
|
|
|
|
|
var mgmt_id string
|
|
|
|
|
require.NoError(t, msgpackrpc.CallWithCodec(codec, "ACL.Apply", &mgmt, &mgmt_id))
|
|
|
|
|
|
|
|
|
|
// wait for it to be upgraded
|
|
|
|
|
retry.Run(t, func(t *retry.R) {
|
|
|
|
|
_, token, err := s1.fsm.State().ACLTokenGetBySecret(nil, mgmt_id)
|
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
require.NotNil(t, token)
|
|
|
|
|
require.NotEqual(t, "", token.AccessorID)
|
|
|
|
|
require.Equal(t, structs.ACLTokenTypeManagement, token.Type)
|
|
|
|
|
require.Len(t, token.Policies, 1)
|
|
|
|
|
require.Equal(t, structs.ACLPolicyGlobalManagementID, token.Policies[0].ID)
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
// create a legacy management ACL
|
|
|
|
|
client := structs.ACLRequest{
|
|
|
|
|
Datacenter: "dc1",
|
|
|
|
|
Op: structs.ACLSet,
|
|
|
|
|
ACL: structs.ACL{
|
|
|
|
|
Name: "Management token",
|
|
|
|
|
Type: structs.ACLTokenTypeClient,
|
|
|
|
|
Rules: `node "" { policy = "read"}`,
|
|
|
|
|
},
|
|
|
|
|
WriteRequest: structs.WriteRequest{Token: "root"},
|
|
|
|
|
}
|
|
|
|
|
var client_id string
|
|
|
|
|
require.NoError(t, msgpackrpc.CallWithCodec(codec, "ACL.Apply", &client, &client_id))
|
|
|
|
|
|
|
|
|
|
// wait for it to be upgraded
|
|
|
|
|
retry.Run(t, func(t *retry.R) {
|
|
|
|
|
_, token, err := s1.fsm.State().ACLTokenGetBySecret(nil, client_id)
|
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
require.NotNil(t, token)
|
|
|
|
|
require.NotEqual(t, "", token.AccessorID)
|
|
|
|
|
require.Len(t, token.Policies, 0)
|
|
|
|
|
require.Equal(t, structs.ACLTokenTypeClient, token.Type)
|
|
|
|
|
require.Equal(t, client.ACL.Rules, token.Rules)
|
|
|
|
|
})
|
|
|
|
|
}
|
