From: Quanah Gibson-Mount Date: Thu, 11 Mar 2021 19:34:51 +0000 (+0000) Subject: ITS#8736 - Add test script using delta-syncrepl for cn=config replication X-Git-Tag: OPENLDAP_REL_ENG_2_5_4~7^2~13 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=093d966fbbbf127234a1c65da1548e8421abea77;p=thirdparty%2Fopenldap.git ITS#8736 - Add test script using delta-syncrepl for cn=config replication --- diff --git a/tests/scripts/defines.sh b/tests/scripts/defines.sh index 32e59fc7bf..301f8974fd 100755 --- a/tests/scripts/defines.sh +++ b/tests/scripts/defines.sh @@ -79,6 +79,7 @@ export TESTDIR DBDIR1A=$TESTDIR/db.1.a DBDIR1B=$TESTDIR/db.1.b DBDIR1C=$TESTDIR/db.1.c +DBDIR1D=$TESTDIR/db.1.d DBDIR1=$DBDIR1A DBDIR2A=$TESTDIR/db.2.a DBDIR2B=$TESTDIR/db.2.b diff --git a/tests/scripts/test059-consumer-config b/tests/scripts/test059-consumer-config index 4c20ddf125..cdb82c372b 100755 --- a/tests/scripts/test059-consumer-config +++ b/tests/scripts/test059-consumer-config @@ -151,11 +151,6 @@ changetype: add objectClass: olcGlobal cn: consumerconfig -dn: cn=schema,cn=config,cn=consumer -changetype: add -objectClass: olcSchemaConfig -cn: schema - dn: olcDatabase={0}config,cn=config,cn=consumer changetype: add objectClass: olcDatabaseConfig diff --git a/tests/scripts/test086-delta-consumer-config b/tests/scripts/test086-delta-consumer-config new file mode 100755 index 0000000000..0177485cdd --- /dev/null +++ b/tests/scripts/test086-delta-consumer-config @@ -0,0 +1,560 @@ +#! /bin/sh +# $OpenLDAP$ +## This work is part of OpenLDAP Software . +## +## Copyright 1998-2021 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## . + +echo "running defines.sh" +. $SRCDIR/scripts/defines.sh + +if test $SYNCPROV = syncprovno; then + echo "Syncrepl provider overlay not available, test skipped" + exit 0 +fi +if test $ACCESSLOG = accesslogno; then + echo "Accesslog overlay not available, test skipped" + exit 0 +fi + +CFPRO=$TESTDIR/cfpro.d +CFCON=$TESTDIR/cfcon.d + +mkdir -p $TESTDIR $DBDIR1A $DBDIR1B $DBDIR1C $DBDIR1D $DBDIR2A $CFPRO $CFCON + +$SLAPPASSWD -g -n >$CONFIGPWF + +if test x"$SYNCMODE" = x ; then + SYNCMODE=rp +fi +case "$SYNCMODE" in + ro) + SYNCTYPE="type=refreshOnly interval=00:00:00:03" + ;; + rp) + SYNCTYPE="type=refreshAndPersist" + ;; + *) + echo "unknown sync mode $SYNCMODE" + exit 1; + ;; +esac + +# +# Test replication of dynamic config with alternate consumer config: +# - start provider +# - start consumer +# - configure over ldap +# - populate over ldap +# - configure syncrepl over ldap +# - retrieve database over ldap and compare against expected results +# + +echo "Starting provider slapd on TCP/IP port $PORT1..." +. $CONFFILTER $BACKEND < $DYNAMICCONF > $CONFLDIF +$SLAPADD -F $CFPRO -n 0 -l $CONFLDIF +$SLAPD -F $CFPRO -h $URI1 -d $LVL > $LOG1 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +KILLPIDS="$PID" + +sleep 1 + +echo "Using ldapsearch to check that provider slapd is running..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "" -H $URI1 \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Inserting syncprov and accesslog overlays on provider..." +if [ "$SYNCPROV" = syncprovmod -a "$ACCESSLOG" = accesslogmod ]; then + $LDAPADD -D cn=config -H $URI1 -y $CONFIGPWF < $TESTOUT 2>&1 +dn: cn=module,cn=config +objectClass: olcModuleList +cn: module +olcModulePath: ../servers/slapd/overlays +olcModuleLoad: syncprov.la +olcModuleLoad: accesslog.la +EOF + RC=$? + if test $RC != 0 ; then + echo "ldapadd failed for moduleLoad of syncprov and accesslog ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi +elif [ "$SYNCPROV" = syncprovmod ]; then + $LDAPADD -D cn=config -H $URI1 -y $CONFIGPWF < $TESTOUT 2>&1 +dn: cn=module,cn=config +objectClass: olcModuleList +cn: module +olcModulePath: ../servers/slapd/overlays +olcModuleLoad: syncprov.la +EOF + RC=$? + if test $RC != 0 ; then + echo "ldapadd failed for moduleLoad of syncprov ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi +elif [ "$ACCESSLOG" = accesslogmod ]; then + $LDAPADD -D cn=config -H $URI1 -y $CONFIGPWF < $TESTOUT 2>&1 +dn: cn=module,cn=config +objectClass: olcModuleList +cn: module +olcModulePath: ../servers/slapd/overlays +olcModuleLoad: accesslog.la +EOF + RC=$? + if test $RC != 0 ; then + echo "ldapadd failed for moduleLoad of accesslog ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi +fi + +echo "Adding backend accesslog databases using $BACKEND..." +if [ "$BACKENDTYPE" = mod ]; then + $LDAPADD -D cn=config -H $URI1 -y $CONFIGPWF < $TESTOUT 2>&1 +dn: cn=module,cn=config +objectClass: olcModuleList +cn: module +olcModulePath: $TESTWD/../servers/slapd/back-$BACKEND +olcModuleLoad: back_$BACKEND.la +EOF + RC=$? + if test $RC != 0 ; then + echo "ldapadd failed for moduleLoad of $BACKEND ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi +fi + +read CONFIGPW < $CONFIGPWF +$LDAPADD -D cn=config -H $URI1 -y $CONFIGPWF < $TESTOUT 2>&1 +dn: olcDatabase={1}$BACKEND,cn=config +objectClass: olcDatabaseConfig +objectClass: olc${BACKEND}Config +olcDatabase: {1}$BACKEND +olcSuffix: cn=accesslog +${nullExclude}olcDbDirectory: $DBDIR1C +olcRootDN: cn=config +olcSizeLimit: unlimited +olcTimeLimit: unlimited +olcDbIndex: default eq +olcDbIndex: entryCSN,objectClass,reqEnd,reqResult,reqStart,reqDN + +dn: olcOverlay=syncprov,olcDatabase={1}${BACKEND},cn=config +changetype: add +objectClass: olcOverlayConfig +objectClass: olcSyncProvConfig +olcOverlay: syncprov +olcSpNoPresent: TRUE +olcSpReloadHint: TRUE + +dn: olcDatabase={2}$BACKEND,cn=config +objectClass: olcDatabaseConfig +objectClass: olc${BACKEND}Config +olcDatabase: {2}$BACKEND +olcSuffix: cn=consumer-accesslog +${nullExclude}olcDbDirectory: $DBDIR1D +olcRootDN: cn=consumer,cn=config +olcSizeLimit: unlimited +olcTimeLimit: unlimited +olcDbIndex: default eq +olcDbIndex: entryCSN,objectClass,reqEnd,reqResult,reqStart,reqDN + +dn: olcOverlay=syncprov,olcDatabase={2}${BACKEND},cn=config +changetype: add +objectClass: olcOverlayConfig +objectClass: olcSyncProvConfig +olcOverlay: syncprov +olcSpNoPresent: TRUE +olcSpReloadHint: TRUE +EOF + +RC=$? +if test $RC != 0 ; then + echo "ldapadd failed for accesslog databases using $BACKEND ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +$LDAPMODIFY -D cn=config -H $URI1 -y $CONFIGPWF <> $TESTOUT 2>&1 +dn: olcOverlay=syncprov,olcDatabase={0}config,cn=config +changetype: add +objectClass: olcOverlayConfig +objectClass: olcSyncProvConfig +olcOverlay: syncprov + +dn: olcOverlay=accesslog,olcDatabase={0}config,cn=config +changetype: add +objectClass: olcOverlayConfig +objectClass: olcAccessLogConfig +olcOverlay: accesslog +olcAccessLogDB: cn=accesslog +olcAccessLogOps: writes +olcAccessLogPurge: 07+00:00 01+00:00 +olcAccessLogSuccess: TRUE +EOF + +RC=$? +if test $RC != 0 ; then + echo "ldapmodify failed for syncprov and accesslog overlay config ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +# Consumers will not replicate the provider's actual cn=config. +# Instead, they will use an alternate DB so that they may be +# configured differently from the provider. This alternate DB +# will also be a consumer for the real cn=schema,cn=config tree. +# It has multi-provider enabled so that it can be written directly +# while being a consumer of the main schema. +echo "Configuring consumer config DB on provider..." +$LDAPMODIFY -D cn=config -H $URI1 -y $CONFIGPWF <> $TESTOUT 2>&1 +dn: cn=config +changetype: modify +add: olcServerID +olcServerID: 1 + +dn: olcDatabase={1}ldif,cn=config +changetype: add +objectClass: olcDatabaseConfig +objectClass: olcLdifConfig +olcDatabase: {1}ldif +olcDbDirectory: $DBDIR1A +olcSuffix: cn=config,cn=consumer +olcRootDN: cn=config,cn=consumer +olcRootPW: repsecret +olcAccess: to * by dn.base="cn=config" write + +dn: olcOverlay=syncprov,olcDatabase={1}ldif,cn=config +changetype: add +objectClass: olcOverlayConfig +objectClass: olcSyncProvConfig +olcOverlay: syncprov + +dn: olcOverlay=accesslog,olcDatabase={1}ldif,cn=config +changetype: add +objectClass: olcOverlayConfig +objectClass: olcAccessLogConfig +olcOverlay: accesslog +olcAccessLogDB: cn=consumer-accesslog +olcAccessLogOps: writes +olcAccessLogPurge: 07+00:00 01+00:00 +olcAccessLogSuccess: TRUE + +dn: cn=config,cn=consumer +changetype: add +objectClass: olcGlobal +cn: consumerconfig + +dn: olcDatabase={0}config,cn=config,cn=consumer +changetype: add +objectClass: olcDatabaseConfig +olcDatabase: {0}config +olcRootPW: topsecret +olcSyncrepl: {0}rid=001 provider=$URI1 binddn="cn=config,cn=consumer" + bindmethod=simple credentials=repsecret searchbase="cn=config,cn=consumer" + $SYNCTYPE retry="3 5 300 5" timeout=3 suffixmassage="cn=config" +olcUpdateRef: $URI1 + +dn: olcDatabase={1}ldif,cn=config +changetype: modify +add: olcSyncrepl +olcSyncrepl: {0}rid=001 provider=$URI1 binddn="cn=config" + bindmethod=simple credentials=$CONFIGPW searchbase="cn=schema,cn=config" + $SYNCTYPE retry="3 5 300 5" timeout=3 + suffixmassage="cn=schema,cn=config,cn=consumer" +- +add: olcMultiProvider +olcMultiProvider: TRUE + +EOF +RC=$? +if test $RC != 0 ; then + echo "ldapmodify failed for consumer DB config ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Starting consumer slapd on TCP/IP port $PORT2..." +$SLAPADD -F $CFCON -n 0 -l $CONFLDIF +$SLAPD -F $CFCON -h $URI2 -d $LVL > $LOG2 2>&1 & +CONSUMERPID=$! +if test $WAIT != 0 ; then + echo CONSUMERPID $CONSUMERPID + read foo +fi +KILLPIDS="$KILLPIDS $CONSUMERPID" + +sleep 1 + +echo "Using ldapsearch to check that consumer slapd is running..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "" -H $URI2 \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Configuring syncrepl on consumer..." +$LDAPMODIFY -D cn=config -H $URI2 -y $CONFIGPWF <>$TESTOUT 2>&1 +dn: olcDatabase={0}config,cn=config +changetype: modify +add: olcSyncRepl +olcSyncRepl: rid=001 provider=$URI1 binddn="cn=config,cn=consumer" + bindmethod=simple credentials=repsecret searchbase="cn=config,cn=consumer" + $SYNCTYPE retry="3 5 300 5" timeout=3 logbase="cn=consumer-accesslog" + logfilter="(&(objectclass=auditWriteObject)(reqresult=0))" + syncdata=accesslog suffixmassage="cn=config" +- +add: olcUpdateRef +olcUpdateRef: $URI1 +EOF + +sleep 1 + +echo "Using ldapsearch to check that syncrepl received config changes..." +RC=32 +for i in 0 1 2 3 4 5; do + RESULT=`$LDAPSEARCH -H $URI2 -D cn=config -y $CONFIGPWF \ + -s base -b "olcDatabase={0}config,cn=config" \ + '(olcUpdateRef=*)' 2>&1 | awk '/^dn:/ {print "OK"}'` + if test "x$RESULT" = "xOK" ; then + RC=0 + break + fi + echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..." + sleep $SLEEP1 +done + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Adding schema and databases on provider..." +$LDAPADD -D cn=config -H $URI1 -y $CONFIGPWF <>$TESTOUT 2>&1 +include: file://$ABS_SCHEMADIR/core.ldif + +include: file://$ABS_SCHEMADIR/cosine.ldif + +include: file://$ABS_SCHEMADIR/inetorgperson.ldif + +include: file://$ABS_SCHEMADIR/openldap.ldif + +include: file://$ABS_SCHEMADIR/nis.ldif +EOF +RC=$? +if test $RC != 0 ; then + echo "ldapadd failed for schema config ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Using ldapsearch to check that syncrepl received the schema changes..." +RC=32 +for i in 0 1 2 3 4 5; do + RESULT=`$LDAPSEARCH -H $URI2 -D cn=config -y $CONFIGPWF \ + -s sub -b "cn=schema,cn=config" \ + '(cn=*openldap)' 2>&1 | awk '/^dn:/ {print "OK"}'` + if test "x$RESULT" = "xOK" ; then + RC=0 + break + fi + echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..." + sleep $SLEEP1 +done + +if test "x$RESULT" != "xOK" ; then + echo "consumer never received complete schema!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +nullExclude="" nullOK="" +test $BACKEND = null && nullExclude="# " nullOK="OK" + +if [ "$BACKENDTYPE" = mod ]; then + $LDAPADD -D cn=config -H $URI1 -y $CONFIGPWF <>$TESTOUT 2>&1 +dn: cn=module,cn=config,cn=consumer +objectClass: olcModuleList +cn: module +olcModulePath: ../servers/slapd/back-$BACKEND +olcModuleLoad: back_$BACKEND.la +EOF + RC=$? + if test $RC != 0 ; then + echo "ldapadd failed for backend config ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi +fi + +$LDAPADD -D cn=config -H $URI1 -y $CONFIGPWF <>$TESTOUT 2>&1 +dn: olcDatabase={2}$BACKEND,cn=config +objectClass: olcDatabaseConfig +${nullExclude}objectClass: olc${BACKEND}Config +olcDatabase: {2}$BACKEND +olcSuffix: $BASEDN +${nullExclude}olcDbDirectory: $DBDIR1B +olcRootDN: $MANAGERDN +olcRootPW: $PASSWD +olcSyncRepl: rid=002 provider=$URI1 binddn="$MANAGERDN" bindmethod=simple + credentials=$PASSWD searchbase="$BASEDN" $SYNCTYPE + retry="3 5 300 5" timeout=3 +olcUpdateRef: $URI1 + +dn: olcOverlay=syncprov,olcDatabase={2}${BACKEND},cn=config +changetype: add +objectClass: olcOverlayConfig +objectClass: olcSyncProvConfig +olcOverlay: syncprov + +dn: olcDatabase={1}$BACKEND,cn=config,cn=consumer +objectClass: olcDatabaseConfig +${nullExclude}objectClass: olc${BACKEND}Config +olcDatabase: {1}$BACKEND +olcSuffix: $BASEDN +${nullExclude}olcDbDirectory: $DBDIR2A +olcRootDN: $MANAGERDN +olcRootPW: $PASSWD +olcSyncRepl: rid=002 provider=$URI1 binddn="$MANAGERDN" bindmethod=simple + credentials=$PASSWD searchbase="$BASEDN" $SYNCTYPE + retry="3 5 300 5" timeout=3 +olcUpdateRef: $URI1 + +EOF +RC=$? +if test $RC != 0 ; then + echo "ldapadd failed for database config ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +if test $INDEXDB = indexdb ; then + $LDAPMODIFY -D cn=config -H $URI1 -y $CONFIGPWF <>$TESTOUT 2>&1 +dn: olcDatabase={2}$BACKEND,cn=config +changetype: modify +add: olcDbIndex +olcDbIndex: objectClass,entryUUID,entryCSN eq +olcDbIndex: cn,uid pres,eq,sub +EOF + RC=$? + if test $RC != 0 ; then + echo "ldapadd modify for database config ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi +fi + +echo "Using ldapadd to populate provider..." +$LDAPADD -D "$MANAGERDN" -H $URI1 -w $PASSWD -f $LDIFORDERED \ + >> $TESTOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapadd failed for database config ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..." +sleep $SLEEP1 + +echo "Using ldapsearch to check that syncrepl received database changes..." +RC=32 +for i in 0 1 2 3 4 5; do + RESULT=`$LDAPSEARCH -H $URI2 \ + -s base -b "cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com" \ + '(objectClass=*)' 2>&1 | awk '/^dn:/ {print "OK"}'` + if test "x$RESULT$nullOK" = "xOK" ; then + RC=0 + break + fi + echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..." + sleep $SLEEP1 +done + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Using ldapsearch to read all the entries from the provider..." +$LDAPSEARCH -S "" -b "$BASEDN" -D "$MANAGERDN" -H $URI1 -w $PASSWD \ + 'objectclass=*' > $PROVIDEROUT 2>&1 +RC=$? + +if test $RC != 0 ; then + echo "ldapsearch failed at provider ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Using ldapsearch to read all the entries from the consumer..." +$LDAPSEARCH -S "" -b "$BASEDN" -D "$MANAGERDN" -H $URI2 -w $PASSWD \ + 'objectclass=*' > $CONSUMEROUT 2>&1 +RC=$? + +if test $RC != 0 ; then + echo "ldapsearch failed at consumer ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +test $KILLSERVERS != no && kill -HUP $KILLPIDS + +echo "Filtering provider results..." +$LDIFFILTER < $PROVIDEROUT > $PROVIDERFLT +echo "Filtering consumer results..." +$LDIFFILTER < $CONSUMEROUT > $CONSUMERFLT + +echo "Comparing retrieved entries from provider and consumer..." +$CMP $PROVIDERFLT $CONSUMERFLT > $CMPOUT + +if test $? != 0 ; then + echo "test failed - provider and consumer databases differ" + exit 1 +fi + +echo ">>>>> Test succeeded" + +test $KILLSERVERS != no && wait + +exit 0