github.com/minio/minio@v0.0.0-20240328213742-3f72439b8a27/docs/site-replication/run-multi-site-ldap.sh (about) 1 #!/usr/bin/env bash 2 3 # shellcheck disable=SC2120 4 exit_1() { 5 cleanup 6 7 echo "minio1 ============" 8 cat /tmp/minio1_1.log 9 cat /tmp/minio1_2.log 10 echo "minio2 ============" 11 cat /tmp/minio2_1.log 12 cat /tmp/minio2_2.log 13 echo "minio3 ============" 14 cat /tmp/minio3_1.log 15 cat /tmp/minio3_2.log 16 17 exit 1 18 } 19 20 cleanup() { 21 echo "Cleaning up instances of MinIO" 22 pkill minio 23 pkill -9 minio 24 rm -rf /tmp/minio-ldap-idp{1,2,3} 25 } 26 27 cleanup 28 29 unset MINIO_KMS_KES_CERT_FILE 30 unset MINIO_KMS_KES_KEY_FILE 31 unset MINIO_KMS_KES_ENDPOINT 32 unset MINIO_KMS_KES_KEY_NAME 33 34 export MINIO_CI_CD=1 35 export MINIO_BROWSER=off 36 export MINIO_ROOT_USER="minio" 37 export MINIO_ROOT_PASSWORD="minio123" 38 export MINIO_KMS_AUTO_ENCRYPTION=off 39 export MINIO_PROMETHEUS_AUTH_TYPE=public 40 export MINIO_KMS_SECRET_KEY=my-minio-key:OSMM+vkKUTCvQs9YL/CVMIMt43HFhkUpqJxTmGl6rYw= 41 export MINIO_IDENTITY_LDAP_SERVER_ADDR="localhost:389" 42 export MINIO_IDENTITY_LDAP_SERVER_INSECURE="on" 43 export MINIO_IDENTITY_LDAP_LOOKUP_BIND_DN="cn=admin,dc=min,dc=io" 44 export MINIO_IDENTITY_LDAP_LOOKUP_BIND_PASSWORD="admin" 45 export MINIO_IDENTITY_LDAP_USER_DN_SEARCH_BASE_DN="dc=min,dc=io" 46 export MINIO_IDENTITY_LDAP_USER_DN_SEARCH_FILTER="(uid=%s)" 47 export MINIO_IDENTITY_LDAP_GROUP_SEARCH_BASE_DN="ou=swengg,dc=min,dc=io" 48 export MINIO_IDENTITY_LDAP_GROUP_SEARCH_FILTER="(&(objectclass=groupOfNames)(member=%d))" 49 50 if [ ! -f ./mc ]; then 51 wget -O mc https://dl.minio.io/client/mc/release/linux-amd64/mc && 52 chmod +x mc 53 fi 54 55 minio server --config-dir /tmp/minio-ldap --address ":9001" /tmp/minio-ldap-idp1/{1...4} >/tmp/minio1_1.log 2>&1 & 56 site1_pid=$! 57 minio server --config-dir /tmp/minio-ldap --address ":9002" /tmp/minio-ldap-idp2/{1...4} >/tmp/minio2_1.log 2>&1 & 58 site2_pid=$! 59 minio server --config-dir /tmp/minio-ldap --address ":9003" /tmp/minio-ldap-idp3/{1...4} >/tmp/minio3_1.log 2>&1 & 60 site3_pid=$! 61 62 sleep 10 63 64 export MC_HOST_minio1=http://minio:minio123@localhost:9001 65 export MC_HOST_minio2=http://minio:minio123@localhost:9002 66 export MC_HOST_minio3=http://minio:minio123@localhost:9003 67 68 ./mc admin replicate add minio1 minio2 minio3 69 70 ./mc idp ldap policy attach minio1 consoleAdmin --user="uid=dillon,ou=people,ou=swengg,dc=min,dc=io" 71 sleep 5 72 73 ./mc admin user info minio2 "uid=dillon,ou=people,ou=swengg,dc=min,dc=io" 74 ./mc admin user info minio3 "uid=dillon,ou=people,ou=swengg,dc=min,dc=io" 75 ./mc admin policy create minio1 rw ./docs/site-replication/rw.json 76 77 sleep 5 78 ./mc admin policy info minio2 rw >/dev/null 2>&1 79 ./mc admin policy info minio3 rw >/dev/null 2>&1 80 81 ./mc admin policy remove minio3 rw 82 83 sleep 10 84 ./mc admin policy info minio1 rw 85 if [ $? -eq 0 ]; then 86 echo "expecting the command to fail, exiting.." 87 exit_1 88 fi 89 90 ./mc admin policy info minio2 rw 91 if [ $? -eq 0 ]; then 92 echo "expecting the command to fail, exiting.." 93 exit_1 94 fi 95 96 ./mc admin user info minio1 "uid=dillon,ou=people,ou=swengg,dc=min,dc=io" 97 if [ $? -ne 0 ]; then 98 echo "policy mapping missing, exiting.." 99 exit_1 100 fi 101 102 ./mc admin user info minio2 "uid=dillon,ou=people,ou=swengg,dc=min,dc=io" 103 if [ $? -ne 0 ]; then 104 echo "policy mapping missing, exiting.." 105 exit_1 106 fi 107 108 ./mc admin user info minio3 "uid=dillon,ou=people,ou=swengg,dc=min,dc=io" 109 if [ $? -ne 0 ]; then 110 echo "policy mapping missing, exiting.." 111 exit_1 112 fi 113 114 # LDAP simple user 115 ./mc admin user svcacct add minio2 dillon --access-key testsvc --secret-key testsvc123 116 if [ $? -ne 0 ]; then 117 echo "adding svc account failed, exiting.." 118 exit_1 119 fi 120 121 sleep 10 122 123 ./mc idp ldap policy entities minio1 124 ./mc idp ldap policy entities minio2 125 ./mc idp ldap policy entities minio3 126 127 ./mc admin service restart minio1 128 ./mc admin service restart minio2 129 ./mc admin service restart minio3 130 131 sleep 10 132 133 ./mc idp ldap policy entities minio1 134 ./mc idp ldap policy entities minio2 135 ./mc idp ldap policy entities minio3 136 137 ./mc admin user svcacct info minio1 testsvc 138 if [ $? -ne 0 ]; then 139 echo "svc account not mirrored, exiting.." 140 exit_1 141 fi 142 143 ./mc admin user svcacct info minio2 testsvc 144 if [ $? -ne 0 ]; then 145 echo "svc account not mirrored, exiting.." 146 exit_1 147 fi 148 149 ./mc admin user svcacct info minio3 testsvc 150 if [ $? -ne 0 ]; then 151 echo "svc account not mirrored, exiting.." 152 exit_1 153 fi 154 155 MC_HOST_svc1=http://testsvc:testsvc123@localhost:9001 ./mc ls svc1 156 MC_HOST_svc2=http://testsvc:testsvc123@localhost:9002 ./mc ls svc2 157 MC_HOST_svc3=http://testsvc:testsvc123@localhost:9003 ./mc ls svc3 158 159 ./mc admin user svcacct rm minio1 testsvc 160 if [ $? -ne 0 ]; then 161 echo "removing svc account failed, exiting.." 162 exit_1 163 fi 164 165 ./mc admin user info minio1 "uid=dillon,ou=people,ou=swengg,dc=min,dc=io" 166 if [ $? -ne 0 ]; then 167 echo "policy mapping missing, exiting.." 168 exit_1 169 fi 170 171 ./mc admin user info minio2 "uid=dillon,ou=people,ou=swengg,dc=min,dc=io" 172 if [ $? -ne 0 ]; then 173 echo "policy mapping missing, exiting.." 174 exit_1 175 fi 176 177 ./mc admin user info minio3 "uid=dillon,ou=people,ou=swengg,dc=min,dc=io" 178 if [ $? -ne 0 ]; then 179 echo "policy mapping missing, exiting.." 180 exit_1 181 fi 182 183 sleep 10 184 185 ./mc admin user svcacct info minio2 testsvc 186 if [ $? -eq 0 ]; then 187 echo "svc account found after delete, exiting.." 188 exit_1 189 fi 190 191 ./mc admin user svcacct info minio3 testsvc 192 if [ $? -eq 0 ]; then 193 echo "svc account found after delete, exiting.." 194 exit_1 195 fi 196 197 ./mc mb minio1/newbucket 198 # copy large upload to newbucket on minio1 199 truncate -s 17M lrgfile 200 expected_checksum=$(cat ./lrgfile | md5sum) 201 202 ./mc cp ./lrgfile minio1/newbucket 203 204 # create a bucket bucket2 on minio1. 205 ./mc mb minio1/bucket2 206 207 sleep 5 208 ./mc stat minio2/newbucket 209 if [ $? -ne 0 ]; then 210 echo "expecting bucket to be present. exiting.." 211 exit_1 212 fi 213 214 ./mc stat minio3/newbucket 215 if [ $? -ne 0 ]; then 216 echo "expecting bucket to be present. exiting.." 217 exit_1 218 fi 219 220 ./mc cp README.md minio2/newbucket/ 221 222 sleep 5 223 ./mc stat minio1/newbucket/README.md 224 if [ $? -ne 0 ]; then 225 echo "expecting object to be present. exiting.." 226 exit_1 227 fi 228 229 ./mc stat minio3/newbucket/README.md 230 if [ $? -ne 0 ]; then 231 echo "expecting object to be present. exiting.." 232 exit_1 233 fi 234 235 sleep 10 236 ./mc stat minio3/newbucket/lrgfile 237 if [ $? -ne 0 ]; then 238 echo "expected object to be present, exiting.." 239 exit_1 240 fi 241 actual_checksum=$(./mc cat minio3/newbucket/lrgfile | md5sum) 242 if [ "${expected_checksum}" != "${actual_checksum}" ]; then 243 echo "replication failed on multipart objects expected ${expected_checksum} got ${actual_checksum}" 244 exit 245 fi 246 rm ./lrgfile 247 248 ./mc rm -r --versions --force minio1/newbucket/lrgfile 249 if [ $? -ne 0 ]; then 250 echo "expected object to be present, exiting.." 251 exit_1 252 fi 253 254 sleep 5 255 ./mc stat minio1/newbucket/lrgfile 256 if [ $? -eq 0 ]; then 257 echo "expected object to be deleted permanently after replication, exiting.." 258 exit_1 259 fi 260 261 vID=$(./mc stat minio2/newbucket/README.md --json | jq .versionID) 262 if [ $? -ne 0 ]; then 263 echo "expecting object to be present. exiting.." 264 exit_1 265 fi 266 ./mc tag set --version-id "${vID}" minio2/newbucket/README.md "key=val" 267 if [ $? -ne 0 ]; then 268 echo "expecting tag set to be successful. exiting.." 269 exit_1 270 fi 271 sleep 5 272 273 ./mc tag remove --version-id "${vID}" minio2/newbucket/README.md 274 if [ $? -ne 0 ]; then 275 echo "expecting tag removal to be successful. exiting.." 276 exit_1 277 fi 278 sleep 5 279 280 replStatus_minio2=$(./mc stat minio2/newbucket/README.md --json | jq -r .replicationStatus) 281 if [ $? -ne 0 ]; then 282 echo "expecting object to be present. exiting.." 283 exit_1 284 fi 285 286 if [ ${replStatus_minio2} != "COMPLETED" ]; then 287 echo "expected tag removal to have replicated, exiting..." 288 exit_1 289 fi 290 291 ./mc rm minio3/newbucket/README.md 292 sleep 5 293 294 ./mc stat minio2/newbucket/README.md 295 if [ $? -eq 0 ]; then 296 echo "expected file to be deleted, exiting.." 297 exit_1 298 fi 299 300 ./mc stat minio1/newbucket/README.md 301 if [ $? -eq 0 ]; then 302 echo "expected file to be deleted, exiting.." 303 exit_1 304 fi 305 306 ./mc mb --with-lock minio3/newbucket-olock 307 sleep 5 308 309 enabled_minio2=$(./mc stat --json minio2/newbucket-olock | jq -r .ObjectLock.enabled) 310 if [ $? -ne 0 ]; then 311 echo "expected bucket to be mirrored with object-lock but not present, exiting..." 312 exit_1 313 fi 314 315 if [ "${enabled_minio2}" != "Enabled" ]; then 316 echo "expected bucket to be mirrored with object-lock enabled, exiting..." 317 exit_1 318 fi 319 320 enabled_minio1=$(./mc stat --json minio1/newbucket-olock | jq -r .ObjectLock.enabled) 321 if [ $? -ne 0 ]; then 322 echo "expected bucket to be mirrored with object-lock but not present, exiting..." 323 exit_1 324 fi 325 326 if [ "${enabled_minio1}" != "Enabled" ]; then 327 echo "expected bucket to be mirrored with object-lock enabled, exiting..." 328 exit_1 329 fi 330 331 # "Test if most recent tag update is replicated" 332 ./mc tag set minio2/newbucket "key=val1" 333 if [ $? -ne 0 ]; then 334 echo "expecting tag set to be successful. exiting.." 335 exit_1 336 fi 337 338 sleep 10 339 340 val=$(./mc tag list minio1/newbucket --json | jq -r .tagset | jq -r .key) 341 if [ "${val}" != "val1" ]; then 342 echo "expected bucket tag to have replicated, exiting..." 343 exit_1 344 fi 345 # stop minio1 346 kill -9 ${site1_pid} 347 # Update tag on minio2/newbucket when minio1 is down 348 ./mc tag set minio2/newbucket "key=val2" 349 # create a new bucket on minio2. This should replicate to minio1 after it comes online. 350 ./mc mb minio2/newbucket2 351 # delete bucket2 on minio2. This should replicate to minio1 after it comes online. 352 ./mc rb minio2/bucket2 353 354 # Restart minio1 instance 355 minio server --config-dir /tmp/minio-ldap --address ":9001" /tmp/minio-ldap-idp1/{1...4} >/tmp/minio1_1.log 2>&1 & 356 sleep 200 357 358 # Test whether most recent tag update on minio2 is replicated to minio1 359 val=$(./mc tag list minio1/newbucket --json | jq -r .tagset | jq -r .key) 360 if [ "${val}" != "val2" ]; then 361 echo "expected bucket tag to have replicated, exiting..." 362 exit_1 363 fi 364 365 # Test if bucket created/deleted when minio1 is down healed 366 diff -q <(./mc ls minio1) <(./mc ls minio2) 1>/dev/null 367 if [ $? -ne 0 ]; then 368 echo "expected 'bucket2' delete and 'newbucket2' creation to have replicated, exiting..." 369 exit_1 370 fi 371 372 # force a resync after removing all site replication 373 ./mc admin replicate rm --all --force minio1 374 ./mc rb minio2 --force --dangerous 375 ./mc admin replicate add minio1 minio2 376 ./mc admin replicate resync start minio1 minio2 377 sleep 30 378 379 ./mc ls -r --versions minio1/newbucket >/tmp/minio1.txt 380 ./mc ls -r --versions minio2/newbucket >/tmp/minio2.txt 381 382 out=$(diff -qpruN /tmp/minio1.txt /tmp/minio2.txt) 383 ret=$? 384 if [ $ret -ne 0 ]; then 385 echo "BUG: expected no missing entries after replication resync: $out" 386 exit 1 387 fi 388 389 cleanup