github.com/minio/minio@v0.0.0-20240328213742-3f72439b8a27/docs/site-replication/run-multi-site-minio-idp.sh (about) 1 #!/usr/bin/env bash 2 3 # shellcheck disable=SC2120 4 exit_1() { 5 cleanup 6 7 echo "minio1 ============" 8 cat /tmp/minio1_1.log 9 cat /tmp/minio1_2.log 10 echo "minio2 ============" 11 cat /tmp/minio2_1.log 12 cat /tmp/minio2_2.log 13 echo "minio3 ============" 14 cat /tmp/minio3_1.log 15 cat /tmp/minio3_2.log 16 17 exit 1 18 } 19 20 cleanup() { 21 echo "Cleaning up instances of MinIO" 22 pkill minio 23 pkill -9 minio 24 rm -rf /tmp/minio-internal-idp{1,2,3} 25 } 26 27 cleanup 28 29 unset MINIO_KMS_KES_CERT_FILE 30 unset MINIO_KMS_KES_KEY_FILE 31 unset MINIO_KMS_KES_ENDPOINT 32 unset MINIO_KMS_KES_KEY_NAME 33 34 export MINIO_CI_CD=1 35 export MINIO_BROWSER=off 36 export MINIO_ROOT_USER="minio" 37 export MINIO_ROOT_PASSWORD="minio123" 38 export MINIO_KMS_AUTO_ENCRYPTION=off 39 export MINIO_PROMETHEUS_AUTH_TYPE=public 40 export MINIO_KMS_SECRET_KEY=my-minio-key:OSMM+vkKUTCvQs9YL/CVMIMt43HFhkUpqJxTmGl6rYw= 41 42 if [ ! -f ./mc ]; then 43 wget -O mc https://dl.minio.io/client/mc/release/linux-amd64/mc && 44 chmod +x mc 45 fi 46 47 minio server --config-dir /tmp/minio-internal --address ":9001" http://localhost:9001/tmp/minio-internal-idp1/{1...4} http://localhost:9010/tmp/minio-internal-idp1/{5...8} >/tmp/minio1_1.log 2>&1 & 48 site1_pid1=$! 49 minio server --config-dir /tmp/minio-internal --address ":9010" http://localhost:9001/tmp/minio-internal-idp1/{1...4} http://localhost:9010/tmp/minio-internal-idp1/{5...8} >/tmp/minio1_2.log 2>&1 & 50 site1_pid2=$! 51 52 minio server --config-dir /tmp/minio-internal --address ":9002" http://localhost:9002/tmp/minio-internal-idp2/{1...4} http://localhost:9020/tmp/minio-internal-idp2/{5...8} >/tmp/minio2_1.log 2>&1 & 53 site2_pid1=$! 54 minio server --config-dir /tmp/minio-internal --address ":9020" http://localhost:9002/tmp/minio-internal-idp2/{1...4} http://localhost:9020/tmp/minio-internal-idp2/{5...8} >/tmp/minio2_2.log 2>&1 & 55 site2_pid2=$! 56 57 minio server --config-dir /tmp/minio-internal --address ":9003" http://localhost:9003/tmp/minio-internal-idp3/{1...4} http://localhost:9030/tmp/minio-internal-idp3/{5...8} >/tmp/minio3_1.log 2>&1 & 58 site3_pid1=$! 59 minio server --config-dir /tmp/minio-internal --address ":9030" http://localhost:9003/tmp/minio-internal-idp3/{1...4} http://localhost:9030/tmp/minio-internal-idp3/{5...8} >/tmp/minio3_2.log 2>&1 & 60 site3_pid2=$! 61 62 sleep 10 63 64 export MC_HOST_minio1=http://minio:minio123@localhost:9001 65 export MC_HOST_minio2=http://minio:minio123@localhost:9002 66 export MC_HOST_minio3=http://minio:minio123@localhost:9003 67 68 export MC_HOST_minio10=http://minio:minio123@localhost:9010 69 export MC_HOST_minio20=http://minio:minio123@localhost:9020 70 export MC_HOST_minio30=http://minio:minio123@localhost:9030 71 72 ./mc admin replicate add minio1 minio2 73 74 site_enabled=$(./mc admin replicate info minio1) 75 site_enabled_peer=$(./mc admin replicate info minio10) 76 77 [[ $site_enabled =~ "is not enabled" ]] && { 78 echo "expected both peers to have same information" 79 exit_1 80 } 81 82 [[ $site_enabled_peer =~ "is not enabled" ]] && { 83 echo "expected both peers to have same information" 84 exit_1 85 } 86 87 ./mc admin user add minio1 foobar foo12345 88 89 ## add foobar-g group with foobar 90 ./mc admin group add minio2 foobar-g foobar 91 92 ./mc admin policy attach minio1 consoleAdmin --user=foobar 93 sleep 5 94 95 ./mc admin user info minio2 foobar 96 97 ./mc admin group info minio1 foobar-g 98 99 ./mc admin policy create minio1 rw ./docs/site-replication/rw.json 100 101 sleep 5 102 ./mc admin policy info minio2 rw >/dev/null 2>&1 103 104 ./mc admin replicate status minio1 105 106 ## Add a new empty site 107 ./mc admin replicate add minio1 minio2 minio3 108 109 sleep 10 110 111 ./mc admin policy info minio3 rw >/dev/null 2>&1 112 113 ./mc admin policy remove minio3 rw 114 115 ./mc admin replicate status minio3 116 117 sleep 10 118 119 ./mc admin policy info minio1 rw 120 if [ $? -eq 0 ]; then 121 echo "expecting the command to fail, exiting.." 122 exit_1 123 fi 124 125 ./mc admin policy info minio2 rw 126 if [ $? -eq 0 ]; then 127 echo "expecting the command to fail, exiting.." 128 exit_1 129 fi 130 131 ./mc admin policy info minio3 rw 132 if [ $? -eq 0 ]; then 133 echo "expecting the command to fail, exiting.." 134 exit_1 135 fi 136 137 ./mc admin user info minio1 foobar 138 if [ $? -ne 0 ]; then 139 echo "policy mapping missing on 'minio1', exiting.." 140 exit_1 141 fi 142 143 ./mc admin user info minio2 foobar 144 if [ $? -ne 0 ]; then 145 echo "policy mapping missing on 'minio2', exiting.." 146 exit_1 147 fi 148 149 ./mc admin user info minio3 foobar 150 if [ $? -ne 0 ]; then 151 echo "policy mapping missing on 'minio3', exiting.." 152 exit_1 153 fi 154 155 ./mc admin group info minio3 foobar-g 156 if [ $? -ne 0 ]; then 157 echo "group mapping missing on 'minio3', exiting.." 158 exit_1 159 fi 160 161 ./mc admin user svcacct add minio2 foobar --access-key testsvc --secret-key testsvc123 162 if [ $? -ne 0 ]; then 163 echo "adding svc account failed, exiting.." 164 exit_1 165 fi 166 167 ./mc admin user svcacct add minio2 minio --access-key testsvc2 --secret-key testsvc123 168 if [ $? -ne 0 ]; then 169 echo "adding root svc account testsvc2 failed, exiting.." 170 exit_1 171 fi 172 173 sleep 10 174 175 export MC_HOST_rootsvc=http://testsvc2:testsvc123@localhost:9002 176 ./mc ls rootsvc 177 if [ $? -ne 0 ]; then 178 echo "root service account not inherited root permissions, exiting.." 179 exit_1 180 fi 181 182 ./mc admin user svcacct info minio1 testsvc 183 if [ $? -ne 0 ]; then 184 echo "svc account not mirrored, exiting.." 185 exit_1 186 fi 187 188 ./mc admin user svcacct info minio2 testsvc 189 if [ $? -ne 0 ]; then 190 echo "svc account not mirrored, exiting.." 191 exit_1 192 fi 193 194 ./mc admin user svcacct rm minio1 testsvc 195 if [ $? -ne 0 ]; then 196 echo "removing svc account failed, exiting.." 197 exit_1 198 fi 199 200 sleep 10 201 ./mc admin user svcacct info minio2 testsvc 202 if [ $? -eq 0 ]; then 203 echo "svc account found after delete, exiting.." 204 exit_1 205 fi 206 207 ./mc admin user svcacct info minio3 testsvc 208 if [ $? -eq 0 ]; then 209 echo "svc account found after delete, exiting.." 210 exit_1 211 fi 212 213 ./mc mb minio1/newbucket 214 # copy large upload to newbucket on minio1 215 truncate -s 17M lrgfile 216 expected_checksum=$(cat ./lrgfile | md5sum) 217 218 ./mc cp ./lrgfile minio1/newbucket 219 220 sleep 5 221 ./mc stat minio2/newbucket 222 if [ $? -ne 0 ]; then 223 echo "expecting bucket to be present. exiting.." 224 exit_1 225 fi 226 227 ./mc stat minio3/newbucket 228 if [ $? -ne 0 ]; then 229 echo "expecting bucket to be present. exiting.." 230 exit_1 231 fi 232 233 err_minio2=$(./mc stat minio2/newbucket/xxx --json | jq -r .error.cause.message) 234 if [ $? -ne 0 ]; then 235 echo "expecting object to be missing. exiting.." 236 exit_1 237 fi 238 239 if [ "${err_minio2}" != "Object does not exist" ]; then 240 echo "expected to see Object does not exist error, exiting..." 241 exit_1 242 fi 243 244 ./mc cp README.md minio2/newbucket/ 245 246 sleep 5 247 ./mc stat minio1/newbucket/README.md 248 if [ $? -ne 0 ]; then 249 echo "expecting object to be present. exiting.." 250 exit_1 251 fi 252 253 ./mc stat minio3/newbucket/README.md 254 if [ $? -ne 0 ]; then 255 echo "expecting object to be present. exiting.." 256 exit_1 257 fi 258 259 sleep 10 260 ./mc stat minio3/newbucket/lrgfile 261 if [ $? -ne 0 ]; then 262 echo "expected object to be present, exiting.." 263 exit_1 264 fi 265 266 actual_checksum=$(./mc cat minio3/newbucket/lrgfile | md5sum) 267 if [ "${expected_checksum}" != "${actual_checksum}" ]; then 268 echo "replication failed on multipart objects expected ${expected_checksum} got ${actual_checksum}" 269 exit 270 fi 271 rm ./lrgfile 272 273 ./mc rm -r --versions --force minio1/newbucket/lrgfile 274 if [ $? -ne 0 ]; then 275 echo "expected object to be present, exiting.." 276 exit_1 277 fi 278 279 sleep 5 280 ./mc stat minio1/newbucket/lrgfile 281 if [ $? -eq 0 ]; then 282 echo "expected object to be deleted permanently after replication, exiting.." 283 exit_1 284 fi 285 286 vID=$(./mc stat minio2/newbucket/README.md --json | jq .versionID) 287 if [ $? -ne 0 ]; then 288 echo "expecting object to be present. exiting.." 289 exit_1 290 fi 291 ./mc tag set --version-id "${vID}" minio2/newbucket/README.md "key=val" 292 if [ $? -ne 0 ]; then 293 echo "expecting tag set to be successful. exiting.." 294 exit_1 295 fi 296 sleep 5 297 val=$(./mc tag list minio1/newbucket/README.md --version-id "${vID}" --json | jq -r .tagset.key) 298 if [ "${val}" != "val" ]; then 299 echo "expected bucket tag to have replicated, exiting..." 300 exit_1 301 fi 302 ./mc tag remove --version-id "${vID}" minio2/newbucket/README.md 303 if [ $? -ne 0 ]; then 304 echo "expecting tag removal to be successful. exiting.." 305 exit_1 306 fi 307 sleep 5 308 309 replStatus_minio2=$(./mc stat minio2/newbucket/README.md --json | jq -r .replicationStatus) 310 if [ $? -ne 0 ]; then 311 echo "expecting object to be present. exiting.." 312 exit_1 313 fi 314 315 if [ ${replStatus_minio2} != "COMPLETED" ]; then 316 echo "expected tag removal to have replicated, exiting..." 317 exit_1 318 fi 319 320 ./mc rm minio3/newbucket/README.md 321 sleep 5 322 323 ./mc stat minio2/newbucket/README.md 324 if [ $? -eq 0 ]; then 325 echo "expected file to be deleted, exiting.." 326 exit_1 327 fi 328 329 ./mc stat minio1/newbucket/README.md 330 if [ $? -eq 0 ]; then 331 echo "expected file to be deleted, exiting.." 332 exit_1 333 fi 334 335 ./mc mb --with-lock minio3/newbucket-olock 336 sleep 5 337 338 enabled_minio2=$(./mc stat --json minio2/newbucket-olock | jq -r .ObjectLock.enabled) 339 if [ $? -ne 0 ]; then 340 echo "expected bucket to be mirrored with object-lock but not present, exiting..." 341 exit_1 342 fi 343 344 if [ "${enabled_minio2}" != "Enabled" ]; then 345 echo "expected bucket to be mirrored with object-lock enabled, exiting..." 346 exit_1 347 fi 348 349 enabled_minio1=$(./mc stat --json minio1/newbucket-olock | jq -r .ObjectLock.enabled) 350 if [ $? -ne 0 ]; then 351 echo "expected bucket to be mirrored with object-lock but not present, exiting..." 352 exit_1 353 fi 354 355 if [ "${enabled_minio1}" != "Enabled" ]; then 356 echo "expected bucket to be mirrored with object-lock enabled, exiting..." 357 exit_1 358 fi 359 360 # "Test if most recent tag update is replicated" 361 ./mc tag set minio2/newbucket "key=val1" 362 if [ $? -ne 0 ]; then 363 echo "expecting tag set to be successful. exiting.." 364 exit_1 365 fi 366 sleep 5 367 368 val=$(./mc tag list minio1/newbucket --json | jq -r .tagset | jq -r .key) 369 if [ "${val}" != "val1" ]; then 370 echo "expected bucket tag to have replicated, exiting..." 371 exit_1 372 fi 373 # Create user with policy consoleAdmin on minio1 374 ./mc admin user add minio1 foobarx foobar123 375 if [ $? -ne 0 ]; then 376 echo "adding user failed, exiting.." 377 exit_1 378 fi 379 ./mc admin policy attach minio1 consoleAdmin --user=foobarx 380 if [ $? -ne 0 ]; then 381 echo "adding policy mapping failed, exiting.." 382 exit_1 383 fi 384 sleep 10 385 386 # unset policy for foobarx in minio2 387 ./mc admin policy detach minio2 consoleAdmin --user=foobarx 388 if [ $? -ne 0 ]; then 389 echo "unset policy mapping failed, exiting.." 390 exit_1 391 fi 392 393 # create a bucket bucket2 on minio1. 394 ./mc mb minio1/bucket2 395 396 sleep 10 397 398 # Test whether policy detach replicated to minio1 399 policy=$(./mc admin user info minio1 foobarx --json | jq -r .policyName) 400 if [ "${policy}" != "null" ]; then 401 echo "expected policy detach to have replicated, exiting..." 402 exit_1 403 fi 404 405 kill -9 ${site1_pid1} ${site1_pid2} 406 407 # Update tag on minio2/newbucket when minio1 is down 408 ./mc tag set minio2/newbucket "key=val2" 409 # create a new bucket on minio2. This should replicate to minio1 after it comes online. 410 ./mc mb minio2/newbucket2 411 412 # delete bucket2 on minio2. This should replicate to minio1 after it comes online. 413 ./mc rb minio2/bucket2 414 415 # Restart minio1 instance 416 minio server --config-dir /tmp/minio-internal --address ":9001" http://localhost:9001/tmp/minio-internal-idp1/{1...4} http://localhost:9010/tmp/minio-internal-idp1/{5...8} >/tmp/minio1_1.log 2>&1 & 417 minio server --config-dir /tmp/minio-internal --address ":9010" http://localhost:9001/tmp/minio-internal-idp1/{1...4} http://localhost:9010/tmp/minio-internal-idp1/{5...8} >/tmp/minio1_2.log 2>&1 & 418 sleep 200 419 420 # Test whether most recent tag update on minio2 is replicated to minio1 421 val=$(./mc tag list minio1/newbucket --json | jq -r .tagset | jq -r .key) 422 if [ "${val}" != "val2" ]; then 423 echo "expected bucket tag to have replicated, exiting..." 424 exit_1 425 fi 426 427 # Test if bucket created/deleted when minio1 is down healed 428 diff -q <(./mc ls minio1) <(./mc ls minio2) 1>/dev/null 429 if [ $? -ne 0 ]; then 430 echo "expected 'bucket2' delete and 'newbucket2' creation to have replicated, exiting..." 431 exit_1 432 fi 433 434 # force a resync after removing all site replication 435 ./mc admin replicate rm --all --force minio1 436 ./mc rb minio2 --force --dangerous 437 ./mc admin replicate add minio1 minio2 438 ./mc admin replicate resync start minio1 minio2 439 sleep 30 440 441 ./mc ls -r --versions minio1/newbucket >/tmp/minio1.txt 442 ./mc ls -r --versions minio2/newbucket >/tmp/minio2.txt 443 444 out=$(diff -qpruN /tmp/minio1.txt /tmp/minio2.txt) 445 ret=$? 446 if [ $ret -ne 0 ]; then 447 echo "BUG: expected no missing entries after replication resync: $out" 448 exit 1 449 fi