diff --git a/test/extras/stresstest.sh b/test/extras/stresstest.sh index 5fa7e3ead36c..22112fe4b951 100755 --- a/test/extras/stresstest.sh +++ b/test/extras/stresstest.sh @@ -102,9 +102,6 @@ spawn_lxd() { echo "==> Binding to network" LXD_DIR="$lxddir" lxc config set core.https_address "$addr" - - echo "==> Setting trust password" - LXD_DIR="$lxddir" lxc config set core.trust_password foo } spawn_lxd 127.0.0.1:18443 "$LXD_DIR" diff --git a/test/includes/clustering.sh b/test/includes/clustering.sh index cd2fda907d06..d6cd2b637ddb 100644 --- a/test/includes/clustering.sh +++ b/test/includes/clustering.sh @@ -133,7 +133,6 @@ spawn_lxd_and_bootstrap_cluster() { cat > "${LXD_DIR}/preseed.yaml" < Spawn additional cluster node in ${ns} with storage driver ${driver}" - secret="${LXD_SECRET:-"sekret"}" - - LXD_NETNS="${ns}" spawn_lxd "${LXD_DIR}" false - ( - set -e - - # If a custom cluster port was given, we need to first set the REST - # API address. - if [ "${port}" != "8443" ]; then - lxc config set core.https_address "10.1.1.10${index}:8443" - fi - - cat > "${LXD_DIR}/preseed.yaml" <> "${LXD_DIR}/preseed.yaml" <> "${LXD_DIR}/preseed.yaml" <> "${LXD_DIR}/preseed.yaml" <> "${LXD_DIR}/preseed.yaml" < Spawn additional cluster node in ${ns} with storage driver ${driver}" - secret="${LXD_SECRET:-"sekret"}" LXD_NETNS="${ns}" spawn_lxd "${LXD_DIR}" false ( diff --git a/test/includes/lxd.sh b/test/includes/lxd.sh index 752e22830854..5240242f336b 100644 --- a/test/includes/lxd.sh +++ b/test/includes/lxd.sh @@ -60,8 +60,6 @@ spawn_lxd() { done fi - echo "==> Setting trust password" - LXD_DIR="${lxddir}" lxc config set core.trust_password foo if [ -n "${DEBUG:-}" ]; then set -x fi diff --git a/test/includes/setup.sh b/test/includes/setup.sh index e3430e5b58c9..1b37708751e1 100644 --- a/test/includes/setup.sh +++ b/test/includes/setup.sh @@ -4,7 +4,8 @@ ensure_has_localhost_remote() { # shellcheck disable=SC2039,3043 local addr="${1}" if ! lxc remote list | grep -q "localhost"; then - lxc remote add localhost "https://${addr}" --accept-certificate --password foo + token="$(lxc config trust add --name foo -q)" + lxc remote add localhost "https://${addr}" --accept-certificate --token "${token}" fi } diff --git a/test/suites/auth.sh b/test/suites/auth.sh index e19be73d654a..f058e9a04c8d 100644 --- a/test/suites/auth.sh +++ b/test/suites/auth.sh @@ -225,31 +225,22 @@ fine_grained_authorization() { lxc auth group permission remove test-group server can_view_warnings # Check we are not able to view any server config currently. - # Here we explicitly use two settings that contain actual passwords. - lxc config set core.trust_password foo2 - lxc config set loki.auth.password bar2 + # Here we explicitly a setting that contains an actual password. + lxc config set loki.auth.password bar [ "$(lxc_remote query oidc:/1.0 | jq '.config | length')" = 0 ] - [ "$(lxc_remote query oidc:/1.0 | jq -r '.config."core.trust_password"')" = "null" ] [ "$(lxc_remote query oidc:/1.0 | jq -r '.config."loki.auth.password"')" = "null" ] # Check we are not able to set any server config currently. - ! lxc_remote config set oidc: core.trust_password foo3 || false - ! lxc_remote config set oidc: loki.auth.password bar3 || false + ! lxc_remote config set oidc: loki.auth.password bar2 || false # Add "can_edit" permission to group. lxc auth group permission add test-group server can_edit # Check we can view the server's config. - # As the core.trust_password is stored as scrypt value together with its hash, we cannot easily compare it against the original value. - [ "$(lxc_remote query oidc:/1.0 | jq -r '.config."core.trust_password"')" != "null" ] - [ "$(lxc_remote query oidc:/1.0 | jq -r '.config."loki.auth.password"')" = "bar2" ] + [ "$(lxc_remote query oidc:/1.0 | jq -r '.config."loki.auth.password"')" = "bar" ] # Check we can modify the server's config. - lxc_remote config set oidc: core.trust_password foo3 - lxc_remote config set oidc: loki.auth.password bar3 - - # Reset the trust password to prevent side effects. - lxc config set core.trust_password foo + lxc_remote config set oidc: loki.auth.password bar2 lxc auth group permission remove test-group server can_edit lxc config unset loki.auth.password diff --git a/test/suites/basic.sh b/test/suites/basic.sh index 8c93e58dbba3..a25a0c6e29ab 100644 --- a/test/suites/basic.sh +++ b/test/suites/basic.sh @@ -656,11 +656,9 @@ test_basic_usage() { # Test rebuilding an instance with a new image. lxc init c1 --empty - lxc remote add l1 "${LXD_ADDR}" --accept-certificate --password foo - lxc rebuild l1:testimage c1 + lxc rebuild testimage c1 lxc start c1 lxc delete c1 -f - lxc remote remove l1 # Test rebuilding an instance with an empty file system. lxc init testimage c1 @@ -680,6 +678,8 @@ test_basic_usage() { lxc launch testimage c2 lxc launch testimage c3 + fingerprint="$(lxc config trust ls --format csv | cut -d, -f4)" + lxc config trust remove "${fingerprint}" lxc delete -f c1 c2 c3 remaining_instances="$(lxc list --format csv)" [ -z "${remaining_instances}" ] diff --git a/test/suites/clustering.sh b/test/suites/clustering.sh index 6169a602d81c..fc72b666b679 100644 --- a/test/suites/clustering.sh +++ b/test/suites/clustering.sh @@ -200,7 +200,7 @@ test_clustering_membership() { LXD_TWO_DIR=$(mktemp -d -p "${TEST_DIR}" XXX) chmod +x "${LXD_TWO_DIR}" ns2="${prefix}2" - spawn_lxd_and_join_cluster "${ns2}" "${bridge}" "${cert}" 2 1 "${LXD_TWO_DIR}" + spawn_lxd_and_join_cluster "${ns2}" "${bridge}" "${cert}" 2 1 "${LXD_TWO_DIR}" "${LXD_ONE_DIR}" # Configuration keys can be changed on any node. LXD_DIR="${LXD_TWO_DIR}" lxc config set cluster.offline_threshold 11 @@ -220,26 +220,25 @@ test_clustering_membership() { LXD_DIR="${LXD_ONE_DIR}" lxc network create net1 --target node2 # Spawn a third node, using the non-leader node2 as join target. - # Join this node using by explicitly specifying a token instead of a password. setup_clustering_netns 3 LXD_THREE_DIR=$(mktemp -d -p "${TEST_DIR}" XXX) chmod +x "${LXD_THREE_DIR}" ns3="${prefix}3" - spawn_lxd_and_join_cluster_with_token "${ns3}" "${bridge}" "${cert}" 3 2 "${LXD_THREE_DIR}" "${LXD_ONE_DIR}" + spawn_lxd_and_join_cluster "${ns3}" "${bridge}" "${cert}" 3 2 "${LXD_THREE_DIR}" "${LXD_ONE_DIR}" # Spawn a fourth node, this will be a non-database node. setup_clustering_netns 4 LXD_FOUR_DIR=$(mktemp -d -p "${TEST_DIR}" XXX) chmod +x "${LXD_FOUR_DIR}" ns4="${prefix}4" - spawn_lxd_and_join_cluster "${ns4}" "${bridge}" "${cert}" 4 1 "${LXD_FOUR_DIR}" + spawn_lxd_and_join_cluster "${ns4}" "${bridge}" "${cert}" 4 1 "${LXD_FOUR_DIR}" "${LXD_ONE_DIR}" # Spawn a fifth node, using non-database node4 as join target. setup_clustering_netns 5 LXD_FIVE_DIR=$(mktemp -d -p "${TEST_DIR}" XXX) chmod +x "${LXD_FIVE_DIR}" ns5="${prefix}5" - spawn_lxd_and_join_cluster "${ns5}" "${bridge}" "${cert}" 5 4 "${LXD_FIVE_DIR}" + spawn_lxd_and_join_cluster "${ns5}" "${bridge}" "${cert}" 5 4 "${LXD_FIVE_DIR}" "${LXD_ONE_DIR}" # List all nodes, using clients points to different nodes and # checking which are database nodes and which are database-standby nodes. @@ -252,7 +251,8 @@ test_clustering_membership() { LXD_DIR="${LXD_TWO_DIR}" lxc cluster show node5 | grep -q "node5" # Client certificate are shared across all nodes. - lxc remote add cluster 10.1.1.101:8443 --accept-certificate --password=sekret + token="$(LXD_DIR=${LXD_ONE_DIR} lxc config trust add --name foo -q)" + lxc remote add cluster 10.1.1.101:8443 --accept-certificate --token="${token}" lxc remote set-url cluster https://10.1.1.102:8443 lxc network list cluster: | grep -q "${bridge}" lxc remote remove cluster @@ -296,9 +296,7 @@ test_clustering_membership() { ns6="${prefix}6" # shellcheck disable=SC2034 - LXD_SECRET="${token}" - spawn_lxd_and_join_cluster "${ns6}" "${bridge}" "${cert}" 6 2 "${LXD_SIX_DIR}" - unset LXD_SECRET + spawn_lxd_and_join_cluster "${ns6}" "${bridge}" "${cert}" 6 2 "${LXD_SIX_DIR}" "${token}" # Check token has been deleted after join. LXD_DIR="${LXD_TWO_DIR}" lxc cluster list-tokens @@ -330,9 +328,7 @@ test_clustering_membership() { ns8="${prefix}8" # shellcheck disable=SC2034 - LXD_SECRET="${token_valid}" - spawn_lxd_and_join_cluster "${ns8}" "${bridge}" "${cert}" 8 2 "${LXD_EIGHT_DIR}" - unset LXD_SECRET + spawn_lxd_and_join_cluster "${ns8}" "${bridge}" "${cert}" 8 2 "${LXD_EIGHT_DIR}" "${token_valid}" # This will cause the token to expire LXD_DIR="${LXD_ONE_DIR}" lxc config set cluster.join_token_expiry=5S @@ -346,9 +342,7 @@ test_clustering_membership() { ns9="${prefix}9" # shellcheck disable=SC2034 - LXD_SECRET="${token_expired}" - ! spawn_lxd_and_join_cluster "${ns9}" "${bridge}" "${cert}" 9 2 "${LXD_NINE_DIR}" || false - unset LXD_SECRET + ! spawn_lxd_and_join_cluster "${ns9}" "${bridge}" "${cert}" 9 2 "${LXD_NINE_DIR}" "${token_expired}" || false # Unset join_token_expiry which will set it to the default value of 3h LXD_DIR="${LXD_ONE_DIR}" lxc config unset cluster.join_token_expiry @@ -405,14 +399,14 @@ test_clustering_containers() { LXD_TWO_DIR=$(mktemp -d -p "${TEST_DIR}" XXX) chmod +x "${LXD_TWO_DIR}" ns2="${prefix}2" - spawn_lxd_and_join_cluster "${ns2}" "${bridge}" "${cert}" 2 1 "${LXD_TWO_DIR}" + spawn_lxd_and_join_cluster "${ns2}" "${bridge}" "${cert}" 2 1 "${LXD_TWO_DIR}" "${LXD_ONE_DIR}" # Spawn a third node setup_clustering_netns 3 LXD_THREE_DIR=$(mktemp -d -p "${TEST_DIR}" XXX) chmod +x "${LXD_THREE_DIR}" ns3="${prefix}3" - spawn_lxd_and_join_cluster "${ns3}" "${bridge}" "${cert}" 3 1 "${LXD_THREE_DIR}" + spawn_lxd_and_join_cluster "${ns3}" "${bridge}" "${cert}" 3 1 "${LXD_THREE_DIR}" "${LXD_ONE_DIR}" # Init a container on node2, using a client connected to node1 LXD_DIR="${LXD_TWO_DIR}" ensure_import_testimage @@ -598,7 +592,7 @@ test_clustering_storage() { LXD_TWO_DIR=$(mktemp -d -p "${TEST_DIR}" XXX) chmod +x "${LXD_TWO_DIR}" ns2="${prefix}2" - spawn_lxd_and_join_cluster "${ns2}" "${bridge}" "${cert}" 2 1 "${LXD_TWO_DIR}" "${poolDriver}" + spawn_lxd_and_join_cluster "${ns2}" "${bridge}" "${cert}" 2 1 "${LXD_TWO_DIR}" "${LXD_ONE_DIR}" "${poolDriver}" # The state of the preseeded storage pool is still CREATED LXD_DIR="${LXD_ONE_DIR}" lxc storage list | grep data | grep -q CREATED @@ -813,7 +807,8 @@ test_clustering_storage() { # Manually send the join request. cert=$(sed ':a;N;$!ba;s/\n/\\n/g' "${LXD_ONE_DIR}/cluster.crt") - op=$(curl --unix-socket "${LXD_THREE_DIR}/unix.socket" -X PUT "lxd/1.0/cluster" -d "{\"server_name\":\"node3\",\"enabled\":true,\"member_config\":[${member_config}],\"server_address\":\"10.1.1.103:8443\",\"cluster_address\":\"10.1.1.101:8443\",\"cluster_certificate\":\"${cert}\",\"cluster_password\":\"sekret\"}" | jq -r .operation) + token="$(lxc cluster add node3 --quiet)" + op=$(curl --unix-socket "${LXD_THREE_DIR}/unix.socket" -X PUT "lxd/1.0/cluster" -d "{\"server_name\":\"node3\",\"enabled\":true,\"member_config\":[${member_config}],\"server_address\":\"10.1.1.103:8443\",\"cluster_address\":\"10.1.1.101:8443\",\"cluster_certificate\":\"${cert}\",\"cluster_token\":\"${token}\"}" | jq -r .operation) curl --unix-socket "${LXD_THREE_DIR}/unix.socket" "lxd${op}/wait" # Ensure that node-specific config appears on all nodes, @@ -1081,7 +1076,7 @@ test_clustering_network() { LXD_TWO_DIR=$(mktemp -d -p "${TEST_DIR}" XXX) chmod +x "${LXD_TWO_DIR}" ns2="${prefix}2" - spawn_lxd_and_join_cluster "${ns2}" "${bridge}" "${cert}" 2 1 "${LXD_TWO_DIR}" + spawn_lxd_and_join_cluster "${ns2}" "${bridge}" "${cert}" 2 1 "${LXD_TWO_DIR}" "${LXD_ONE_DIR}" # The state of the preseeded network is still CREATED LXD_DIR="${LXD_ONE_DIR}" lxc network list| grep "${bridge}" | grep -q CREATED @@ -1271,7 +1266,7 @@ test_clustering_upgrade() { LXD_TWO_DIR=$(mktemp -d -p "${TEST_DIR}" XXX) chmod +x "${LXD_TWO_DIR}" ns2="${prefix}2" - spawn_lxd_and_join_cluster "${ns2}" "${bridge}" "${cert}" 2 1 "${LXD_TWO_DIR}" + spawn_lxd_and_join_cluster "${ns2}" "${bridge}" "${cert}" 2 1 "${LXD_TWO_DIR}" "${LXD_ONE_DIR}" # Respawn the second node, making it believe it has an higher # version than it actually has. @@ -1301,7 +1296,7 @@ test_clustering_upgrade() { LXD_THREE_DIR=$(mktemp -d -p "${TEST_DIR}" XXX) chmod +x "${LXD_THREE_DIR}" ns3="${prefix}3" - spawn_lxd_and_join_cluster "${ns3}" "${bridge}" "${cert}" 3 1 "${LXD_THREE_DIR}" + spawn_lxd_and_join_cluster "${ns3}" "${bridge}" "${cert}" 3 1 "${LXD_THREE_DIR}" "${LXD_ONE_DIR}" # Respawn the second node, making it believe it has an higher # version than it actually has. @@ -1371,7 +1366,7 @@ test_clustering_upgrade_large() { mkdir -p "${LXD_ITH_DIR}" chmod +x "${LXD_ITH_DIR}" nsi="${prefix}${i}" - spawn_lxd_and_join_cluster "${nsi}" "${bridge}" "${cert}" "${i}" 1 "${LXD_ITH_DIR}" + spawn_lxd_and_join_cluster "${nsi}" "${bridge}" "${cert}" "${i}" 1 "${LXD_ITH_DIR}" "${LXD_ONE_DIR}" done # Respawn all nodes in sequence, as if their version had been upgrade. @@ -1422,7 +1417,7 @@ test_clustering_publish() { LXD_TWO_DIR=$(mktemp -d -p "${TEST_DIR}" XXX) chmod +x "${LXD_TWO_DIR}" ns2="${prefix}2" - spawn_lxd_and_join_cluster "${ns2}" "${bridge}" "${cert}" 2 1 "${LXD_TWO_DIR}" + spawn_lxd_and_join_cluster "${ns2}" "${bridge}" "${cert}" 2 1 "${LXD_TWO_DIR}" "${LXD_ONE_DIR}" # Give LXD a couple of seconds to get event API connected properly sleep 2 @@ -1474,7 +1469,7 @@ test_clustering_profiles() { LXD_TWO_DIR=$(mktemp -d -p "${TEST_DIR}" XXX) chmod +x "${LXD_TWO_DIR}" ns2="${prefix}2" - spawn_lxd_and_join_cluster "${ns2}" "${bridge}" "${cert}" 2 1 "${LXD_TWO_DIR}" + spawn_lxd_and_join_cluster "${ns2}" "${bridge}" "${cert}" 2 1 "${LXD_TWO_DIR}" "${LXD_ONE_DIR}" # Create an empty profile. LXD_DIR="${LXD_TWO_DIR}" lxc profile create web @@ -1578,7 +1573,7 @@ test_clustering_update_cert() { LXD_TWO_DIR=$(mktemp -d -p "${TEST_DIR}" XXX) chmod +x "${LXD_TWO_DIR}" ns2="${prefix}2" - spawn_lxd_and_join_cluster "${ns2}" "${bridge}" "${cert}" 2 1 "${LXD_TWO_DIR}" + spawn_lxd_and_join_cluster "${ns2}" "${bridge}" "${cert}" 2 1 "${LXD_TWO_DIR}" "${LXD_ONE_DIR}" # Send update request LXD_DIR="${LXD_ONE_DIR}" lxc cluster update-cert "${cert_path}" "${key_path}" -q @@ -1657,14 +1652,14 @@ test_clustering_update_cert_reversion() { LXD_TWO_DIR=$(mktemp -d -p "${TEST_DIR}" XXX) chmod +x "${LXD_TWO_DIR}" ns2="${prefix}2" - spawn_lxd_and_join_cluster "${ns2}" "${bridge}" "${cert}" 2 1 "${LXD_TWO_DIR}" + spawn_lxd_and_join_cluster "${ns2}" "${bridge}" "${cert}" 2 1 "${LXD_TWO_DIR}" "${LXD_ONE_DIR}" # Spawn a third node setup_clustering_netns 3 LXD_THREE_DIR=$(mktemp -d -p "${TEST_DIR}" XXX) chmod +x "${LXD_THREE_DIR}" ns3="${prefix}3" - spawn_lxd_and_join_cluster "${ns3}" "${bridge}" "${cert}" 3 1 "${LXD_THREE_DIR}" + spawn_lxd_and_join_cluster "${ns3}" "${bridge}" "${cert}" 3 1 "${LXD_THREE_DIR}" "${LXD_ONE_DIR}" # Shutdown third node LXD_DIR="${LXD_THREE_DIR}" lxd shutdown @@ -1721,7 +1716,8 @@ test_clustering_join_api() { ns2="${prefix}2" LXD_NETNS="${ns2}" spawn_lxd "${LXD_TWO_DIR}" false - op=$(curl --unix-socket "${LXD_TWO_DIR}/unix.socket" -X PUT "lxd/1.0/cluster" -d "{\"server_name\":\"node2\",\"enabled\":true,\"member_config\":[{\"entity\": \"storage-pool\",\"name\":\"data\",\"key\":\"source\",\"value\":\"\"}],\"server_address\":\"10.1.1.102:8443\",\"cluster_address\":\"10.1.1.101:8443\",\"cluster_certificate\":\"${cert}\",\"cluster_password\":\"sekret\"}" | jq -r .operation) + token="$(lxc cluster add node2 --quiet)" + op=$(curl --unix-socket "${LXD_TWO_DIR}/unix.socket" -X PUT "lxd/1.0/cluster" -d "{\"server_name\":\"node2\",\"enabled\":true,\"member_config\":[{\"entity\": \"storage-pool\",\"name\":\"data\",\"key\":\"source\",\"value\":\"\"}],\"server_address\":\"10.1.1.102:8443\",\"cluster_address\":\"10.1.1.101:8443\",\"cluster_certificate\":\"${cert}\",\"cluster_token\":\"${token}\"}" | jq -r .operation) curl --unix-socket "${LXD_TWO_DIR}/unix.socket" "lxd${op}/wait" LXD_DIR="${LXD_ONE_DIR}" lxc cluster show node2 | grep -q "message: Fully operational" @@ -1761,14 +1757,14 @@ test_clustering_shutdown_nodes() { LXD_TWO_DIR=$(mktemp -d -p "${TEST_DIR}" XXX) chmod +x "${LXD_TWO_DIR}" ns2="${prefix}2" - spawn_lxd_and_join_cluster "${ns2}" "${bridge}" "${cert}" 2 1 "${LXD_TWO_DIR}" + spawn_lxd_and_join_cluster "${ns2}" "${bridge}" "${cert}" 2 1 "${LXD_TWO_DIR}" "${LXD_ONE_DIR}" # Spawn a third node setup_clustering_netns 3 LXD_THREE_DIR=$(mktemp -d -p "${TEST_DIR}" XXX) chmod +x "${LXD_THREE_DIR}" ns3="${prefix}3" - spawn_lxd_and_join_cluster "${ns3}" "${bridge}" "${cert}" 3 1 "${LXD_THREE_DIR}" + spawn_lxd_and_join_cluster "${ns3}" "${bridge}" "${cert}" 3 1 "${LXD_THREE_DIR}" "${LXD_ONE_DIR}" # Init a container on node1, using a client connected to node1 LXD_DIR="${LXD_ONE_DIR}" ensure_import_testimage @@ -1833,7 +1829,7 @@ test_clustering_projects() { LXD_TWO_DIR=$(mktemp -d -p "${TEST_DIR}" XXX) chmod +x "${LXD_TWO_DIR}" ns2="${prefix}2" - spawn_lxd_and_join_cluster "${ns2}" "${bridge}" "${cert}" 2 1 "${LXD_TWO_DIR}" + spawn_lxd_and_join_cluster "${ns2}" "${bridge}" "${cert}" 2 1 "${LXD_TWO_DIR}" "${LXD_ONE_DIR}" # Create a test project LXD_DIR="${LXD_ONE_DIR}" lxc project create p1 @@ -1899,7 +1895,8 @@ test_clustering_address() { # Add a remote using the core.https_address of the bootstrap node, and check # that the REST API is exposed. url="https://10.1.1.101:8443" - lxc remote add cluster --password sekret --accept-certificate "${url}" + token="$(LXD_DIR="${LXD_ONE_DIR}" lxc config trust add --name foo --quiet)" + lxc remote add cluster --token "${token}" --accept-certificate "${url}" lxc storage list cluster: | grep -q data # Add a newline at the end of each line. YAML as weird rules.. @@ -1910,7 +1907,7 @@ test_clustering_address() { LXD_TWO_DIR=$(mktemp -d -p "${TEST_DIR}" XXX) chmod +x "${LXD_TWO_DIR}" ns2="${prefix}2" - spawn_lxd_and_join_cluster "${ns2}" "${bridge}" "${cert}" 2 1 "${LXD_TWO_DIR}" "dir" "8444" + spawn_lxd_and_join_cluster "${ns2}" "${bridge}" "${cert}" 2 1 "${LXD_TWO_DIR}" "${LXD_ONE_DIR}" "dir" "8444" LXD_DIR="${LXD_ONE_DIR}" lxc cluster list | grep -q node2 LXD_DIR="${LXD_TWO_DIR}" lxc cluster show node2 | grep -q "database: true" @@ -1976,7 +1973,7 @@ test_clustering_image_replication() { LXD_TWO_DIR=$(mktemp -d -p "${TEST_DIR}" XXX) chmod +x "${LXD_TWO_DIR}" ns2="${prefix}2" - spawn_lxd_and_join_cluster "${ns2}" "${bridge}" "${cert}" 2 1 "${LXD_TWO_DIR}" + spawn_lxd_and_join_cluster "${ns2}" "${bridge}" "${cert}" 2 1 "${LXD_TWO_DIR}" "${LXD_ONE_DIR}" # Image replication will be performed across all nodes in the cluster by default images_minimal_replica1=$(LXD_DIR="${LXD_ONE_DIR}" lxc config get cluster.images_minimal_replica) @@ -2001,7 +1998,7 @@ test_clustering_image_replication() { LXD_THREE_DIR=$(mktemp -d -p "${TEST_DIR}" XXX) chmod +x "${LXD_THREE_DIR}" ns3="${prefix}3" - spawn_lxd_and_join_cluster "${ns3}" "${bridge}" "${cert}" 3 1 "${LXD_THREE_DIR}" + spawn_lxd_and_join_cluster "${ns3}" "${bridge}" "${cert}" 3 1 "${LXD_THREE_DIR}" "${LXD_ONE_DIR}" # Wait for the test image to be synced into the joined node on the background retries=10 @@ -2224,14 +2221,14 @@ test_clustering_recover() { LXD_TWO_DIR=$(mktemp -d -p "${TEST_DIR}" XXX) chmod +x "${LXD_TWO_DIR}" ns2="${prefix}2" - spawn_lxd_and_join_cluster "${ns2}" "${bridge}" "${cert}" 2 1 "${LXD_TWO_DIR}" + spawn_lxd_and_join_cluster "${ns2}" "${bridge}" "${cert}" 2 1 "${LXD_TWO_DIR}" "${LXD_ONE_DIR}" # Spawn a third node setup_clustering_netns 3 LXD_THREE_DIR=$(mktemp -d -p "${TEST_DIR}" XXX) chmod +x "${LXD_THREE_DIR}" ns3="${prefix}3" - spawn_lxd_and_join_cluster "${ns3}" "${bridge}" "${cert}" 3 1 "${LXD_THREE_DIR}" + spawn_lxd_and_join_cluster "${ns3}" "${bridge}" "${cert}" 3 1 "${LXD_THREE_DIR}" "${LXD_ONE_DIR}" # Wait a bit for raft roles to update. sleep 5 @@ -2308,7 +2305,7 @@ test_clustering_handover() { LXD_TWO_DIR=$(mktemp -d -p "${TEST_DIR}" XXX) chmod +x "${LXD_TWO_DIR}" ns2="${prefix}2" - spawn_lxd_and_join_cluster "${ns2}" "${bridge}" "${cert}" 2 1 "${LXD_TWO_DIR}" + spawn_lxd_and_join_cluster "${ns2}" "${bridge}" "${cert}" 2 1 "${LXD_TWO_DIR}" "${LXD_ONE_DIR}" echo "Launched member 2" @@ -2317,7 +2314,7 @@ test_clustering_handover() { LXD_THREE_DIR=$(mktemp -d -p "${TEST_DIR}" XXX) chmod +x "${LXD_THREE_DIR}" ns3="${prefix}3" - spawn_lxd_and_join_cluster "${ns3}" "${bridge}" "${cert}" 3 1 "${LXD_THREE_DIR}" + spawn_lxd_and_join_cluster "${ns3}" "${bridge}" "${cert}" 3 1 "${LXD_THREE_DIR}" "${LXD_ONE_DIR}" echo "Launched member 3" @@ -2326,7 +2323,7 @@ test_clustering_handover() { LXD_FOUR_DIR=$(mktemp -d -p "${TEST_DIR}" XXX) chmod +x "${LXD_FOUR_DIR}" ns4="${prefix}4" - spawn_lxd_and_join_cluster "${ns4}" "${bridge}" "${cert}" 4 1 "${LXD_FOUR_DIR}" + spawn_lxd_and_join_cluster "${ns4}" "${bridge}" "${cert}" 4 1 "${LXD_FOUR_DIR}" "${LXD_ONE_DIR}" echo "Launched member 4" @@ -2424,21 +2421,21 @@ test_clustering_rebalance() { LXD_TWO_DIR=$(mktemp -d -p "${TEST_DIR}" XXX) chmod +x "${LXD_TWO_DIR}" ns2="${prefix}2" - spawn_lxd_and_join_cluster "${ns2}" "${bridge}" "${cert}" 2 1 "${LXD_TWO_DIR}" + spawn_lxd_and_join_cluster "${ns2}" "${bridge}" "${cert}" 2 1 "${LXD_TWO_DIR}" "${LXD_ONE_DIR}" # Spawn a third node setup_clustering_netns 3 LXD_THREE_DIR=$(mktemp -d -p "${TEST_DIR}" XXX) chmod +x "${LXD_THREE_DIR}" ns3="${prefix}3" - spawn_lxd_and_join_cluster "${ns3}" "${bridge}" "${cert}" 3 1 "${LXD_THREE_DIR}" + spawn_lxd_and_join_cluster "${ns3}" "${bridge}" "${cert}" 3 1 "${LXD_THREE_DIR}" "${LXD_ONE_DIR}" # Spawn a fourth node setup_clustering_netns 4 LXD_FOUR_DIR=$(mktemp -d -p "${TEST_DIR}" XXX) chmod +x "${LXD_FOUR_DIR}" ns4="${prefix}4" - spawn_lxd_and_join_cluster "${ns4}" "${bridge}" "${cert}" 4 1 "${LXD_FOUR_DIR}" + spawn_lxd_and_join_cluster "${ns4}" "${bridge}" "${cert}" 4 1 "${LXD_FOUR_DIR}" "${LXD_ONE_DIR}" # Wait a bit for raft roles to update. sleep 5 @@ -2513,7 +2510,7 @@ test_clustering_remove_raft_node() { LXD_TWO_DIR=$(mktemp -d -p "${TEST_DIR}" XXX) chmod +x "${LXD_TWO_DIR}" ns2="${prefix}2" - spawn_lxd_and_join_cluster "${ns2}" "${bridge}" "${cert}" 2 1 "${LXD_TWO_DIR}" + spawn_lxd_and_join_cluster "${ns2}" "${bridge}" "${cert}" 2 1 "${LXD_TWO_DIR}" "${LXD_ONE_DIR}" # Configuration keys can be changed on any node. LXD_DIR="${LXD_TWO_DIR}" lxc config set cluster.offline_threshold 11 @@ -2537,14 +2534,14 @@ test_clustering_remove_raft_node() { LXD_THREE_DIR=$(mktemp -d -p "${TEST_DIR}" XXX) chmod +x "${LXD_THREE_DIR}" ns3="${prefix}3" - spawn_lxd_and_join_cluster "${ns3}" "${bridge}" "${cert}" 3 2 "${LXD_THREE_DIR}" + spawn_lxd_and_join_cluster "${ns3}" "${bridge}" "${cert}" 3 2 "${LXD_THREE_DIR}" "${LXD_ONE_DIR}" # Spawn a fourth node, this will be a database-standby node. setup_clustering_netns 4 LXD_FOUR_DIR=$(mktemp -d -p "${TEST_DIR}" XXX) chmod +x "${LXD_FOUR_DIR}" ns4="${prefix}4" - spawn_lxd_and_join_cluster "${ns4}" "${bridge}" "${cert}" 4 1 "${LXD_FOUR_DIR}" + spawn_lxd_and_join_cluster "${ns4}" "${bridge}" "${cert}" 4 1 "${LXD_FOUR_DIR}" "${LXD_ONE_DIR}" LXD_DIR="${LXD_ONE_DIR}" lxc cluster list @@ -2634,35 +2631,35 @@ test_clustering_failure_domains() { LXD_TWO_DIR=$(mktemp -d -p "${TEST_DIR}" XXX) chmod +x "${LXD_TWO_DIR}" ns2="${prefix}2" - spawn_lxd_and_join_cluster "${ns2}" "${bridge}" "${cert}" 2 1 "${LXD_TWO_DIR}" + spawn_lxd_and_join_cluster "${ns2}" "${bridge}" "${cert}" 2 1 "${LXD_TWO_DIR}" "${LXD_ONE_DIR}" # Spawn a third node, using the non-leader node2 as join target. setup_clustering_netns 3 LXD_THREE_DIR=$(mktemp -d -p "${TEST_DIR}" XXX) chmod +x "${LXD_THREE_DIR}" ns3="${prefix}3" - spawn_lxd_and_join_cluster "${ns3}" "${bridge}" "${cert}" 3 2 "${LXD_THREE_DIR}" + spawn_lxd_and_join_cluster "${ns3}" "${bridge}" "${cert}" 3 2 "${LXD_THREE_DIR}" "${LXD_ONE_DIR}" # Spawn a fourth node, this will be a non-database node. setup_clustering_netns 4 LXD_FOUR_DIR=$(mktemp -d -p "${TEST_DIR}" XXX) chmod +x "${LXD_FOUR_DIR}" ns4="${prefix}4" - spawn_lxd_and_join_cluster "${ns4}" "${bridge}" "${cert}" 4 1 "${LXD_FOUR_DIR}" + spawn_lxd_and_join_cluster "${ns4}" "${bridge}" "${cert}" 4 1 "${LXD_FOUR_DIR}" "${LXD_ONE_DIR}" # Spawn a fifth node, using non-database node4 as join target. setup_clustering_netns 5 LXD_FIVE_DIR=$(mktemp -d -p "${TEST_DIR}" XXX) chmod +x "${LXD_FIVE_DIR}" ns5="${prefix}5" - spawn_lxd_and_join_cluster "${ns5}" "${bridge}" "${cert}" 5 4 "${LXD_FIVE_DIR}" + spawn_lxd_and_join_cluster "${ns5}" "${bridge}" "${cert}" 5 4 "${LXD_FIVE_DIR}" "${LXD_ONE_DIR}" # Spawn a sixth node, using non-database node4 as join target. setup_clustering_netns 6 LXD_SIX_DIR=$(mktemp -d -p "${TEST_DIR}" XXX) chmod +x "${LXD_SIX_DIR}" ns6="${prefix}6" - spawn_lxd_and_join_cluster "${ns6}" "${bridge}" "${cert}" 6 4 "${LXD_SIX_DIR}" + spawn_lxd_and_join_cluster "${ns6}" "${bridge}" "${cert}" 6 4 "${LXD_SIX_DIR}" "${LXD_ONE_DIR}" # Default failure domain LXD_DIR="${LXD_ONE_DIR}" lxc cluster show node2 | grep -q "failure_domain: default" @@ -2749,14 +2746,14 @@ test_clustering_image_refresh() { LXD_TWO_DIR=$(mktemp -d -p "${TEST_DIR}" XXX) chmod +x "${LXD_TWO_DIR}" ns2="${prefix}2" - spawn_lxd_and_join_cluster "${ns2}" "${bridge}" "${cert}" 2 1 "${LXD_TWO_DIR}" "${poolDriver}" + spawn_lxd_and_join_cluster "${ns2}" "${bridge}" "${cert}" 2 1 "${LXD_TWO_DIR}" "${LXD_ONE_DIR}" "${poolDriver}" # Spawn a third node setup_clustering_netns 3 LXD_THREE_DIR=$(mktemp -d -p "${TEST_DIR}" XXX) chmod +x "${LXD_THREE_DIR}" ns3="${prefix}3" - spawn_lxd_and_join_cluster "${ns3}" "${bridge}" "${cert}" 3 1 "${LXD_THREE_DIR}" "${poolDriver}" + spawn_lxd_and_join_cluster "${ns3}" "${bridge}" "${cert}" 3 1 "${LXD_THREE_DIR}" "${LXD_ONE_DIR}" "${poolDriver}" # Spawn public node which has a public testimage setup_clustering_netns 4 @@ -2771,8 +2768,10 @@ test_clustering_image_refresh() { LXD_DIR="${LXD_REMOTE_DIR}" lxc config set core.https_address "10.1.1.104:8443" # Add remotes - lxc remote add public "https://10.1.1.104:8443" --accept-certificate --password foo --public - lxc remote add cluster "https://10.1.1.101:8443" --accept-certificate --password sekret + token="$(LXD_DIR="${LXD_ONE_DIR}" lxc config trust add --name foo --quiet)" + lxc remote add public "https://10.1.1.104:8443" --accept-certificate --token foo --public + token="$(LXD_DIR="${LXD_ONE_DIR}" lxc config trust add --name foo --quiet)" + lxc remote add cluster "https://10.1.1.101:8443" --accept-certificate --token "${token}" LXD_DIR="${LXD_REMOTE_DIR}" lxc init testimage c1 @@ -2976,14 +2975,14 @@ test_clustering_evacuation() { LXD_TWO_DIR=$(mktemp -d -p "${TEST_DIR}" XXX) chmod +x "${LXD_TWO_DIR}" ns2="${prefix}2" - spawn_lxd_and_join_cluster "${ns2}" "${bridge}" "${cert}" 2 1 "${LXD_TWO_DIR}" "${poolDriver}" + spawn_lxd_and_join_cluster "${ns2}" "${bridge}" "${cert}" 2 1 "${LXD_TWO_DIR}" "${LXD_ONE_DIR}" "${poolDriver}" # Spawn a third node setup_clustering_netns 3 LXD_THREE_DIR=$(mktemp -d -p "${TEST_DIR}" XXX) chmod +x "${LXD_THREE_DIR}" ns3="${prefix}3" - spawn_lxd_and_join_cluster "${ns3}" "${bridge}" "${cert}" 3 1 "${LXD_THREE_DIR}" "${poolDriver}" + spawn_lxd_and_join_cluster "${ns3}" "${bridge}" "${cert}" 3 1 "${LXD_THREE_DIR}" "${LXD_ONE_DIR}" "${poolDriver}" # Create local pool LXD_DIR="${LXD_ONE_DIR}" lxc storage create pool1 dir --target node1 @@ -3118,32 +3117,32 @@ test_clustering_edit_configuration() { LXD_TWO_DIR=$(mktemp -d -p "${TEST_DIR}" XXX) chmod +x "${LXD_TWO_DIR}" ns2="${prefix}2" - spawn_lxd_and_join_cluster "${ns2}" "${bridge}" "${cert}" 2 1 "${LXD_TWO_DIR}" + spawn_lxd_and_join_cluster "${ns2}" "${bridge}" "${cert}" 2 1 "${LXD_TWO_DIR}" "${LXD_ONE_DIR}" # Spawn 6 nodes in total for role coverage. setup_clustering_netns 3 LXD_THREE_DIR=$(mktemp -d -p "${TEST_DIR}" XXX) chmod +x "${LXD_THREE_DIR}" ns3="${prefix}3" - spawn_lxd_and_join_cluster "${ns3}" "${bridge}" "${cert}" 3 1 "${LXD_THREE_DIR}" + spawn_lxd_and_join_cluster "${ns3}" "${bridge}" "${cert}" 3 1 "${LXD_THREE_DIR}" "${LXD_ONE_DIR}" setup_clustering_netns 4 LXD_FOUR_DIR=$(mktemp -d -p "${TEST_DIR}" XXX) chmod +x "${LXD_FOUR_DIR}" ns4="${prefix}4" - spawn_lxd_and_join_cluster "${ns4}" "${bridge}" "${cert}" 4 1 "${LXD_FOUR_DIR}" + spawn_lxd_and_join_cluster "${ns4}" "${bridge}" "${cert}" 4 1 "${LXD_FOUR_DIR}" "${LXD_ONE_DIR}" setup_clustering_netns 5 LXD_FIVE_DIR=$(mktemp -d -p "${TEST_DIR}" XXX) chmod +x "${LXD_FIVE_DIR}" ns5="${prefix}5" - spawn_lxd_and_join_cluster "${ns5}" "${bridge}" "${cert}" 5 1 "${LXD_FIVE_DIR}" + spawn_lxd_and_join_cluster "${ns5}" "${bridge}" "${cert}" 5 1 "${LXD_FIVE_DIR}" "${LXD_ONE_DIR}" setup_clustering_netns 6 LXD_SIX_DIR=$(mktemp -d -p "${TEST_DIR}" XXX) chmod +x "${LXD_SIX_DIR}" ns6="${prefix}6" - spawn_lxd_and_join_cluster "${ns6}" "${bridge}" "${cert}" 6 1 "${LXD_SIX_DIR}" + spawn_lxd_and_join_cluster "${ns6}" "${bridge}" "${cert}" 6 1 "${LXD_SIX_DIR}" "${LXD_ONE_DIR}" LXD_DIR="${LXD_ONE_DIR}" lxc config set cluster.offline_threshold 11 @@ -3267,35 +3266,35 @@ test_clustering_remove_members() { LXD_TWO_DIR=$(mktemp -d -p "${TEST_DIR}" XXX) chmod +x "${LXD_TWO_DIR}" ns2="${prefix}2" - spawn_lxd_and_join_cluster "${ns2}" "${bridge}" "${cert}" 2 1 "${LXD_TWO_DIR}" + spawn_lxd_and_join_cluster "${ns2}" "${bridge}" "${cert}" 2 1 "${LXD_TWO_DIR}" "${LXD_ONE_DIR}" - # Spawn a three node + # Spawn a third node setup_clustering_netns 3 LXD_THREE_DIR=$(mktemp -d -p "${TEST_DIR}" XXX) chmod +x "${LXD_THREE_DIR}" ns3="${prefix}3" - spawn_lxd_and_join_cluster "${ns3}" "${bridge}" "${cert}" 3 1 "${LXD_THREE_DIR}" + spawn_lxd_and_join_cluster "${ns3}" "${bridge}" "${cert}" 3 1 "${LXD_THREE_DIR}" "${LXD_ONE_DIR}" - # Spawn a four node + # Spawn a fourth node setup_clustering_netns 4 LXD_FOUR_DIR=$(mktemp -d -p "${TEST_DIR}" XXX) chmod +x "${LXD_FOUR_DIR}" ns4="${prefix}4" - spawn_lxd_and_join_cluster "${ns4}" "${bridge}" "${cert}" 4 1 "${LXD_FOUR_DIR}" + spawn_lxd_and_join_cluster "${ns4}" "${bridge}" "${cert}" 4 1 "${LXD_FOUR_DIR}" "${LXD_ONE_DIR}" - # Spawn a five node + # Spawn a fifth node setup_clustering_netns 5 LXD_FIVE_DIR=$(mktemp -d -p "${TEST_DIR}" XXX) chmod +x "${LXD_FIVE_DIR}" ns5="${prefix}5" - spawn_lxd_and_join_cluster "${ns5}" "${bridge}" "${cert}" 5 1 "${LXD_FIVE_DIR}" + spawn_lxd_and_join_cluster "${ns5}" "${bridge}" "${cert}" 5 1 "${LXD_FIVE_DIR}" "${LXD_ONE_DIR}" # Spawn a sixth node setup_clustering_netns 6 LXD_SIX_DIR=$(mktemp -d -p "${TEST_DIR}" XXX) chmod +x "${LXD_SIX_DIR}" ns6="${prefix}6" - spawn_lxd_and_join_cluster "${ns6}" "${bridge}" "${cert}" 6 1 "${LXD_SIX_DIR}" + spawn_lxd_and_join_cluster "${ns6}" "${bridge}" "${cert}" 6 1 "${LXD_SIX_DIR}" "${LXD_ONE_DIR}" LXD_DIR="${LXD_ONE_DIR}" lxc info --target node2 | grep -q "server_name: node2" LXD_DIR="${LXD_TWO_DIR}" lxc info --target node1 | grep -q "server_name: node1" @@ -3346,7 +3345,7 @@ test_clustering_remove_members() { LXD_SEVEN_DIR=$(mktemp -d -p "${TEST_DIR}" XXX) chmod +x "${LXD_SEVEN_DIR}" ns7="${prefix}7" - spawn_lxd_and_join_cluster "${ns7}" "${bridge}" "${cert}" 7 6 "${LXD_SEVEN_DIR}" + spawn_lxd_and_join_cluster "${ns7}" "${bridge}" "${cert}" 7 6 "${LXD_SEVEN_DIR}" "${LXD_SIX_DIR}" # Ensure the remaining node is working by join a new node7 LXD_DIR="${LXD_SIX_DIR}" lxc info --target node7 | grep -q "server_name: node7" @@ -3404,7 +3403,7 @@ test_clustering_autotarget() { LXD_TWO_DIR=$(mktemp -d -p "${TEST_DIR}" XXX) chmod +x "${LXD_TWO_DIR}" ns2="${prefix}2" - spawn_lxd_and_join_cluster "${ns2}" "${bridge}" "${cert}" 2 1 "${LXD_TWO_DIR}" + spawn_lxd_and_join_cluster "${ns2}" "${bridge}" "${cert}" 2 1 "${LXD_TWO_DIR}" "${LXD_ONE_DIR}" # Use node1 for all cluster actions. LXD_DIR="${LXD_ONE_DIR}" @@ -3456,16 +3455,17 @@ test_clustering_groups() { LXD_TWO_DIR=$(mktemp -d -p "${TEST_DIR}" XXX) chmod +x "${LXD_TWO_DIR}" ns2="${prefix}2" - spawn_lxd_and_join_cluster "${ns2}" "${bridge}" "${cert}" 2 1 "${LXD_TWO_DIR}" + spawn_lxd_and_join_cluster "${ns2}" "${bridge}" "${cert}" 2 1 "${LXD_TWO_DIR}" "${LXD_ONE_DIR}" # Spawn a third node setup_clustering_netns 3 LXD_THREE_DIR=$(mktemp -d -p "${TEST_DIR}" XXX) chmod +x "${LXD_THREE_DIR}" ns3="${prefix}3" - spawn_lxd_and_join_cluster "${ns3}" "${bridge}" "${cert}" 3 1 "${LXD_THREE_DIR}" + spawn_lxd_and_join_cluster "${ns3}" "${bridge}" "${cert}" 3 1 "${LXD_THREE_DIR}" "${LXD_ONE_DIR}" - lxc remote add cluster --password sekret --accept-certificate "https://10.1.1.101:8443" + token="$(LXD_DIR="${LXD_ONE_DIR}" lxc config trust add --name foo --quiet)" + lxc remote add cluster --token "${token}" --accept-certificate "https://10.1.1.101:8443" # Initially, there is only the default group lxc cluster group show cluster:default @@ -3645,28 +3645,28 @@ test_clustering_events() { LXD_TWO_DIR=$(mktemp -d -p "${TEST_DIR}" XXX) chmod +x "${LXD_TWO_DIR}" ns2="${prefix}2" - spawn_lxd_and_join_cluster "${ns2}" "${bridge}" "${cert}" 2 1 "${LXD_TWO_DIR}" + spawn_lxd_and_join_cluster "${ns2}" "${bridge}" "${cert}" 2 1 "${LXD_TWO_DIR}" "${LXD_ONE_DIR}" # Spawn a third node. setup_clustering_netns 3 LXD_THREE_DIR=$(mktemp -d -p "${TEST_DIR}" XXX) chmod +x "${LXD_THREE_DIR}" ns3="${prefix}3" - spawn_lxd_and_join_cluster "${ns3}" "${bridge}" "${cert}" 3 1 "${LXD_THREE_DIR}" + spawn_lxd_and_join_cluster "${ns3}" "${bridge}" "${cert}" 3 1 "${LXD_THREE_DIR}" "${LXD_ONE_DIR}" # Spawn a fourth node. setup_clustering_netns 4 LXD_FOUR_DIR=$(mktemp -d -p "${TEST_DIR}" XXX) chmod +x "${LXD_FOUR_DIR}" ns4="${prefix}4" - spawn_lxd_and_join_cluster "${ns4}" "${bridge}" "${cert}" 4 1 "${LXD_FOUR_DIR}" + spawn_lxd_and_join_cluster "${ns4}" "${bridge}" "${cert}" 4 1 "${LXD_FOUR_DIR}" "${LXD_ONE_DIR}" # Spawn a firth node. setup_clustering_netns 5 LXD_FIVE_DIR=$(mktemp -d -p "${TEST_DIR}" XXX) chmod +x "${LXD_FIVE_DIR}" ns5="${prefix}5" - spawn_lxd_and_join_cluster "${ns5}" "${bridge}" "${cert}" 5 1 "${LXD_FIVE_DIR}" + spawn_lxd_and_join_cluster "${ns5}" "${bridge}" "${cert}" 5 1 "${LXD_FIVE_DIR}" "${LXD_ONE_DIR}" LXD_DIR="${LXD_ONE_DIR}" lxc cluster list LXD_DIR="${LXD_ONE_DIR}" lxc info | grep -F "server_event_mode: full-mesh" @@ -3846,7 +3846,7 @@ test_clustering_uuid() { LXD_TWO_DIR=$(mktemp -d -p "${TEST_DIR}" XXX) chmod +x "${LXD_TWO_DIR}" ns2="${prefix}2" - spawn_lxd_and_join_cluster "${ns2}" "${bridge}" "${cert}" 2 1 "${LXD_TWO_DIR}" + spawn_lxd_and_join_cluster "${ns2}" "${bridge}" "${cert}" 2 1 "${LXD_TWO_DIR}" "${LXD_ONE_DIR}" ensure_import_testimage diff --git a/test/suites/clustering_instance_placement_scriptlet.sh b/test/suites/clustering_instance_placement_scriptlet.sh index 337c7964e254..57f7f34ae069 100644 --- a/test/suites/clustering_instance_placement_scriptlet.sh +++ b/test/suites/clustering_instance_placement_scriptlet.sh @@ -28,14 +28,14 @@ test_clustering_instance_placement_scriptlet() { LXD_TWO_DIR=$(mktemp -d -p "${TEST_DIR}" XXX) chmod +x "${LXD_TWO_DIR}" ns2="${prefix}2" - spawn_lxd_and_join_cluster "${ns2}" "${bridge}" "${cert}" 2 1 "${LXD_TWO_DIR}" "${poolDriver}" + spawn_lxd_and_join_cluster "${ns2}" "${bridge}" "${cert}" 2 1 "${LXD_TWO_DIR}" "${LXD_ONE_DIR}" "${poolDriver}" # Spawn a third node setup_clustering_netns 3 LXD_THREE_DIR=$(mktemp -d -p "${TEST_DIR}" XXX) chmod +x "${LXD_THREE_DIR}" ns3="${prefix}3" - spawn_lxd_and_join_cluster "${ns3}" "${bridge}" "${cert}" 3 1 "${LXD_THREE_DIR}" "${poolDriver}" + spawn_lxd_and_join_cluster "${ns3}" "${bridge}" "${cert}" 3 1 "${LXD_THREE_DIR}" "${LXD_ONE_DIR}" "${poolDriver}" LXD_DIR="${LXD_ONE_DIR}" ensure_import_testimage diff --git a/test/suites/clustering_move.sh b/test/suites/clustering_move.sh index 3ac88099ff8e..937f0ff42bfa 100644 --- a/test/suites/clustering_move.sh +++ b/test/suites/clustering_move.sh @@ -20,14 +20,14 @@ test_clustering_move() { LXD_TWO_DIR=$(mktemp -d -p "${TEST_DIR}" XXX) chmod +x "${LXD_TWO_DIR}" ns2="${prefix}2" - spawn_lxd_and_join_cluster "${ns2}" "${bridge}" "${cert}" 2 1 "${LXD_TWO_DIR}" + spawn_lxd_and_join_cluster "${ns2}" "${bridge}" "${cert}" 2 1 "${LXD_TWO_DIR}" "${LXD_ONE_DIR}" # Spawn a third node setup_clustering_netns 3 LXD_THREE_DIR=$(mktemp -d -p "${TEST_DIR}" XXX) chmod +x "${LXD_THREE_DIR}" ns3="${prefix}3" - spawn_lxd_and_join_cluster "${ns3}" "${bridge}" "${cert}" 3 1 "${LXD_THREE_DIR}" + spawn_lxd_and_join_cluster "${ns3}" "${bridge}" "${cert}" 3 1 "${LXD_THREE_DIR}" "${LXD_ONE_DIR}" ensure_import_testimage diff --git a/test/suites/image.sh b/test/suites/image.sh index 644d3ccbb998..2d64a83464f7 100644 --- a/test/suites/image.sh +++ b/test/suites/image.sh @@ -8,9 +8,12 @@ test_image_expiry() { ensure_import_testimage + token="$(lxc config trust add --name foo -q)" # shellcheck disable=2153 - lxc_remote remote add l1 "${LXD_ADDR}" --accept-certificate --password foo - lxc_remote remote add l2 "${LXD2_ADDR}" --accept-certificate --password foo + lxc_remote remote add l1 "${LXD_ADDR}" --accept-certificate --token "${token}" + + token="$(LXD_DIR=${LXD2_DIR} lxc config trust add --name foo -q)" + lxc_remote remote add l2 "${LXD2_ADDR}" --accept-certificate --token "${token}" # Create containers from a remote image in two projects. lxc_remote project create l2:p1 -c features.images=true -c features.profiles=false @@ -131,7 +134,8 @@ test_image_refresh() { ensure_import_testimage - lxc_remote remote add l2 "${LXD2_ADDR}" --accept-certificate --password foo + token="$(LXD_DIR=${LXD2_DIR} lxc config trust add --name foo -q)" + lxc_remote remote add l2 "${LXD2_ADDR}" --accept-certificate --token "${token}" poolDriver="$(lxc storage show "$(lxc profile device get default root pool)" | awk '/^driver:/ {print $2}')" diff --git a/test/suites/image_auto_update.sh b/test/suites/image_auto_update.sh index e5c29b8af1ec..ebf765169fd2 100644 --- a/test/suites/image_auto_update.sh +++ b/test/suites/image_auto_update.sh @@ -13,7 +13,8 @@ test_image_auto_update() { (LXD_DIR=${LXD2_DIR} deps/import-busybox --alias testimage --public) fp1="$(LXD_DIR=${LXD2_DIR} lxc image info testimage | awk '/^Fingerprint/ {print $2}')" - lxc remote add l2 "${LXD2_ADDR}" --accept-certificate --password foo + token="$(LXD_DIR=${LXD2_DIR} lxc config trust add --name foo -q)" + lxc remote add l2 "${LXD2_ADDR}" --accept-certificate --token "${token}" lxc init l2:testimage c1 # Now the first image image is in the local store, since it was diff --git a/test/suites/image_prefer_cached.sh b/test/suites/image_prefer_cached.sh index 90c1fe090b94..46127ad3e7d2 100644 --- a/test/suites/image_prefer_cached.sh +++ b/test/suites/image_prefer_cached.sh @@ -16,7 +16,8 @@ test_image_prefer_cached() { (LXD_DIR=${LXD2_DIR} deps/import-busybox --alias testimage --public) fp1="$(LXD_DIR=${LXD2_DIR} lxc image info testimage | awk '/^Fingerprint/ {print $2}')" - lxc remote add l2 "${LXD2_ADDR}" --accept-certificate --password foo + token="$(LXD_DIR=${LXD2_DIR} lxc config trust add --name foo -q)" + lxc remote add l2 "${LXD2_ADDR}" --accept-certificate --token "${token}" lxc init l2:testimage c1 # Now the first image image is in the local store, since it was diff --git a/test/suites/init_auto.sh b/test/suites/init_auto.sh index a8e0eab835c7..f77f35dffc5d 100644 --- a/test/suites/init_auto.sh +++ b/test/suites/init_auto.sh @@ -57,12 +57,12 @@ test_init_auto() { kill_lxd "${LXD_INIT_DIR}" fi - # lxd init --trust-password test --network-address 127.0.0.1 --network-port LOCAL --auto + # lxd init --network-address 127.0.0.1 --network-port LOCAL --auto LXD_INIT_DIR=$(mktemp -d -p "${TEST_DIR}" XXX) chmod +x "${LXD_INIT_DIR}" spawn_lxd "${LXD_INIT_DIR}" false - LXD_DIR=${LXD_INIT_DIR} lxd init --trust-password test --network-address 127.0.0.1 --network-port "$(local_tcp_port)" --auto + LXD_DIR=${LXD_INIT_DIR} lxd init --network-address 127.0.0.1 --network-port "$(local_tcp_port)" --auto kill_lxd "${LXD_INIT_DIR}" } diff --git a/test/suites/init_dump.sh b/test/suites/init_dump.sh index 575ba6557bcc..a558276f78af 100644 --- a/test/suites/init_dump.sh +++ b/test/suites/init_dump.sh @@ -45,12 +45,9 @@ profiles: EOF lxd init --dump > config.yaml - # XXX: mangle the trust_password field as a workaround - sed -i 's/^\( *core.trust_password\): .\+$/\1: true/' config.yaml cat < expected.yaml config: core.https_address: 127.0.0.1:9999 - core.trust_password: true images.auto_update_interval: "15" networks: - config: diff --git a/test/suites/migration.sh b/test/suites/migration.sh index c31488557883..f64ca67fb57b 100644 --- a/test/suites/migration.sh +++ b/test/suites/migration.sh @@ -13,9 +13,12 @@ test_migration() { # workaround for kernel/criu umount /sys/kernel/debug >/dev/null 2>&1 || true + token="$(lxc config trust add --name foo -q)" # shellcheck disable=2153 - lxc_remote remote add l1 "${LXD_ADDR}" --accept-certificate --password foo - lxc_remote remote add l2 "${LXD2_ADDR}" --accept-certificate --password foo + lxc_remote remote add l1 "${LXD_ADDR}" --accept-certificate --token "${token}" + + token="$(LXD_DIR=${LXD2_DIR} lxc config trust add --name foo -q)" + lxc_remote remote add l2 "${LXD2_ADDR}" --accept-certificate --token "${token}" migration "$LXD2_DIR" diff --git a/test/suites/pki.sh b/test/suites/pki.sh index 7f5de2949833..af5dd1eae04d 100644 --- a/test/suites/pki.sh +++ b/test/suites/pki.sh @@ -55,20 +55,20 @@ test_pki() { set -e export LXD_CONF="${LXC5_DIR}" - # Try adding remote using an incorrect password. - # This should fail, as if the certificate is unknown and password is wrong then no access should be allowed. - ! lxc_remote remote add pki-lxd "${LXD5_ADDR}" --accept-certificate --password=bar || false + # Try adding remote using an incorrect token. + # This should fail, as if the certificate is unknown and token is wrong then no access should be allowed. + ! lxc_remote remote add pki-lxd "${LXD5_ADDR}" --accept-certificate --token=bar || false - # Add remote using the correct password. + # Add remote using the correct token. # This should work because the client certificate is signed by the CA. token="$(LXD_DIR=${LXD5_DIR} lxc config trust add --name foo -q)" - lxc_remote remote add pki-lxd "${LXD5_ADDR}" --accept-certificate --password "${token}" + lxc_remote remote add pki-lxd "${LXD5_ADDR}" --accept-certificate --token "${token}" lxc_remote config trust ls pki-lxd: | grep lxd-client fingerprint="$(lxc_remote config trust ls pki-lxd: --format csv | cut -d, -f4)" lxc_remote config trust remove pki-lxd:"${fingerprint}" lxc_remote remote remove pki-lxd - # Add remote using a CA-signed client certificate, and not providing a password. + # Add remote using a CA-signed client certificate, and not providing a token. # This should succeed and tests that the CA trust is working, as adding the client certificate to the trust # store without a token would normally fail. LXD_DIR=${LXD5_DIR} lxc config set core.trust_ca_certificates true @@ -78,7 +78,7 @@ test_pki() { # Add remote using a CA-signed client certificate, and providing an incorrect token. # This should succeed as is the same as the test above but with an incorrect token rather than no token. - lxc_remote remote add pki-lxd "${LXD5_ADDR}" --accept-certificate --password=bar + lxc_remote remote add pki-lxd "${LXD5_ADDR}" --accept-certificate --token=bar ! lxc_remote config trust ls pki-lxd: | grep lxd-client || false lxc_remote remote remove pki-lxd @@ -86,21 +86,23 @@ test_pki() { cp "${TEST_DIR}/pki/keys/lxd-client-revoked.crt" "${LXC5_DIR}/client.crt" cp "${TEST_DIR}/pki/keys/lxd-client-revoked.key" "${LXC5_DIR}/client.key" - # Try adding a remote using a revoked client certificate, and the correct password. + # Try adding a remote using a revoked client certificate, and the correct token. # This should fail, as although revoked certificates can be added to the trust store, they will not be usable. - ! lxc_remote remote add pki-lxd "${LXD5_ADDR}" --accept-certificate --password=foo || false + token="$(LXD_DIR=${LXD5_DIR} lxc config trust add --name foo -q)" + ! lxc_remote remote add pki-lxd "${LXD5_ADDR}" --accept-certificate --token "${token}" || false - # Try adding a remote using a revoked client certificate, and an incorrect password. - # This should fail, as if the certificate is revoked and password is wrong then no access should be allowed. - ! lxc_remote remote add pki-lxd "${LXD5_ADDR}" --accept-certificate --password=incorrect || false + # Try adding a remote using a revoked client certificate, and an incorrect token. + # This should fail, as if the certificate is revoked and token is wrong then no access should be allowed. + ! lxc_remote remote add pki-lxd "${LXD5_ADDR}" --accept-certificate --token=incorrect || false ) # Confirm that a normal, non-PKI certificate doesn't. # As LXD_CONF is not set to LXC5_DIR where the CA signed client certs are, this will cause the lxc command to # generate a new certificate that isn't trusted by the CA certificate and thus will not be allowed, even with a - # correct trust password. This is because the LXD TLS listener in CA mode will not consider a client cert that + # correct token. This is because the LXD TLS listener in CA mode will not consider a client cert that # is not signed by the CA as valid. - ! lxc_remote remote add pki-lxd "${LXD5_ADDR}" --accept-certificate --password=foo || false + token="$(LXD_DIR=${LXD5_DIR} lxc config trust add --name foo -q)" + ! lxc_remote remote add pki-lxd "${LXD5_ADDR}" --accept-certificate --token "${token}" || false kill_lxd "${LXD5_DIR}" } diff --git a/test/suites/projects.sh b/test/suites/projects.sh index c7b211d65790..275ac937fd0b 100644 --- a/test/suites/projects.sh +++ b/test/suites/projects.sh @@ -521,7 +521,7 @@ test_projects_network() { # Create a container in the project lxc init -n "${network}" testimage c1 - lxc network show "${network}" |grep -q "/1.0/instances/c1?project=foo" + lxc network show "${network}" | grep -q "/1.0/instances/c1?project=foo" # Delete the container lxc delete c1 @@ -754,7 +754,8 @@ test_projects_limits() { LXD_REMOTE_ADDR=$(cat "${LXD_REMOTE_DIR}/lxd.addr") (LXD_DIR=${LXD_REMOTE_DIR} deps/import-busybox --alias remoteimage --template start --public) - lxc remote add l2 "${LXD_REMOTE_ADDR}" --accept-certificate --password foo + token="$(LXD_DIR=${LXD_REMOTE_DIR} lxc config trust add --name foo -q)" + lxc remote add l2 "${LXD_REMOTE_ADDR}" --accept-certificate --token "${token}" # Relax all constraints except the disk limits, which won't be enough for the # image to be downloaded. diff --git a/test/suites/remote.sh b/test/suites/remote.sh index 8ab3549ef0b5..2e11a1b873b4 100644 --- a/test/suites/remote.sh +++ b/test/suites/remote.sh @@ -2,7 +2,8 @@ test_remote_url() { # Add remotes using password. # shellcheck disable=2153 for url in "${LXD_ADDR}" "https://${LXD_ADDR}"; do - lxc_remote remote add test "${url}" --accept-certificate --password foo + token="$(lxc config trust add --name foo -q)" + lxc_remote remote add test "${url}" --accept-certificate --token "${token}" lxc_remote info test: lxc_remote config trust list | awk '/@/ {print $8}' | while read -r line ; do lxc_remote config trust remove "\"${line}\"" @@ -26,7 +27,7 @@ test_remote_url() { urls="${LXD_DIR}/unix.socket unix:${LXD_DIR}/unix.socket unix://${LXD_DIR}/unix.socket" # an invalid protocol returns an error - ! lxc_remote remote add test "${url}" --accept-certificate --password foo --protocol foo || false + ! lxc_remote remote add test "${url}" --accept-certificate --token foo --protocol foo || false for url in ${urls}; do lxc_remote remote add test "${url}" @@ -50,6 +51,9 @@ test_remote_url_with_token() { # Generate token for client foo echo foo | lxc config trust add -q + # FIXME: remove + lxc config trust list-tokens -f json + # Listing all tokens should show only a single one [ "$(lxc config trust list-tokens -f json | jq '[.[] | select(.ClientName == "foo")] | length')" -eq 1 ] @@ -98,7 +102,7 @@ test_remote_url_with_token() { [ "$(curl -k -s --key "${TEST_DIR}/token-client.key" --cert "${TEST_DIR}/token-client.crt" "https://${LXD_ADDR}/1.0/instances" | jq '.error_code')" -eq 403 ] # Add valid token - curl -k -s --key "${TEST_DIR}/token-client.key" --cert "${TEST_DIR}/token-client.crt" -X POST -d "{\"password\": ${token}}" "https://${LXD_ADDR}/1.0/certificates" + curl -k -s --key "${TEST_DIR}/token-client.key" --cert "${TEST_DIR}/token-client.crt" -X POST -d "{\"trust_token\": ${token}}" "https://${LXD_ADDR}/1.0/certificates" # Check if we can see instances [ "$(curl -k -s --key "${TEST_DIR}/token-client.key" --cert "${TEST_DIR}/token-client.crt" "https://${LXD_ADDR}/1.0/instances" | jq '.status_code')" -eq 200 ] @@ -112,7 +116,7 @@ test_remote_url_with_token() { token="$(lxc config trust list-tokens -f json | jq '.[].Token')" # Add valid token but override projects - curl -k -s --key "${TEST_DIR}/token-client.key" --cert "${TEST_DIR}/token-client.crt" -X POST -d "{\"password\":${token},\"projects\":[\"default\",\"foo\"],\"restricted\":false}" "https://${LXD_ADDR}/1.0/certificates" + curl -k -s --key "${TEST_DIR}/token-client.key" --cert "${TEST_DIR}/token-client.crt" -X POST -d "{\"trust_token\":${token},\"projects\":[\"default\",\"foo\"],\"restricted\":false}" "https://${LXD_ADDR}/1.0/certificates" # Check if we can see instances in the foo project [ "$(curl -k -s --key "${TEST_DIR}/token-client.key" --cert "${TEST_DIR}/token-client.crt" "https://${LXD_ADDR}/1.0/instances?project=foo" | jq '.status_code')" -eq 200 ] @@ -155,10 +159,11 @@ test_remote_url_with_token() { } test_remote_admin() { - ! lxc_remote remote add badpass "${LXD_ADDR}" --accept-certificate --password bad || false + ! lxc_remote remote add badpass "${LXD_ADDR}" --accept-certificate --token badtoken || false ! lxc_remote list badpass: || false - lxc_remote remote add foo "${LXD_ADDR}" --accept-certificate --password foo + token="$(lxc config trust add --name foo -q)" + lxc_remote remote add foo "${LXD_ADDR}" --accept-certificate --token "${token}" lxc_remote remote list | grep 'foo' lxc_remote remote set-default foo @@ -173,7 +178,7 @@ test_remote_admin() { lxc_remote remote set-default local lxc_remote remote remove bar - # This is a test for #91, we expect this to block asking for a password if we + # This is a test for #91, we expect this to block asking for a token if we # tried to re-add our cert. echo y | lxc_remote remote add foo "${LXD_ADDR}" lxc_remote remote remove foo @@ -183,7 +188,8 @@ test_remote_admin() { gen_cert client2 # Test for #623 - lxc_remote remote add test-623 "${LXD_ADDR}" --accept-certificate --password foo + token="$(lxc config trust add --name foo -q)" + lxc_remote remote add test-623 "${LXD_ADDR}" --accept-certificate --token "${token}" lxc_remote remote remove test-623 # now re-add under a different alias @@ -205,7 +211,8 @@ test_remote_usage() { ensure_import_testimage ensure_has_localhost_remote "${LXD_ADDR}" - lxc_remote remote add lxd2 "${LXD2_ADDR}" --accept-certificate --password foo + token="$(LXD_DIR=${LXD2_DIR} lxc config trust add --name foo -q)" + lxc_remote remote add lxd2 "${LXD2_ADDR}" --accept-certificate --token "${token}" # we need a public image on localhost diff --git a/test/suites/serverconfig.sh b/test/suites/serverconfig.sh index e36b5876ff89..ca5dd5e7a649 100644 --- a/test/suites/serverconfig.sh +++ b/test/suites/serverconfig.sh @@ -3,24 +3,12 @@ test_server_config() { spawn_lxd "${LXD_SERVERCONFIG_DIR}" true ensure_has_localhost_remote "${LXD_ADDR}" - _server_config_password _server_config_access _server_config_storage kill_lxd "${LXD_SERVERCONFIG_DIR}" } -_server_config_password() { - lxc config set core.trust_password 123456 - - config=$(lxc config show) - echo "${config}" | grep -q "trust_password" - echo "${config}" | grep -q -v "123456" - - lxc config unset core.trust_password - lxc config show | grep -q -v "trust_password" -} - _server_config_access() { # test untrusted server GET my_curl -X GET "https://$(cat "${LXD_SERVERCONFIG_DIR}/lxd.addr")/1.0" | grep -v -q environment diff --git a/test/suites/sql.sh b/test/suites/sql.sh index 65719e511df4..cbae676a3d70 100644 --- a/test/suites/sql.sh +++ b/test/suites/sql.sh @@ -8,14 +8,15 @@ test_sql() { lxd sql local "SELECT * FROM config" | grep -qF "core.https_address" # Global database query - lxd sql global "SELECT * FROM config" | grep -qF "core.trust_password" + lxc config set user.foo=bar + lxd sql global "SELECT * FROM config" | grep -qF "user.foo" # Global database insert lxd sql global "INSERT INTO config(key,value) VALUES('core.https_allowed_credentials','true')" | grep -qxF "Rows affected: 1" lxd sql global "DELETE FROM config WHERE key='core.https_allowed_credentials'" | grep -qxF "Rows affected: 1" # Standard input - echo "SELECT * FROM config" | lxd sql global - | grep -qF "core.trust_password" + echo "SELECT * FROM config" | lxd sql global - | grep -qF "user.foo" # Multiple queries lxd sql global "SELECT * FROM config; SELECT * FROM instances" | grep -qxF "=> Query 0:" diff --git a/test/suites/storage_snapshots.sh b/test/suites/storage_snapshots.sh index adcacbe51a9b..155dfa85d600 100644 --- a/test/suites/storage_snapshots.sh +++ b/test/suites/storage_snapshots.sh @@ -1,5 +1,6 @@ test_storage_volume_snapshots() { ensure_import_testimage + ensure_has_localhost_remote "${LXD_ADDR}" # shellcheck disable=2039,3043 local LXD_STORAGE_DIR lxd_backend @@ -8,7 +9,6 @@ test_storage_volume_snapshots() { LXD_STORAGE_DIR=$(mktemp -d -p "${TEST_DIR}" XXXXXXXXX) chmod +x "${LXD_STORAGE_DIR}" spawn_lxd "${LXD_STORAGE_DIR}" false - lxc remote add test "${LXD_ADDR}" --accept-certificate --password foo # shellcheck disable=2039,3043 local storage_pool storage_volume @@ -160,7 +160,7 @@ test_storage_volume_snapshots() { lxc storage volume delete "${storage_pool}" "vol2" # Check snapshot copy (mode pull, remote). - lxc storage volume copy "${storage_pool}/vol1/snap0" "test:${storage_pool}/vol2" --mode pull + lxc storage volume copy "${storage_pool}/vol1/snap0" "localhost:${storage_pool}/vol2" --mode pull lxc launch testimage "c1" lxc storage volume attach "${storage_pool}" "vol2" "c1" /mnt lxc exec "c1" -- test -f /mnt/foo @@ -176,7 +176,7 @@ test_storage_volume_snapshots() { lxc storage volume delete "${storage_pool}" "vol2" # Check snapshot copy (mode push, remote). - lxc storage volume copy "${storage_pool}/vol1/snap0" "test:${storage_pool}/vol2" --mode push + lxc storage volume copy "${storage_pool}/vol1/snap0" "localhost:${storage_pool}/vol2" --mode push lxc launch testimage "c1" lxc storage volume attach "${storage_pool}" "vol2" "c1" /mnt lxc exec "c1" -- test -f /mnt/foo @@ -192,7 +192,7 @@ test_storage_volume_snapshots() { lxc storage volume delete "${storage_pool}" "vol2" # Check snapshot copy (mode relay, remote). - lxc storage volume copy "${storage_pool}/vol1/snap0" "test:${storage_pool}/vol2" --mode relay + lxc storage volume copy "${storage_pool}/vol1/snap0" "localhost:${storage_pool}/vol2" --mode relay lxc launch testimage "c1" lxc storage volume attach "${storage_pool}" "vol2" "c1" /mnt lxc exec "c1" -- test -f /mnt/foo @@ -211,13 +211,13 @@ test_storage_volume_snapshots() { # Check snapshot copy between pools (remote). lxc storage create "${storage_pool2}" dir - lxc storage volume copy "${storage_pool}/vol1/snap0" "test:${storage_pool2}/vol2" + lxc storage volume copy "${storage_pool}/vol1/snap0" "localhost:${storage_pool2}/vol2" lxc launch testimage "c1" lxc storage volume attach "${storage_pool2}" "vol2" "c1" /mnt lxc exec "c1" -- test -f /mnt/foo lxc delete -f "c1" lxc storage volume delete "${storage_pool2}" "vol2" - lxc storage volume copy "test:${storage_pool}/vol1/snap0" "${storage_pool2}/vol2" + lxc storage volume copy "localhost:${storage_pool}/vol1/snap0" "${storage_pool2}/vol2" lxc launch testimage "c1" lxc storage volume attach "${storage_pool2}" "vol2" "c1" /mnt lxc exec "c1" -- test -f /mnt/foo @@ -232,8 +232,8 @@ test_storage_volume_snapshots() { lxc storage volume delete "${storage_pool}" "vol2" # Check snapshot volume only copy (remote). - ! lxc storage volume copy "${storage_pool}/vol1/snap0" "test:${storage_pool}/vol2" --volume-only || false - lxc storage volume copy "${storage_pool}/vol1" "test:${storage_pool}/vol2" --volume-only + ! lxc storage volume copy "${storage_pool}/vol1/snap0" "localhost:${storage_pool}/vol2" --volume-only || false + lxc storage volume copy "${storage_pool}/vol1" "localhost:${storage_pool}/vol2" --volume-only [ "$(lxc query "/1.0/storage-pools/${storage_pool}/volumes/custom/vol2/snapshots" | jq "length == 0")" = "true" ] lxc storage volume delete "${storage_pool}" "vol2" @@ -243,8 +243,8 @@ test_storage_volume_snapshots() { lxc storage volume delete "${storage_pool}" "vol2" # Check snapshot refresh (remote). - lxc storage volume copy "${storage_pool}/vol1/snap0" "test:${storage_pool}/vol2" - lxc storage volume copy "${storage_pool}/vol1/snap0" "test:${storage_pool}/vol2" --refresh + lxc storage volume copy "${storage_pool}/vol1/snap0" "localhost:${storage_pool}/vol2" + lxc storage volume copy "${storage_pool}/vol1/snap0" "localhost:${storage_pool}/vol2" --refresh lxc storage volume delete "${storage_pool}" "vol2" # Check snapshot copy between projects. @@ -254,7 +254,7 @@ test_storage_volume_snapshots() { lxc storage volume delete "${storage_pool}" "vol1" --project project1 # Check snapshot copy between projects (remote). - lxc storage volume copy "${storage_pool}/vol1/snap0" "test:${storage_pool}/vol1" --target-project project1 + lxc storage volume copy "${storage_pool}/vol1/snap0" "localhost:${storage_pool}/vol1" --target-project project1 [ "$(lxc query "/1.0/storage-pools/${storage_pool}/volumes?project=project1" | jq "length == 1")" = "true" ] lxc storage volume delete "${storage_pool}" "vol1" --project project1 lxc storage volume delete "${storage_pool}" "vol1" @@ -264,15 +264,18 @@ test_storage_volume_snapshots() { lxc storage volume snapshot "${storage_pool}" "vol1" "snap0" ! lxc storage volume show "${storage_pool}" "vol1" | grep -q '^created_at: 0001-01-01T00:00:00Z' || false ! lxc storage volume show "${storage_pool}" "vol1/snap0" | grep -q '^created_at: 0001-01-01T00:00:00Z' || false - lxc storage volume copy "${storage_pool}/vol1" "test:${storage_pool}/vol1-copy" - ! lxc storage volume show "${storage_pool}" "test:${storage_pool}" "vol1-copy" | grep -q '^created_at: 0001-01-01T00:00:00Z' || false - [ "$(lxc storage volume show "${storage_pool}" "vol1/snap0" | awk /created_at:/)" = "$(lxc storage volume show "test:${storage_pool}" "vol1-copy/snap0" | awk /created_at:/)" ] + lxc storage volume copy "${storage_pool}/vol1" "localhost:${storage_pool}/vol1-copy" + ! lxc storage volume show "${storage_pool}" "localhost:${storage_pool}" "vol1-copy" | grep -q '^created_at: 0001-01-01T00:00:00Z' || false + [ "$(lxc storage volume show "${storage_pool}" "vol1/snap0" | awk /created_at:/)" = "$(lxc storage volume show "localhost:${storage_pool}" "vol1-copy/snap0" | awk /created_at:/)" ] lxc storage volume delete "${storage_pool}" "vol1" lxc storage volume delete "${storage_pool}" "vol1-copy" lxc project delete "project1" lxc storage delete "${storage_pool}" - lxc remote remove "test" + + fingerprint="$(lxc config trust ls --format csv | grep foo | cut -d, -f4)" + lxc config trust remove "${fingerprint}" + lxc remote remove "localhost" # shellcheck disable=SC2031,2269 LXD_DIR="${LXD_DIR}" diff --git a/test/suites/tls_restrictions.sh b/test/suites/tls_restrictions.sh index 57a8e7a33238..17f02db4ce8a 100644 --- a/test/suites/tls_restrictions.sh +++ b/test/suites/tls_restrictions.sh @@ -154,7 +154,7 @@ test_certificate_edit() { curl -k -s --cert "${LXD_CONF}/client.crt" --key "${LXD_CONF}/client.key" -X PATCH -d "{\"restricted\": false}" "https://${LXD_ADDR}/1.0/certificates/${FINGERPRINT}" | grep -F '"error_code":403' - ! lxc_remote config trust show "${FINGERPRINT}" | sed -e "s/name:.*/name: foo/" | lxc_remote config trust edit localhost:"${FINGERPRINT}" || false + ! lxc_remote config trust show "${FINGERPRINT}" | sed -e "s/name:.*/name: bar/" | lxc_remote config trust edit localhost:"${FINGERPRINT}" || false curl -k -s --cert "${LXD_CONF}/client.crt" --key "${LXD_CONF}/client.key" -X PATCH -d "{\"name\": \"bar\"}" "https://${LXD_ADDR}/1.0/certificates/${FINGERPRINT}" | grep -F '"error_code":403'