Files
mongo/jstests/ssl/initial_sync1_x509.js
Andy Schwerin cdc7af4c6d SERVER-27490 Stop consulting storage engine isDurable flag in ReplicationCoordinatorImpl
... and simplify ReplCoordTestFixture

ReplicationCoordinatorImpl consults the storage engine's isDurable flag for two purposes:

1. To choose whether to present the durable or applied optime when standing for
election in pv1

2. To decide how to interpret w:majority without an explicit j field when
waiting for write concern.

In the first case, it is unnecessary to choose which optime to apply based on
the isDurable flag. It is always safe and correct to present the applied optime,
because if the node presenting it wins election, it will attempt to commit that
applied optime. That means that voters may safely vote for that node.

In the second case, using the value of the local node's storage engine's
isDurable flag to adjust the meaning of w:majority is out of spec. Whether
w:majority writes wait for journaling is a function only of the
writeConcernMajorityJournalDefault flag when a write concern omits the "j"
field.

This patch removes the unnecessary consultation of the isDurable flag, and
uses the opportunity to simplify the constructor of
ReplicationCoordinatorImpl and its test fixture.
2017-01-07 15:08:22 -05:00

99 lines
3.7 KiB
JavaScript

// Basic tests for cluster authentication using x509.
var common_options = {
keyFile: "jstests/libs/key1",
sslMode: "requireSSL",
sslPEMKeyFile: "jstests/libs/server.pem",
sslCAFile: "jstests/libs/ca.pem",
sslAllowInvalidHostnames: ""
};
function runInitialSyncTest() {
load("jstests/replsets/rslib.js");
// The mongo shell cannot authenticate as the internal __system user in tests that use x509 for
// cluster authentication. Choosing the default value for wcMajorityJournalDefault in
// ReplSetTest cannot be done automatically without the shell performing such authentication, so
// in this test we must make the choice explicitly, based on the global test options.
var wcMajorityJournalDefault;
if (jsTestOptions().noJournal || jsTestOptions().storageEngine == "ephemeralForTest" ||
jsTestOptions().storageEngine == "inMemory") {
wcMajorityJournalDefault = false;
} else {
wcMajorityJournalDefault = true;
}
print("1. Bring up set");
var replTest = new ReplSetTest({
name: "jstests_initsync1_x509",
nodes: {node0: x509_options1, node1: x509_options2},
});
var conns = replTest.startSet();
replTest.initiate(
Object.extend(replTest.getReplSetConfig(),
{writeConcernMajorityJournalDefault: wcMajorityJournalDefault}));
var master = replTest.getPrimary();
var foo = master.getDB("foo");
var admin = master.getDB("admin");
var slave1 = replTest.liveNodes.slaves[0];
var admin_s1 = slave1.getDB("admin");
print("2. Create a root user.");
admin.createUser({user: "root", pwd: "pass", roles: ["root"]});
admin.auth("root", "pass");
admin_s1.auth("root", "pass");
print("3. Insert some data");
var bulk = foo.bar.initializeUnorderedBulkOp();
for (var i = 0; i < 100; i++) {
bulk.insert({date: new Date(), x: i, str: "all the talk on the market"});
}
assert.writeOK(bulk.execute());
print("total in foo: " + foo.bar.count());
print("4. Make sure synced");
replTest.awaitReplication();
print("5. Insert some stuff");
master = replTest.getPrimary();
bulk = foo.bar.initializeUnorderedBulkOp();
for (var i = 0; i < 100; i++) {
bulk.insert({date: new Date(), x: i, str: "all the talk on the market"});
}
assert.writeOK(bulk.execute());
print("6. Everyone happy eventually");
replTest.awaitReplication(300000);
replTest.stopSet();
}
// Standard case, clusterAuthMode: x509
var x509_options1 = Object.merge(
common_options, {sslClusterFile: "jstests/libs/cluster_cert.pem", clusterAuthMode: "x509"});
var x509_options2 = x509_options1;
runInitialSyncTest();
// Mixed clusterAuthMode: sendX509 and sendKeyFile and try adding --auth
x509_options1 = Object.merge(
common_options,
{sslClusterFile: "jstests/libs/cluster_cert.pem", clusterAuthMode: "sendX509", auth: ""});
x509_options2 = Object.merge(common_options, {clusterAuthMode: "sendKeyFile"});
runInitialSyncTest();
// Mixed clusterAuthMode: x509 and sendX509, use the PEMKeyFile for outgoing connections
x509_options1 = Object.merge(common_options, {clusterAuthMode: "x509"});
x509_options2 = Object.merge(common_options, {clusterAuthMode: "sendX509"});
runInitialSyncTest();
// verify that replset initiate fails if using a self-signed cert
x509_options1 = Object.merge(common_options, {clusterAuthMode: "x509"});
x509_options2 = Object.merge(common_options,
{sslClusterFile: "jstests/libs/smoke.pem", clusterAuthMode: "x509"});
var replTest = new ReplSetTest({nodes: {node0: x509_options1, node1: x509_options2}});
var conns = replTest.startSet();
assert.throws(function() {
replTest.initiate();
});