Browse code
In DockerSwarmSuite.TestSwarmJoinPromoteLocked, actually wait for the node to finish being demoted before restarting it and ensuring it isn't locked anymore to reduce test flakiness.
Signed-off-by: cyli <cyli@twistedmatrix.com>
cyli authored on 2016/12/03 09:28:27Showing 1 changed files
| ... | ... |
@@ -1042,20 +1042,32 @@ func (s *DockerSwarmSuite) TestSwarmJoinPromoteLocked(c *check.C) {
|
| 1042 | 1042 |
c.Assert(getNodeStatus(c, d), checker.Equals, swarm.LocalNodeStateActive) |
| 1043 | 1043 |
} |
| 1044 | 1044 |
|
| 1045 |
+ // get d3's cert |
|
| 1046 |
+ d3cert, err := ioutil.ReadFile(filepath.Join(d3.folder, "root", "swarm", "certificates", "swarm-node.crt")) |
|
| 1047 |
+ c.Assert(err, checker.IsNil) |
|
| 1048 |
+ |
|
| 1045 | 1049 |
// demote manager back to worker - workers are not locked |
| 1046 | 1050 |
outs, err = d1.Cmd("node", "demote", d3.Info.NodeID)
|
| 1047 | 1051 |
c.Assert(err, checker.IsNil) |
| 1048 | 1052 |
c.Assert(outs, checker.Contains, "demoted in the swarm") |
| 1049 | 1053 |
|
| 1050 |
- // verify that it's been demoted |
|
| 1051 |
- out, err := d1.Cmd("node", "ls", "--filter", "id="+d3.Info.NodeID)
|
|
| 1052 |
- c.Assert(err, checker.IsNil) |
|
| 1053 |
- lines := strings.Split(strings.TrimSpace(out), "\n") |
|
| 1054 |
- c.Assert(len(lines), checker.GreaterThan, 0) |
|
| 1055 |
- columns := strings.Fields(lines[len(lines)-1]) |
|
| 1056 |
- c.Assert(columns, checker.HasLen, 4) // if it was a manager it'd have a manager status field |
|
| 1054 |
+ // Wait for it to actually be demoted, for the key and cert to be replaced. |
|
| 1055 |
+ // Then restart and assert that the node is not locked. If we don't wait for the cert |
|
| 1056 |
+ // to be replaced, then the node still has the manager TLS key which is still locked |
|
| 1057 |
+ // (because we never want a manager TLS key to be on disk unencrypted if the cluster |
|
| 1058 |
+ // is set to autolock) |
|
| 1059 |
+ waitAndAssert(c, defaultReconciliationTimeout, d3.checkControlAvailable, checker.False) |
|
| 1060 |
+ waitAndAssert(c, defaultReconciliationTimeout, func(c *check.C) (interface{}, check.CommentInterface) {
|
|
| 1061 |
+ cert, err := ioutil.ReadFile(filepath.Join(d3.folder, "root", "swarm", "certificates", "swarm-node.crt")) |
|
| 1062 |
+ if err != nil {
|
|
| 1063 |
+ return "", check.Commentf("error: %v", err)
|
|
| 1064 |
+ } |
|
| 1065 |
+ return string(cert), check.Commentf("cert: %v", string(cert))
|
|
| 1066 |
+ }, checker.Not(checker.Equals), string(d3cert)) |
|
| 1057 | 1067 |
|
| 1058 |
- checkSwarmLockedToUnlocked(c, d3, unlockKey) |
|
| 1068 |
+ // by now, it should *never* be locked on restart |
|
| 1069 |
+ c.Assert(d3.Restart(), checker.IsNil) |
|
| 1070 |
+ c.Assert(getNodeStatus(c, d3), checker.Equals, swarm.LocalNodeStateActive) |
|
| 1059 | 1071 |
} |
| 1060 | 1072 |
|
| 1061 | 1073 |
func (s *DockerSwarmSuite) TestSwarmRotateUnlockKey(c *check.C) {
|