geo-rep: Make slave volume read-only (by default)

Added a command to set "features.read-only" option
to a default value "on" for slave volume.
Changes are made in:
$SRC//extras/hook-scripts/S56glusterd-geo-rep-create-post.sh
for root geo-rep and
$SRC/geo-replication/src/set_geo_rep_pem_keys.sh
for non-root geo-rep.

Fixes: bz#1654187

Change-Id: I15beeae3506f3f6b1dcba0a5c50b6344fd468c7c
Signed-off-by: Harpreet Kaur <hlalwani@redhat.com>

7 files changed, 22 insertions, 0 deletions

diff --git a/extras/hook-scripts/S56glusterd-geo-rep-create-post.sh b/extras/hook-scripts/S56glusterd-geo-rep-create-post.sh
index d8707a8fb4d..5ff68b1b8ae 100755
--- a/extras/hook-scripts/S56glusterd-geo-rep-create-post.sh
+++ b/extras/hook-scripts/S56glusterd-geo-rep-create-post.sh
@@ -92,11 +92,13 @@ if [ -f $pub_file ]; then
             ssh -p ${SSH_PORT} ${SSH_OPT} $slave_ip "mv $pub_file_tmp ${pub_file_dname}/${mastervol}_${slavevol}_${pub_file_bname}"
             ssh -p ${SSH_PORT} ${SSH_OPT} $slave_ip "gluster system:: copy file /geo-replication/${mastervol}_${slavevol}_common_secret.pem.pub > /dev/null"
             ssh -p ${SSH_PORT} ${SSH_OPT} $slave_ip "gluster system:: execute add_secret_pub root geo-replication/${mastervol}_${slavevol}_common_secret.pem.pub > /dev/null"
+            ssh -p ${SSH_PORT} ${SSH_OPT} $slave_ip "gluster vol set ${slavevol} features.read-only on"
         else
             scp -P ${SSH_PORT} -i ${GR_SSH_IDENTITY_KEY} ${SSH_OPT} $pub_file $slave_ip:$pub_file_tmp
             ssh -p ${SSH_PORT} -i ${GR_SSH_IDENTITY_KEY} ${SSH_OPT} $slave_ip "mv $pub_file_tmp ${pub_file_dname}/${mastervol}_${slavevol}_${pub_file_bname}"
             ssh -p ${SSH_PORT} -i ${GR_SSH_IDENTITY_KEY} ${SSH_OPT} $slave_ip "gluster system:: copy file /geo-replication/${mastervol}_${slavevol}_common_secret.pem.pub > /dev/null"
             ssh -p ${SSH_PORT} -i ${GR_SSH_IDENTITY_KEY} ${SSH_OPT} $slave_ip "gluster system:: execute add_secret_pub root geo-replication/${mastervol}_${slavevol}_common_secret.pem.pub > /dev/null"
+            ssh -p ${SSH_PORT} ${SSH_OPT} $slave_ip "gluster vol set ${slavevol} features.read-only on"
         fi
     fi
 fi
diff --git a/geo-replication/src/set_geo_rep_pem_keys.sh b/geo-replication/src/set_geo_rep_pem_keys.sh
index ae23f4ff0c6..8a43fa39d1f 100755
--- a/geo-replication/src/set_geo_rep_pem_keys.sh
+++ b/geo-replication/src/set_geo_rep_pem_keys.sh
@@ -47,6 +47,7 @@ function main()
         cp $home_dir/${COMMON_SECRET_PEM_PUB} ${GLUSTERD_WORKDIR}/geo-replication/
         gluster system:: copy file /geo-replication/${COMMON_SECRET_PEM_PUB}
         gluster system:: execute add_secret_pub $user geo-replication/${master_vol}_${slave_vol}_common_secret.pem.pub
+        gluster vol set ${slave_vol} features.read-only on
     else
         echo "$home_dir/common_secret.pem.pub not present. Please run geo-replication command on master with push-pem option to generate the file"
         exit 1;
diff --git a/tests/00-geo-rep/georep-basic-dr-rsync-arbiter.t b/tests/00-geo-rep/georep-basic-dr-rsync-arbiter.t
index 0e7dd84a8e5..67ac1678e42 100644
--- a/tests/00-geo-rep/georep-basic-dr-rsync-arbiter.t
+++ b/tests/00-geo-rep/georep-basic-dr-rsync-arbiter.t
@@ -86,6 +86,9 @@ EXPECT_WITHIN $GEO_REP_TIMEOUT  0 check_common_secret_file
 #Verify the keys are distributed
 EXPECT_WITHIN $GEO_REP_TIMEOUT  0 check_keys_distributed
 
+#Verify "features.read-only" Option
+EXPECT_WITHIN $GEO_REP_TIMEOUT 0 check_slave_read_only $GSV0
+
 #Start_georep
 TEST $GEOREP_CLI $master $slave start
 
diff --git a/tests/00-geo-rep/georep-basic-dr-rsync.t b/tests/00-geo-rep/georep-basic-dr-rsync.t
index 4c330de1c10..4a03930efe2 100644
--- a/tests/00-geo-rep/georep-basic-dr-rsync.t
+++ b/tests/00-geo-rep/georep-basic-dr-rsync.t
@@ -86,6 +86,9 @@ EXPECT_WITHIN $GEO_REP_TIMEOUT  0 check_common_secret_file
 #Verify the keys are distributed
 EXPECT_WITHIN $GEO_REP_TIMEOUT  0 check_keys_distributed
 
+#Verify "features.read-only" Option
+EXPECT_WITHIN $GEO_REP_TIMEOUT 0 check_slave_read_only $GSV0
+
 #Start_georep
 TEST $GEOREP_CLI $master $slave start
 
diff --git a/tests/00-geo-rep/georep-basic-dr-tarssh-arbiter.t b/tests/00-geo-rep/georep-basic-dr-tarssh-arbiter.t
index 66567091a4b..1726d0bb0d1 100644
--- a/tests/00-geo-rep/georep-basic-dr-tarssh-arbiter.t
+++ b/tests/00-geo-rep/georep-basic-dr-tarssh-arbiter.t
@@ -89,6 +89,9 @@ EXPECT_WITHIN $GEO_REP_TIMEOUT  0 check_common_secret_file
 #Verify the keys are distributed
 EXPECT_WITHIN $GEO_REP_TIMEOUT  0 check_keys_distributed
 
+#Verify "features.read-only" Option
+EXPECT_WITHIN $GEO_REP_TIMEOUT 0 check_slave_read_only $GSV0
+
 #Start_georep
 TEST $GEOREP_CLI $master $slave start
 
diff --git a/tests/00-geo-rep/georep-basic-dr-tarssh.t b/tests/00-geo-rep/georep-basic-dr-tarssh.t
index 20a0a873311..c5d16ac86b2 100644
--- a/tests/00-geo-rep/georep-basic-dr-tarssh.t
+++ b/tests/00-geo-rep/georep-basic-dr-tarssh.t
@@ -89,6 +89,9 @@ EXPECT_WITHIN $GEO_REP_TIMEOUT  0 check_common_secret_file
 #Verify the keys are distributed
 EXPECT_WITHIN $GEO_REP_TIMEOUT  0 check_keys_distributed
 
+#Verify "features.read-only" Option
+EXPECT_WITHIN $GEO_REP_TIMEOUT 0 check_slave_read_only $GSV0
+
 #Start_georep
 TEST $GEOREP_CLI $master $slave start
 
diff --git a/tests/geo-rep.rc b/tests/geo-rep.rc
index b762a333aca..396b4c4a3e5 100644
--- a/tests/geo-rep.rc
+++ b/tests/geo-rep.rc
@@ -384,3 +384,10 @@ function verify_hardlink_rename_data()
         echo 0
     fi
 }
+
+function check_slave_read_only()
+{
+    volum=$1
+    gluster volume info $1 | grep 'features.read-only: on'
+    echo $?
+}