2 # vim:expandtab:shiftwidth=4:softtabstop=4:tabstop=4:
4 # Run select tests by setting ONLY, or as arguments to the script.
5 # Skip specific tests by setting EXCEPT.
7 # e.g. ONLY="22 23" or ONLY="`seq 32 39`" or EXCEPT="31"
11 # bug number for skipped test:
12 ALWAYS_EXCEPT=${ALWAYS_EXCEPT:-"$SANITY_GSS_EXCEPT"}
13 # UPDATE THE COMMENT ABOVE WITH BUG NUMBERS WHEN CHANGING ALWAYS_EXCEPT!
15 # Tests that fail on uml
16 CPU=`awk '/model/ {print $4}' /proc/cpuinfo`
17 [ "$CPU" = "UML" ] && EXCEPT="$EXCEPT"
20 2.6*) FSTYPE=${FSTYPE:-ldiskfs}; ALWAYS_EXCEPT="$ALWAYS_EXCEPT " ;;
21 *) error "unsupported kernel (gss only works with 2.6.x)" ;;
25 export PATH=$PWD/$SRCDIR:$SRCDIR:$SRCDIR/../utils:$SRCDIR/../utils/gss:$PATH:/sbin
26 export NAME=${NAME:-local}
29 CLEANUP=${CLEANUP:-""}
32 LUSTRE=${LUSTRE:-`dirname $0`/..}
33 . $LUSTRE/tests/test-framework.sh
35 . ${CONFIG:=$LUSTRE/tests/cfg/$NAME.sh}
37 remote_mds_nodsh && skip "remote MDS with nodsh" && exit 0
39 [ "$SLOW" = "no" ] && EXCEPT_SLOW="100 101"
41 # $RUNAS_ID may get set incorrectly somewhere else
42 [ $UID -eq 0 -a $RUNAS_ID -eq 0 ] && error "\$RUNAS_ID set to 0, but \$UID is also 0!"
44 # remove $SEC, we'd like to control everything by ourselves
48 # global variables of this sanity
51 KRB5_CRED=$KRB5_CCACHE_DIR/krb5cc_$RUNAS_ID
52 KRB5_CRED_SAVE=$KRB5_CCACHE_DIR/krb5cc.sanity.save
68 prepare_krb5_creds() {
69 echo prepare krb5 cred
72 $RUNAS krb5_login.sh || exit 1
73 [ -f $KRB5_CRED ] || exit 2
75 cp $KRB5_CRED $KRB5_CRED_SAVE
80 # we want double mount
81 MOUNT_2=${MOUNT_2:-"yes"}
82 check_and_setup_lustre
84 rm -rf $DIR/[df][0-9]*
86 check_runas_id $RUNAS_ID $RUNAS
96 if [ $M -lt $N ]; then
100 while [ $N -le $M ]; do
110 calc_connection_cnt() {
111 # MDT->MDT = 2 * C(M, 2)
115 comb_m2=$(combination $MDSCOUNT 2)
117 cnt_mdt2mdt=$((comb_m2 * 2))
118 cnt_mdt2ost=$((MDSCOUNT * OSTCOUNT))
119 cnt_cli2ost=$((CLICOUNT * OSTCOUNT))
120 cnt_cli2mdt=$((CLICOUNT * MDSCOUNT))
121 cnt_all2ost=$((cnt_mdt2ost + cnt_cli2ost))
122 cnt_all2mdt=$((cnt_mdt2mdt + cnt_cli2mdt))
123 cnt_all2all=$((cnt_mdt2ost + cnt_mdt2mdt + cnt_cli2ost + cnt_cli2mdt))
132 local cmd="$tgt.srpc.flavor"
134 if [ $net == "any" ]; then
139 if [ $dir != "any" ]; then
144 log "Setting sptlrpc rule: $cmd"
145 do_facet mgs "$LCTL conf_param $cmd"
154 rpc_flvr=`echo $flavor | awk -F - '{ print $1 }'`
155 bulkspec=`echo $flavor | awk -F - '{ print $2 }'`
157 count=`echo "$output" | grep "rpc flavor" | grep $rpc_flvr | wc -l`
159 if [ "x$bulkspec" != "x" ]; then
160 algs=`echo $bulkspec | awk -F : '{ print $2 }'`
162 if [ "x$algs" != "x" ]; then
163 bulk_count=`echo "$output" | grep "bulk flavor" | grep $algs | wc -l`
165 bulk=`echo $bulkspec | awk -F : '{ print $1 }'`
166 if [ $bulk == "bulkn" ]; then
167 bulk_count=`echo "$output" | grep "bulk flavor" \
168 | grep "null/null" | wc -l`
169 elif [ $bulk == "bulki" ]; then
170 bulk_count=`echo "$output" | grep "bulk flavor" \
171 | grep "/null" | grep -v "null/" | wc -l`
173 bulk_count=`echo "$output" | grep "bulk flavor" \
174 | grep -v "/null" | grep -v "null/" | wc -l`
178 [ $bulk_count -lt $count ] && count=$bulk_count
188 output=`do_facet client lctl get_param -n mdc.*-MDT*-mdc-*.$PROC_CLI 2>/dev/null`
189 count_flvr "$output" $flavor
196 output=`do_facet client lctl get_param -n osc.*OST*-osc-[^M][^D][^T]*.$PROC_CLI 2>/dev/null`
197 count_flvr "$output" $flavor
205 if [ $MDSCOUNT -le 1 ]; then
210 for num in `seq $MDSCOUNT`; do
211 output=`do_facet mds$num lctl get_param -n mdc.*-MDT*-mdc[0-9]*.$PROC_CLI 2>/dev/null`
212 tmpcnt=`count_flvr "$output" $flavor`
213 cnt=$((cnt + tmpcnt))
223 for num in `seq $MDSCOUNT`; do
224 output=`do_facet mds$num lctl get_param -n osc.*OST*-osc-MDT*.$PROC_CLI 2>/dev/null`
225 tmpcnt=`count_flvr "$output" $flavor`
226 cnt=$((cnt + tmpcnt))
235 output=`do_facet client lctl get_param -n mgc.*.$PROC_CLI 2>/dev/null`
236 count_flvr "$output" $flavor
241 local dir=$1 # from to
242 local flavor=$2 # flavor expected
245 if [ $dir == "cli2mdt" ]; then
246 res=`flvr_cnt_cli2mdt $flavor`
247 elif [ $dir == "cli2ost" ]; then
248 res=`flvr_cnt_cli2ost $flavor`
249 elif [ $dir == "mdt2mdt" ]; then
250 res=`flvr_cnt_mdt2mdt $flavor`
251 elif [ $dir == "mdt2ost" ]; then
252 res=`flvr_cnt_mdt2ost $flavor`
253 elif [ $dir == "all2ost" ]; then
254 res1=`flvr_cnt_mdt2ost $flavor`
255 res2=`flvr_cnt_cli2ost $flavor`
257 elif [ $dir == "all2mdt" ]; then
258 res1=`flvr_cnt_mdt2mdt $flavor`
259 res2=`flvr_cnt_cli2mdt $flavor`
261 elif [ $dir == "all2all" ]; then
262 res1=`flvr_cnt_mdt2ost $flavor`
263 res2=`flvr_cnt_cli2ost $flavor`
264 res3=`flvr_cnt_mdt2mdt $flavor`
265 res4=`flvr_cnt_cli2mdt $flavor`
266 res=$((res1 + res2 + res3 + res4))
274 local dir=$1 # from to
275 local flavor=$2 # flavor expected
276 local expect=$3 # number expected
279 for ((i=0;i<20;i++)); do
280 echo -n "checking..."
281 res=$(do_check_flavor $dir $flavor)
282 if [ $res -eq $expect ]; then
283 echo "found $res $flavor connections of $dir, OK"
286 echo "found $res $flavor connections of $dir, not ready ($expect)"
291 echo "Error checking $flavor of $dir: expect $expect, actual $res"
295 restore_to_default_flavor()
297 local proc="mgs.MGS.live.$FSNAME"
299 echo "restoring to default flavor..."
301 nrule=`do_facet mgs lctl get_param -n $proc 2>/dev/null | grep ".srpc.flavor." | wc -l`
303 # remove all existing rules if any
304 if [ $nrule -ne 0 ]; then
305 echo "$nrule existing rules"
306 for rule in `do_facet mgs lctl get_param -n $proc 2>/dev/null | grep ".srpc.flavor."`; do
307 echo "remove rule: $rule"
308 spec=`echo $rule | awk -F = '{print $1}'`
309 do_facet mgs "$LCTL conf_param $spec="
313 # verify no rules left
314 nrule=`do_facet mgs lctl get_param -n $proc 2>/dev/null | grep ".srpc.flavor." | wc -l`
315 [ $nrule -ne 0 ] && error "still $nrule rules left"
317 # wait for default flavor to be applied
318 # currently default flavor for all connections are 'null'
319 wait_flavor all2all null $cnt_all2all
320 echo "now at default flavor settings"
327 echo "setting all flavor to $flavor"
329 res=$(do_check_flavor all2all $flavor)
330 if [ $res -eq $cnt_all2all ]; then
331 echo "already have total $res $flavor connections"
335 echo "found $res $flavor out of total $cnt_all2all connections"
336 restore_to_default_flavor
338 set_rule $FSNAME any any $flavor
339 wait_flavor all2all $flavor $cnt_all2all
344 NPROC=`cat /proc/cpuinfo 2>/dev/null | grep ^processor | wc -l`
345 [ $NPROC -gt 2 ] && NPROC=2
346 sh rundbench $NPROC 1>/dev/null &
350 num=`ps --no-headers -p $DBENCH_PID 2>/dev/null | wc -l`
351 if [ $num -ne 1 ]; then
352 error "failed to start dbench $NPROC"
354 echo "started dbench with $NPROC processes at background"
362 num=`ps --no-headers -p $DBENCH_PID 2>/dev/null | wc -l`
363 if [ $num -eq 0 ]; then
364 echo "dbench $DBENCH_PID already finished"
365 wait $DBENCH_PID || error "dbench $PID exit with error"
367 elif [ $num -ne 1 ]; then
369 error "found $num instance of pid $DBENCH_PID ???"
378 killall dbench 2>/dev/null
379 num=`ps --no-headers -p $DBENCH_PID | wc -l`
380 if [ $num -eq 0 ]; then
381 echo "dbench finished"
384 echo "dbench $DBENCH_PID is still running, waiting 2s..."
388 wait $DBENCH_PID || true
392 restore_krb5_cred() {
393 cp $KRB5_CRED_SAVE $KRB5_CRED
394 chown $RUNAS_ID:$RUNAS_ID $KRB5_CRED
395 chmod 0600 $KRB5_CRED
398 check_multiple_gss_daemons() {
401 local gssd_name=`basename $gssd`
403 for ((i=0;i<10;i++)); do
404 do_facet $facet "$gssd -v &"
407 # wait daemons entering "stable" status
410 num=`do_facet $facet ps -o cmd -C $gssd_name | grep $gssd_name | wc -l`
411 echo "$num instance(s) of $gssd_name are running"
413 if [ $num -ne 1 ]; then
414 error "$gssd_name not unique"
424 echo "bring up gss daemons..."
427 echo "check with someone already running..."
428 check_multiple_gss_daemons $my_facet $LSVCGSSD
430 check_multiple_gss_daemons $my_facet $LGSSD
433 echo "check with someone run & finished..."
434 do_facet $my_facet killall -q -2 lgssd lsvcgssd || true
435 sleep 5 # wait fully exit
436 check_multiple_gss_daemons $my_facet $LSVCGSSD
438 check_multiple_gss_daemons $my_facet $LGSSD
441 echo "check refresh..."
442 do_facet $my_facet killall -q -2 lgssd lsvcgssd || true
443 sleep 5 # wait fully exit
444 do_facet $my_facet ipcrm -S 0x3b92d473
445 check_multiple_gss_daemons $my_facet $LSVCGSSD
447 do_facet $my_facet ipcrm -S 0x3a92d473
448 check_multiple_gss_daemons $my_facet $LGSSD
451 run_test 0 "start multiple gss daemons"
456 local file=$DIR/$tfile
458 chmod 0777 $DIR || error "chmod $DIR failed"
461 $RUNAS $LFS flushctx || error "can't flush ctx"
462 $RUNAS touch $file && error "unexpected success"
466 $RUNAS touch $file || error "should not fail"
467 [ -f $file ] || error "$file not found"
469 run_test 1 "access with or without krb5 credential"
472 local file1=$DIR/$tfile-1
473 local file2=$DIR/$tfile-2
475 chmod 0777 $DIR || error "chmod $DIR failed"
476 # current access should be ok
477 $RUNAS touch $file1 || error "can't touch $file1"
478 [ -f $file1 ] || error "$file1 not found"
480 # cleanup all cred/ctx and touch
482 $RUNAS $LFS flushctx || error "can't flush ctx"
483 $RUNAS touch $file2 && error "unexpected success"
487 $RUNAS touch $file2 || error "should not fail"
488 [ -f $file2 ] || error "$file2 not found"
490 run_test 2 "lfs flushctx"
493 local file=$DIR/$tfile
496 echo "aaaaaaaaaaaaaaaaa" > $file
498 $CHECKSTAT -p 0666 $file || error "$UID checkstat error"
499 $RUNAS $CHECKSTAT -p 0666 $file || error "$RUNAS_ID checkstat error"
500 $RUNAS cat $file > /dev/null || error "$RUNAS_ID cat error"
503 $RUNAS multiop $file o_r &
505 # wait multiop finish its open()
508 # cleanup all cred/ctx and check
509 # metadata check should fail, but file data check should success
510 # because we always use root credential to OSTs
513 echo "destroied credentials/contexs for $RUNAS_ID"
514 $RUNAS $CHECKSTAT -p 0666 $file && error "checkstat succeed"
516 wait $OPPID || error "read file data failed"
517 echo "read file data OK"
519 # restore and check again
521 echo "restored credentials for $RUNAS_ID"
522 $RUNAS $CHECKSTAT -p 0666 $file || error "$RUNAS_ID checkstat (2) error"
523 echo "$RUNAS_ID checkstat OK"
524 $CHECKSTAT -p 0666 $file || error "$UID checkstat (2) error"
525 echo "$UID checkstat OK"
526 $RUNAS cat $file > /dev/null || error "$RUNAS_ID cat (2) error"
527 echo "$RUNAS_ID read file data OK"
529 run_test 3 "local cache under DLM lock"
532 local file1=$DIR/$tfile-1
533 local file2=$DIR/$tfile-2
535 ! $GSS_PIPEFS && skip "pipefs not used" && return
537 chmod 0777 $DIR || error "chmod $DIR failed"
538 # current access should be ok
539 $RUNAS touch $file1 || error "can't touch $file1"
540 [ -f $file1 ] || error "$file1 not found"
543 send_sigint client lgssd
545 check_gss_daemon_facet client lgssd && error "lgssd still running"
547 # flush context, and touch
549 $RUNAS touch $file2 &
551 echo "waiting touch pid $TOUCHPID"
552 wait $TOUCHPID && error "touch should fail"
555 do_facet client "$LGSSD -v"
557 check_gss_daemon_facet client lgssd
559 # touch new should succeed
560 $RUNAS touch $file2 || error "can't touch $file2"
561 [ -f $file2 ] || error "$file2 not found"
563 run_test 4 "lgssd dead, operations should wait timeout and fail"
566 local file1=$DIR/$tfile-1
567 local file2=$DIR/$tfile-2
568 local wait_time=$((TIMEOUT + TIMEOUT / 2))
570 chmod 0777 $DIR || error "chmod $DIR failed"
571 # current access should be ok
572 $RUNAS touch $file1 || error "can't touch $file1"
573 [ -f $file1 ] || error "$file1 not found"
576 send_sigint mds lsvcgssd
578 check_gss_daemon_facet mds lsvcgssd && error "lsvcgssd still running"
580 # flush context, and touch
582 $RUNAS touch $file2 &
586 echo "waiting $wait_time seconds for touch pid $TOUCHPID"
588 num=`ps --no-headers -p $TOUCHPID | wc -l`
589 [ $num -eq 1 ] || error "touch already ended ($num)"
590 echo "process $TOUCHPID still hanging there... OK"
592 # restart lsvcgssd, expect touch suceed
593 echo "restart lsvcgssd and recovering"
594 do_facet mds "$LSVCGSSD -v"
596 check_gss_daemon_facet mds lsvcgssd
597 wait $TOUCHPID || error "touch fail"
598 [ -f $file2 ] || error "$file2 not found"
600 run_test 5 "lsvcgssd dead, operations lead to recovery"
605 mkdir $DIR/d6 || error "mkdir $DIR/d6 failed"
606 for ((i=0; i<$nfile; i++)); do
607 dd if=/dev/zero of=$DIR/d6/file$i bs=8k count=1 || error "dd file$i failed"
609 ls -l $DIR/d6/* > /dev/null || error "ls failed"
610 rm -rf $DIR2/d6/* || error "rm failed"
611 rmdir $DIR2/d6/ || error "rmdir failed"
613 run_test 6 "test basic DLM callback works"
620 # for open(), client only reserve space for default stripe count lovea,
621 # and server may return larger lovea in reply (because of larger stripe
622 # count), client need call enlarge_reqbuf() and save the replied lovea
623 # in request for future possible replay.
625 # Note: current script does NOT guarantee enlarge_reqbuf() will be in
626 # the path, however it does work in local test which has 2 OSTs and
627 # default stripe count is 1.
629 num_osts=`$LFS getstripe $MOUNT | egrep "^[0-9]*:.*ACTIVE" | wc -l`
630 echo "found $num_osts active OSTs"
631 [ $num_osts -lt 2 ] && echo "skipping $TESTNAME (must have >= 2 OSTs)" && return
634 $LFS setstripe -c $num_osts $tdir || error
637 for ((i=0;i<20;i++)); do
638 dd if=/dev/zero of=$tdir/f$i bs=4k count=16 2>/dev/null
641 for ((i=0;i<20;i++)); do
642 dd if=$tdir/f$i of=/dev/null bs=4k count=16 2>/dev/null
646 run_test 7 "exercise enlarge_reqbuf()"
653 sysctl -w lnet.debug="+other"
655 # sleep sometime in ctx handle
656 do_facet mds lctl set_param fail_val=30
657 #define OBD_FAIL_SEC_CTX_HDL_PAUSE 0x1204
658 do_facet mds lctl set_param fail_loc=0x1204
660 $RUNAS $LFS flushctx || error "can't flush ctx"
664 echo "waiting df (pid $TOUCHPID) to finish..."
665 sleep 2 # give df a chance to really trigger context init rpc
666 do_facet mds sysctl -w lustre.fail_loc=0
667 wait $DFPID || error "df should have succeeded"
669 $LCTL dk | grep "Early reply #" || error "No early reply"
672 run_test 8 "Early reply sent for slow gss context negotiation"
675 # following tests will manipulate flavors and may end with any flavor set,
676 # so each test should not assume any start flavor.
680 local sample=$TMP/sanity-gss-8
681 local tdir=$MOUNT/dir8
683 local hash_algs="adler32 crc32 md5 sha1 sha256 sha384 sha512 wp256 wp384 wp512"
685 # create sample file with aligned size for direct i/o
686 dd if=/dev/zero of=$sample bs=$iosize count=1 || error
687 dd conv=notrunc if=/etc/termcap of=$sample bs=$iosize count=1 || error
690 mkdir $tdir || error "create dir $tdir"
692 restore_to_default_flavor
694 for alg in $hash_algs; do
695 echo "Testing $alg..."
696 flavor=krb5i-bulki:$alg/null
697 set_rule $FSNAME any cli2ost $flavor
698 wait_flavor cli2ost $flavor $cnt_cli2ost
700 dd if=$sample of=$tdir/$alg oflag=direct,dsync bs=$iosize || error "$alg write"
701 diff $sample $tdir/$alg || error "$alg read"
707 run_test 50 "verify bulk hash algorithms works"
710 local s1=$TMP/sanity-gss-9.1
711 local s2=$TMP/sanity-gss-9.2
712 local s3=$TMP/sanity-gss-9.3
713 local s4=$TMP/sanity-gss-9.4
714 local tdir=$MOUNT/dir9
715 local s1_size=4194304 # n * pagesize (4M)
716 local s2_size=512 # n * blksize
717 local s3_size=111 # n * blksize + m
719 local cipher_algs="arc4 aes128 aes192 aes256 cast128 cast256 twofish128 twofish256"
721 # create sample files for each situation
722 rm -f $s1 $s2 $s2 $s4
723 dd if=/dev/urandom of=$s1 bs=1M count=4 || error
724 dd if=/dev/urandom of=$s2 bs=$s2_size count=1 || error
725 dd if=/dev/urandom of=$s3 bs=$s3_size count=1 || error
726 dd if=/dev/urandom of=$s4 bs=$s4_size count=1 || error
729 mkdir $tdir || error "create dir $tdir"
731 restore_to_default_flavor
734 # different bulk data alignment will lead to different behavior of
735 # the implementation: (n > 0; 0 < m < encryption_block_size)
737 # - partial page, size = n * encryption_block_size
738 # - partial page, size = n * encryption_block_size + m
739 # - partial page, size = m
741 for alg in $cipher_algs; do
742 echo "Testing $alg..."
743 flavor=krb5p-bulkp:sha1/$alg
744 set_rule $FSNAME any cli2ost $flavor
745 wait_flavor cli2ost $flavor $cnt_cli2ost
748 dd if=$s1 of=$tdir/$alg.1 oflag=dsync bs=1M || error "write $alg.1"
749 dd if=$s2 of=$tdir/$alg.2 oflag=dsync || error "write $alg.2"
750 dd if=$s3 of=$tdir/$alg.3 oflag=dsync || error "write $alg.3"
751 dd if=$s4 of=$tdir/$alg.4 oflag=dsync || error "write $alg.4"
755 umount_client $MOUNT2
760 diff $tdir/$alg.1 $s1 || error "read $alg.1"
761 diff $tdir/$alg.2 $s2 || error "read $alg.2"
762 diff $tdir/$alg.3 $s3 || error "read $alg.3"
763 diff $tdir/$alg.4 $s4 || error "read $alg.4"
769 run_test 51 "bulk data alignment test under encryption mode"
772 if [ "$SLOW" = "no" ]; then
778 restore_to_default_flavor
779 set_rule $FSNAME any any krb5p
780 wait_flavor all2all krb5p $cnt_all2all
784 for ((n=0;n<$total;n++)); do
787 echo "flush ctx ($n/$total) ..."
791 #sleep to let ctxs be re-established
795 run_test 90 "recoverable from losing contexts under load"
805 nrule_old=`do_facet mgs lctl get_param -n mgs.MGS.live.$FSNAME 2>/dev/null \
806 | grep "$FSNAME.srpc.flavor." | wc -l`
807 echo "original general rules: $nrule_old"
809 for ((i = $nrule_old; i < $max; i++)); do
810 set_rule $FSNAME elan$i any krb5n || error "set rule $i"
812 for ((i = $nrule_old; i < $max; i++)); do
813 set_rule $FSNAME elan$i any || error "remove rule $i"
816 nrule_new=`do_facet mgs lctl get_param -n mgs.MGS.live.$FSNAME 2>/dev/null \
817 | grep "$FSNAME.srpc.flavor." | wc -l`
818 if [ $nrule_new != $nrule_old ]; then
819 error "general rule: $nrule_new != $nrule_old"
823 # target-specific rules
825 nrule_old=`do_facet mgs lctl get_param -n mgs.MGS.live.$FSNAME 2>/dev/null \
826 | grep "$FSNAME-MDT0000.srpc.flavor." | wc -l`
827 echo "original target rules: $nrule_old"
829 for ((i = $nrule_old; i < $max; i++)); do
830 set_rule $FSNAME-MDT0000 elan$i any krb5i || error "set rule $i"
832 for ((i = $nrule_old; i < $max; i++)); do
833 set_rule $FSNAME-MDT0000 elan$i any || error "remove rule $i"
836 nrule_new=`do_facet mgs lctl get_param -n mgs.MGS.live.$FSNAME 2>/dev/null \
837 | grep "$FSNAME-MDT0000.srpc.flavor." | wc -l`
838 if [ $nrule_new != $nrule_old ]; then
839 error "general rule: $nrule_new != $nrule_old"
842 run_test 99 "set large number of sptlrpc rules"
855 # started from default flavors
856 restore_to_default_flavor
858 # running dbench background
862 # all: null -> krb5n -> krb5a -> krb5i -> krb5p -> plain
864 set_rule $FSNAME any any krb5n
865 wait_flavor all2all krb5n $cnt_all2all || error_dbench "1"
868 set_rule $FSNAME any any krb5a
869 wait_flavor all2all krb5a $cnt_all2all || error_dbench "2"
872 set_rule $FSNAME any any krb5i
873 wait_flavor all2all krb5i $cnt_all2all || error_dbench "3"
876 set_rule $FSNAME any any krb5p
877 wait_flavor all2all krb5p $cnt_all2all || error_dbench "4"
880 set_rule $FSNAME any any plain
881 wait_flavor all2all plain $cnt_all2all || error_dbench "5"
890 set_rule $FSNAME any mdt2mdt krb5a
891 wait_flavor mdt2mdt krb5a $cnt_mdt2mdt || error_dbench "6"
894 set_rule $FSNAME any cli2mdt krb5i
895 wait_flavor cli2mdt krb5i $cnt_cli2mdt || error_dbench "7"
898 set_rule $FSNAME any mdt2ost krb5p
899 wait_flavor mdt2ost krb5p $cnt_mdt2ost || error_dbench "8"
902 set_rule $FSNAME any cli2ost krb5n
903 wait_flavor cli2ost krb5n $cnt_cli2ost || error_dbench "9"
910 # nothing should be changed because they are override by above dir rules
912 set_rule $FSNAME-MDT0000 any any krb5p
913 set_rule $FSNAME-OST0000 any any krb5i
914 wait_flavor mdt2mdt krb5a $cnt_mdt2mdt || error_dbench "10"
915 wait_flavor cli2mdt krb5i $cnt_cli2mdt || error_dbench "11"
917 wait_flavor mdt2ost krb5p $cnt_mdt2ost || error_dbench "12"
918 wait_flavor cli2ost krb5n $cnt_cli2ost || error_dbench "13"
921 # delete all dir-specific rules
923 set_rule $FSNAME any mdt2mdt
924 set_rule $FSNAME any cli2mdt
925 set_rule $FSNAME any mdt2ost
926 set_rule $FSNAME any cli2ost
927 wait_flavor mdt2mdt krb5p $((MDSCOUNT - 1)) || error_dbench "14"
928 wait_flavor cli2mdt krb5p $CLICOUNT || error_dbench "15"
930 wait_flavor mdt2ost krb5i $MDSCOUNT || error_dbench "16"
931 wait_flavor cli2ost krb5i $CLICOUNT || error_dbench "17"
939 set_rule $FSNAME-MDT0000 any any
940 set_rule $FSNAME-OST0000 any any || error_dbench "18"
941 wait_flavor all2all plain $cnt_all2all || error_dbench "19"
946 run_test 100 "change security flavor on the fly under load"
955 local wait_time=$((TIMEOUT + TIMEOUT / 4))
959 # stop gss daemon, then switch to flavor1 (which should be a gss flavor),
960 # and run a 'df' which should hanging, wait the request timeout and
961 # resend, then switch the flavor to another one. To exercise the code of
962 # switching ctx/sec for a resend request.
964 echo ">>>>>>>>>>>>>>> Testing $flavor0 -> $flavor1 -> $flavor2..."
966 echo "(0) set base flavor $flavor0"
967 set_rule $FSNAME any cli2mdt $flavor0
968 wait_flavor cli2mdt $flavor0 $count
970 if [ $? -ne 0 ]; then
971 error "initial df failed"
977 echo "(1) $flavor0 -> $flavor1"
978 set_rule $FSNAME any cli2mdt $flavor1
979 wait_flavor cli2mdt $flavor1 $count
984 echo "waiting $wait_time seconds for df ($df_pid)"
986 num=`ps --no-headers -p $df_pid 2>/dev/null | wc -l`
987 [ $num -eq 1 ] || error "df already ended ($num)"
988 echo "process $df_pid is still hanging there... OK"
990 echo "(2) set end flavor $flavor2"
991 set_rule $FSNAME any cli2mdt $flavor2
992 wait_flavor cli2mdt $flavor2 $count
994 wait $df_pid || error "df returned error"
999 # started from default flavors
1000 restore_to_default_flavor
1002 switch_sec_test $cnt_cli2mdt null krb5n null
1003 switch_sec_test $cnt_cli2mdt null krb5a null
1004 switch_sec_test $cnt_cli2mdt null krb5i null
1005 switch_sec_test $cnt_cli2mdt null krb5p null
1006 switch_sec_test $cnt_cli2mdt null krb5i plain
1007 switch_sec_test $cnt_cli2mdt plain krb5p plain
1008 switch_sec_test $cnt_cli2mdt plain krb5n krb5a
1009 switch_sec_test $cnt_cli2mdt krb5a krb5i krb5p
1010 switch_sec_test $cnt_cli2mdt krb5p krb5a krb5n
1011 switch_sec_test $cnt_cli2mdt krb5n krb5p krb5i
1013 run_test 101 "switch ctx as well as sec for resending request"
1026 # started from default flavors
1027 restore_to_default_flavor
1029 # run dbench background
1032 echo "Testing null->krb5n->krb5a->krb5i->krb5p->plain->null"
1033 set_rule $FSNAME any any krb5n
1034 set_rule $FSNAME any any krb5a
1035 set_rule $FSNAME any any krb5i
1036 set_rule $FSNAME any any krb5p
1037 set_rule $FSNAME any any plain
1038 set_rule $FSNAME any any null
1041 wait_flavor all2all null $cnt_all2all || error_dbench "1"
1044 echo "waiting for 15s and check again"
1048 echo "Testing null->krb5i->null->krb5i->null..."
1049 for ((i=0; i<10; i++)); do
1050 set_rule $FSNAME any any krb5i
1051 set_rule $FSNAME any any null
1053 set_rule $FSNAME any any krb5i
1056 wait_flavor all2all krb5i $cnt_all2all || error_dbench "2"
1059 echo "waiting for 15s and check again"
1065 run_test 102 "survive from insanely fast flavor switch"
1070 # started from default flavors
1071 restore_to_default_flavor
1073 # at this time no rules has been set on mgs; mgc use null
1074 # flavor connect to mgs.
1075 count=`flvr_cnt_mgc2mgs null`
1076 [ $count -eq 1 ] || error "$count mgc connection use null flavor"
1078 # umount both clients
1079 zconf_umount $HOSTNAME $MOUNT || return 1
1080 zconf_umount $HOSTNAME $MOUNT2 || return 2
1082 # mount client with default flavor - should succeed
1083 zconf_mount $HOSTNAME $MOUNT || error "mount with default flavor should have succeeded"
1084 zconf_umount $HOSTNAME $MOUNT || return 5
1086 # mount client with conflict flavor - should fail
1088 MOUNTOPT="$MOUNTOPT,mgssec=krb5p"
1089 zconf_mount $HOSTNAME $MOUNT && error "mount with conflict flavor should have failed"
1092 # mount client with same flavor - should succeed
1094 MOUNTOPT="$MOUNTOPT,mgssec=null"
1095 zconf_mount $HOSTNAME $MOUNT || error "mount with same flavor should have succeeded"
1096 zconf_umount $HOSTNAME $MOUNT || return 6
1099 run_test 150 "secure mgs connection: client flavor setting"
1104 # set mgs only accept krb5p
1105 set_rule _mgs any any krb5p
1107 # umount everything, modules still loaded
1110 # mount mgs with default flavor, in current framework it means mgs+mdt1.
1111 # the connection of mgc of mdt1 to mgs is expected fail.
1112 DEVNAME=$(mdsdevname 1)
1113 start mds1 $DEVNAME $MDS_MOUNT_OPTS && error "mount with default flavor should have failed"
1115 # mount with unauthorized flavor should fail
1116 save_opts=$MDS_MOUNT_OPTS
1117 MDS_MOUNT_OPTS="$MDS_MOUNT_OPTS,mgssec=null"
1118 start mds1 $DEVNAME $MDS_MOUNT_OPTS && error "mount with unauthorized flavor should have failed"
1119 MDS_MOUNT_OPTS=$save_opts
1121 # mount with designated flavor should succeed
1122 save_opts=$MDS_MOUNT_OPTS
1123 MDS_MOUNT_OPTS="$MDS_MOUNT_OPTS,mgssec=krb5p"
1124 start mds1 $DEVNAME $MDS_MOUNT_OPTS || error "mount with designated flavor should have succeeded"
1125 MDS_MOUNT_OPTS=$save_opts
1129 run_test 151 "secure mgs connection: server flavor control"
1131 equals_msg `basename $0`: test complete, cleaning up
1132 check_and_cleanup_lustre
1133 [ -f "$TESTSUITELOG" ] && cat $TESTSUITELOG && grep -q FAIL $TESTSUITELOG && exit 1 || true